What you need to know:
- To successfully deliver on its function, internal audit must be independent from the responsibilities of management. This allows for objectivity, authority, and credibility.
For any business or organisation, there will always be risks that could ultimately tarnish its reputation, dampen stakeholder confidence or in worst case scenario, sink the organisation/business. Top on any responsible entity’s agenda will, therefore, be managing this risk, through the internal audit function.
“Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes” according to the Institute of Internal Auditors (IIA)’s International Professional Practices Framework (IPPF).
Therefore, in carrying out their work, internal auditors must focus on three areas - risk management, risk control and governance.
Gauging the effectiveness of an internal audit function can be done using a number of yardsticks.
The auditing process must; demonstrate integrity (in words and actions), competence and due professional care; be independent, objective and free from undue influence; align with the strategies, objectives, and risks of the organisation; be appropriately positioned and adequately resourced; demonstrate quality and continuous improvement; provide risk-based assurance; and promote organisational improvement.
The role of auditors has in the past been misconceived. Initially, the perception was that internal auditors had to be accountants. Whereas it is true that accounting knowledge is central, accounting is not the default designation for internal auditors.
Part of the auditor’s mandate is to ensure the organisation’s governance has appropriate structures that facilitate accountability to stakeholders through integrity, leadership, and transparency.
The other role is ensuring the governing body puts appropriate structures and processes in place, for effective governance. The same structures must align organisational objectives and activities with the prioritised interests of stakeholders.
The auditing function also ensures the governing body delegates responsibility and provide resources to management to achieve the objectives of the organisation while ensuring legal, regulatory, and ethical expectations are met across the board.
In so doing, internal audit keeps governance effectiveness in check through the competent application of systematic and disciplined processes, expertise, and insight.
To successfully deliver on its function, internal audit must be independent from the responsibilities of management. This allows for objectivity, authority, and credibility.
However, this independence should not be construed for isolation. Internal auditors ought to have meaningful discussions with management before subsequently reporting issues to the board.
One of the issues that has tainted the image of internal audit is wearing the two ‘hats’ - of a trusted advisor and an investigator. The other issue is that of organisations’ audit ratings and the impact these ratings may have on the appraisal of the individuals being audited.
If they are to deliver on their mandate, auditors must continuously appraise themselves with knowledge and information on the ever-changing risk landscape they are giving assurance on.
After all is said and done, organisations should support their auditors in acquiring the necessary knowledge and skill and demand value in return.
The author, Mr Francis Yiga Banalekaki is the head of audit at KCB Bank Uganda FCCA CIA CPA CFE MBA B.COM