Search

Mastering Risk Management Podcast Episode 46 - Yusuf Moolla on Auditing and Risk

In this episode, I talk with Yusuf Moolla about the noble profession of auditing and how a good audit program, along with open, regular, and two way communications between the risk function and the audit team maximise results.


And a big part of the secret of their success is utilising data to gain insight - whether that be through a performance audit, a program evaluation or an internal audit engagement.


Yusuf and the team at Risk Insights have many years of experience across a variety of industry and government audit engagements.


Contact them to discuss your audit needs at riskinsights.com.au


Enjoy the podcast!


Listen to the podcast here (also available Stitcher and Buzzsprout)




Copy of transcript below


Anthony:0:06

Alright, well, welcome back everybody to the mastering at risk management podcast. I'm Anthony Wilson and great to have you tuning back in again, and another fascinating discussion I'm sure today. A little bit different than where we've been recently, but I'm sure you'll find this very useful. So my guest today is Yusuf Moolla. Now Yusuf is a senior risk and assurance consultant with more than two decades of experience. He's worked for top tier professional service firms in Australia, the UK and South Africa. He's a certified internal auditor and has a background in business intelligence, financial systems and information technology. Yusuf helps performance auditors and internal auditors confidently use data for more effective, better quality audits. He works closely with clients both locally in Australia and around the world, supporting them through data focused consulting, advice, delivery, and coaching. Yusuf is the co-founder of risk insight. As well as cohost of the assurance show and co-author of the data confident internal auditor, passionate about demystifying, the use of data and communicating insights in plain language without losing the meaning. Yusuf is a global leader in data focused assurance. So welcome.

Yusuf:1:24

Thank you, Anthony. Thanks for having me

Anthony:1:26

no problems. So fascinating subject and, and for my listeners they'll know I did a stint as a chief audit executive for a little whiles, so very comfortable with the audit subject and probably doesn't get enough airing to my mind. So great to have you along and looking forward to hearing what you have to say in this space. So. Yusuf, I guess there's probably a couple of things we'll need to cover off. One is a little bit about risk insights. But before we do that, maybe yourself, tell us about your journey, how you got into auditing. So what was the story? I'm sure you weren't sitting at school saying I want to be an internal auditor.

Yusuf:2:01

So it's actually funny how, I specifically got into auditing was very strange. I did not know that I was applying for a job as an auditor. At the time. So back in the early two thousands you know, there were no Seeks and there were no job sites. It was all classified adverts in newspapers, right? So they, they limited what they put into that when South Africa was like that anyway, And there was this little, very small job had that said that we're looking for risk and control people. So people to help with risk and control. And I said, Hmm, that sounds interesting. And it said, oh, if you have a little bit of understanding of data and technology, that would be good. So I said, right. that's check this out. So I applied for the job. lo and behold, the interview came in and I looked up the address cause they still hadn't told me where this was. And I looked up the address and I was visiting Deloitte and I thought, oh, they audit firm what, what does it have to do with risk and control? Cause I had no idea right. Coming out of university, you don't even, you don't know these things. I had studied mathematics and computer science. Anyway, I went along, had a chat with a really nice lady who ended up being my boss for a long time and was, was just she explained to me what the role was and I said, cool, let's try it out. And so I did, so at the time I had been working for about four years at the university and another financial services firm primarily using data business intelligence. This is the early days of BI, right? So back when business objects was a separate non, non SAP thing. Anyway, so went along, did it and started that and got involved in the world of external audit and internal audit. And it wasn't very long before. I started putting my hand to to using data as part of those. Which again, wasn't a big thing back then. Not as big as it is now, and certainly not as big as it should be or will be in the next few years. And and that was my introduction to auditing. Ready is it's. I, I kind of fell into it just because the newspaper article didn't so.

Anthony:3:55

You were conned, so you still do that. So you obviously enjoy it, which is great. And just tell me about the journey. So that was in South Africa. Did you move around? What, what experiences did you have with.

Yusuf:4:08

South Africa was absolutely fantastic. I loved every minute of it worked for really good people, really good clients could subject matter. The firm acted with integrity in everything that I saw anyway, I was with them for 10 years. And got to got into a stint in Greece, got to do, got to move around the country. And then spent just over a year in the UK firm in the data practice as well. So got to see quite a bit while I was there. Both global clients and local clients, so, and a few you know, stock exchange, listed entities. So lots of, sort of Sox type. Which was quite interesting, but the internal audit area, because we, as a technology assurance practice, we dealt both with external audit and internal audit. The internal audit area was the one that fascinated me most mainly because external audit while it's an important thing was, was quite focused on a particular. Risk. So, you know, the risk of misstatement of financial statements, which is, which is nice and it's a big topic. But internal audit is far more. There's a lot more to it. And so you're looking at a holistic view of the business, as opposed to just that sort of one narrow facet.

Anthony:5:12

Okay. And that's, and that stuck with you, you still in the internal audit space. So what, what brought you you're in Brisbane at the moment? What bridges the gap from South Africa to, to Brisbane?

Yusuf:5:24

South Africa has had challenges with, crime and and a range of other. economic problems. And so there was an opportunity of quite a few of my friends had moved to Australia. I worked in the UK and didn't like it primarily because of the weather. And they said, well, you know, Australian weather, it's quite similar to south African weather come and check it out. So applied for a job at KPMG. After they interviewed me on the phone and and a month later I landed in Brisbane with, with my. Okay. So that's, that's what brought me to Brisbane and I've been here for the last 10 years. So 2012 to now first few years with KPMG I did a small stint at Deloitte and then in 2016 an ex-colleague of mine from KPMG, he had moved on to an auditor general auditor general office. And we got together in 2016 and said, let's try and do something on our own. And so and so we did and I guess, You know, part of the driver for that was we wanted to do more and spend more time with our clients than we were able to add sort of senior levels in big professional services firms. And you know, without taking anything away from what they do deliver more really. And so we, we got together six years ago and we've been going ever since.

Anthony:6:29

Excellent. So that brings us to the risk insight story. So tell us about risk insights and maybe, you know, not, not who your clients are, but what your typical client looks like and what sort of work that you do with, with clients. That'd be great to hear.

Yusuf:6:43

Yep. So primary clients are in the public sector, so auditors general integrity. Primarily, we do a look a little bit with the state entities, but that's very, very minimal. We've sort of scaled that back just to ensure that there's independence So obviously working forward at this general and integrity bodies means that you don't want to be in a situation where you're reviewing your own work. And I know there's lots of ways in which you can get around that, but we prefer to. Keep that separate. So that's a big part of what we do and the other, the other end is sort of medium to large corporates with a preference for medium, really. Not so much small at the moment anyway, because the smaller clients don't really do much by the way audit. So mainly is that a medium to large clients and that's primarily using data for either helping internal audits or conducting reviews that internal audit would do. But the business wants to have done directly.

Anthony:7:38

Right. Okay, so that that scope takes you broadly across Australia, you're working everywhere. Is it w where's the physical scope?

Yusuf:7:49

Yep. So primarily outside of Queensland, actually funny enough, but wherever I guess we're able to work is and, and I guess pre 2020, that meant physically being wherever the work is. And since then it means that the client is based somewhere and we based somewhere else. Works either, you know, just as well. So the majority of our work is interstate. And then we have a few clients in Queensland as well. Part of the transition to to remote work that was created by the pandemic has been, it's been really good for us because it means that we can actually work with a client in Victoria or a client in new south Wales without losing any time just, you know, and everybody's comfortable with it. And in fact, we had one. Earlier this year where we, we tried to go and see them. And they said, we don't want to see you. We happy to see you on teams, just move on. And a lot of them are working from home as well. So yes, a lot of, a lot of work around.

Anthony:8:40

Yeah, it's quite interesting. Isn't it? We've got several clients that we haven't actually ever met. You know, you do a lot of work on teams, but you know, physically we've never, never met them. So it's a, it's an unusual scenario.

Yusuf:8:50

It is. And in fact, you know, last year I did some work with a client in Queensland, in Brisbane. They probably about four blocks away from our office. We have a small office in in the, in the CBD and the way in which they operate because of bandwidth issues that were that existed at the time, they don't even switch on video. So I have a client that I delivered completely to that I don't even know. What he looks like, oh, well,

Anthony:9:18

yeah, sort of they say, Hey, you live in interesting times. It certainly is. So you said, I think this is great. And it sounds like your firm's got some some really interesting engagements that that you do. I'm interested in the, the methodology, maybe, maybe how you apply data. To thinking about audit. So I guess from two perspectives, one, the physical subject of the audit that you're doing at the moment and the application of data to that, but also maybe stepping back a bit to the high level sort of strategic audit plan. How do you apply data to that? So can you talk a little bit about those? I'm fascinated by this and I, I see the real benefit in it. I'm just curious as to how you apply that.

Yusuf:10:01

Yeah. On individual audit which is where we spent most of our time, the core approach that we take is, is hypothesis based. Right? So we see the use of data within audit on a spectrum all the way from the very basic, which is. as soon as you start using data, you kind of using data purely for reporting. So, you know, a few charts in a report, we haven't actually used the data for, for planning or for conduct, but at a minimum, you providing some sort of reporting Yeah. So it goes from there. And then the other extreme, you have a data-driven audit, which is everything is, driven by the use of data. W th the, the low end is, is the minimum. And we think that anybody that isn't doing anything at all should be at least they're, you know, using data for reporting, if nothing else if, if for nothing else to provide, but a color to your report. Yeah. The, the other extreme, the data driven. I'll view, is that if you looking at trying to drive all of your audit, work through the use of data or the organization that you can, isn't using data to drive everything that. It's going to be very difficult. Right. So, so we don't see too many organizations at that extreme. Even if a portion of the business is growing, you might be able to do an audit that is sort of driven by data there. And when I say data driven, I mean, there's no hypothesis, you just purely just get data and start. Right. And so if you, in one of those really, really, really high-tech really well-defined data-driven organizations. You might be able to do that. All right. So most of us are going to be somewhere. Yeah. And that's somewhere in between. We see in two ways, the one is process focused. And so a process focused approach is where, you know, the specific process that you're looking at. So you decided to order payroll or procurement or whatever else it is that you're auditing. And you say, what is the process that is currently followed? And then you use data to show that that process actually works that way. That's the traditional approach it's worked for a long time. But what we prefer is something a little bit different to that. And so the process focused approach says, take the process and follow it through. What we usually do is hypothesis based. And so that's where you can determine what is the objective that I'm trying to achieve. What is the objective that the organization is trying to achieve, or that I'm trying to confirm, and then go backwards from the objective to understand what data do I need to be able to confirm that objective. But to be able to confirm the hypothesis that will fall under that objective and then do it almost first principles that way. And the difference between the two is that one starts with the end. What am I trying to achieve? And the other starts with what is the current situation? Yeah. Often, what we find is that when you take a process focused approach, if you have nothing else do it, but if you take a process focused approach, you tend to just focus on what management are doing. And you may be able to find a few errors in that process, but the process may not be designed in a way that meets the objective. And you must that, and that's where we find the. I guess, problems with people's perception of what is possible with data, because there's value that data has is being, is being touted. And there's no doubt that it exists, but if you take the wrong approach, you're not going to actually get to that value. Right. So if you're looking purely at what are you currently doing, and then finding a few tweaks within that, you're going to get a few sort of small wins. When you take a hypothesis based approach, you then start looking at not just that process, but any adjacent processes, any other data that we can get to understand what's going on? You know, internal audit is in a very unique situation or a very unique position that we can see things from all sorts of places in the organization. We're not limited to the function that. Yes. And so when you broaden that and say, what do customers expect from us? What does the CEO want? What does the board want forgetting about the specific function of this specific process? What are they wanting? Where do I need to go and look to get the answer to that? That's very different to looking at the very small, specific silo. So that's, that's our broad approach to individual.

Anthony:14:15

Yeah, that's very powerful. You said because you know, internal, audit's always got to show that they're adding value that they're, you know, they're, they're, you know, they're on the, on the team, but they're, they're actually there to help improve and contribute to better performance and those sort of things in sometimes. That message gets lost. Doesn't it? It's a sort of thing. I see the very rude and not very nice sayings about, you know, internal audits, there to bayonet the wounded after the battle sort of thing. It's you know, internal can add, incredible value and management that realizes that and leverages the internal audit function in that way gets huge value out of that process. That's great. That's great. Are you, what is the linkage that you see with a risk management function as you do your audits? Is there some sort of coordination there, or how do you, how do you sort of assist the, the risk function from an audit perspective?

Yusuf:15:09

Most of what we see in sort of strong linkage between internal audit and risk is where risk assurance is being, conducted. But often when you, when you're using data you get to a situation where you have a very strong understanding of what's actually happening. I guess, like I said more broadly and because you've used data, you can pinpoint the specific issues that are you know, potentially problematic. That means that when you're talking to an internal audit, they're not going to implement any of, any of the recommendations, obviously that they, that they put out. So that then goes to the risk team to help with. So that, that sort of knowledge transfer handover to the risk team is, is where that sort of interplay. We see from in particular audit into risk happens. Now there's obviously lots of broader conversations that happened between and CRS. But when we're talking about specific audits, that is usually the chat, this is what we found. This is how we found it. And then the risk team can take that on and look at whether that's something that they want to do on a continuous basis and help help.

Anthony:16:06

Yeah, that's a really powerful conversation too. I, I, you know, as, as we work with organizations there's one thing to do is to go and identify the risks. But you know, that commitment needs to carry on to, well, what are the controls and other controls effective and how do we know they're effective? How do we get assurance that they're working? So, you know, unless you're going to do the control piece, you might as well not do risk management at all, you know? So that, that's where that link has got to be. With internal audit function. Have you seen organizations starting to build internal capability around data for their audit function? It's, it's been a, it's been an interesting sort of space, hasn't it with you know, organizations starting to realize that they've got all of this data, but then taking the next step and thinking about, well, how do I leverage it? How do I use this data to, to unders. It seems to me that every organization, if they want to sell more, baked beans, or they want to, you know, serve more patients in the hospital or, you know, whatever their, their revenue side of businesses use data, you know, without any hesitation at all. But when it comes to some of the back office in side of things that the data doesn't seem to be leveraged as as much. So have you seen that capability being developed and.

Yusuf:17:19

Yeah. So that was, I guess that was your second question earlier about the broader focus within the wider team could be across the audit plan and, and yes, to your point. Revenue obviously is going to be a big area of focus, but you'll be surprised how many organizations don't even to use it for you know, for revenue tracking or for, for optimization of revenue, from an audit perspective. Anyway. And part of the, part of the challenge there is that you can always, you know, you can always find. Good sort of nuggets by looking beyond just the revenue function or the sales function and looking at other areas as well. So support areas. One of the things that we see a lot of is the use of complaints data, but yes, we are seeing internal audit teams looking to I mean, lots of. You know, dedicated data, people within the teams. But from what we've been seeing anyway and that was the law in large part. The Genesis of the book is the move away from sort of a centralized data team that do all of the heavy lifting data-wise to wanting every auditor, to be able to understand how to use data, or at least be able to plan to use data themselves. And, and we think that that's something that's going to that can completely shift that ability to deliver value, because if you're relying on one person who has an understanding of how to use data, but doesn't really understand the audit more broadly. Continuously translate between business and technical. That can be difficult. If you, as an auditor, as a general auditory, if you understand how these things work, how you can actually, like I said, you stay to yourself. You can do some of the simpler things. You can also understand and identify where data can be useful. And then what that means in terms of being able to do. Yeah, how long this thing could take, what data I need to be able to get, what data I can get and pull together and how I can pull that together. So that capability uplift is important and it really should be every auditor doing it. So, you know you would have seen this in, in your time as a CIA back in the day. Auditor's and there were it auditors and never the Twain shall meet. And they, the idea of what it is, went off and did some control stuff and passed on the result in the auditors didn't really understand what is going on nowadays. Auditor's go and do logical access testing themselves. Right? So that's something that you want to understand yourself who has access to what. And so every auditor is now built that skill. And when you want something more technical you want to penetration test or something else more technical, you'd go to the ICU or. Yes. Well, if you want you to as network testing, I mean, there's lots of other things, but similarly with the use of data, you have a potentially a dedicated analytics person or team, but then every other word, they should be able to know how and, and have an understanding and be literate really in, in what data is and how it can be used. And so we seeing more and more of that, not fast enough, obviously not as fast as it could be, but, but differently when more of that.

Anthony:20:06

Yeah. Yeah. It's, it's a really good point yusuf. You've got to, you sort of got to know what question to ask in some respects having you you know, and I, I I established a data scientist and team in, in the audit function in, in my role as the CAE. And that was fascinating in. Just changing the mindset a little bit. And my own included, you know you know, data is king and information is king. And some people were a little hesitant to give up information to the audit function. And the question was, well, what do you want it for? And the data scientists that I've had, you know, sort of said, well, you know, I need this data and the, the, the client in this case would say, well, what data specifically? And they'd say, well, Right. So because I don't know what I don't know in terms of the data. So just, just understanding that there's a heap of information out there that contribute can contribute to some incredible findings, but you don't know exactly. What that's going to look like until you start to work the data and think about it in the context, as you said, of the business objectives. So it's a bit of a mind shift or an attitude shifting in the organization as well. Isn't it?

Yusuf:21:15

Yeah, absolutely. And I guess in the case that you had, you obviously would have been. Open to experimentation, right? So you're not expecting the data scientists to land and suddenly be delivering this ridiculous value that is impossible. There needs to be, there's going to be trial and error. There's going to be you know, there could be a month of time that you've got to write off of that individual, just because. You know, they're were exploring or they tried something and it didn't work. And so that experimentation experimentation is, is, is quite important. Yeah. That's another area where there's a difference. If you bring a general order to India, you train them for a week and you probably gonna just throw them in an order and expect them to start delivering, working papers. Right. It doesn't work the same way with data. There has to be that experiment. Yeah.

Anthony:21:54

Yeah, that's right. And, and you know, the, the, the whole thing that we'd done was, was probably a little bit ahead of its time for the organization, but, you know, the, the the collation of so much data effectively gave us the ability to look at certain data points and predict. Where there was going to be an issue based on the, the numbers coming out of those data points. So it was, was very exciting stuff. As I said, probably the organization probably wasn't quite ready for it, but you know, the potential for that sort of stuff is quite amazing. So and how do you find that in the public sector? I mean, I've done some work in, in some of the state sort of departments, but I've been fascinated that they I have a real range of maturity in this space. Some of them are very advanced and doing some great stuff. Others probably still at the start of the journey. What, what do you find generally about the maturity in, in sort of the public sector?

Yusuf:22:52

Yeah. So this is very, very general cause I have to be careful what you say. But definitely a range in terms of, in terms of capability. I think one of the things that's quite unique in the public sector is that. The ability to use open data is quite significant. So because a lot of the open data is about matters that concern. The public more broadly, which is what the public sector are defined to or set up to, to serve with the public set of assets, self serve that looks quite different than the public sector. So in the private sector, open data is useful. There's a lot of potential open data or sort of semi proprietary data. So now with things like open banking and open energy, you know, people are sharing data, but it's very limited and. there's controls around it. So that's quite useful in the, in the, in the private sector. There's a few open datasets that, you know, become useful for particular things. Like you want to, you know, map where your customers are and where the population is growing and things like that. But in the public sector, because. Because of what they do that that use of open data is, is growing. And so we seeing a lot more open data being generated by public sector organizations as well for public sector and other, other entities. So there there's quite a difference in the way in which that's done. The maturity levels do vary. But that that's actually coming leaps and bounds. If you go on to data.gov, they, you, or, you know, the Queensland open data set to places like New York where they publish absolutely everything. And you can use it without question. That for us anyway, has been a game changer in, in the recent past.

Anthony:24:23

Yeah. Yeah. That's fantastic. Excellent. So a couple of questions to finish up. What are the challenges do you. For the profession going forward, what are the things on the horizon? The opportunities, what what's coming out of that over the horizon that that, that looks exciting. And, and may make some even more radical changes.

Yusuf:24:44

I'll speak from the perspective of using data particularly cause that's, you know, that's probably where I can, I can speak more about I think one of the, one of the biggest challenges that obviously we all facing and it's it's you know, everybody that you speak to nowadays is the ability to attract talent, right? So whether and how you retain talent is largely. Or can't be largely within your control, so retention, but it's the attraction, but that becomes particularly difficult. And so one of the things to think about is why would people want to work here? What are the sorts of opportunities that I'm giving? how can they actually see. How can I bring somebody in? Obviously there's lots of discussions like culture, et cetera, but I'll leave that to somebody that understands that better to walk into when it comes to the use of data the opportunity to learn a skill that is transferable is quite significant. So the learning how to use data and knowing how to use the. Definitely a transferable skill. And so not everybody that we bring into the audit function, they are going to be an auditor, not everybody's going to be an auditor for life. Right. We know that we've seen it for such a long time. Sometimes you get fortunate and you bring somebody in that just loves auditing and wants to stay there. And that's great. But a lot of the times you need to attract people in on a short term or medium term basis and offering them the opportunity to learn how to use data. And one of our clients. The way in which he explains it is he says you know, because of the nature of the role and the nature of the function you get to see data that you wouldn't ordinarily see in any other role. All right. So that's within public sector. Like if you think about the internal audit, we have unfettered access. To corporate documents, records data, and and that largely falls within risk as well. So it may not necessarily be explicitly stated like that but reality is that that's the role is you actually see across the organization. And so that ability to get whatever data that you want. And be able to use it and see it and play with it. You won't get that in most other roles, unless you're the CEO, I suppose. Yeah. So that's one of the things that we see. of course, there's lots of implementations of RPA, which frankly, within auditor don't understand, because I don't think what it should be repeatable in any way risk sure. Or not so much. Yeah. the other thing that we see is the use of, or the increasing use of low-code and no-code tools. Yes. So in the old days you had to do lots of programming and you did the thousand lines of code, and you've got to get somebody to then evaluate and review your thousand lines of code and something went wrong on line 798, and you couldn't find it in the, you know, it's just ridiculous low-code no-code tools. One of the biggest benefits is that a lot of them are sort of graphical user interface based and you can actually see at a glance what's going on and you don't spend time doing the underlying coding. So you don't have some sort of, you know, a lot of it is that the actual tool has been curated, so you can use it. And you just gotta make sure that your process is actually right the way in which you following it. So lots of use of, of no-code low-code tools the one that we use is open source, which means anybody can download it for free and use it as well. And so the opportunity is, quite significant. And then the third thing is how we use to not the fact that we use, but how we use visualizations to communicate our results because obviously data visualization tools have come a long way. You know, Tableau was the, probably still is the, is the leader in this area, but power BI has come a long way. A lot of public sector clients use it and it's quite accessible. So. there's no shortage of technological capability at an accessible level to be able to do these things. And you can even draw graphs in Excel if you really have to, but how we use it is going to be important to ensure. We don't provide the wrong message. there's no unintended bias or there's no ambiguity in the messages we're giving within our visualizations and that they are just, you know, part of the narrative as opposed to. A separate thing that we put in an appendix. And so building those into our reports and using them for for the purpose, for which they were designed, which is to explore and to communicate, that's going to be important. So moving beyond the, let's get a shiny tool and start producing these graphs with nice colors into what is it actually telling us and what we know, what messages is going to convey and ensuring that that message is unambiguous. And won't, won't be able to listen to.

Anthony:28:56

Yeah, actionable intelligence. Absolutely. Yeah, that leads nicely onto my final question. Young person considering a career in audit, just making the big decision much like yourself coming out of uni, not sure what to do next. What advice would you give them about entering the audit space?

Yusuf:29:15

Right. if you are going to be going to the audit space and, as a career auditor, almost agree or it's, I can tell you that, what you get to see. Is amazing. But the number one thing is to be curious, right? So you have to have that level of curiosity, and I'm sure as a CA you would have seen that your best form was with the ones that asked them, you know, continuously asking questions and sometimes can be can be nagging, but, you know, you need to, you need to know which questions to voice and which questions to ask internally that, curiosity. And maintaining that curiosity is, is imperative. Always be looking to ask questions and try to understand what's going on. The second is that, you know, auditors don't operate in a vacuum. We are there to to help the business along. We are there to protect stakeholder value all the, all the good things. And so. it's not an us versus them. So you, you need to start your career with, without the sort of us versus them mentality. And going in as a part of the organization, then I'm looking to deliver value and, balancing that. And independence hat, if you like. So I'm not necessarily part of the controls team or the management team, but I am here to help as opposed to here to catch people. So a lot of auditors get this sort of negative. You know, auditor's looking for fraud type thing and yes, we do look for fraud. And we look for fraud because. The organization is bigger than any individual actor that might be you know, taking us for a ride. And so when we look for fraud, we're not looking for, we're not looking for something bad, we're looking for a way to ensure that that bad thing doesn't happen so that the organization more broadly thrives. So that us versus them mentality mustn't enter your mind regardless of what you see. So those are the two things I would say. I guess everything else is just sort of bread and butter, you know, make sure you're working papers that reference, right. Curiosity and mindset. I think

Anthony:31:00

Yeah, no, that's fantastic. Great advice. Use it. Thank you very much. Well, thank you for being part of the show and listen, you've got a couple of great resources that I think people may want to tap into. So the book for a start, the data confident internal auditor and also you've, you've got your own podcast program, the assurance show. So how do people find those resources? Is it just by the risk insights website? Is that. Yeah.

Yusuf:31:24

Yeah. The risk assessed website is the best of that's. R I S K I N S I G H T s.com today you the data confident internal auditor is on Amazon and, bookstores and bookstores meaning online nowadays or, give me a shot on LinkedIn. Fantastic.

Anthony:31:40

Excellent. Well, you said very much appreciate your time today. Thank you for sharing that insight. It's it's a very exciting space. The auditing space, not many people outside, it probably realize that, but those inside it do certainly understand. And the world of data is certainly adding another fantastic dimension to it. So thank you very much.

Yusuf:31:59

Thank you. So listeners, thank you very much for tuning in again today. Hopefully you found that discussion with Yusuf fascinating as I did lots of stuff that auditors do not well understood that if you're not inside the profession and hopefully Yusuf has shed some light on that today as well. So thank you again for tuning in as always welcome your contributions in terms of ideas for guests on the program. Or the questions that I should be asking guests as we have them on board all contributions welcomed. So this is Anthony Wilson signing off from mastering risk management. We'll talk to you again soon. Cheers.