YEAH YOU READ THAT RIGHT ….. INTERNAL AUDITING CAN AND DOES FUEL AMBITION!
It’s not that only certain careers can offer ambition or that only a financially or otherwise rewarding career can be ambitious. It is very much about our own approach towards our career and the choices that we make along the way, that matters when gauging ambition.
Agreed, there can be spoilers to that cause of ours …. Pursuit of ambition and sometimes it just becomes difficult to navigate through them. But what exactly causes internal auditing to lose steam, offer a lackluster performance or fall out of favor when the factors aren’t indigenous? That’s exactly the ground we’ll be covering here.
There’s a feeble debate going on about the impacts regulation had have on internal auditing. Let’s discuss and add to that.
It was the US SOX Act that inspired regulation around the globe on the role and responsibilities of internal auditing and how could the Boards benefit from it for the purposes of fulfilling its fiduciary duties and oversight role. The internal auditing found a brand-new opportunity to rise to the top, with that sense of empowerment.
But that’s the thing about regulations; they are anti-inspiring as they mostly end up making cost centers for the entities mandated to comply. This is because entities primarily react by looking at the costs of compliance rather than the benefits; sometimes benefits are too distant that they seem elusive. Other times regulations are so poorly structured that all they do is to ask for a tick in the box approach; focused on theory but nothing in substance.
True that,
- The regulations safeguard the larger public interest.
- The regulations designed the audit committees.
- Empowered the audit committee with resources and Terms of Reference.
- Made them responsible for internal audit function.
- Made the internal audit functional reporting lines clearer.
But is that it? Was that all that could have been done? Did it help achieve anything substantial?
Certainly not. Regulations neither incentivize nor inspire conformance. It just aims for enforcement, mostly through an inflexible one size fits all approach. They seldom provide a roadmap for implementation and an evaluation mechanism. Still, what they give is a penalty for non-conformance!
Consequentially, the area aimed for governance through regulation is left further damaged. Internal Auditing is no exception. Whilst the opportunity provided by regulations around it in the era of SOX Act, was timely seized by the profession, the profession is certainly not in a better shape than before. In fact, unfortunately its now in a poorer shape because,
- The self-motivation to investment in Internal Auditing is over as it has become a necessary evil like statutory external audits of financial statements.
- Misguided expectations of stakeholders from enhanced knowledge about internal auditing.
- Expectations unaligned with authority and responsibilities.
- Opportunity for scapegoating owing to increased prominence.
- No effectiveness evaluation mechanism over the audit committee performance, especially discharge of its responsibilities pertaining to internal auditing.
The first and last of the reasons above are the most to be blamed for an unambitious internal auditing. Business owners and managers who are accustomed to investments only after realizing the potential benefits can no longer look at a regulator enforced internal auditing the same way. They then usually end up having a checklist approach to having an internal audit function that conforms with the requirements. Its effectiveness and delivery are no more concerns.
The unambitious internal auditing function is then resigned to being a cost center and its planning, resource allocation, reporting and effectiveness monitoring is mostly relegated to management, which then drives it as an extended function of its own. The management ensures the bare minimum approach to regulatory requirements and assumes the role of internal audit healthiness reporting to the Audit Committee.
The Audit committee simply endorses management reporting over the internal auditing. No efforts are made to directly oversee the function and ultimately the communication is also through management solely. At this stage, the function also considers it more appropriate to follow the path that has been laid out for it by the management, duly endorsed by the audit committee.
Indeed, the audit function can make a choice of moving out of this shell, however it needs to be evaluated beforehand on how such a move will be received by the audit committee. That evaluation should then be weighed against the cost of complacency, since in the long term it won’t bode well for the audit function, if the audit function is looking at a long term, that is!
If long term is not on the horizon, continuing this way is fine. Just ensure it is you who decide when to pack up. And if there’s no bar on the term and the function is expected to continue, that’s surely no way to do it. The function should shun the tracks carved out for it and make its own, for if it’s not done the journey to irrelevance will be clear and short.
Direct communication channels with the audit committee should be exploited. The committee should be asked for direction, strategy and feedback. If things are seriously astray, engaging the regulator is an option too. Unfortunately, however the regulators are mostly structured to operate in a complaint only intervention model, which is an ineffective way to monitor conformance. Still always keep tangible non-compliances ready for regulator reporting because maybe that’s your best and only bet!
Testing waters before diving in is imperative but equally important is having a backup in place!