Management must harness the power of the internal audit function and show support as it seeks a higher-level role, say Biraj Pradhan FCCA and Pradeep Karmacharya FCCA
This article was first published in the July/August 2017 international edition of Accounting and Business magazine.
In July, more than 2,500 internal auditors from around the world will converge on Sydney, Australia, for the Institute of Internal Auditors’ international conference, which this year takes the theme ‘L.I.V.E. the Global Experience: Leadership. Innovation. Value. Effectiveness’ – a title that provides a neat summary of how a good internal audit (IA) department pays dividends.
As the complexities of business grow, so the depth and scope of internal auditors’ knowledge of their organisations – from management level to day-to-day operations – becomes an increasingly valuable resource, providing the opportunity for the function to expand beyond compliance and financial reporting responsibilities to the implementation of enterprise risk assessments and a broader focus on business and operational risk.
Internal auditors can save organisations substantial amounts of money and protect their reputation in the marketplace by identifying operating inefficiencies, waste, employee theft, fraud, and cases of non-compliance with laws or regulations. They can keep an eye on the corporate climate and perform a variety of activities such as assessing risks, analysing opportunities, suggesting improvements, promoting ethics, ensuring accuracy of records and financial statements, educating senior management and the board on critical issues, investigating fraud, detecting wasteful spending, raising red flags, recommending stronger controls, and monitoring compliance with rules and regulations.
Good internal auditors are explorers, analysts, problem-solvers, reporters and trusted advisers. They bring integrity and a variety of skills and expertise to the organisation. They come from diverse areas such as finance, operations, IT and engineering. Today’s internal audit professionals are revered for their critical thinking and communication skills, as well as their general IT and industry-specific business knowledge.
There are key times when their expertise, knowledge of controls and broad perspective over the organisation make internal auditors ideal for consulting on a project to ensure that risks are considered and controls are built into a process at the front end – for example, in mergers and acquisitions, or new technology implementation.
Risks are everywhere – from natural disasters, loss of key suppliers, reputation damage, inefficient operations and fraud, to lawsuits, policy violations and theft. It’s the internal auditor’s job to assess the significance of the organisation’s many risks and the effectiveness of risk management efforts, communicate these to management and the board, and develop recommendations.
A bigger role
Taking on the broader role outlined above is not without its challenges. As management teams reach out to do more, so they need to appreciate some of the challenges the IA function is facing. Technological advances have the potential to free up internal auditors for these more valuable, higher-level tasks, and there are four things management should be encouraging the IA team to do to ensure they are best placed to fulfil the bigger role expected of them.
1. Add value. Internal audit must be able to show that it can add value in order to prove its relevance. The expectations of stakeholders are high; boards of directors, audit committee members, regulators and investors are all watching to see how internal audit responds to its growing strategic role, particularly in the area of identifying risk. At the top of the list is the ability to provide greater insights on risk and to help the company to adapt to handle its ever-changing nature. Internal audit needs to be better equipped to provide assurance over regulatory compliance, third-party relationships, cybersecurity, emerging markets and IT governance.
2. Develop a workforce strategy. In order to meet the growing expectations of stakeholders, internal audit needs highly qualified staff with the right skills and qualities. These include business knowledge, analytical abilities, ability to communicate with various parties, integrity, courage, conflict management skills and many more. But there is a shortage of qualified candidates with the unique set of skills required to be successful in the modern internal audit department. As a result, hiring and keeping the right kind of talent is internal audit’s greatest challenge. The department should take a workforce strategy approach to ensure that the required skills are represented across the function.
3. Build trust. Trust and credibility are the foundation of effective internal audit. It takes a long time to build trust but it can be damaged in an instant. To earn trust, internal auditors must be able to offer more insights and foresight to the business. They must be transparent and fair, and ready to take part in more of a two-way communication.
4. Leverage technology. Data analysis is becoming an increasingly important tool for businesses. The need to do a better job at leveraging technology, including using data analytics, is a major challenge for internal audit.
There are undoubtedly challenges for both auditors and organisations in broadening the scope of internal audit. However, with the right investment in skills and technology, there can be winners on both sides.
Biraj Pradhan FCCA is research manager at Kathmandu University, Nepal and a member of ACCA’s International Assembly. Pradeep Karmacharya FCCA is a former banker and management consultant and a member of the ACCA Nepal Advisory Committee
"Internal audit must be able to show that it can add value to the company in order to prove its relevance"