Add to collection(s) Add to saved
  1. Business
  2. Management

Management expectations of internal audit

advertisement 
Stakeholders expectations
of internal audit
Presented by Maxwell Bero
Stakeholder expectations of
internal audit
• An advisor in the true sense . An
advisor- not instructor, not prophet of
doom but an advisor. One who can
offer constructive criticism that
provides persuasive business rationale
to management. This has serious
implications on the counselling skills,
approachability, selling skills and
general advisory skills of the auditor.
Stakeholder expectations of
internal audit
• A realist / a practical person. A team which advices
in the context of the current environment. The word
internal audit means exactly that “internal”. A person
who can tell us practical advice that is in line with
available time, cost and technology is more useful
than a brilliant costly solution that cannot be
implemented.
• Unless that happens your advice will be rejected or
accepted and admired from the wall with little if any
implementation.
• Executive not looking for the best solutions from
internal audit. They are looking for the best possible
/ feasible solutions.
Stakeholder expectations of
internal audit
• A balanced assessor- One who acknowledges
achievements and portray trends and comparisons.
• Management are now making serious decisions
including hiring and firing based on internal audit
recommendations.
• The auditor should acknowledge if our bad position
is the best that can be given the environment or
compared to others.
• Auditors must play their part in motivating other
staff through the way they communicate their
findings. Highlighting improvements is one critical
way.
Stakeholder expectations of
internal audit
• Good business skills. Operations staff do NOT
expect auditors to have detailed technical expertise
in all the areas, but they expect auditors to have
good business logic and rationale. The way issues
are raised by internal audit should demonstrate the
underlying business logic. Management do not want
to do things for the sake of doing them, they want to
do things for a business purpose.
• Proactive assessors- tell us before it happens- not
after. Management dislikes auditors who are
geniuses in retrospect. Internal Auditors should
foresee most of the risk deficiencies and assist
management to plan for them in advance.
Stakeholder expectations of
internal audit
•
Auditors should pioneer new developments. Management are looking
for auditors who can tell us what we don’t know that we don’t know.
•
The auditor should be an educator at two levels. Firstly educate
management on what we should know and secondly how we should
deal with those issues. For example internal audit needs to first
educate management on the need for computerized risk measurement
tools and then help them to use the results of such tools.
•
Auditors should deal with the root cause and provide detailed
solutions - Management wants to know the strategic cause and the
linkages not the glossed over symptoms. Auditors should be good at
cause and effect analysis as well as impact analysis. This requires a
good sense of materiality. Auditors should spend more time on
investigating solutions and not detailing the problem.
99%- 1% Problem
99% of the time and report pages
Nerve wrecking description of the problem with
terrifying possible consequences. Graphs and
statistics included.
1% of the time/ page
An unbelievable simplified , generalized
uninspiring recommendation or a threat that unless
action is taken the company is doomed. Sometimes
just on line with no figures.
Stakeholder expectations of
internal audit
A tale of two auditors
•
Non Compliance with Basel capital requirements
Management should take appropriate measures to deal with the above problems on
capital adequacy and ensure that we comply. There is need for urgent action to
ensure that the above problems do not recur. We risk serious action from the
Governor if we do not do something.
•
Non Compliance with Basel capital requirements
The Basel recommendation on capital adequacy ratio requires us to increase our
capital from 10 billion to 20 billion dollars. However given that we intend to sell part of
the business in six months time, it may not be logical to increase the capital for a
short period so as to comply and then diversify immediately after. A more practical
option is for the company to speed up the sale of the subsidiary and reduce the
required capital base. Under that option the required capital will be 8 Billion. To speed
up the sale it is advisable to appoint efficient consultancy such as GMT or ASHTECH
who have handled similar projects over the past three months.
Stakeholder expectations of
internal audit
• Helps to simplify control/ devoid of alarmism.
Auditors who helps to simplify controls as
opposed to adding more and more controls.
Auditors should tell us how we can run the
business more efficiently with fewer controls
and hindrances.
• Auditors should present ideas that are cost
effective.
Stakeholder expectations of
internal audit
• Auditors should not alarm management to
the point of over control. Instead their search
for efficient control through innovative
suggestions should drive the business.
• Auditors who apply quantitative analysis and
technology in addition to non quantitative
analysis. Auditors should strive to use
modelling and computer based simulation to
demonstrate cause and effect and to project
the future.
Stakeholder expectations of
internal audit
• Auditors should inspire people. Their passion should make
people feel urged to implement their recommendations.
Inspiration and not fear should be the driving force behind
acceptance of internal audit work.
• Value addition – auditors should not just tell us our potential
losses – instead they should be leading in areas of creating
new business opportunities, creating shareholder value,
creating more opportunities.
• Auditors should tell us who they are – Unless they do that
management is tempted to abuse the function.
– Draw up a clear mandate.
– Motivate management to focus in the right direction.
– Refuse to do what they should not be doing.
Stakeholder expectations of
internal audit
• Self improvement- You cannot expect to
advice your client to improve if you yourself
cannot improve on how you do your work.
Management desires to have auditors who
continually improve their own technology,
skills and benchmarks. Auditors should be
ahead of everyone or else they cannot wear
the hat of an “advisor”.
Other stakeholder Concerns
•
•
•
•
•
•
•
•
Assurance
Fraud Prevention / detection
Protection
Independence
Pro-activiness
Prevention
Detection to a lesser extent
Recovery
TEN POPULAR COMPLAINTS BY
MANAGEMENT REGARDING INTERNAL
AUDIT
1. Internal Auditors have little understanding of the business.
2. Internal Auditors talk of the negative issues- it discourages all
staff and they feel they are not progressing. Where can I get
more balanced thinkers?
3. Internal Auditors recommend more and more and more
controls – we are choked!
4. Internal Auditors generalize their recommendations. You cant
apply them in practice. Their reports are good for night bed
reading – they feel so comic!
5. Internal Auditors think they know everything. How can I bring
them back to reality!?
TEN POPULAR COMPLAINTS BY
MANAGEMENT REGARDING INTERNAL
AUDIT
6. Internal Auditors pick one error and blow it out of proportion –
blowing my job in the process – they lack a good sense of
materiality.
7. My internal auditors lack depth! They mourn and mourn about
several problems but rarely suggest any viable solutions.
8. Internal auditors know most of the problems and little of the
solutions.
9. Internal auditors’ solutions are impractical. They are bookish
to say the least!
10.Internal auditors are very traditional. Where can I get modern
thinkers?
The internal auditor’ dilemma
Requirements
 Inadequate resources
 Poorly paid staff
 Inadequate computers
 Inadequate/ no attention
from management
 Low staff grades
 Inadequate
communication on key
strategic issues
 No clear career plans
 Regular victim of
retrenchments
 Understaffing
Expectations
 World class service
 Strategic risk management
 Value addition
 Continuous improvement
What are the pre-conditions?
• Adequate resources. Internal audit should get
adequate resources. Like any investment you get
what you give in. World class practices require funds
for:
–
–
–
–
Training
IT
Research
Good remuneration
• Management should be. Its one thing expecting
excellence from genuine internal audit- it is another
thing to need this excellence and to apply it. Why
invest in a world class audit team if you are not
ready to effectively use their work.
What are the pre-conditions?
•
Holistic approach to Risk Management. Audit is only one part of the game
plan. Effective risk management is a holistic game and everyone must
play his part.
•
Information flow between internal audit and management should be
constant. Unless auditors are kept abreast on what is happening, they
cannot apply a business approach. Management needs to communicate
their strategy and any changes in time.
•
Develop clear measurables for internal audit effort. We cannot develop a
world class internal audit if we cant define one. We must develop clear
internal audit development plans and constantly measure ourselves
against the set targets.
•
The Zimbabwean business and regulatory environment should begin to
legislate/ formalise the role of the internal auditor e.g. UK proposals on
bank internal auditors.
If these expectations are not met …..
• Internal Auditors will lose management respect
• Management will rely on external auditors and
consultants for risk assurance instead of internal auditors
• Internal auditors will be used as window dressers
• Management will be reluctant to pay good salaries to
auditors.
• Internal audit’s professionalisation will be slowed down.
• Internal auditors will be sued day and night
• Some similar role will evolve to compete or replace
internal audit.
• Regulatory authorities will increase surveillance on
organisations in lieu of internal audit.
Dealing with over expectations
• Internal Auditors should educate stakeholders
about who they are what they do and what they
do not do
• Internal Auditors should explain to stakeholders
what they used to do which they no longer do.
• Foster the combined risk framework- make
stakeholders feel that we are in it together- or
else other stakeholders will leave it to auditors to
do all the risk management work leading to an
overload.
• Over expectations lead to unnecessary criticism.
Closing Remarks
• Use the bad times to mould the good boys and
girls out of deviant management – they listen
better under crisis.
• A perfect internal auditor without focused
management is like good flour in the hands of an
inexperienced baker- you will never like the
bread despite the first grade wheat.
• Internal audit can only exel if all other
stakeholders play their part.
Related documents
Big Data As Complementary Audit Evidence
Big Data As Complementary Audit Evidence
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
Task I Which assumptions and principles do these sentences refer to?
Task I Which assumptions and principles do these sentences refer to?
Case
Case
Green Impact Auditor
Green Impact Auditor
Mystery Fraud Training Outline
Mystery Fraud Training Outline
IIA Seminar - Event Description
IIA Seminar - Event Description
Case Study #2 Powerpoint - kimberly doctorial portfolio
Case Study #2 Powerpoint - kimberly doctorial portfolio
Download
advertisement