The value of the Internal Audit function is becoming increasingly critical to the strong corporate governance, risk management, effective internal control, and efficient operations of any organisation. As per the IIA, “at its simplest, internal auditing involves identifying the risks that could keep an organization from achieving its goals, making sure the organization’s leaders know about these risks, and proactively recommending improvements to help reduce the risks”. It is a common fallacy that the Internal Audit function exists to pick holes in management’s operations. However, this is not at all the case. There are so many reasons to regard audit as a partner in your management operations. Here are four ways that the auditors can add value:
A good auditor will come equipped with cross-disciplinary skills, allowing him/her to add tangible value out of the audit work. Auditors are valued for their critical thinking and communication skills, which coupled with broad organisational knowledge allows them to provide valuable insight. An audit staff compliment usually contains experts such as engineers, accountants and IT professionals, most of whom will be certified appropriately to perform an audit (e.g. CIA, CISA). The best auditors also bring to the table the ability to perform complex data-analysis to solve business problems that others in the organisation do not have the skills to master. Furthermore, any recommendations / findings that are raised by an auditor will be objective and independent. An effective organisation will see its managers partnering with the auditors, leveraging these skills to more effective operations.
Typically, an audit division’s departmental structure aligns closely with the organisational structure of the company. This means that audit managers are assigned to specific lines of business where an in-depth knowledge of business-unit activities is developed over time. Relationships with those in charge of the various business-units are also developed which facilitate regular meetings with the business-unit managers. During these meetings, an auditor will query changes in the business unit’s operations that may expose new risks, share best practices that have been identified in other business units / areas, and discuss common control weaknesses discovered in other departments. These meetings not only build relationships, but also keep the auditors in touch with the organization’s changing risk profile. It is not uncommon to find top auditors included in major oversight committees, process design / redesign teams, and task forces. Their role on these teams is to ask crucial questions about risk and contribute their knowledge of controls.
Top class audit departments are no longer carrying out their audits using manual processes. The technology era has allowed auditors to carry out their audits using electronic systems, enabling results from audits conducted to be analysed over time and trends of data to be presented. As an example, trends can be pulled based on the following: – Top findings by business process over time – Root causes of findings by process by region / area – Significant recurring findings over time – Top audit risks raised as a result of audit findings – Open and overdue action plans linked to significant findings – Follow-up status of audit findings Top audit systems are enabling this kind of data to be more easily accessible and understandable. The image below shows a graphical dashboard demonstrating top root causes of findings over multiple audits and locations. It is clear from the dashboard that “Inadequate Skills” is the top root-cause of the findings raised.
Selecting “Inadequate Skills” then highlights the frequency of the findings linked by business unit and process. In the example below, it is clear that the Credit Review in the Burgundy business unit is the top culprit of the root-cause “Inadequate skills” in the organisation.
To view examples of these interactive dashboards in BarnOwl, click here: http://www.barnowl.co.za/solutions/business-intelligence/ Having access to this kind of data seriously elevates the value that an audit team can provide management.
Auditors are able to improve the business processes around Risk Management, Control and Governance processes by using their quantitative skills and risk knowledge. An auditor’s knowledge of assessing controls and ability to identify key risks, along with the business processes surrounding this can be leveraged by Management together with Risk Management, to enhance the business processes in these areas. For more information on the BarnOwl audit module please see: http://www.barnowl.co.za/solutions/audit/
Download our Internal Audit Software Buyer’s Guide which highlights key areas to consider when determining which internal audit software solution to purchase,