Internal Audit: improving processes at EMBL

In conversation with Tomasz Smolarek and Natalia Kret

Tomasz Smolarek, Head of Internal Audit, and Natalia Kret, Compliance Officer, discuss their backgrounds, their work, and what they most enjoy about working at EMBL.

Tell us about yourselves.

Natalia: I’m a lawyer. Prior to joining EMBL in June 2018, I gained experience working in legal and compliance departments in the pharmaceutical industry. I studied in Warsaw, Poland, and participated in the Erasmus Programme in Coimbra, Portugal. I’m a big fan of the movies of Pedro Almodóvar, Jim Jarmusch and Paolo Sorrentino.

Tomasz: I joined EMBL as Internal Audit Manager in late 2014, having already gained more than ten years’ professional experience in internal auditing in various industry sectors. As well as holding an MSc in Economics, I’ve been awarded Certified Internal Auditor status by the Institute of Internal Auditors, and Certified Information Systems Auditor status by ISACA. I love to travel the world; it helps me to remember that there isn’t just one ideal way of living.

What is the function of the Internal Audit Office?

Tomasz: The Internal Audit Office fulfils two primary functions: internal auditing, which is my responsibility, and compliance assurance, which is overseen by Natalia. Internal auditing involves evaluating EMBL’s activities to see if they follow the organisation’s internal policies as well as international standards and other best practices. The aim is to improve operations across EMBL. I carry out this independent appraisal freely and objectively, and report directly to the Director General and EMBL Council.

Natalia: In receiving funding from external agencies, EMBL agrees to comply with various legal acts, best practices, and terms and conditions. These requirements are set out in grant agreements or in the funders’ policies, and as Compliance Officer it’s my job to ensure that they are also reflected in EMBL’s internal policies and activities.

What does your role involve?

Tomasz: As Head of Internal Audit I’m involved in three key areas of activity at EMBL. Firstly, there are standard internal audits, which are determined by annual audit plans approved by the Director General and presented to EMBL Council. I assess processes in various areas, including accounting, procurement, grant management, budgeting, IT, HR, and facility management. I interview staff working in these areas, review documentation and perform tests to check that things are working as they should be. And sometimes I work directly with the scientists on grant-related matters. I present my observations, along with recommendations for improvements, to the relevant people in management. Secondly, there are ad hoc audits, which are unplanned reviews conducted at short notice. Thirdly, I provide consulting services, such as reviewing the implementation of IT systems or advising on internal procedures.

Natalia: My role is focused on overseeing organisational activities, to prevent violation of rules and policies and to ensure integrity of conduct. I also advise on mitigating any potential risks of non-compliance, and assign responsibility for implementing improvements. As an intergovernmental organisation, EMBL has a special status granted by the governments of its host countries; part of my job is to support management in making informed decisions on how external rules can best be reflected in EMBL’s internal policies.

Why is your work important for EMBL? Is there a difference between internal and external auditors?

Tomasz: The role of the internal auditor is crucial, and it’s essential to distinguish how it differs from that of external auditors: it is much broader. The primary purpose of the internal auditor is not only to confirm the accuracy of the data presented in financial statements, but also to identify potential errors and fraud risks, and recommend how these can be mitigated. For example, if a single person is responsible for a procurement process, there is a higher risk of error and fraud, for example by inappropriate selection of vendors, accepting fraudulent invoices, or processing payments into incorrect bank accounts. A solution might be to involve more people in the process, or to implement some automated controls in our IT systems. The internal auditor also looks at the efficiency of operations and identifies opportunities for saving time and resources. The internal auditor is located on site and is much more flexible than an external auditor in terms of duties. For example, I can review system updates before they are released, or advise on process changes before they are approved and implemented. This often saves time and money.

Natalia: The role is future-oriented, in contrast to the reactive function of the external auditor. The compliance officer identifies potential risks an organisation faces, and makes recommendations to prevent their occurrence. It’s essential to address any weaknesses in a timely manner, before they escalate.

Why might EMBL staff need to contact you?

Tomasz: Beyond simply coming to meet our friendly team for a coffee and a chat, there are many potential reasons why people might get in touch. Our office is always open for those who want advice on how to improve processes or mitigate risks, or who are unsure whether their current activities are in line with EMBL rules or the requirements of particular grant providers. When EMBL colleagues ask for advice and see the value auditors bring – that’s what I’m most proud of in my work.

Natalia: I’m happy to provide guidance on how to implement internal policies, or how to interpret internal regulations or grant providers’ requirements. If anyone’s experiencing any practical difficulties relating to EMBL’s internal policies, they can come and discuss these with me.

What do you particularly enjoy about working at EMBL?

Tomasz: First of all, I like working with smart people. It’s fascinating to listen to people at EMBL explaining their research. I learn a lot, every day. What I like about auditing at EMBL is that it’s challenging: in some aspects it’s more challenging than working for large for-profit organisations. At EMBL you can’t work with ready-made templates, checklists or a standard set of legal requirements. You always need to show the value of your recommendations and convince management why certain processes need to change. You never stop developing.

Natalia: I enjoy working in an international and open-minded community, and the topics I deal with are exciting. The compliance role at EMBL is more challenging compared to big international companies because of our special status as an intergovernmental organisation, which means we are always striving to meet external requirements within the context of our own internal policies and procedures. EMBL is a perfect place for continuous learning and development – there are so many bright people to learn from!

---

Tags: internal audit