Internal Audit – An Untapped Resource
Unfortunately in the past, internal audit was under-estimated and neglected arm of an organisation. Entrepreneurs in the past could not realize potentials and organizational values of internal audit and as a result, have suffered a lot both tangibly and intangibly.
Interestingly enough, majority of the enterprises, government employees, financial institutions' employees, students, general public and other stakeholders of an organization do not know much about internal audit and few have confined the work of internal audit to just checking of payment vouchers only. That is why internal audit has not been able to shine and remains under shadow as an untapped resource and not achieved the status of an indispensable tool of business.
Right from the first day of start of business, our local entrepreneur strives to protect his resources from wastages; leakages, hazards and wants to use their resources economically, efficiently and effectively, but never encourages taking up services of specialist internal auditors and instead, expects its finance and accounting staff to perform this job. Few enterprises have established internal audit departments in their organization to achieve the above objectives but after not being able to achieve the intended results, became disappointed and treated it as step-unproductive-department. Surprisingly enough, instead of studying the causes of its failure, the entrepreneur blames the functions of internal
audit.
Frankly speaking, internal auditors cannot not deliver the goods in the intended way just because the entrepreneur confines internal audit to the following:
– Instead of establishing independent and separate department of internal audit, they engage few people to deliver the function of internal audit with high level of expectation.
– To save cost, they engage non-technical, incompetent and immature staff as a result internal audit could not deliver the desired goods and add values to the organization.
– Restricting the scope and functions of internal audit only to detection of fraud and errors, and as a result, internal auditors cannot not give meaningful and effective report to the management and fail to display that their services are valuable and beneficial to the organization.
– Internal auditors are required to report to managers within the organization due to status problem and are rarely allowed access to chief executive. As a result, their reports are ineffective and meaningless.
– Expects physical check and control of organizational activities from internal auditor and always wants internal auditors to be on the field. This attitude of the management makes the internal auditors like a ping pong ball of table tennis and makes them crippled to accomplish their functions in a proper fashion. Internal audit is effective only by system controls while the physical controls are auxiliary to system controls.
– Internal auditors do not get support, encouragement and protection from top management.
– Many enterprises expect internal auditor to do other jobs in addition to internal auditing as they believe that internal auditors know much more about the organization then anyone else in the organization. Due to this, internal auditors tend to lose the track and fail to deliver goods in both sides.
To reap the multi dimensional benefits of internal audit, the enterprise will have to make their internal audit effective.
EFFECTIVENESS
The effectiveness of the internal audit function is affected by the following factors:
– Good governance begins at the top. Internal auditing can contribute most effectively when there is a management or audit committee which ensures complete objectivity in all audit work. And independent and pressure free status for the internal audit department is vital to carry out its function meaningfully.
– Internal audit should report to the highest level of management or audit committee and in any case, should not report to other executives. The head of internal audit should also have direct access to the Board of Directors or audit committee and report regularly to that body. The management should give priority to and acts on internal audit recommendations and this should be properly evidenced.
– Internal auditor should devote exclusive attention to the auditing function and should not be given any responsibility for operations or supervision of a system or department. Only then the internal audit team will be in a better position to make effective and professional report to the management on all aspects of the business activities without any fear or favour or prejudice.
– There should be no constraints or restrictions placed on internal audit and it is better that responsibilities of internal auditors in the organization should be clearly established by the management. It should not have limitations on scope and should allow to cover any phase , area, subject matter or activities for this purpose and therefore should have unrestricted access to all the documents, manuals, systems, staff and physical properties relevant to the audit process.
– The management or audit committee should determine the size of internal audit department and its place in the enterprise so that the quality of performance in the assigned duties could be ensured.
– The internal auditors need to be free to communicate fully with external auditors.
– Internal auditors ought to be among the more talented individuals in the organization. To attain specialized skills or broader coverage, management or the audit committee should not hesitate to call on outside resources.
Above all, internal audit needs top-level personnel, preferably persons having adequate technical training and proficiency as internal auditors and who must have the skills to be promoted to executive levels of the organization. For specialized work, the function needs either internal staff or access to outside personnel who can address risks associated with such key areas as information technology, financial instruments or off-shore operations. Also, internal audit needs sufficient resources to conduct a systematic and timely review of the risks and controls needed to provide assurance to top management.
– There should be well defined policies and practices for hiring, training, evaluation and supervision keeping in view their required experience and professional qualifications. The internal auditor should have qualities of adaptability, an enquiring mind, analytical ability, good business judgment, methodical, maturity and should also have an eagle eye to see where and why things can go wrong. The growing use of external certification systems for issue such as ISO 9000, ISO 14000 etc may require other members of staff to have responsibility for the continuous review of those systems.
– Trained internal audit staff is a must to deliver effective internal audit goods. The staff development plan should be responsive to both organizational and individual needs and continuing education should be an integral part of the departmental plans. The development process should include regular staff meeting, make available professional journals to staff, preparations and distribution of in-house guidelines etc and encouragement of staff to attend seminars, workshop etc organized by professional bodies.
– The work of internal audit should be properly planned, supervised, reviewed and documented. There should be adequate audit manuals, work programs and working papers.
– The management or audit committee should ensure that the internal audit function has adequate resources.
Enterprises with an effective internal audit function can get multi-dimensional benefits, both tangible and intangible and can gain a competitive advantage.
NEEDS, BENEFITS AND ORGANIZATIONAL VALUES
Due to exploration of multi dimensional benefits of internal audit, the Internal audit role is now more demanding than ever before as it is being managed by professionals who have the potential to add values to the enterprise. Its role goes beyond financial policies, fault finding or petty book keeping and now includes ensuring that the corporate policies, systems and procedures are implemented with the objective to optimize the use of all capabilities and resources of enterprise.
The need of internal audit also emerges due to:
1. Increase in the size of operations.
2. Basic function of internal audit used to be performed by Finance and Accounts department of an enterprise at the time of execution of transactions, but nowadays, it is not possible to do it due to voluminous, complexity and complications of business transactions, specialization in all segments of accounts and finance includes IASs, ISAs, income tax, sales tax, labour laws and other legislatures.
3. Use of computers for data processing tends to mean that individual scrutiny and supervision of transactions no longer occurs.
4. Increased sophistication of management techniques requires more accurate management accounts and reports.
5. Legal requirement under the code of corporate governance to have internal audit department for listed companies.
6. The execution of terms of reference for audit committee under code of corporate governance is not possible without the help of professionally managed internal audit.
7. Companies Ordinance 1984 makes the management responsible for the establishment of an adequate accounting and internal control systems which demands proper attention on a continuous basis. Internal auditing is ordinarily assigned specific responsibility by management to review these systems, monitoring their operation, and recommend improvements therein.
8. Stringent compliance requirements under Income Tax, Sales tax, Companies Ordinance, Listing Regulations of Stock exchanges, Labour Laws etc with severe penalties and punishments forced enterprises to establish internal audit, and;
9. Economies, efficiencies and effectiveness of operations are a dire need to meet challenges of World Trade Organization Regime etc.
An effective internal audit function can contribute to the enterprise in the following diversified ways thereby give tangible and intangible substantial benefits including saving from penalties and punishments:
– The establishment of adequate accounting and internal control systems is a responsibility of management which demands proper attention on a continuous basis. Internal audit is ordinarily assigned specific responsibility by management for reviewing these systems, monitoring their operation, and recommending improvements thereto. Through this function, the internal audit fulfills the legal requirements of Companies Ordinance 1984, Code of Corporate Governance, International Accounting Standard, International Standards on Auditing etc.
– With respect to internal controls, the role of internal auditing is, in general, the verification of and reporting on to the appropriate level of management, compliance of actual accounting and record keeping procedures with enterprise policies with accuracy and completeness, ensuring timely preparation of reliable and relevant financial information for use in sound decision making, better and efficient management of assets and other resources, safeguarding all resources and revenue from risk and losses, location of errors and irregularities , and detection and prevention of fraud.
– Examination of financial and operating information by internal auditors may include review of the means used to identifies, measure, classify and report such information and specific inquiry into individual items including detailed testing of transactions, balances and procedures.
– Internal audit helps to develop an internal control system at reasonable cost by constantly reviewing systems and operations for improving effectiveness of managerial policies and practices and do away with those which do not contribute to better management.
– Internal audit assists in pursuit of value of money by reviewing operations from the point of view of economy, efficiency and effectiveness including non-financial controls of an enterprise. It finds the causes of inefficiency and uneconomic working and identifies opportunities for improved efficiency and effectiveness.
– Internal audit also reviews operations and programs to ascertain whether the results are consistent with established objectives and goals as defined in vision and mission statement, whether the operations or programs are being carried out as planned and whether the goals or programs themselves need to be revised in view of the changed circumstances and report the management accordingly.
– Review of compliance with laws, regulations and other external requirements and with management policies, plans, procedures and directives and other internal requirements.
– Some of the means of achieving the respective objectives are often similar and certain aspects of internal auditing may be useful in determining the nature, timing and extent of external audit procedures.
– Internal audit function is also about understanding the major issues facing the organization from time to time and to advise and help to resolve these issues. This leads to positive assurance when controls are operating satisfactorily and also gives an early notice of potential problems, against which the management can take remedial measures before the damage is done.
– Internal audit identifies control breakdowns, absence of control, weaknesses of control etc and suggest remedial action.
– Internal audit examines all management information statements (MIS) and data for its adequacy, necessity and quality.
– Internal audit reviews data security systems and also reviews the adequacy of procedures to recover data from a disaster without significant disruption of business operations.
– Internal audit reviews effective and efficient utilization of the enterprise computer resources and advance review of computer based application before installation.
– The work of internal audit is beneficial for risk management as well.
– Internal audit assists audit committee in execution of terms of reference as defined under code of corporate governance.
CONCLUSION
Enron's collapse, Worldcom scandal, Parmalat fraud case and the serious corporate control implications that accompanied it are having a profound impact on how organizations view their corporate governance and control environments. Directors and senior executives of an organized enterprise are rethinking governance processes with heightened zeal, spurred by massive pressure from lawmakers, regulators, the investment community and legions of unhappy investor.
Within audit circles, external auditors have borne the most heat from the post-Enron and post-Parmalat backlash. But major changes are occurring in risk assurance, corporate governance and internal audit practices, as well – changes with significant import for audit committee members and senior management alike.
Management and/or audit Committee must work to ensure that their organizations have risk management and control resources they need to meet heightened scrutiny of their risk assurance procedures. To this end, they should leverage the potential of their internal audit functions to strengthen corporate assurance.
Serving in the top management is a high-risk activity these days. It is important that organizations fully utilize all available resources to fulfill their assurance responsibilities. Within many enterprises, internal audit represents an untapped resource.
Management or audit Committee needs to actively set and support objectives for internal audit. The performance bar for the function is rising quickly. Although the brightest spotlights have been focused on external audit, the internal audit function needs to be challenged with similar levels of intensity. Internal audit contributes to better governance when it takes a strategic orientation, with the audit committee or management, to address enterprise-wide risk and control issues. To optimize its potential, internal audit must have “a seat at the table.”
To be effective, internal audit groups need to move beyond the tactical to the strategic, aligning their resources in support of audit committee or management objectives.
In providing this much-needed direction, senior executives and directors need to provide a strategic framework for internal audit. The head Internal Auditor should work with senior management or audit committee to articulate the mission and role for the function. They should spell out the needs and expectations of both the audit committee and senior management, especially with respect to the focus and resource allocation needed. They should also ensure that their internal audit staff members understand the importance of their role and the value placed on their activities.
Internal audit departments must have an organizational posture that allows them to operate successfully on strategic issues. The kind of independence needed will require proactive audit committee oversight over the scope, budget and resources identified for the internal audit function, as well as ensuring that operational management does not unduly influence the internal audit function.
The Internal audit is an objective reviewing of performance of operations while keeping themselves away from those directly involved in the enterprise. They not only play their role internally in helping the management or audit committee throughout every year, but also contribute substantially in developing confidence among the shareholders and the management. It creates a climate of confidence with the feeling that the management is exercising better operational and financial controls which should increase public confidence in the credibility and objectivity of financial reporting.
The author, Syed Imtiaz Abbas Hussain is a fellow member of the Institute of Chartered Accountants
of Pakistan. He can be contacted at inahat@cyber.net.pk
