Regulatory developments over the last decade have changed the face of internal audit forever. The modern audit function, no longer working within its own designated silo distinct from the rest of the business, must now work extremely closely with risk departments, IT functions and the board of directors.
As the IIA outlines, internal audit provides assurance by assessing and reporting on the effectiveness of governance, risk management, and control processes designed to help the organisation achieve strategic, operational, financial, and compliance objectives.
Developing and maintaining an effective relationship with the internal audit function is vital for all businesses. However, as both an internal and simultaneously independent function, there is an inevitable conflict between the influence of internal audit on corporate governance and its requirement to remain objective.
Walking the tightrope between involvement and observation
The internal audit function must be properly informed, which requires attendance at executive committee meetings and access to strategic papers. Internal auditors must be free to properly and deeply observe and critique corporate governance, without bias and undue influence.
That close involvement in corporate governance often results in blurred lines but there is in fact a clear distinction to be made. It is the responsibility of the board to develop and maintain an effective corporate governance environment.
Internal auditors are usually employees of the company and, like any other employee; they must still add value to the business. The ability to remain objective but continue to add value can be another source of conflicting interests for internal audit functions.
Data analytics will be a game changer for the internal audit function. The latest report from Protiviti has found that “with digitalisation, robotics and business transformation gaining more momentum in organisations every day, internal audit needs to embrace analytics – and fast.” The good news it that 76% of European internal audit departments current utilise data analytics as part of the audit process, however only 58% rate the quality of the data for analytics purposes to be excellent or very good.
Relationship with internal audit still holds importance
A close relationship and functional reporting line to the CEO and to the Chief Risk Officer is critical, but that relationship must be seen as one of mutual benefit rather than influence in either direction. As data alone cannot be relied on to inform the assurances that the internal audit committee needs to provide, internal audit must maintain a close and direct relationship with the board. However, the involvement of internal audit in strategic decision-making must “stop at the boardroom door”.
Outsourcing can add a layer of objectivity
Outsourcing some of all internal audit functions can provide efficiency benefits, particularly for those firms without the necessary in-house skills to carry out the internal audit function successfully. However, it is of course, entirely possible to have an effective, independent internal audit function without outsourcing, provided that the rights and responsibilities of the internal audit function and audit committee are clear (these are typically set out in a charter and reviewed periodically).
The business must continually balance this fine line between independence and influence, and as regulators continue to demand higher levels of internal critique from firms, this line is going to become even harder to tread.
Contact your local Robert Half recruitment consultant today to assist with the recruitment of your next internal auditor today.