An Organization’s Internal Auditing Function Must Be Independent but Not Isolated

By Banalekaki Francis Yiga

For any business or organization, there will always be risks that could ultimately tarnish its reputation, dampen stakeholder confidence or in worst case scenario, sink the organization/business. Top on any responsible entity’s agenda will therefore be managing this risk, through the internal audit function using proper data governance tools.

“Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes” according to the Institute of Internal Auditors (IIA)’s International Professional Practices Framework (IPPF).

Therefore, in carrying out their work, internal auditors must focus on three areas – Risk Management, Risk Control and Governance. Unfortunately, in some cases, some audit functions tend to focus on controls and risk management and ignore the aspect of governance. Yet, for an audit to conform to auditing standards, it must give assurance on all the three aspects. Internal auditing can be more effective if the the managers and their teams can manage the tasks effectively. Internal auditing focuses not only on compliance checks but also on evaluating a company’s internal controls, including its corporate governance and accounting processes. Understandably, most businesses hire tax accountants brisbane who specialize in the laws, rules, and regulations for the preparation and calculation of federal, state, and local taxes. They also offer a variety of tax-related services to businesses, such as the preparation and filing of tax returns. However, it is critical to keep an eye on accounting and other operations of the company to see if everything is going well. That is why audit services play such an important role in the evaluation of business controls.

Effective audit teams can clearly and effectively measure how the employees’ activities support company goals, putting them in a strong position to demonstrate their value to the company. So, when managers have a specific to-do list for their teams, it may be much easier for the audit team to evaluate individual employee performance and analyze how much compliance is being followed by them on a day-to-day basis. They can identify how good of an asset an employee is to the company based on their performance according to the to-do-list provided by the managers to the audit team.

Gauging the effectiveness of an internal audit function can be done using a number of yardsticks. The auditing process must; demonstrate integrity (in words and actions), demonstrate competence and due professional care; be independent, objective and free from undue influence; align with the strategies, objectives, and risks of the organization; be appropriately positioned and adequately resourced; demonstrate quality and continuous improvement; provide risk-based assurance; and promote organizational improvement.

This is a daunting task that essentially requires the auditor to be agile if they are to keep abreast of the issues taking place in the environment and ensure the Board and other stakeholders are brought up to speed.

The role of auditors has in the past been misconceived. Initially, the perception was that internal auditors had to be accountants. Whereas it is true that accounting knowledge is central, accounting is not the default designation for internal auditors.

Recently, there was a directive for all Heads of Finance and Internal Audit to be Certified Public Accountants (CPAs) as per the law. The enactors of the law did not consider that internal auditors may not necessarily be accountants.

IIA clearly spells out the parameters in which the role of internal auditor falls.

Part of the auditor’s mandate is to ensure the organization’s governance has appropriate structures that facilitate accountability to stakeholders through integrity, leadership, and transparency.

The other role is ensuring the governing body puts appropriate structures and processes in place, for effective governance. The same structures must align organizational objectives and activities with the prioritized interests of stakeholders. The auditing function also ensures the governing body delegates responsibility and provide resources to Management to achieve the objectives of the organization while ensuring legal, regulatory, and ethical expectations are met across the board.

In so doing, internal audit keeps governance effectiveness in check through the competent application of systematic and disciplined processes, expertise, and insight. It reports its findings to Management and the governing body to promote and facilitate continuous improvement.

To successfully deliver on its function, internal audit must be independent from the responsibilities of Management. This allows for objectivity, authority, and credibility. The auditor must have unfettered access to people, resources, and data needed to complete his/her work; and freedom from bias or interference in the planning and delivery of audit services.

However, this independence should not be construed for isolation. Internal auditors ought to have meaningful discussions with Management before subsequently reporting issues to the Board. Since it is Management that that will ultimately have to fix these issues, if any, it’s only logical to notify them first.

Regular interaction between internal audit and Management helps ensure the work of the former is relevant and aligned with the strategic and operational needs of the organization. Through all its activities, internal audit builds its knowledge and understanding of the organization, which contributes to the assurance and advice it delivers as a trusted advisor and strategic partner.

One of the issues that has tainted the image of internal audit is wearing the two ‘hats’ – of a trusted advisor and an investigator. The other issue is that of organizations’ audit ratings and the impact these ratings may have on the appraisal of the individuals being audited.

For example, an audit client may be open to the issues being raised, but the contention often emerges at the time of final rating.

In cases where internal auditors are the investigators, it may be difficult even after removing the investigator ‘hat’, to that of a business partner, for his/her colleagues to appreciate that his/her actions are in their interest. Organizations may consider separating these roles where applicable.

If they are to deliver on their mandate, auditors must continuously appraise themselves with knowledge and information on the ever-changing risk landscape they are giving assurance on. There’s a digital evolution happening world over, which requires auditors to evolve as well. Unfortunately, hackers and fraud-schemers are riding this tide. The auditors cannot afford to take a back seat.

The silver lining is that there are various data analytics tools that internal auditors can utilize to extract real-time information based on the population, not samples. SQL could be considered the main tool while dealing with the database. The statements of SQL are often very long written and after changing a few statements, it might be difficult to spot those changes. Online tools can be used to Compare sql statements that can help to find out the difference between those two statements set. Apart from SQL, tools such as ACL, IDEA, and Teamanalytics are often used in data analytics.

After all is said and done, organizations should support their auditors in acquiring the necessary knowledge and skill and demand value in return.

The writer is the Head of Audit, KCB Bank Uganda (FCCA CIA CPA CFE MBA B.COM)

Admin 2020