In March 2020, the Institute of Internal Auditors (Australia) released a Benchmark Study focusing on the value that internal auditors provide to the organisations that they serve. The report identified some significant challenges in harnessing opportunities for innovation and increased value from a technology-driven environment. The post COVID-19 environment will require even greater focus on effective governance and risk management for organisations struggling with liquidity, possibly going concern and unsure of their strategic direction.
Clearly, one challenge lies in the perception that both public and private organisations have in relation to the value of internal audits. Accountants currently providing audit services need to consider whether community expectations and increasing regulations around the delivery of these services mean that they are better off working with full-time audit specialists to deliver better value to their clients.
What is the true value of internal audit?
The value of internal audit can be realised when used by organisations to delve deep into their operations, people, finances and industry to uncover any potential risks that could impact the success of strategic and operational outcomes.
Just some of the services that can be provided through internal audit include:
- Providing feedback on the risk management framework and processes and challenging their effectiveness
- Providing tools to assist with value discovery, for example revenue leakage, duplicate payments, and/or fraudulent activities
- Establishing clear performance measurements in relation to business operations, stakeholder expectations, IT infrastructure (including cybersecurity) and environmental management
- Review of intangibles, including quality of people, morale, engagement, values, teamwork, communications, and culture
- Future focus: Review of business strategy can identify major changes and provide feedback on organisational capacity to implement new strategies
While internal audit is not the sole owner of risk within an organisation, it provides unbiased insight into an organisation’s internal controls, risk management, corporate governance, and business processes. Internal audit educates board members and executives on the business risks and their impact, helping detect and address issues before they are identified by external audit, or after the risk has resulted in negative outcomes.
In this environment, it would seem both prudent and ethical for organisations to adopt internal audits as a core component of their risk management platform. However, at both government and commercial sector levels, organisations struggle to see the value of internal audit. How can organisations effectively put a value on the strength internal audits add to the control environment, to the mishaps that didn’t happen because of internal audit intervention.
Consistent internal audit frameworks are required
In recent times, we’ve seen a renewed focus on corporate governance in the financial services sector. A lack of effective risk management and perception of unethical conduct have led to swift and severe repercussions for organisations that do not consider the impact of their decisions on all stakeholders. Internal audits can play a vital role in helping organisations to survive, thrive and add value in an unpredictable and dynamic environment.
Effective Internal Auditing in the Public Sector: A good practice guide released by the Institute of Internal Auditors (Australia) identifies how internal auditors working in the public sector face a unique set of challenges, being accountable to internal and external stakeholders. Many of these internal auditors operate in a legislative and regulatory void due to there being no consistency in the requirement to comply with global internal audit standards. This highlights the need for a uniform approach across the public sector to improve governance within departments, and across agencies at all levels of government.
The Institute of Internal Auditors International Professional Practices Framework (IPPF) is the global standard for internal audit covering all countries, jurisdictions, and sectors. It covers the role of internal auditors, establishes mandatory guidelines, offers suggested guidelines and is intended to assist internal auditors fulfill their mission of enhancing and protecting organisational value through risk-based objective assurance, advice and insight.
Are NSW Local Government reforms a new benchmark?
Most State Governments mandate the internal audit function, but only New South Wales Victoria and Western Australia require mandatory conformance to the International Standards. At the Local Government level, only Queensland and Victoria mandate the internal audit function, however there is no requirement to comply with the International Standards.
In September 2019, the NSW Government published ‘A new risk management and internal audit framework’ for local councils in NSW’. Within the framework, local councils are required to proactively manage any risks they face under the new guiding principles of the Local Government Act 1993.
This new audit framework will make it mandatory for councils to adhere to 9 core requirements, which are based on the International Standards:
- Appoint an independent Audit, Risk and Improvement Committee
- Establish a risk management framework consistent with the current Australian risk management standards
- Establish an internal audit function mandated by an Internal Audit Charter
- Appoint internal audit personnel and establish reporting lines
- Develop an agreed internal audit work program
- Perform and report internal audits in accordance with the International Professional Practices Framework and current Australian risk management standards
- Undertake ongoing monitoring and reporting
- Establish a quality assurance and improvement program
- Establish a shared internal audit arrangement with other councils as appropriate
The new framework incorporates a timeline commencing in 2022 and ending in 2026. The NSW Audit Office’s Report on Local Government 2019 indicates that approximately 80% of councils in NSW have already commenced work on this framework
The remaining councils are predominantly located outside major metropolitan areas and will need support once the framework is finalised and legislated. It’s likely that a tiered approach will apply to these councils.
For many smaller councils, just providing core services is a challenge, let alone the additional cost of compliance work required by regulatory bodies. However, in these uncertain times, the value of internal audit can be significant – in identifying core risks and providing a path to effective governance and financial health.
Any accountants involved with local councils at a governance or audit level should be flagging these issues now. Committee members on local councils should be asking ‘Do we have internal audits? If so, does our process comply with the proposed framework and international standards?’
Furthermore, could these proposed changes provide a future benchmark for reforms in other private and public sectors to also require conformance with the International Standards?
National Audits Group – An internal audit specialist
Key team members at National Audits Group are members of the Institute of Internal Auditors (Australia) and are able to provide internal audit services in accordance with the International Professional Practices Framework.
If you’re already providing accounting or audit services to local councils or other public sector organisations, you may consider partnering with an external specialist who can take on the internal audit / consulting role. Our specialised staff can assist your business by establishing an internal audit function or with the performance of internal audits to complete your existing audit plans.
Phil Swaffield | Assurance and Advisory Manager | National Audits Group
- The Future for Internal Auditors working in Public and Private Sectors - 17 November 2020