A recent piece in Deloitte’s accounting publication, CFO Insights, titled “Can Internal Audit Be a Command Center for Risk?,” caught our eye because it posed an intriguing question: Should companies expand the auditor’s function to identify emerging risk in their organization as well as broader opportunities for improvements in business performance?
We believe in many instances internal audit can be elevated above its standard role to include more proactive consultation within the organization about emerging risk and business efficiencies. Internal auditors can provide increased oversight and awareness of critical business issues, including assessing cyber, strategic, and investment risk.
According to Ron Steinkamp, a principal with the CPA firm Brown Smith Wallace LLC, which provides leading edge internal audit services, this is the direction the internal audit profession is heading. Many boards and audit committees are requiring that their internal auditors provide their companies with value added consulting services focused on emerging strategic, operational, financial, and compliance risks. In fact, the definition of “internal audit” promulgated by the Institute of Internal Auditors is a “…consulting activity designed to add value and improve an organization’s operations.” The definition further states that internal audit “…helps an organization accomplish its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”
Of course, the challenge in helping internal audit teams successfully make this transition requires them to develop new and more efficient methods for completing their current duties while also expanding their skills to tackle these new challenges. According to Steinkamp, internal audit departments in many organizations are leveraging technology tools to more efficiently expand their coverage of risk. This includes using data analysis for continuous monitoring and review of all transactions, thus, increasing their coverage while at the same instant saving time that would have been used to perform detail testing and review of documentation of only a small sample of transactions.
DataServ recently worked with a global Fortune 500 company to streamline and save them time and expenses in the execution of their annual audit responsibilities around the globe by providing access to detailed invoice processing data. This access provided the auditors information relative to their stated procedure and process and let them know how well the organization in question was complying with the stated process. It also contains an audit trail for all transactions. All of this information was available at the click of a mouse and eliminated the internal auditor’s need to request stacks of paper documents and copies to review.
This change reduced expenses for the company in three ways:
- It reduced to near zero the amount of time required by the business unit to produce records and documents related to the audit request and time period.
- It greatly increased the efficiency with which the internal auditors analyzed and reviewed the data.
- It greatly reduced the amount of time the auditors needed to spend on site to complete their field work and findings.
Even more important, these efficiencies freed up considerable amounts of time – time that can be redirected towards those expanded areas of business focus and risk assessment.