You have 0 free articles left this month.
Register for a free account to access unlimited free content.
Powered by MOMENTUM MEDIA
accountants daily logo

Independence issues for internal auditors

Business

Internal audits can help organisations understand how well they’re managing their risk, control and governance processes.

By Michael Shatter, RSM Australia 11 minute read

Internal auditors don’t just examine an organisation’s financials; they review all aspects of its operations to identify ways to help the organisation improve its performance. While independence is extremely valuable for internal auditors, it’s not always possible to guarantee complete independence.

The extent to which an organisation should be concerned with independence depends on a variety of factors and it’s not necessarily essential to engage a third-party to conduct internal audits. In many cases, if there is in-house technical capability and opportunities to use internal resources, this is acceptable as long as the auditors can review the organisation at arm’s length.

The most important aspect for independence is to make sure that the risk of “self-review threat” does not arise, or in other words, no one is reviewing their own work. There are commercial realities that combine with the need for integrity and innovation, which means that some organisations are in a position for everything they need to review to be audited by independent third parties while others simply don’t have the resources to do that.

The key question for organisations to answer is why independence is necessary. Organisations should think about what end result they need to achieve, then structure their internal audit processes accordingly. For some organisations, independence is non-negotiable due to compliance or regulatory requirements. In other organisations, independence is desirable but not always practical, and the level of independence that’s possible is sufficient for that organisation’s risk appetite and goals.

Then there are some cases where independence is truly impossible because part of the organisation being audited includes specialist or bespoke technology and solutions. The only way to understand these specialist areas is to work with an internal expert, but finding someone who is expert in that area without any bias is difficult. These experts often have an emotional commitment to this area and it’s critical and integrated into their core activities. This erodes their ability to be independent, yet a completely independent third party may be ill-equipped to really understand what they’re auditing.

This example highlights the many grey areas present in internal audits. These can be overcome to some extent by data analytics technology that completely removes any subjectivity from the process. Because these systems merely analyse factual information, they are inherently independent. However, even this can potentially be compromised if the question asked of the data is biased. Therefore, it’s important to ensure that the terms of reference are unbiased.

Finding real independence can be incredibly challenging and, for most companies, 100 per cent independence in their internal audit isn’t absolutely necessary. It’s possible to spend unlimited funds on internal audits, but if the organisation’s profile doesn’t warrant or support such a significant investment, then the organisation simply needs to determine what level of independence is tolerable and defensible.

Organisations looking to conduct an initial public offering (IPO) or seek other external investment are more likely to benefit from robustly independent internal audits. Similarly, in a high-risk organisation or one looking to conduct mergers and acquisitions, an independent internal audit is not just the norm or good practice, but a requirement.

In many cases, the pragmatic and acceptable approach is for the organisation to conduct its own internal audit with a view to the audit team being as independent as possible. In public companies, government entities and organisations in heavily regulated industries, it usually makes sense to engage a third-party internal audit team.

There are seven key characteristics organisations should look for in an outsourced internal audit team:

1. Flexible: The team should be able to provide commercially attractive audit plans aligned to both the organisation’s risk appetite and budget.

2. Sophisticated: Clients should have access to senior team members, including a manager or partner, to ensure the advice received is sophisticated and valuable.

3. Global: Firms with an international presence offer depth, experience, reach, a global outlook and global best practices, along with the ability to deliver cutting-edge thinking to local clients quickly.

4. Diverse: Audit teams that purely work with one type of organisation are likely to develop strong expertise in one area, but a team that works across a diverse range of clients will have a more nuanced perspective and the ability to bring innovative thinking to the engagement.

5. Creative: The best solutions come from audit teams that can see the multiple dimensions that exist for various types of organisations and can provide a pragmatic, practical approach that meets the business’s needs without requiring an untenable investment.

6. Future-focused: It’s important to work with an audit team that can provide insights around how the organisation can reduce risk in the future and continue to evolve.

7. Well resourced: Audit teams need to be underpinned by leading-edge, cloud-based tools that power internal audits while providing transparency and knowledge sharing with the client. These tools should track the issues and progression of recommendations so clients are fully supported.

There’s no point in applying motherhood solutions to unique problems. Each organisation has unique requirements when it comes to internal audits. It’s important to find the right solutions, whether that involves a partially independent team, an internal team that’s wholly independent or an outsourced team.

Furthermore, it’s important to remember that the solution that makes sense today won’t necessarily continue to be the best solution in the future as the organisation evolves and grows. And, if the same audit team is in place for a number of years, it could be advisable to rotate the team members or even get an entirely fresh team just to ensure ongoing independence.

Michael Shatter, partner, RSM Australia

You are not authorised to post comments.

Comments will undergo moderation before they get published.

accountants daily logo Newsletter

Receive breaking news directly to your inbox each day.

SUBSCRIBE NOW