According to the definition of Internal Auditing in the IIA’s International Professional Practices Framework (IPPF), internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. Internal auditor helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes
Governing bodies and senior management rely on Internal Auditing for objective assurance and insight on the effectiveness and efficiency of governance, risk management, and internal control processes. Internal auditing assures the organisation’s governance, risk management, and control processes to help achieve strategic, operational, financial, and compliance objectives of an organisation. Internal auditing is a catalyst for improving an organisation’s effectiveness and efficiency by providing insight and recommendations based on analyses and assessments of data and business processes. With a commitment to integrity and accountability, Internal Auditing provides value to governing bodies and senior management as an independent source of objective advice.
An internal audit is designed to enhance confidence in an entity operation, but it does not relieve management or those charged with governance of their responsibilities. Companies do not fail because of poor quality audits, ultimately, corporate failures and the resulting impacts on financial statements are consequences of poor governance and decisions. However, corporate scandals being it fraud or collapse of an entity, internal auditors are in many cases blamed for the scandal. Questions arise as to who ensure that internal auditors carry out their work diligently to help add value to the organisation’s systems. This article unravels the puzzle of who audit the internal auditor. Institutions and individuals directly and indirectly assess and review the internal auditors work. These are;
An active audit committee is a critical part of delivering trust and confidence in reporting and risk management. The internal auditing activity is a part of an organisation’s risk universe and should be reviewed. The audit committee provides oversight responsibilities for the internal audit; however, it is not the audit committee’s role to directly “audit” the internal audit’s activities. The audit committee’s oversight role creates the environment to enable the internal auditors to deliver efficiently- the Internal Auditor prepares the Audit plan, budget, and it is reviewed and approved by the audit committee. The Audit Committee is responsible for the quality of the audit report and also ensure the implementation of the internal auditor’s reports. Audit committee provides checks and balance on the role of the internal audit, and it said that it allows for “audit” of the internal audit.
External Assessment Team
According to the International Professional Practice Framework (IPPF), external assessments must be conducted at least once every five years by a qualified, independent assessor or assessment team from outside the organisation. The external assessor should be well-versed in best internal audit practices, under the leadership of an experienced and professional internal auditor. An external assessment team aims to examine the efficiency and effectiveness of the internal audit activity within the organisation, to make recommendations for improvement and to establish whether the internal audit activity conforms to Standards. This is crucial as the internal auditor submits itself to the same level of scrutiny as the rest of the quality of work being carried out by the internal audit.
This is where the internal audit unit performs self-assessment with independent external validation. Peers or management evaluates the internal auditor through a set of questionnaires. In addition, it can be done by interviewing the management to seek for their candid opinion as to how the internal audit unit is functioning. After the internal audit assessment, independent external assessor performs validation of the internal audit self- assessment. By so doing the work of the internal audit is audited to ensure conformance of code of ethics and the relevant standards that promote the quality report.
The best evaluator of a service provider is the client and not the service provider. In the same vein, the recipient of the internal audit services that is managements is the best to assess how they find the work of the internal audit. Management audit the work of the internal auditor by the kind of comments, the level of acceptance and reliance they placed on the internal audit findings and the recommendations they provide. Also, management will involve internal audit as a necessity and not as a requirement in any significant projects decisions and other relevant management meetings when they trust the internal audit competence—this a sign of competence and quality of work done by the internal audit unit. However, if management does not engage the internal auditors in such decisions, it may be a sign that the internal audit unit is not living up to expectation.
The extent to which the external auditor places reliance on the internal auditor’s work is a way of reviewing internal auditor’s job. With this, the internal auditors carry out their work more efficiently and effectively manner because external auditors will rely on their work. The external auditor carries out a test on the internal auditor’s job to evaluate adherence and conformance to the assumptions, and the methodology used. The external auditor will not be exonerated for any audit failure should he rely on the internal auditor’s work. The external auditor may also propose the removal of the internal auditor if he is not performing. The external auditor refusal to rely on the internal auditor’s work is a clear indication of work not adequately done; this, however, might not be the case all the time.
Internal audit performs a crucial functioning in ensuring value addition to an organisation by scrutinising the activities of management; however, in the mind of public they wonder who ensures that this herculean task is carried out diligently to achieve the value addition. This article addressed this issue by outlining individuals and institutions such as audit committee, external assessment team, peer, management and external auditor whose conduct and work directly or indirectly review the internal auditor’s work.
The writer works with the University of Cape Coast as Internal Auditor and has been practicing as internal auditor for the past fifteen years