According to the definition of Internal Auditing in The IIA’s International Professional Practices Framework (IPPF), internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations.
It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization to accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. Internal auditing might achieve this goal by providing insight and recommendations based on analyses and assessments of data and business processes (Wikipedia).
Internal auditing provides governing bodies and senior management with unbiased assurance and insight into the efficacy and efficiency of governance, risk management, and internal control systems.
This is the foundational value of any internal audit function. Internal audits are frequently regarded as an efficient technique to make sure that established company policies are followed and implemented. Additionally, it can aid in the company’s discovery of synergies and best practices.
Independence and Objectivity of the Internal Audit Function
Independence could be defined as the absence of circumstances that could jeopardize the internal audit activity’s capacity to fulfill its duties in an objective way.
Objectivity on the other hand implies that internal auditors can perform engagements in a way that makes them confident in their work product and ensures no quality compromises are made if they have an objective mental attitude. Internal auditors must maintain their objectivity by not deferring to others’ opinions regarding audit-related issues.
Internal auditors must conduct their work freely and impartially to maintain their independence. They must have the support of senior management, the board of directors, and the audit committee, and they cannot defer to the judgment of others regarding audit problems. The Independence and Objectivity of the internal audit function is usually documented in the Internal Audit Charter.
Advisory Role of Internal Audit
The growing trend of include more advisory engagement in addition to core audit function is not without concerns with respect to independence and objectivity. To add value to organizations by playing a business advisory role, there are discussions around expected benefits and the required skills by professionals needed to achieve this away from the fundamental abilities required to carry out traditional assurance engagements.
The process of auditors adding value outside formal audits (Business Advisory) can further be highlighted in below categories.
a) Early Participation
The same principle applies to internal controls: Changing a system after it has been developed, tested, and put into use is far more expensive than if it had been done correctly the first time. You are also significantly more likely to experience opposition as an auditor following installation. No one is inspired to go back and adjust a project that has already been finished because everyone has gone on to other endeavours. On the other hand, if you can deliver the internal control requirements early in the process, the implementers do not resent it as much because they see it as just another component of the project scope
(provided that the control requirements are reasonable).
Audits performed after the fact are far less effective and efficient than early involvement. You will find yourself receiving more requests than you ever anticipated if you could gain access to projects before they are implemented and if you can demonstrate the value of your engagement. It will be tempting to reject some initiatives by claiming that they are not significant enough or would not have an influence on internal controls but doing so would be wrong. You do not want to turn off those who are interested in learning about internal controls. If your efforts to be seated at the table are successful, you will need to commit the necessary resources to make it work.
b) Unofficial Audits
Due to resource constraints, internal audit might not cover all the areas in the organization hence the reason why audits are risk-based, focusing on the areas that are critical to the organization. There must be a mechanism to conduct assessments of these areas that are not covered by the audit plan without making them overly labour-intensive like with formal audits. The auditors are expected to act as consultants and business advisors, removing the constraints of documenting their work in a detailed form as would in a formal audit and allowing them to come up with a summary memo of the results. You will also be astounded at how much the auditors can complete quickly when unrestricted by the standard audit method (which are important for formal audits).
c) Transfer of Knowledge
You have a special combination of business knowledge and internal controls skills as an internal auditor. The internal audit division must be innovative in coming up with fresh ways to impart its specialized knowledge to the rest of the business. Naturally, a significant amount of information exchange should take place as you do audits, conduct consulting evaluations, and provide opinion as part of your early involvement efforts.
d) Continuous Auditing
“Continuous Auditing is any method used by auditors to perform audit-related activities on a more continuous or continual basis.” Institute of Internal Auditors.
The conventional approach of conducting tests on a sample of data and conducting periodic audits of a particular area has inherent limitations. To conduct continuous auditing, data must be continuously extracted, monitored, and analyzed for signs of fraud, internal control violations, policy non-compliance, and other abuses. As a result, the audit department can give management real-time intelligence.
Are Auditors’ Independence and Objectivity impaired by taking on Business Advisory Roles?
The price of doing things correctly the first time is much lower than the price of fixing problems and adding controls after deployment. In my opinion, there is no distinction between evaluating a system or solution before implementation and evaluating it after implementation. However, there is a difference in the amount of value the auditor adds to the business – this is where business advisory audits thrives.
design of modern audit today should move towards audit professionals becoming trusted advisors and help businesses in the face of emerging risks.
Evolving internal audit functions will undoubtedly need to help them make the shift from a traditional audit role to a more flexible support and advising position. We are reminded that internal auditors are among the exclusive group of personnel who possess comprehensive understanding of the company for which they work. It is time for them to demonstrate and declare their intention to contribute and in doing this, care should be taken to ensure that Independence and Objectivity is maintained at all levels and instances.