Академический Документы
Профессиональный Документы
Культура Документы
outsourcing -
Morison Menon
Introduction
The internal audit function is one of the fundamental “checks and balances” for
sound corporate governance. A question that agitates the Board of Directors of
any organization is how competent and independent is the internal audit team in
the organization.
Corporate governance has been under a strong and critical public spotlight in
recent years, in the wake of a succession of blows to market confidence and
integrity, particularly in the United States and other countries as well. The
investor community’s expectations of boards and senior management, and of
those charged with providing an independent review of a company’s operations
and financial accounts, have been raised.
I would cover in brief the role of internal audit versus risk management,
expectations of regulators, and my assessment of internal audit functions based
on our experience with clients and lastly why it makes sense to outsource
internal audit.
and assessing inherent risks in the systems and processes, having appropriate
risk thresholds, having control mechanisms and mitigation strategies in place to
contain risk within the organizations risk thresholds. Risk management is critical
in helping an institution plan its strategic response to its changing risk profile
and ensuring effective risk management processes are in place to respond
quickly. A checking function (similar to internal audit) is often involved to ensure
that the risk control framework is in place and risk thresholds are not breached.
Internal audit also plays a complementary role in evaluating whether the controls
are practical, whether they are functional and how they might be circumvented.
Regulators expectations
According to Basel Committee’s “recommendations (for banking sector) essential
criteria” for the internal audit function is:
● have unfettered access to all the bank’s business lines and support departments;
● have appropriate independence, including reporting lines to the board of
directors and status within the bank to ensure that senior management reacts to
and acts upon its recommendations;
● have sufficient resources, and staff that are suitably trained and have relevant
experience, to understand and evaluate the business it is auditing; and
● Employ a methodology that identifies the key risks run by the bank and allocates
its resources accordingly.
●
The language of the Insurance Core Principles and Methodology, developed by
International Association of Insurance Supervisors (IAIS), is almost identical on
the role of internal audit in insurance companies.
The Basel Committee has set out many important principles for the internal audit
function. A few of them are:
● Internal audit function must be independent of the activities audited and
independent from the everyday internal control process. This implies there has
to be objectivity and impartiality in the functioning of internal audit; and
● Every activity and every entity of the institution should fall within the scope of
the internal audit. This means there should be no scope for exclusions
permissible though extent and frequency of internal audit of each function in an
organization may vary.
●
Assessment of internal audit function
In many organizations internal audit function is an additional responsibility and
often leads to conflict of interest. Also where we have noticed that internal audit
department is independent, people are routinely drawn from functional role into
the internal audit department. In such scenarios the internal auditor often need
to asses functions wherein they have worked earlier. Objective audit in such
cases are not practical.
Also in many instances we have noticed CEO’s putting up pliant internal auditors
thereby negating the objective of the function as well as the Board of Directors.
In small and medium organizations in-house internal auditors don’t have full time
role and end up being idle or assigned other operational role along with the
internal audit function. Such appointments are sure recipe for ineffective internal
audit function.