OPIMUM UTILISATION OF THE INTERNAL AUDIT ACTIVITY

OPIMUM UTILISATION OF THE INTERNAL AUDIT ACTIVITY

Internal auditing evolved to satisfy the management needs, and the most effective audit activities keep management and organizational objectives at the forefront of their own planning and activities. Audit goals are aligned with those of management so that internal auditors position themselves to produce the highest possible value in areas that management regards as most crucial to organizational success.

Internal auditing’s contributions have become particularly important as business and government have become huge, complex systems. It is impossible for executives to monitor all activities for which they are responsible. Yet the fact remains that the uninspected inevitably deteriorates. Unmonitored activities will most certainly loss their efficiency and their effectiveness. It has been said that the best fertilizer for the soil is the shadow of the owner, but for many activities the shadow is woefully short. The owners need surrogates who think like them and can be relied upon completely and utterly. In many cases that surrogate is the management-oriented internal auditor.

Unfortunately, some managers are unaware of the benefits awaiting them at their own doorsteps. Often the internal auditors themselves have not educated management to those benefits. Yet most internal audits activities are equipped to perform much more than financial verifications. You find that some internal audit departments are staffed with Certified Public Accountants, Certified Internal Auditors, Economists, attorneys, Mathematician etc.  Thus their scope of expertise could encompass most management problems. In such situations the internal auditing department is wel qualified to assist management in:

Monitoring activities top management cannot itself monitor. The annual audit plans are usually presented to executive management and the board and are adjusted according to shifts in organizational strategies and the needs and wishes of senior management. Besides, the chief audit executive make certain time and resources are available for audits that cannot be expected or projected when the annual plan is created. In volatile business environments, such audits become more and more common as internal auditors respond to management needs and concerns that surfaces quickly.

Identifying and minimizing risks. Internal auditors are  broadening  their perception of risk management and expanding their efforts to assure management that organizational risks of all types are being properly evaluated and addressed.

Validating reports to senior management. Senior managers typically make their decisions on the basis of reports they receive. Accurate, timely reports are more likely to produce knowledgeable decisions. Some audit activities make lists of such executive reports and reference them to scheduled audits. When such audits are made, the auditors review the reports for accuracy, timeliness, and meaningfulness. Management decisions are then likely to be valid.

Protecting management in technical fields. Technology has had a tremendous impact on what and how auditing is performed. Modern internal auditors must know how data originates, how it is processed, and where the security risks lie. All internal auditors need at least some level of technical expertise. Security of data has become one of the greatest risks faced by modern organizations.

Helping in the decision making process. Managers, not internal auditors, make operating decisions. But internal auditors can supply or validate the data on which those decisions are made. Also, they can evaluate the effect of decisions made and point out risks that were not anticipated.

Reviewing for future –not just for past. Internal auditors can help assess policies or programs still in the design phase, the implementation of a policy or program, and the actual results achieved by a policy or program. Also, internal auditors now appraise controls over proposed information systems before implementation, thereby helping to avoid the enormous costs of trying to correct defects after the fact. Most internal auditors acknowledge that audits of the present and future have become far more valuable to management than audits of the past.

Helping managers manage. Managers who are not in control of their activities develop problems. The internal auditors generally find the problems and suggest corrections. However, those corrections can either be quick fixes or they can reach the roots of the problems and improve management as well. Therefore, internal auditors can identify the problems at the various stages of management, thus planning problems, organizing problem, directing problem and controlling problem. When internal auditors identify the basic management principle violated, the corrective action will be effective. And, more importantly, the management of the unit will be improved.

Some people have often misunderstood or failed to distinguish internal auditing from external auditing. An attempt to distinguish the two is provided in the table below.

KET FACTORS THAT DISTINGUISH AND DIFFERENTIATE INTERNAL AUDIT AND EXTERNAL AUDITING

IN REGARDS TO INTERNAL AUDITING EXTERNAL AUDITING

1.FOCUS Provides financial, operational, assurance, consultative, governance, computer and fraud related services. Primarily attests to financial statements and internal control.

2.MANAGEMENT Reports  to executive management administratively.Builts relations throughout the organization to ensure concerns are identified and resolved in a timely manner. Primarily reports to the audit committee on financial and internal control.

3.AUDIT COMMITTEE Reports directly to the audit committee. Provides opinions on the organisation’s business risks, financial statements,system of internal control, and level of compliance with laws, regulations, and policies. Attests to the audit committee the accuracy of the financial reports and attests to management’s assessment of internal controls over financial reporting. Provides updates on pending accounting pronouncements and their potential impact on the organisation

4. STANDARDS Follow the international professional practices Framework, which contains the definition of the internal auditing, the code of Ethics, the  IIA’S International Standards for the Professional Practice of Internal Auditing, and Practice Advisories. Is governed by appropriate accounting and auditing standards.

5.APPROACH Customizes approaches to best meet individual assignment objectives. Customises financial audits approaches to best meet individual assignment objectives.

6. INDEPENDENCE Demonstrates organizational independence and objectivity in work approach, but is not independent of the organization. ( is independent of the activity audited, but is integral to the organization.) Is independent of the organization.

7.RESULTS Identifies problems, makes recommendations, and helps facilitate resolutions Meets statutory requirements and provides necessary adjustments to meet financial accuracy.

8.CONTROL Provides assurance that the financial and operational systems of internal control are effective and adequate; and that systems of internal control of each activity of the organization (including control over financial reporting) are adequately designed, and efficient. May assist in documenting internal controls, testing internal controls, and / or providing input to management with respect to drawing conclusions on design and operating effectiveness. Identifies risks and assesses controls over financial reporting for audit planning purposes. Audit planning results in documentation of linkage of the identified audit risk and the evaluation of internal control. The linkage  is accomplished by assessing the risk of material misstatement in each financial statement  caption and designing audit procedures to address this risk. Audits the work of management and the representations involved and completes an attestation report to reliability , accuracy and compliance with legal requirements.

9.RISK Identifies and qualifies key business risks to estimate probability of occurrence and impact on business. Makes appropriate recommendations as a result of the risk assess ent. Identifies Key transactions and exposures for financial statement.

10.FRAUD Includes fraud detection steps in audit programmes. Investigates the allegations of fraud. Review fraud  prevention controls and detection processes put in place by management and makes recommendations for improvements Includes fraud detection steps in audit plan. Gathers information necessary to identify risks of material misstatement due to fraud by inquiring of management and others within the entity about the risk of fraud.

Considers fraud risk factors, analytical procedures, and substantive testing in planning and field work phases.

11.RECOMMENDATIONS Communicates recommendations for corrective action to management in the audit reports. Communicates recommendations for corrective action through management letter.

12.FOLLOWUP Follow up through with customers to ensure work is sufficient to achieve problem resolution. Limits follow up primarily to financial areas.

I hope that this paper will enable the reader to appreciate the value addition of internal auditing and if involved in management of an organization with an internal audit function be an active advocate for internal auditing in that organization.

THANK YOU

DUKU HENRY

CPA, CIA

PARTNER, DUHEN ASSOCIATES, AND

FORMER CHIEF INTERNAL AUDITOR, KYAMBOGO UNIVERSITY