Internal Audit Management - The Challenges
A survey by Ernst & Young titled 'The Shifting Internal Audit Landscape' reveals that:
Stakeholder expectations are increasing with greater focus on enterprise-wide risk assessment and business and operational risk.
In implementing enterprisewide risk assessments, as well as covering of key risk areas, there is an opportunity for Internal Audit to improve coordination
with other risk management groups within the company.
There is an opportunity for Internal Audit to better leverage technology and knowledge collection and sharing tools to improve effectiveness and
The current business environment has turned the spotlight on the role that a robust internal audit system must play within the larger drive towards effective governance, risk, compliance and quality management. An internal auditor has to work as a savvy in-house cop who not only reports problems, but also gives constructive suggestions to line managers about how to
improve the performance of the business. As a result, the internal auditing and corporate control environment are receiving increased attention and resources, necessary to comply with the regulations.
Despite the increased exposure and buy-in from executive management, internal audit departments face many challenges. A few of them have been discussed below:
Immature Implementation of Risk Strategies:The credit crisis and resulting uncertain economic conditions have forced organizations to scrutinize their risk exposures in greater detail. Most of the organizations, however, support perfunctorily developed risk management strategies. According to a survey of audit committee members attending the 4th Annual Audit Committee Issues Conference , 44% of conference attendees said that their company's processes to identify significant business risks need improvement, and 18% said the risk reports that management provides to the audit committee are not meaningful/useful. "Audit committees are taking a hard look at risk management processes, with a particular focus on the quality of risk inventories and assessments, as well as the usefulness of management's risk reports," said one of the directors at the conference. He says,"Key challenges include identifying risks early-on, and maintaining a 'big picture' view of the risks facing the business."
Top-Down View: A careful analysis of frauds, which led to the genesis of SOX legislation, exposed major weaknesses in the top management and the control environment. This put spotlight on internal auditors to view the business from the top-down, and increase scope of reviews at corporate offices. The purview should not only include day to day transactions, but specific monthly, quarterly, and yearly management processes that strongly influence the financial statements.
Complex Financial Disclosures: The board shoulders the ultimate responsibility for the integrity of the corporation's financial disclosure. The challenge for internal auditors is to identify if there are discrepancies in company’s financial statements, confirm whether they are abiding by the financial reporting standards, verify whether sufficient controls are in place, and affirm whether shareholders or potential investors or lenders have sufficient information to make informed decisions. The Management is responsible for a fair presentation of the financial statements but the internal audits department must ensure that the financial statements do pass the litmus test.
Complex Business Models: The board and management are responsible for ensuring the integrity of the business, while the internal auditor is responsible for validating, directly or indirectly, whether the company's business model is sound. Internal audits confront issues like: “Will the company be able to survive, or compete in the market?” “Does it adhere to sound business practices?” “Does it have appropriate place for risk management and corporate governance programs in organization?” Moreover, with communication shrinking the world, and global economies growing ever more intricately connected, organizations operate in a far more complex fashion than before. This increases the potential for negative circumstances like inconsistency in enforcing audit processes across business units, erroneous data collection, and various gaps that result from isolated silos of information. It is difficult to gain the comprehensive visual map of the entire business, essential to effective management of risk, governance, compliance and quality issues. The audit lifecycle can often meet a variety of roadblocks that drag deadlines and jeopardize the quality and legal safeguards.