Unfortunately, internal audit was under-estimated and neglected in the past. The entrepreneurs could not realise the potential and organisational values of an internal audit, to the organisation. As a result, they suffered a lot tangibly and intangibly.
Interestingly a majority of enterprises, government employees, financial institutional employees, students, general public and other stakeholders of an organisation do not know much about internal audit and a few confined the work of an internal audit to the checking of payment vouchers only.
That is why internal audit could not shine and remains under shadowed as an untapped resource, and has not achieved the status of an indispensable tool of business.
Right from the first day of the start of a business, an entrepreneur wishes to protect his resources from wastage's; leakage's, hazards and wants to use his resources economically, efficiently and effectively, but he is never encouraged to take the services of an internal audit and expects the finance and accounting staff to do this job.
A few enterprises have an established internal audit department, in their organisation, to achieve the above objectives, but when they could not get the intended results they become disappointed and treated it as step-unproductive-department.
Surprisingly, instead of knowing the causes of its failure, the entrepreneur blames the functions of an internal audit.
Frankly speaking, an internal auditor could not deliver the goods in a way he should, because the entrepreneur confined the internal audit to the following:
-- Instead of establishing an independent and separate department of internal audit, they engaged a few people to deliver the function of an internal audit with a high level of expectation.
-- To save costs, they engaged non-technical, incompetent and immature staff. As a result the internal audit could not deliver the desired goods and add value to the organisation.
-- Restricting the scope and functions of an internal audit to only the detection of fraud and error. As a result, internal auditors could not give meaningful and effective reports to the management and as a result they failed to establish that their services are valuable and beneficial to the organisation.
-- Internal auditor was required to report to every manager of the organisation, due to status problem. He rarely had access to the chief executive, as a result, their reports were ineffective and meaningless.
-- Expected a physical check and control of the organisational activities from the internal auditor. As a result, always wanted the internal auditors to be on the field. This management attitude made the internal auditors like a ping pong ball of table tennis and crippled them in accomplishing their functions. Internal audit is effective only by system controls while the physical controls are auxiliary to system controls.
-- Internal auditors never had the support, encouragement and protection from the top management.
-- Many enterprises expect the internal auditor to do other jobs in addition to internal auditing, as they believe, that internal auditors know much more about the organisation then anyone else in the organisation. Ultimately the internal auditors loose track and fail to deliver goods on both sides and become unproductive.
To reap the multidimensional benefits of internal audit, the enterprise will have to make their internal audit effective.
EFFECTIVENESS: The effectiveness of an internal audit function is affected by the following factors:
-- Good governance begins at the top. Internal auditing can contribute most effectively when there is a management or audit committee who ensures complete objectivity in all audit work. Independent and pressure-free status for the internal audit department is vital to carry out its function meaningfully.
-- Internal audit should report to the highest level of management or audit committee and should not, in any case, report to other executives. The head of internal audit also should have direct access to the management or audit committee and report regularly to that body. The management should give priority to and act on internal audit recommendations and this should be properly evidenced.
-- Internal auditor should devote exclusive attention to the auditing function and not be given responsibility for operating or supervising a particular accounting system or department. This is how an internal audit team will be in a better position to make an effective and professional report to the management, on all aspects of the business activities, without any fear or favour or prejudice.
-- There should be no constraints or restrictions placed on the internal audit by the management and it is better that the responsibilities of internal auditors, in the organisation, be clearly established by the management. It should not have limitations to its scope and should allow them to cover any phase, areas, subject matter or activities for this purpose, and, therefore, should have unrestricted access to documents, files, manuals, systems, operations, information, records, staff and physical properties, relevant to the audit process.
-- The management or audit committee should determine the size of an internal audit and its place in the enterprise, so that quality of performance, in the assigned duties, be ensured.
-- The internal auditors will need to be free to communicate fully with the external auditors.
-- Internal auditors ought to be among the more talented individuals in the organisation. To attain specialised skills or broader coverage, management or the audit committee should not hesitate to call on outside resources.
Above all, internal audit needs top-level personnel, preferably persons having adequate technical training and proficiency as internal auditors, who must have the skills to be promoted to executive levels of the organisation.
For specialised work, the function needs either internal staff or access to outside personnel who can address risks associated with such key areas as information technology, financial instruments or off-shore operations.
Also, internal audit needs sufficient resources to conduct a systematic and timely review of the risks and controls needed to provide assurance to top management.
-- There should be well defined policies and practices for hiring, training, evaluation and supervision, keeping in view their required experience and professional qualifications.
The internal auditor should have the qualities of adaptability, an enquiring mind, analytical ability, business judgement, be highly articulate, methodical, and have acquired sufficient maturity and an eagle's eye to see where and why things can go wrong.
The growing use of external certification systems for issue, such as ISO 9000, ISO 14000 etc, may require other members of the staff to have responsibility for the continuous review of those systems.
-- Trained internal audit staff is a must to deliver effective internal audit goods. The staff development plan should be responsive to both organisational and individual needs and continuing education should be an integral part of the department.
The development process should includes regular staff meeting, make available to the staff, professional journals, in-house guidelines material and reference library etc and allow staff to attend seminars, workshops etc, organised by professional bodies.
-- The work of internal audit should be properly planned, supervised, reviewed and documented. There should be adequate audit manuals, work programs and working papers.
-- The management or audit committee should ensure that the internal audit function has adequate resources.
Enterprise with the effective internal audit department can get multi-dimensional benefits, tangible and intangible, and, as a result, can have competitive advantage.
NEEDS, BENEFITS AND ORGANISATION VALUES: Due to the exploration of multidimensional benefits of an internal audit, the Internal audit role is now more demanding than ever before, as it is being managed by professionals who have the potential to add value to the enterprise.
Its role goes beyond financial policies, fault finding or petty book-keeping and now includes; ensuring that the corporate policies, systems and procedures are implemented, with the objective of optimising the use of all capabilities and resources of the enterprise.
THE NEED OF INTERNAL AUDIT ALSO EMERGES DUE TO:
1. Increase in size of business.
2. The basic function of internal audit is usually performed by the Finance and Accounts department of an enterprise, at the time of execution of transactions, but it is now humanly not possible due to the volume, complexity and complications of business transactions, specialisation in all segments of accounts and finance includes IASs, ISAs, income tax, sales tax, labour laws and other legislatures.
3. Use of computers for data processing tends to mean that individual scrutiny and supervision of transactions no longer occurs.
4. Increased sophistication of management techniques requires more accurate management accounts and reports.
5. Legal requirement under the code of corporate governance is to have an internal audit department for listed companies.
6. The execution of terms of reference for an audit committee under the code of corporate governance is not possible without the help of a professionally managed internal audit.
7. Companies Ordinance 1984 makes management responsible for the establishment of an adequate accounting and internal control system, which demands proper attention on a continuous basis.
Internal auditing is ordinarily assigned specific responsibility, by the management, for the review of these systems, monitoring their operation, and recommending improvements thereto.
8. Stringent compliance requirements under Income Tax, Sales tax, Companies Ordinance, Listing Regulations of Stock exchanges, Labour Laws etc with severe penalties and punishments forced enterprises to establish internal audit and
9. Economies, efficiencies and effectiveness of operations are a dire need to meet the challenges of World Trade Organisation Regime etc.
The effective internal audit can contribute to the enterprise in the following diversified ways and thereby give tangible and intangible substantial benefits, including saving from penalties and punishments:
-- The establishment of adequate accounting and internal control systems is a responsibility of the management which demands proper attention on a continuous basis.
Internal audit is ordinarily assigned specific responsibility by the management for reviewing these systems, monitoring their operation, and recommending improvements thereto.
Through this function, the internal audit fulfils the legal requirements of the Companies Ordinance 1984, Code of Corporate Governance, International Accounting Standard, International Standards on Auditing etc.
-- With respect to internal controls, the role of internal auditing is, in general, the verification of, and reporting to the appropriate level of management, compliance of actual accounting and record-keeping procedures with enterprise policies, with accuracy and completeness, ensuring timely preparation of reliable and relevant financial information for use in sound decision making, better and efficient management of assets and other resources, safeguarding all resources and revenue from risk and losses, location of errors and irregularities, and detection and prevention of fraud.
-- Examination of financial and operating information by internal auditors may include review of the means used to identify, measure, classify and report such information and specific inquiry into individual items, including detailed testing of transactions, balances and procedures.
-- Internal audit helps to build an internal control at reasonable cost by constantly reviewing systems and operations for improving effectiveness of managerial policies and practices and to do away with those which do not contribute to better management.
-- Internal audit assists in the pursuit of value of money by reviewing operations from the point of view of economy, efficiency and effectiveness, including the non-financial controls of an enterprise. It finds the causes of inefficiency and uneconomic working and identifies opportunities for improved efficiency and effectiveness.
-- Internal audit also reviews operations and programs to ascertain whether the results are consistent with established objectives and goals, as defined in vision and mission statement, whether the operations or programs are being carried out as planned and whether the goals or programs themselves need to be revised in view of the changed circumstances and report it to the management accordingly.
-- Review of compliance with laws, regulations and other external requirements and with management policies, plans, procedures and directives and other internal requirements.
-- Nevertheless some of the means of achieving their respective objectives are often similar and thus certain aspects of internal auditing may be useful in determining the nature, timing and extent of external audit procedures.
-- Internal audit function is also to understand the major issues facing the organisation from time to time and to advise management about them and to help resolve them. At the same time, it leads to positive assurance when controls are operating satisfactorily, and also gives early notice of potential problems, with which management can take remedial measures much before the damage is done.
-- Internal audit identifies control breakdowns, absence of control, weaknesses of control etc and suggests remedial action.
-- Internal audit examines all management information statements (MIS) and data for its adequacy, necessity and quality.
-- Internal audit reviews data security systems in EDP and also reviews adequacy of procedures to recover data from a disaster without significant disruption of business operations.
-- Internal audit reviews effective and efficient utilisation of the enterprise's computer resources and does an advance review of computer based application before installation.
-- The work of internal audit is beneficial for risk management as well.
-- Internal audit assists the audit committee in the execution of terms of reference, as defined under the code of corporate governance.
Enron's collapse, World Com scandal, Parmalat fraud case and the serious corporate control implications that accompanied them are having profound impact on how organisations view corporate governance and how they control their environments. Directors and senior executives of an organised enterprise are rethinking governance processes with heightened zeal, spurred by massive pressure from lawmakers, regulators, the investment community and legions of unhappy investors
Within audit circles, external auditors have borne the most heat from the post-Enron and post-Parmalat backlash. But major changes are occurring in risk assurance, corporate governance and internal audit practices as well - changes with significant import for audit committee members and senior management alike.
Management or audit committee must work to ensure that their organisations have the risk management and control resources they need to meet heightened scrutiny of their risk assurance procedures.
To this end, leverage the potential of their internal audit functions to strengthen corporate assurance.
Serving as a top management is a high-risk activity these days. It is important that organisations fully utilise all available resources to fulfil their assurance responsibilities.
Within many enterprises, internal audit represents an untapped resource. Management or audit Committee need to actively set and support objectives for internal audit.
The performance bar for the function is rising quickly. Although the brightest spotlights have been focused on external audit, the internal audit function needs to be challenged with similar levels of intensity.
Internal audit contributes to better governance when it takes a strategic orientation, with the audit committee or management, to address enterprise-wide risk and control issues. To optimise its potential, internal audit must have "a seat at the table."
To be effective, internal audit groups need to move beyond the tactical to the strategic, aligning their resources in support of audit committee or management objectives.
In providing this much-needed direction, senior executives and directors need to provide a strategic framework for internal audit.
The head Internal Auditor should work with senior management or audit committee to articulate the mission and role for the function.
Spell out the needs and expectations of both the audit committee and senior management, especially with respect to the focus and resource allocation needed.
Then, make sure your internal audit staff members understand the importance of their role and the value placed on their activities.
Internal audit departments must have an organisational posture that allows them to operate successfully on strategic issues.
The kind of independence needed will require proactive audit committee oversight over the scope, budget and resources identified for the internal audit function, as well as ensuring that operational management does not unduly influence the internal audit function.
The Internal audit is an objective reviewing of performance of operations keeping themselves away from those directly involved in the enterprise.
They not only play their role internally in helping the management or audit committee throughout, every year, but also contribute substantially in developing confidence among the shareholders and the management.
It creates a climate of confidence, with the feeling that the management is exercising better operational and financial control, which should increase public confidence in the credibility and objectivity of financial reporting.
Comments
Comments are closed.