May is In­ter­na­tional In­ter­nal Au­dit awareness month

The Herald (Zimbabwe) - - Business -

A chang­ing world

ONE does not have to sit in the board­room or oc­cupy the CEO's chair to recog­nise the rapid-fire changes go­ing on in to­day's busi­ness arena. News out­lets reg­u­larly re­port on cor­po­rate scan­dals and frauds, pri­vacy in­va­sions, com­pro­mised ethics, and gover­nance lapses. These events and the re­sult­ing laws and reg­u­la­tions, cou­pled with elec­tronic com­merce and other in­for­ma­tion tech­nol­ogy break­throughs; merg­ers, ac­qui­si­tions, and other or­gan­i­sa­tional re­struc­tur­ing; and issues re­lated to the global mar­ket­place all sug­gest that things are likely to get even more chaotic.

Thought lead­ers in the busi­ness com­mu­nity fore­cast still more changes and in­creased or­gan­i­sa­tional risks:

◆ In­creas­ing lit­i­ga­tion, leg­is­la­tion, and reg­u­la­tions will carry im­por­tant com­pli­ance im­pli­ca­tions;

◆ In­for­ma­tion se­cu­rity man­age­ment for crit­i­cal in­fra­struc­ture ar­eas such as fi­nan­cial ser­vices, trans­porta­tion, telecom­mu­ni­ca­tion, defence, util­i­ties, and fuel will con­tinue to re­quire in­di­vid­ual and col­lec­tive busi­ness com­mit­ment, plan­ning, and in­ter­ven­tion;

◆ Con­tin­u­ing glob­al­i­sa­tion will in­crease the com­plex­ity of prin­ci­ples, reg­u­la­tions, and the cul­tures in which or­gan­i­sa­tions op­er­ate;

◆ Ever-grow­ing com­pe­ti­tion will put even more pres­sure on or­ga­ni­za­tions to in­crease pro­duc­tiv­ity;

◆ Reengi­neer­ing, dereg­u­la­tion, and other change-re­lated ac­tiv­i­ties will break down tra­di­tional hi­er­ar­chi­cal struc­tures and change or­gan­i­sa­tional re­port­ing re­la­tion­ships and man­age­ment re­spon­si­bil­i­ties.

Each of these phe­nom­ena sug­gests new de­mands, chal­lenges, and op­por­tu­ni­ties for man­age­ment and the board. And each one also points to the ne­ces­sity for com­pe­tent in­ter­nal au­dit­ing.

To­day, more than ever, in­ter­nal au­dit­ing is crit­i­cal to strong cor­po­rate gover­nance, risk man­age­ment, ef­fec­tive in­ter­nal con­trol, and ef­fi­cient op­er­a­tions.

What is in­ter­nal au­dit­ing?

In­ter­nal au­dit­ing is an in­de­pen­dent, ob­jec­tive, as­sur­ance and con­sult­ing ac­tiv­ity that adds value to and im­proves an or­gan­i­sa­tion's op­er­a­tions. It helps an or­gan­i­sa­tion ac­com­plish its ob­jec­tives by bring­ing a sys­tem­atic, dis­ci­plined ap­proach to eval­u­ate and im­prove the ef­fec­tive­ness of risk man­age­ment, con­trol, and gover­nance pro­cesses.

The in­ter­nal au­dit ac­tiv­ity pro­vides as­sur­ance to man­age­ment and the au­dit com­mit­tee that risks to the or­gan­i­sa­tion are un­der­stood and man­aged ap­pro­pri­ately, and serves as an in-house con­sul­tant on many ar­eas of in­ter­est.

Ev­ery or­gan­i­sa­tion, re­gard­less of its size, should have some type of in­ter­nal con­trol sys­tem or process in place. The In­sti­tute of In­ter­nal Au­di­tors (IIA) be­lieves that an or­gan­i­sa­tion is best served by a fully re­sourced and pro­fes­sion­ally com­pe­tent in­ter­nal au­dit staff that pro­vides value-added ser­vices crit­i­cal to ef­fi­cient and ef­fec­tive or­gan­i­sa­tional man­age­ment.

In­ter­nal au­dit prac­ti­tion­ers are charged with as­sist­ing the or­gan­i­sa­tion in the ef­fec­tive dis­charge of re­spon­si­bil­i­ties, pro­mot­ing the es­tab­lish­ment of cost-ef­fec­tive con­trols, as­sess­ing risks, and rec­om­mend­ing mea­sures to mit­i­gate those risks.

An in­te­gral part of the man­age­ment team, in­ter­nal au­di­tors fur­nish top man­age­ment with analy­ses, ap­praisals, coun­sel, and in­for­ma­tion on the ac­tiv­i­ties they review. They also mon­i­tor or­gan­i­sa­tional ethics.

Eval­u­at­ing emerg­ing tech­nolo­gies, analysing op­por­tu­ni­ties, as­sess­ing qual­ity, econ­omy, and ef­fi­ciency, and pro­vid­ing ac­cu­rate and timely com­mu­ni­ca­tion are just some of the ac­tiv­i­ties in­ter­nal au­di­tors con­duct on a daily ba­sis.

The com­pre­hen­sive scope of their re­spon­si­bil­i­ties pro­vides them with a broad perspective on the or­gan­i­sa­tion. And that, in turn, makes them a valu­able re­source to ex­ec­u­tive man­age­ment and the board of di­rec­tors in ac­com­plish­ing over­all goals and ob­jec­tives, as well as strength­en­ing in­ter­nal con­trol and gover­nance.

This might be a lot to ask from one or­gan­i­sa­tional re­source, but for in­ter­nal au­di­tors — it's all in a day's work.

In­ter­nal au­dit in part­ner­ship with man­age­ment

When in­ter­nal au­dit­ing is ac­cepted and ac­knowl­edged by an or­gan­i­sa­tion's lead­ers as a man­age­ment ac­tiv­ity, in­ter­nal au­di­tors can ful­fil their most fun­da­men­tal role — sup­port­ing man­age­ment and the board in achiev­ing or­gan­i­sa­tional ob­jec­tives.

And com­pe­tent in­ter­nal au­dit pro­fes­sion­als bring to the ta­ble ob­jec­tiv­ity, in­tegrity, ex­per­tise in com­mu­ni­ca­tion, the abil­ity to iden­tify en­ter­prise wide risks, and the skill to as­sess the ef­fec­tive­ness of con­trols put in place by man­age­ment to mit­i­gate those risks.

As part­ners to man­age­ment, in­ter­nal au­di­tors are po­si­tioned to help pro­tect the or­gan­i­sa­tion against both tra­di­tional and emerg­ing risks; pro­vide con­sul­ta­tion about how op­por­tu­ni­ties and vul­ner­a­bil­i­ties can be bal­anced; and make valu­able recommendations for as­sess­ing and strength­en­ing cor­po­rate gover­nance.

The in­ter­nal au­di­tors' broad un­der­stand­ing of the or­gan­i­sa­tion and its cul­ture pre­pares them for ef­fec­tively mon­i­tor­ing risks as­so­ci­ated with new busi­ness lines; merg­ers, ac­qui­si­tions, joint ven­tures and other part­ner­ships; new sys­tems de­ploy­ments; re­struc­tur­ing; man­age­ment es­ti­mates, bud­gets, and fore­casts; en­vi­ron­men­tal issues; and reg­u­la­tory com­pli­ance.

“Be­cause we are in a dy­namic en­vi­ron­ment - we've got new peo­ple, new tech­nol­ogy, a new mar­ket­place, new com­peti­tors, and a new reg­u­la­tion we need to be very vigilant about the fun­da­men­tals of this busi­ness. And that's a role cor­po­rate au­dit­ing plays . . . the abil­ity to col­lect in­for­ma­tion and im­part that knowl­edge on pro­cesses as well as con­trol issues and to do it con­stantly through all of this change.

It's easy to see how incredibly im­por­tant that is to the fun­da­men­tal sta­bil­ity of this busi­ness” (Bel­lSouth Corporation Chair­man and Chief Ex­ec­u­tive Of­fi­cer, Duane Ack­er­man).

Of in­creas­ing con­cern to man­age­ment to­day are the risks as­so­ci­ated with in­for­ma­tion tech­nol­ogy and the con­trol and au­ditabil­ity spec­i­fi­ca­tions of new sys­tems. In­ter­nal au­di­tors' in­de­pen­dent review of in­for­ma­tion sys­tems and other high-tech projects can help en­sure a con­trolled and re­li­able IT en­vi­ron­ment.

Their con­sult­ing ser­vices add value to the de­ci­sion-mak­ing process when man­age­ment must con­sider the cost and ben­e­fit trade-off of IT con­trol im­ple­men­ta­tion.

Vi­tal to gover­nance

In­ter­nal au­di­tors' di­verse ca­pa­bil­i­ties bring tremen­dous value to the board and the au­dit com­mit­tee in their cor­po­rate gover­nance re­spon­si­bil­i­ties and risk man­age­ment over­sight. To­day's au­dit com­mit­tees must deal with com­plex and di­verse issues and ever-in­creas­ing re­spon­si­bil­i­ties. Au­dit com­mit­tees are be­ing asked to mon­i­tor such ar­eas as: man­age­ment's as­sess­ment of in­ter­nal con­trols over fi­nan­cial re­port­ing; eth­i­cal com­plaint hot­lines; en­ter­prise-wide risk man­age­ment; and gover­nance re­views, to name a few. It is crit­i­cal, there­fore, that in­ter­nal au­di­tors ap­ply risk-based au­dit ap­proaches to the or­gan­i­sa­tion's in­ter­nal con­trol sys­tem and pro­vide com­pre­hen­sive re­ports to the au­dit com­mit­tee.

The risk-based ap­proach to­ward au­dit­ing is man­dated by The IIA's In­ter­na­tional Stan­dards for the Pro­fes­sional Prac­tice of In­ter­nal Au­dit­ing (Stan­dards) and is the only way to en­sure that the pri­or­i­ties of the in­ter­nal au­dit ac­tiv­ity are con­sis­tent with the or­gan­i­sa­tion's goals. Such an ap­proach pro­vides in­ter­nal au­di­tors with the op­por­tu­nity to be­come in­ti­mately knowl­edge­able of the or­gan­i­sa­tion's risk appetite and tol­er­ance al­low­ing them to tar­get high-im­pact ar­eas, ap­pro­pri­ately al­lo­cate scarce re­sources, and be well po­si­tioned to ad­vise man­age­ment on vul­ner­a­bil­i­ties and cor­rec­tive ac­tions.

As part of its over­sight re­spon­si­bil­i­ties, the au­dit com­mit­tee should:

◆ Review and con­cur the chief au­dit ex­ec­u­tive (CAE) ap­point­ment, re­place­ment, re­as­sign­ment, and dis­missal.

◆ Review/ap­prove the in­ter­nal au­dit char­ter and en­sure its com­pat­i­bil­ity with that of the au­dit com­mit­tee.

◆ Review the au­dit plan and any sig­nif­i­cant changes.

◆ En­sure in­ter­nal au­di­tor neu­tral­ity and ob­jec­tiv­ity.

◆ Review the in­ter­nal au­dit depart­ment's bud­get and staffing.

◆ En­cour­age in­ter­nal au­di­tor cer­ti­fi­ca­tion and other pro­fes­sional de­vel­op­ment. ◆ Meet pri­vately with the CAE. ◆ Re­ceive re­ports from the CAE on au­dit find­ings and in­for­ma­tion on tech­no­log­i­cal ad­vances and trends.

◆ Review in­ter­nal au­dit­ing's com­pli­ance with The IIA's Stan­dards.

Key IIA mes­sages on best-prac­tice re­port­ing re­la­tion­ships

◆ To en­sure trans­parency and thwart col­lu­sion and con­flicts of in­ter­ests, best prac­tice in­di­cates that the in­ter­nal au­dit ac­tiv­ity should have a dual re­port­ing re­la­tion­ship. The CAE should re­port to ex­ec­u­tive man­age­ment for es­tab­lish­ing direc­tion, sup­port, and ad­min­is­tra­tive in­ter­face; and to the or­gan­i­sa­tion's most se­nior over­sight group — typ­i­cally the au­dit com­mit­tee — for val­i­da­tion, re­in­force­ment, and ac­count­abil­ity.

◆ The au­dit com­mit­tee of the board of di­rec­tors and the in­ter­nal au­di­tors are in­ter­de­pen­dent and should be mu­tu­ally ac­ces­si­ble, with the in­ter­nal au­di­tors pro­vid­ing ob­jec­tive opin­ions, in­for­ma­tion, sup­port, and ed­u­ca­tion to the au­dit com­mit­tee; and the au­dit com­mit­tee pro­vid­ing val­i­da­tion and over­sight to the in­ter­nal au­di­tors.

◆ The in­ter­nal au­di­tors keep the au­dit com­mit­tee in­formed and up to date on the state of the or­gan­i­sa­tion in re­gard to risk, con­trol, gover­nance, and the co­or­di­na­tion and ef­fec­tive­ness of mon­i­tor­ing ac­tiv­i­ties.

In­ter­nal au­dit­ing: Adding value across the board

The in­ter­nal au­dit process is clearly among the most crit­i­cal as com­pet­i­tive pres­sures de­mand that to­day's or­gan­i­sa­tions squeeze the most they can from all their re­sources. In ad­di­tion to their re­spon­si­bil­ity for as­sess­ing and rec­om­mend­ing in­ter­nal con­trols, in­ter­nal au­di­tors' skills in risk man­age­ment and their broad­based perspective of the or­gan­i­sa­tion uniquely po­si­tion them as a valu­able re­source for strong cor­po­rate gover­nance.

As a re­sult, in­formed se­nior man­agers and boards are re­ly­ing on in­ter­nal au­di­tors for ad­vice and coun­sel on ev­ery­thing from anal­y­sis of op­er­a­tions and as­sess­ment of risk to recommendations for im­proved cor­po­rate gover­nance.

More­over, in­ter­nal au­dit prac­ti­tion­ers are in­creas­ingly be­ing chal­lenged to ap­ply their ex­per­tise in much broader ways than ever be­fore — such as eval­u­at­ing emerg­ing tech­nolo­gies, de­tect­ing and de­ter­ring fraud, analysing the ef­fec­tive­ness of poli­cies and pro­ce­dures, and iden­ti­fy­ing op­por­tu­ni­ties to save you and your share­hold­ers money.

When it comes to adding value across the board, there's no bet­ter re­source than in­ter­nal au­dit­ing.

The In­sti­tute of In­ter­nal Au­di­tors Zim­babwe, was es­tab­lished in 1988 as an af­fil­i­ate chap­ter to the global In­sti­tute of In­ter­nal Au­di­tors (1941). The In­sti­tute of In­ter­nal Au­di­tors (IIA) is the in­ter­nal au­dit pro­fes­sion's global voice, recog­nised author­ity, ac­knowl­edged leader, chief ad­vo­cate, and prin­ci­pal ed­u­ca­tor world­wide.

The IIA serves mem­bers from all around the world in in­ter­nal au­dit­ing, gover­nance, in­ter­nal con­trol, IT au­dit­ing, ed­u­ca­tion, and se­cu­rity.

The world's leader in cer­ti­fi­ca­tion, ed­u­ca­tion, re­search, and tech­no­log­i­cal guid­ance for the pro­fes­sion, The In­sti­tute sets the In­ter­na­tional Stan­dards for the Pro­fes­sional Prac­tice of In­ter­nal Au­dit­ing and pro­vides var­i­ous lev­els of ac­com­pa­ny­ing guid­ance; cer­ti­fies pro­fes­sion­als through the glob­ally recog­nised Cer­ti­fied In­ter­nal Au­di­tor (CIA) and spe­cialty cer­ti­fi­ca­tions in gov­ern­ment, con­trol self-as­sess­ment, and fi­nan­cial ser­vices; presents lead­ing-edge con­fer­ences, sem­i­nars for pro­fes­sional de­vel­op­ment; pro­duces for­ward-look­ing ed­u­ca­tional prod­ucts; of­fers qual­ity as­sur­ance re­views, bench­mark­ing, and con­sult­ing ser­vices; and cre­ates growth and net­work­ing op­por­tu­ni­ties for spe­cialty groups.

In sup­port of qual­ity, pro­fes­sion­al­ism, and eth­i­cal prac­tices, the In­sti­tute pro­vides in­ter­nal au­dit prac­ti­tion­ers, ex­ec­u­tive man­age­ment, boards of di­rec­tors, and au­dit com­mit­tees with guid­ance for in­ter­nal au­dit­ing and gover­nance best prac­tices.

IIA Zim­babwe is ded­i­cated to pro­vid­ing ex­ten­sive sup­port and ser­vices to its mem­bers, so they can con­tinue to add value across the board.

Newspapers in English

Newspapers from Zimbabwe

© PressReader. All rights reserved.