Assurance
Value Add by Internal Audit

Value Add by Internal Audit

In today’s time auditors are much more equipped to identify opportunities for enhancement – as adding value is widely considered an integral part of the internal audit process.

In the recent past, role of internal auditor is being redefined. The new role is broader, more inclusive and sets expectation of adding value by internal auditors to the audited entity when performing their work assignments.

Internal Audit engagements in older days focused on verifying compliance with policies and procedures. There were hardly any suggestions made for improvement in operations or other consultative activities.

The definition of internal auditing describes it as ‘an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations.’

But what does adding value mean, and how do auditors provide it? The scope and method of adding value may vary from entity to entity and assignment to assignment. However, internal auditors make value-added contributions throughout the entire audit process and in almost every aspect of their work.

Unique Positioning of Internal Auditor
Internal auditor is uniquely positioned to deliver effectively on the expectations to provide value addition to the authorized goal and mission of the entity. The uniqueness is displayed by twin traits:

  • Strong understanding of basic concepts and environment; and
  • Multidisciplinary skill set.

Possible Areas of Value Addition

A. Organizational Alignment including HR
Due to the unique positioning, the internal auditor can have a macro level view of the operations performed by different department. Many a times, these operations are not appropriately allocated amongst department to optimize on controls and efficiency.

Internal auditor can very well point out the inefficiencies in the operations and identify need for the alignment. The alignment may enhance control structure in the entity through better segregation of duties to eradicate conflict of interest, strengthening maker – checker controls, enhancing reliability and timeliness of communication and improving monitoring mechanism (with focus on follow up action).  

B. Leveraging Technology to Provide Data Supported Insight
More and more entities are adopting ERP. With the technology available to handle the increased volume of data, there is need for internal auditors also to upgrade skills to handle the data and provide info to management with data. Appropriateness of the management action in response to any audit observation would depend on the degree of deviation / impact in the reported area. There should be neither a knee jerk reaction nor complete ignoring material deviations reported.

While there are many tools available for handling big data, the ideal situation is to leverage on the technology which is being used to store the data. It will reduce cost (of having a parallel system) as well as improve the speed and accuracy of the analysis.

C. Integrated / Sustainability reporting
Sustainability reporting is the disclosure and communication of environmental, social, and governance (ESG) goals—as well as a company’s progress towards them. It involves not only report generation from collected data but also internalizing and improving an organization’s commitment to sustainable development in a way that can be demonstrated to both internal and external stakeholders.

Internal auditor can help organizations in improving their sustainability performance by measuring, monitoring and reporting on it – timely and accurately. Based on the internal audit report, the management may strengthen efforts in making a positive impact on society, the economy, and a sustainable future.

Internal auditor’s understanding of the Global Reporting Initiative – Sustainability Reporting Guidelines would help in assessing entity’s sustainability performance and disclose the results in a similar way to financial reporting.

D. Performance Auditing
Performance audit entails an independent examination of any activity / operation or management systems and procedures of any governmental or non-profit entity to assess whether the entity is achieving economy, efficiency and effectiveness in utilization of allocated resources.

Performance audit scope normally includes identification of fraud, waste and abuse, although in most cases these are not documented as official scope. Through performance audit report, internal auditors shall provide new information, analysis or insights and, where appropriate, recommendations for improvement.

E. Risk Management
Internal auditor – while discharging the responsibilities in both its assurance and its consulting roles – contributes to risk management in various ways.

Internal auditors will normally provide assurances on three areas:

  • Risk management processes, both their design and how well they are working;
  • Management of those risks classified as ‘key’, including the effectiveness of the controls and other responses to them; and
  • Reliable and appropriate assessment of risks and reporting of risk and control status.

Some of the consulting roles that the internal audit activity may undertake are:

  • Making available to management tools and techniques used by internal auditing to analyze risks and controls;
  • Being a champion for introducing ERM into the organization, leveraging its expertise in risk management and control and its overall knowledge of the organization;
  • Providing advice, facilitating workshops, coaching the organization on risk and control and promoting the development of a common language, framework and understanding;
  • Acting as the central point for coordinating, monitoring and reporting on risks; and
  • Supporting managers as they work to identify the best way to mitigate a risk.

F. Advice and Assist on Control Issues
Logical extension of risk management is control only. Two most important ways that internal auditing provides value to the organization are in providing objective assurance that:

  • Assessing whether there are adequate controls to appropriately manage major business risks; and
  • The risk management and internal control framework is operating effectively.

Internal Auditor is reasonably placed to guide management on the suitable controls to be put in place especially on the compliance part. A rigorous action taken monitoring mechanism would help in fixing the gap in control implementation.

Steps in Add Value by Internal Auditor
Six steps to transform internal audit process into a methodology to enhance business value:

  1. Establish a robust monitoring process – whereby higher risk business units are reviewed and communicated with at least quarterly. This will help the internal auditor timely identification of emerging risks, monitor key risk indicators, and raise issues earlier to drive cost savings.
  2. Continuously update risk assessments – Make risk assessments ‘living’ documents that are updated based on events to stay relevant throughout the year. This helps in keeping the audit plan up to date and reflects the risks the organization faces.
  3. Make training a priority – both classroom lecture and practical experience. Spending time with business units outside the audit process to observe the business processes makes possible learning the nuances of the business which allows: (a) Build relationships that help develop credibility and learn the context of the business so they can raise impactful, relevant and credible issues. Eventually, an auditor looking at the operations empathetically would be viewed as a ‘trusted advisor’.
  4. Promote collaboration with business stakeholders – to help harmonize the audit process, build consensus on issues and positively impact the control environment.  Failure to meet stakeholder expectations relegates an audit to something the business unit has to endure.
  5. Forge relationships to build credibility – ability to impact control environments and raise issues revolves around their credibility. When auditors effectively build relationships, the audit process becomes less contentious and more cooperative, efficient and effective.
  6. Enhance audit committee reporting – finally internal auditor can add value in the board room through audit committee reporting.

You might also be interested in : Consultancy Firm in India | Audit Firms in India | GST Consulting