Day in day out we hear of cases of individuals being indicted and funds missing within organisations. But who are the guardians of integrity and accountability.
May is International Internal Audit month, a period dedicated to celebrating the internal audit profession. Internal auditors are professionals who review the internal control environment of organisations. They are the third line of defense.
On the other hand, management is the group of individuals responsible for conducting and overseeing the operations within and without the organisation.
Management are the most critical first line of defense and just like in the military they act to protect the organisation against potential ‘enemies’ as the first layer. Management sets the tone and context of internal controls within the daily business tasks and drives the implementation of internal controls.
The second line of defense being the risk management and compliance functions. Second line provide an additional layer of defense, through provision of oversight, tools, systems and advice necessary to help the first line in identification, management and monitoring of risks.
The role of internal audit to add value through advising and collaborating with management in finding controls that are inadequate (Not well designed or don’t exist) or operating inefficiently.
Further the role of internal audit is pivotal in ensuring an organisation’s governance, risk management, and internal controls are effective and efficient. Internal auditors provide independent, objective assessments and recommendations, helping to identify and mitigate risks, improve processes, and ensure compliance with regulations.
They support management in achieving organisational goals through systematic evaluations and fostering a culture of accountability and continuous improvement.
The board of directors plays a crucial role in overseeing internal controls within an organisation. Their responsibilities include oversight and monitoring: The board provides oversight of the internal control framework, ensuring that controls are effective and efficient. This includes reviewing reports from management and internal auditors.
Evaluates Internal Control Effectiveness: The board assesses the adequacy and effectiveness of the internal control system, often through the audit committee, which provides detailed oversight.
Ensuring Adequate Resources: The board ensures that the organisation allocates sufficient resources, including personnel and technology, to maintain effective internal controls.
By fulfilling these roles, the board of directors ensures that the organization’s internal controls are robust, helping to safeguard assets, enhance the reliability of financial reporting, and ensure compliance with laws and regulations.
Internal control vs Internal Audit
How different is internal control from Internal Audit? Internal control is the ongoing system of embedding a framework within an organisation, that includes policies, procedures and activities to safeguard assets and achieve strategy.
A working system of internal control means collaboratively taking responsibility for controls within the organisation. On the other hand, internal audit is the independent review of the said Internal control framework from time to time to note opportunities and improvements areas.
Achieving effective corporate governance hinges on comprehensively grasping and executing both internal control and internal audit processes. The intertwined functions collaborate to uphold operational efficiency, mitigate risks, and promote ethical behavior.
Control Self assessments (CSAs) are critical, they are self-checks by management and control doers to identify early enough control failures. They are key for ensuring effective risk management and compliance.
They empower organisations to identify weaknesses, enhance internal controls, and foster accountability. Regular CSAs promote a proactive approach to mitigating risks, improving processes, and ensuring operational integrity. Their importance lies in continuous monitoring and improvement.
In conclusion, clarity on the ‘what and why of our Governance commitments is needed for organisations to effectively improve, accelerate and transform the Internal Controls agenda. Organizations must inculcate a culture of collaboration between the different lines of defense.
This in return will propel organisations towards achievement of its goals and objectives. Internal auditors are the allies that each and every organisation needs to drive change.
Mikaeli Jesang is an expert in matters governance, risk, controls and sustainability. [email protected]