There’s one audit that’s limited to the classifications you might want to assign to its multifarious engagements but is unbridled in its scope. Basically, your imagination is the limit to the creativity it offers. It’s Internal Auditing for you!
That’s one interpretation of what was suggested by Robert H. Montgomery back in 1912 when he suggested an audit to be unguided by instruction, while campaigning against rules-based auditing. Although that was the advent of financial auditing, which eventually shaped the future of external auditing; a fully determined in advance and limited in scope exercise, confined to review of financial statements, the stage was set for an independent intervention the scope of which could entail anything; everything.
True that, the system of internal check, Montgomery proposed in his published work, and its bearing on the financial auditing was perfected by internal audit assuming an independent reviewer role not just in this regard but also in the domains of governance and risk management, the essence of internal audit interventions lies in enabling a vision far and beyond the obvious!
The obvious is generally visible and understood, but internal audit enhances this ability to identify and comprehend that’s written between the lines.
Without internal auditing an entity can very easily determine if a control is not performing as intended and the external audit may as well help it improve that control if its financial, but it won’t be able to identify if the subject process is even needed at all or there are other ways the related objective could be accomplished!
Likewise, the entity might invest in a full fledge risk management function, but it is internal auditing whose independent assessment will determine if the return on that investment is adequate!
However, a work program directed internal audit engagement might not allow the ability to go beyond the direction, unless of course, the work program itself desires efforts beyond the fulfillment of engagement objectives. Indeed, the work program is necessary and should be in place but only as a minimum guidance to ensure focus on objectives is not lost.
The engagement itself is not just desired to be but in fact, should be designed to be evolutionary. It cannot remain tied to a preliminary understanding of the objectives to be accomplished but must allow flexibility for evolving objectives or even a reset of those objectives.
Just as the audit plan has to be agile to cater for emerging business requirements for assurance and advisory interventions and also just as the auditor is required to plan and conduct an audit engagement considering fraud risk factors and modifying approach when such risks are found to have materialized, the average audit engagement planning will be of no value if it isn’t open to evaluate anything remotely connected or even disconnected to the objectives.
Review of these remote or unrelated connections many a times leads us to identify patterns that could help explain previously unknown trends or relationships or may simply corroborate our initial findings. It’s imperative therefore, for the usually suspecting auditor to suspect anything and remain open to the possibility of auditing everything that comes to mind.
It is a real possibility, that by doing so the engagement findings could be opposite to what the objectives were. For instance, in an expense analysis and advisory engagement, the objective of which is to help save costs, it is possible that the auditor finds erroneous workings in a cost head which if rectified would increase costs. Basically, finding an understatement of costs in an engagement conceived to save costs.
The understatement might look good as it would have resulted in economic savings, however, the auditor ignoring it and advising only on costs savings would not simply be incompetent and dishonest, it might come back to haunt him if it later surfaces by itself or someone else finds it. And this example is still connected to engagement objectives.
The scope of an advisory engagement is meant to be only loosely connected to its objectives, thereby offering the stakeholders an opportunity to experience value beyond the fulfillment of objectives. Take it as the upside risk of an internal audit engagement; the stakeholders might get hold of something creative they never knew existed.
In a recently concluded engagement meant to identify potential liabilities that might arise but undisclosed or accounted for, I was also able to identify inventory worth millions of dollars, that needed a direct write down to its net realizable value and other inventory that had several consumable line items nearing their expiry dates and still other that carried warranties on the verge of expiry.
There were findings that catered to the engagement objectives and then there were these findings that enabled the client management to make important economic decisions about this inventory, like selling it off to competing entities within the sector, in time, freeing the stuck-up working capital since realizing these in ordinary course of business was no more viable.
This enriching audit of everything spells the path to be followed for the internal audit’s journey from a cost center to a ‘growth center’. An annual audit plan aligned to the business risk universe would ensure audit remains a cost center even with incremental changes when needed during the year. However, with every engagement promising to go the extra mile, unearthing avenues not known to have existed, promises internal audit an advisor spot reserved for business growth strategists.
Indeed, fulfilling objectives of a well-conceived engagement is imperative, as traditional or more appropriately cost center role of auditing is also required to be in place, but to know when to step up and being ready for fueling business growth even by helping break the shackles of what holds businesses back is an evolution only internal audit can offer.
There’s inherent wisdom in having diversity in internal audit through its voluntary model of governance and the principles-based framework for internal audit standards. Principles govern through broader approaches and requirements to be followed in respect of provision of internal audit services.
My approach to principles has always been to consider these as minimum guidelines, compliance with which is mandatory, allowing us to be as creative as our imagination allows us to be. This contrasts with the rules-based governance, where we are required to adhere to specific performance rules that inhibits creativity after it has already resulted in engagements not performed diligently, since auditors only do what the rules ‘instruct’ them to do.
Rules might be more suited to situations where principles could leave a space wide enough for misinterpretation. That’s certainly not the case with internal audit services provision.
So, next time while quantifying the internal audit contribution, both the auditors and the clients are advised not just to consider the worth of IA findings through their risk ratings, potential savings, cost and benefits of controls advised or frauds averted, but also consider how internal audit went extra mile, also did what wasn’t asked and quantify that too!
The value internal audit adds is delivering more than the mere fulfillment of an engagement’s objectives. The audit of everything is the growth-centric internal auditing.
Trackbacks/Pingbacks