The Role of Internal Audit – Why We Dread It but Need It

This is from the “Accounting Makes Cents” podcast episode #70 released on Monday, 29 July 2024.

In this episode, we explore why internal audits are crucial for any company’s success, how they help in managing risks, ensuring compliance, and improving overall efficiency. We also delve into the COSO framework, which provides a structured approach to internal control and risk management. Whether you’re in management or just curious about the behind-the-scenes workings of businesses, this episode offers valuable insights into why we might dread audits, but ultimately can’t afford to skip them.

Internal auditing might sound like a behind-the-scenes activity, but it plays a pivotal role in ensuring that businesses operate smoothly, comply with laws, and manage risks effectively. So, let’s break down what internal audit is all about, its importance, and some of the trends and challenges in the field today.

Jump to show notes.

First off, what exactly is internal auditing? At its core, internal auditing is an independent, objective assurance and consulting activity. Its main purpose is to add value and improve a company’s operations. It does this by providing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

Internal auditors have a dual role. They provide assurance services, assessing whether a company’s risk management, internal controls, and governance processes are effective. But they also offer consulting services, providing advice to help improve processes, implement new systems, or address emerging risks. This makes them not just the watchdogs but also strategic partners within the company.

One of the key principles of internal auditing is independence and objectivity. This means internal auditors must have an unbiased attitude and avoid conflicts of interest. Typically, they report to a high-level authority, like the audit committee or the board of directors, to maintain their independence. This reporting structure ensures that they can perform their duties without undue influence from management.

A common approach in internal auditing is the risk-based approach. This means auditors focus on areas with the highest risk to the company, prioritising resources where they can have the most impact. This approach is crucial because it ensures that the most critical areas are reviewed regularly, helping the company to avoid potential pitfalls.

COSO Framework

Now, let’s discuss a fundamental framework that guides internal audit practices: the Committee of Sponsoring Organisations of the Treadway Commission, or COSO. COSO provides a comprehensive framework for enterprise risk management, internal control, and fraud deterrence. The COSO framework is widely recognised and used by companies to develop effective internal control systems and enhance overall corporate governance.

The COSO framework consists of five components: Control Environment, Risk Assessment, Control Activities, Information and Communication, and Monitoring Activities. Together, these components form a robust structure that helps companies manage risk and achieve their objectives.

Let’s break these components down a bit. 

Components

Control Environment sets the tone for the company, influencing the control consciousness of its people. It includes the integrity, ethical values, and competence of the entity’s people, management’s philosophy and operating style, and the way management assigns authority and responsibility.

Risk Assessment is where the company identifies and analyses relevant risks to achieving its objectives. This involves setting risk tolerance levels and determining how these risks should be managed.

Control Activities are the policies and procedures that help ensure management directives are carried out. These activities can include approvals, authorisations, verifications, reconciliations, and reviews of operating performance.

Information and Communication pertain to the systems and processes that support the identification, capture, and exchange of information in a form and time frame that enable people to carry out their responsibilities.

Finally, Monitoring Activities involve ongoing evaluations and separate evaluations to ensure that the components of internal control are present and functioning. This includes internal audit activities, regular management reviews, and other forms of oversight.

Challenges and trends

Now, let’s talk about the challenges and evolving trends in internal auditing. With rapid technological advancements, internal auditors now use data analytics, artificial intelligence, and machine learning to enhance their work. These tools allow for more comprehensive audits, identifying trends and anomalies that might otherwise go unnoticed.

Cybersecurity and data privacy have also become top priorities. As the number of cyber-attacks increases, internal auditors are more involved in assessing a company’s cybersecurity measures and data protection policies. Staying on top of these issues is crucial, as any breach can have significant repercussions.

And then there’s the challenge of regulatory changes. Regulations can vary significantly across regions and industries, and they are constantly evolving. Internal auditors must stay up-to-date with these changes to ensure compliance and guide their companies through the regulatory landscape.

Globalisation adds another layer of complexity. As companies expand internationally, internal auditors must navigate different regulatory environments and cultural contexts. This requires a deep understanding of local laws and practices, as well as the ability to communicate effectively across diverse teams.

Technology, too, plays a significant role in modern internal auditing. With advanced data analytics tools, auditors can analyse large datasets quickly, identify trends, and detect anomalies. This capability is invaluable for proactive risk management and decision-making.

Contributions

Internal auditing is also integral to good corporate governance. It provides the board and management with insights and recommendations for improving internal controls and processes, thereby enhancing overall organisational effectiveness. It’s not just about catching errors or fraud; it’s about helping the company achieve its objectives more efficiently and effectively.

One of the most valuable aspects of internal auditing is its contribution to continuous improvement. Internal auditors are committed to professional development, keeping up with the latest trends, techniques, and regulatory requirements. This dedication ensures they can provide relevant and timely advice, helping companies navigate complex business environments.

Conclusion

To wrap up, internal auditing is more than just a compliance function. It’s a vital part of a company’s strategy for managing risk, improving processes, and ensuring governance. By identifying opportunities for efficiency and cost savings, internal auditors add significant value, helping companies not only avoid pitfalls but also seize new opportunities.

Show notes simplified

In this episode, MJ the tutor tackles the often tedious but essential process of internal auditing. She offers valuable insights into why we might dread audits, but ultimately can’t afford to skip them.

Resources and links:
COSO Framework

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.