“The audit function: does management really understand it?”

By Manuel A. Gutierrez, CIA, CRMA, CBM, CFS
Freelance writer 

Introduction

Internal auditors play a crucial role in organizations by evaluating and improving control and governance processes. However, they often face challenges due to a lack of recognition and cooperation from management. This situation can compromise the effectiveness of their assessments and the implementation of organizational improvements. This article explores the function of internal audit, its importance, and how management can better collaborate with internal auditors to achieve the organization’s strategic objectives.

Importance of Internal Audit

An internal audit is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. According to the Institute of Internal Auditors (IIA), internal audit helps organizations achieve their objectives by systematically and disciplinedly evaluating and improving the effectiveness of risk management, control, and governance processes. (https://www.theiia.org/en/about-us/about-internal-audit/).

The benefits of internal audit are numerous. It not only provides assurance that internal controls are adequate to mitigate risks but also evaluates the efficiency and effectiveness of operational processes. Additionally, it fosters a culture of continuous improvement and regulatory compliance, contributing to the sustained success of the organization.

Challenges Faced by Internal Auditors

Despite its importance, internal auditors often encounter significant challenges. Lack of recognition from management can translate into a lack of cooperation, such as not providing requested documentation on time, which compromises the evaluations established in the annual work plans approved by the board of directors or the audit committee.

This lack of cooperation not only delays evaluations but also limits the auditors’ ability to identify areas for improvement and recommend corrective actions. It is crucial for management to understand that internal audit is not an obstacle, but a valuable tool for improving processes and achieving organizational goals.

Communication with Management

Open and fluid communication between internal auditors and management is essential to overcoming these challenges. Auditors should strive to clearly explain the importance of their assessments and how they contribute to the improvement of administrative and operational activities and processes.

Strategies such as regular meetings, detailed presentations, and including management in the audit planning process can significantly enhance cooperation. By better understanding the role of internal audit, management can more effectively support auditors in their work.

Evaluations and Annual Work Plans

The planning process is a critical component of internal audit. Auditors develop annual work plans that are approved by the board of directors or the audit committee. These plans are based on a strategic risk management approach, ensuring that evaluations focus on the most important and high-risk areas for the organization.

Once approved, it is essential that management and other stakeholders comply with requests for information and cooperation. Following and adhering to these plans is fundamental to ensuring that auditors can conduct comprehensive and accurate evaluations.

Contribution to Organizational Improvement

Internal audit plays a vital role in identifying areas for improvement within an organization. By evaluating operational and administrative processes, auditors can identify inefficiencies, unmitigated risks, and opportunities for improvement.

Implementing audit recommendations can lead to significant enhancements in the organization’s efficiency and effectiveness. It is crucial for management not only to accept these recommendations but also to monitor and review the results to ensure that the improvements are sustainable in the long term.

International Professional Practices Framework

The International Professional Practices Framework (IPPF) of the IIA provides comprehensive guidance for the practice of internal auditing. This framework defines internal audit as an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations.

The principles and standards established in the IPPF are essential for ensuring that internal audit activities are effective, ethical, and aligned with international best practices. Auditors must adhere to these principles to maintain the integrity and credibility of the internal audit function.

Assurance and Consulting

Internal audit provides not only assurance but also consulting services. Assurance activities include objective evaluations of internal controls and risk management processes, while consulting activities may involve assisting with the implementation of improvements or the development of new processes.

Practical examples of consulting activities can include evaluating new technological systems, reviewing significant contracts, or advising on specific risk management issues. These activities help organizations implement changes that improve their efficiency and effectiveness.

Emerging Technologies and Audit

In an ever-changing business environment, internal auditors must stay abreast of emerging technologies. Evaluating new technologies is crucial for identifying both the opportunities and the risks associated with their implementation.

Auditors must analyze how new technologies may affect existing processes and whether new controls are needed to mitigate risks. This includes evaluating technologies such as artificial intelligence, blockchain, and the Internet of Things (IoT), which are rapidly transforming the business landscape.

Risk Management

Risk management is a central function of internal audit. Auditors must identify, evaluate, and mitigate risks that may affect the achievement of organizational objectives. This includes financial, operational, compliance, and reputational risks.

Evaluating the effectiveness of internal controls is crucial to ensuring that risks are adequately mitigated. Auditors must work closely with management to develop action plans that address identified risks and strengthen internal controls.

Effectiveness of Governance Processes

Internal audit also evaluates the effectiveness of governance processes within the organization. This includes reviewing the governance structure, the roles and responsibilities of the board of directors and senior management, and decision-making processes.

Improving governance can lead to greater transparency, accountability, and efficiency in the organization. Auditors must provide recommendations that help strengthen these processes and ensure that governance is aligned with international best practices.

Economy and Operational Efficiency

One of the primary objectives of internal audit is to evaluate the economy and efficiency of operations. This involves reviewing how human, material, and financial resources are managed to ensure they are used efficiently, effectively, and economically.

Identifying inefficiencies and proposing improvements can lead to significant cost savings and better resource utilization. Auditors must provide practical recommendations that help the organization optimize its operations and achieve its strategic objectives.

Asset Protection

Protecting assets is a fundamental concern for any organization. Internal auditors must identify all important assets, both internal and external, and evaluate existing protection measures.

Protection strategies can include physical controls, such as locks and security systems, and administrative controls, such as policies and procedures. Evaluating the effectiveness of these measures is crucial to ensuring that assets are adequately protected against theft, damage, or unauthorized use.

Compliance with Laws and Regulations

Compliance with applicable laws and regulations is essential to avoid penalties and maintain the organization’s reputation. Internal auditors must evaluate compliance with all relevant standards and identify any gaps or non-compliance.

Once identified, it is important to develop action plans to correct these gaps and ensure ongoing compliance. This not only protects the organization from potential penalties but also promotes a culture of compliance and ethics within the organization.

Contract Evaluation

Evaluating contracts with suppliers or contractors is another important area of internal audit. Auditors must review the terms and conditions of contracts to ensure they align with organizational objectives and that expected outcomes are being achieved.

This includes evaluating the performance of suppliers and contractors, the quality of goods or services provided, and compliance with contractual terms. Contract audits can identify areas for improvement and ensure that the organization gets the maximum value from its agreements.

Promoting Self-Control and Integrity

Fostering a culture of self-control and integrity is essential for the long-term success of any organization. Internal auditors must promote these qualities through their evaluations and recommendations.

Strategies such as ethics training, establishing clear policies, and implementing robust internal controls can help foster an environment of integrity and self-control. Auditors must provide practical examples and specific recommendations to help the organization improve in these areas.

Building Trust

Internal audit plays a vital role in building trust within the organization and with external parties. Building credibility with the board of directors, the audit committee and senior management is crucial to adding value through the audit.

Additionally, internal audits can enhance the trust of external auditors and government agencies in the management and control developed by the organization. This can lead to reduced external scrutiny and greater autonomy for the organization.

Audit Procedures

Audit procedures are analytical methods of investigation and testing that auditors use to obtain sufficient, reliable, relevant, and useful evidence. This enables them to support their opinions, conclusions, and recommendations.

These procedures can include interviews, document reviews, control tests, and data analysis. Selecting the appropriate procedures is crucial to ensuring that evaluations are comprehensive and accurate.

Internal and External Decision-Making

Audit reports provide the board, the audit committee, and senior management with a framework for internal and external decision-making. These reports must be clear, concise, and based on solid evidence.

Using audit reports in the decision-making process can lead to significant improvements in the organization’s management and operation. Additionally, auditors must ensure that their recommendations are practical and applicable, facilitating their implementation.

Vision and Organizational Goals

Internal audit contributes significantly to achieving the organization’s vision and goals. By evaluating and improving risk management, control, and governance processes, auditors help the organization stay on track to meet its strategic objectives.

Aligning audit activities with the organization’s vision and goals is crucial to ensuring that evaluations add real value. Auditors must work closely with management to understand strategic objectives and develop audit plans that support them.

FAQs

What is internal audit?

An internal audit is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations.

What are the benefits of internal audit?

The benefits include improved risk management, internal control, operational efficiency, and regulatory compliance.

How can management improve cooperation with internal auditors?

Management can improve cooperation by maintaining open communication, providing requested documentation on time, and understanding the importance of audit evaluations.

What is the International Professional Practices Framework (IPPF)?

The IPPF is a set of principles and standards established by the Institute of Internal Auditors to guide the practice of internal auditing.

How does internal audit contribute to achieving organizational objectives?

Internal audit contributes by evaluating and improving risk management, control, and governance processes, helping the organization achieve its strategic goals.

What strategies can auditors use to promote self-control and integrity?

Strategies include ethics training, implementing clear policies, and establishing robust internal controls.

Conclusion

Internal audit is an essential function that helps organizations achieve their strategic objectives by evaluating and improving risk management, control, and governance processes. Cooperation and recognition from management are crucial for the success of internal audit. By better understanding and supporting internal auditors, management can ensure that evaluations add real value and contribute to the long-term success of the organization.

Finally, does management really understand the function of internal audit? This will be determined by the assertiveness of both parties. You be the judge.