| The changing role of internal audit in Ireland |
Back |
| Gerry Fitzpatrick examines how the increasing emphasis on corporate governance has impacted on the role of internal audit in Irish corporations. |
Corporate failures are becoming characteristic of the new millennium. This new reality challenges our perception and tolerance as stakeholders towards the organisational management of risk. One of the many questions which arises is - how have recent events in the corporate environment impacted the role of internal audit now and in the future? Added to this global dimension, the recent enactment of the Companies (Accounting & Auditing) Act, 2003 puts a new spotlight on Audit Committees and ultimately on the role of internal audit in Ireland.
Two recent surveys - ‘The Deloitte Global Internal audit Survey’ and ‘The Value Agenda’ - a study conducted by the Institute of Internal auditors (IIA), in association with Deloitte, provide perspectives on the changing role of internal audit.
The Value Agenda survey found that the boardroom is encouraging internal audit to be more business-like, with the role and required skills of the internal auditor the subject of much recent discussion, particularly in light of recent corporate governance scandals.
The Deloitte Global Internal audit Survey reports on the outcome of focused discussions with Chief Audit Executives of 28 global financial institutions. Attributes such as size, global presence and market domination were taken into consideration in the process of selecting the institutions.
One consistent theme emerged. The time is ripe for Internal audit to define what they do and can contribute to the organisation. There is an audience ready and open to understanding the value provided. The challenge, however, continues to be how to define and quantify ‘value’. The Deloitte survey explores some of the methodologies and techniques used by the Internal audit functions of financial institutions worldwide to add value to their organisations, along with the challenges that they face in doing so.
The following points summarise the highlights of the research by Deloitte: -
• There is an insatiable demand for assurance - comfort that the organisation is ‘in control’ and that, ‘it could never happen to us’. Internal auditors are planning to increase assurance activities, sometimes at the expense of providing advisory support. The pendulum may be swinging back!
• Audit committee meetings are now longer and more frequent - top of the agenda is independence - including the independence and objectivity of the Internal auditor. In terms of the control environment, the question often is - what is not being audited and why?
• Internal audit’s relationship with the External Auditors will require greater clarity in terms of respective roles and responsibilities.
• Internal audit is aligned with critical risk management functions within the organisation - particularly in terms of philosophy and techniques. While primarily independent structurally, there is strong co-ordination and attempts to leverage efforts.
• Adding value to the organisation - the value that internal audit can provide needs to be articulated when people are listening - in today’s environment there is a receptive audience.
• The current external conditions provide an opportunity for Internal audit to go ‘out on a limb’ and address some of the more contentious areas - such as the control environment. Today, the words ‘ethics, openness and transparency’ factor into all governance discussions. Control environment assessments have increasing important.
• The number one global concern is attraction and retention of quality individuals - . Frequently, external service providers are required to augment needs and to supply specialised expertise on an ad hoc basis. A focus on risk places new skills requirements on internal audit. With a diverse range of requirements, many units find it impractical to recruit and retain a full mix of skills. Internationally, research shows that 20% all of private sector and 30% of public sector internal audit work is outsourced, as the increasing focus on assessment of risk, operational and value for money audits become important elements in balancing the skills mix.
Survey participants predict that Internal audit will focus more on financial reviews and assurance than they have done in the recent past. The implications of accounting policy treatment, increased attention to independence, and a heightened awareness of ‘hot issues’ will all be of interest to stakeholders.
Legislators are attempting to address stakeholder demands for improved management and protection of resources, hoping to regain some measure of capital market stability by imposing stringent requirements. Most notably, these requirements call for increased accountability on behalf of Audit Committees and corporate officers. To whom are these individuals turning for assistance in ensuring that business risks are identified and managed to an acceptable level? The answer is clearly internal audit.
The Deloitte Global Internal audit Survey questioned internal auditors as to the top concerns of their Audit Committees. Their responses include the following issues:
- Proper and adequate financial reporting and disclosure to ensure transparency and integrity;
- The Committee’s ability to fulfil its responsibilities - composition, strength and independence;
- Monitoring of credit risk in light of economic downturns and political instability;
- Auditor independence and monitoring of non-audit fees;
- Rapid entry into non-core markets and processes.
For internal audit, reporting relationships reflect independence. The position of the internal audit function within the organisation is critical to supporting internal audit objectivity and independence. It also allows the internal audit function to operate strategically rather than tactically. Direct reporting to an oversight board - particularly in light of the importance of the organisational culture to the risk and control environment - is the preferred structure.
Challenges facing Internal audit were considered by those surveyed to include:
- Assessment of organisational culture - what is internal audit’s role with respect to formally reporting?
- On the organisation’s culture of control;
- Integrated audits - there is a definite movement towards an integrated business approach to auditing, encompassing both automated and manual controls;
- File interrogation and continuous monitoring activities - continuous monitoring of risk is rapidly gaining acceptance as entity-wide risk management is incorporated into the organisation;
- Performance measurement - audit functions must be continuously measured against best practices and held to the highest standards; and
- Human resources - the ongoing challenges of attracting and retaining top talent are the global number one concern.
For internal auditors the overall conclusion is that the extraordinary political, regulatory and environmental circumstances of the last few years have resulted in internal auditors - once unsung heroes - now being a focal point of their organisations. This is probably the most important period of history for the internal audit profession. The processes and changes that come about may affect the way internal audit departments function for years to come.
For directors and senior managers there are a number of issues you should be considering:
• Are you getting the assurance on control that you need?
• Are your systems efficient and effective?
• If you organisation is not in control who is telling you?
• Have you given sufficient thought to the need for / role of internal audit?
• Are you getting best value from internal audit?
• Should your internal audit have a metric to demonstrate efficiency and value?
• When did you last benchmark the function against other internal audit functions?
• Have you ever done a comparison of an internal versus an outsourced function?
• Are the internal audit and risk management processes aligned?
• Does your internal audit have the appropriate specialised skills - risk assessment, value for money and computer audit skills?
Copies of the surveys are available to be downloaded at www.deloitte.com/ie/risk |
Gerry Fitzpatrick, FCA is an associate member of the Institute of Internal auditors,and a partner in Deloitte, specialising in Enterprise Risk Services.
|
| Article appeared in the February 2004 issue.
|
|
|
