Authors: Marina Gkouma, John Filos

Title: The significance of internal audit to an entity’s governance processes, internal controls & risk management

Abstract

The role of internal audit is to provide independent assurance that an organization's risk management, governance and internal control processes are operating effectively. Nowadays, it is taking on a more strategic and central role since all organizations are subject to risks and therefore it is of utmost importance the organization to identify, monitor and effectively manage these risks. Risks can either arise from error or fraud. There have been several instances in the past where frauds have been detected by the internal audit function and their reveal has led to the downfall of organizations as a whole. Due to the negative impact that both types of risks may have to the sustainability of a business, Managements and senior executives are increasingly concerned about the exposure of their businesses to risks and whether the internal control system is designed and operates effectively (D& I of control system). In other words, whether the organization is adequately protected from risks.

Internal auditors should provide objective assurance to the board and management that the controls in place are sufficient for identified risks and also to ensure that the controls are functioning effectively. In case a fraud incidence is identified, it is imperative the organization to have a well-defined response plan in order to handle this incidence effectively. A root cause analysis should also be performed by internal auditors in order to be able to recommend appropriate corrective actions to the organization’s Management.

In order to perform effectively their role, internal auditors should demonstrate compliance with both the International Professional Practices Framework Standards and the Code of Ethics. The Standards are mandatory requirements/guidance provided by the Institute of Chartered Certified Accountants (IIA). On the other hand, the Code of Ethics states the principles and expectations governing the behavior of individuals and organizations in the conduct of internal auditing.

The internal audit charter (which is being approved either by the board or the audit committee) is also a very important tool since it clearly identifies the roles and responsibilities of internal audit with respect to risks. Another aspect of vital importance for the internal audit function is internal auditor’s independence. In order internal auditors to ensure their independence, it is essential to have adequate access to the audit committee and have independent authority and reporting lines/whistleblower hotline. In addition, internal audit function should have adequate resources (human, capital, etc..) and specialized personnel in order to conduct internal audits effectively.

Last but not least, internal auditors should evaluate risks on a regular basis since the organizations operate in a continuous evolving - dynamic business environment, where various new risks may emerge. Therefore, an organization should be able to ensure timely risk management in order the risks to be mitigated or even eliminated completely (if feasible). In this way, the business strategy and objectives will be met and internal audit will add value to the organization.

Keywords: Internal Audit Function, Internal Controls, Design & Implementation of Controls (D&I), International Professional Practices Framework (IPPF), Code of Ethics, Institute of Chartered Certified Accountants (IIA), Risk Management,  Response Plan, Whistleblower Hotline, Adequacy of Resources (Human, Capital), Specialized personnel.