Internal audit and compliance audit are both very essential functions in any organisation. In recent years, both services have risen in importance, signifying critical control components of an organisation’s structure. However, whilst compliance is increasingly commoditised (and subject to pricing pressure), there is significant opportunity to generate value for business clients through internal audits.
In mid-tier and top-tier accounting firms, there’s a clear separation of the compliance and consulting roles in relation to audit. In these firms, internal audit and compliance professionals will generally collaborate for the benefit of their clients, whilst ensuring they have sufficient independence safeguards in place. Smaller firms face greater challenges in separating these roles.
A clear benefit of appointing an external compliance auditor for a smaller firm is the opportunity created for a partner to take on a broader consulting role focusing on governance, technology and processes. Or alternatively, if you provide compliance audit services, then consider the value of an independent consultant auditor for internal audit activities.
What is internal auditing?
Internal auditing is an independent, objective assurance and consulting engagement designed to reduce risk, and importantly add value by improving an organization’s governance, strategy and operations.
It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.
The scope of internal auditing within an organization is broad and may involve topics such as an organization’s governance, risk management and management controls over the efficiency of operations, the reliability of financial and management reporting and compliance with laws and regulations.
Internal auditors are not responsible for the execution of company activities. They advise management and the those charged with governance, regarding how to better execute their responsibilities. External accountants can certainly play a role as a participant at a board or committee level.
What’s the value of internal audit?
A recent report by KPMG (Seeking value through internal audit) identified three specific insights that the leaders and managers of organisations receive from internal audits:
- Help assess risks and risk management practices
- Develop an informed perspective on emerging risks
- Focus on sustainable profit generation
Internal auditors have a specific role in helping firms respond appropriately to risks identified through compliance audit. Often, leaders and managers of firms don’t have the experience and skills to be able to address these risks in a considered manner. An external perspective is required.
What skills are required to conduct an effective internal audit?
The KPMG report outlined above identified the top 5 skills needed for internal audit professionals. These were strong communication, technology skills, critical thinking, understanding markets and having a command of data analytics. Financial and accounting skills are conspicuous in their absence.
Accountants in public practice are in a strong position to provide internal audit support, especially around data analytics. In a recent article ‘Technology and the Future of Audits,’ Steven Watson, our Managing Director suggested that data analytical tools are enabling auditors to better identify financial reporting, fraud and operational business risks. In particular, the use of Computer Assisted Auditing Techniques (CAATs) in an internal audit can assist with testing various financial oversight functions including for example payroll, accounts payable and accounts receivable, credit cards and fuel card expenditure.
What internal audit services should you consider?
A recent PwC report ‘Maximising the value of internal audits’ provided some great examples of how internal auditors could add value to their business clients, including:
- Fireside chats on intangibles, including quality of people, morale, engagement, values, teamwork, communications, culture;
- What would you like us to look at? Ask management to define two ideas that may reduce cost, improve control etc, and include them in the audit plan for internal audit and management to work on;
- Provide tools to assist value discovery, for example revenue leakage or duplicate payments;
- Integrated risk and assurance mapping to provide a holistic view of risks and the related assurance;
- Training sessions in risk management and controls effectiveness for management and the audit committee;
- Future focus: things might be working now, but if the business strategy contemplates major change, provide feedback on the organisations capacity to implement the new strategy;
- Providing feedback on the quality of the risk management framework and processes and challenging their effectiveness.
How can you collaborate with external auditors?
If you’re already providing business clients with financial reports and advice, then you might want to consider taking on the role of ‘internal auditor’ with your business clients? Perhaps this starts with a consulting role to the board, for example as a data analyst, integrating data and systems to provide a high-level review of internal systems and processes.
If you’re already providing compliance audit services, you may consider partnering with an external specialist who can take on the internal audit or consulting role. Our specialised staff can assist your business in establishing an internal audit function, or with the performance of internal audits to complete your existing audit plans.
Stephen Prowse | National Audits Group | [email protected]