Many companies have an internal audit department that tests whether the organization is accurately reporting financial results and complying with U.S. Generally Accepted Accounting Principles (GAAP). But it’s important for internal auditors to think beyond compliance.
Internal auditors who understand the big picture can expand their department’s influence by helping their organizations mitigate risk, improve financial and operational processes, and evaluate business strategies. Here’s how to get more from your internal audit team.
Expand the scope
The skill sets of internal auditors make the department ideally suited to participate in managing a broad range of risks, including:
- Information technology (IT),
- Merger and acquisition (M&A),
- Foreign corruption, and
- Business continuity risks.
To maximize its value, the internal audit team should take a forward-looking approach. Individual auditors are well equipped to help identify and assess risks — and even help businesses anticipate and avoid obstacles before an adverse event occurs.
Use internal auditors like consultants
Your company should tap auditors’ expertise to evaluate and improve controls and ensure compliance before problems arise, instead of waiting for internal auditors to report possible control or compliance deficiencies. The department can also highlight ways for other functional areas — such as production, sales, HR, finance and procurement — to improve processes and eliminate waste and inefficiency.
Advances in technology make it possible to greatly enhance the value of the internal audit function. For instance, continuous auditing is an automated approach that allows auditors to gather critical information and identify problems in real time. This is a dramatic improvement over the traditional approach, in which internal auditors test a limited number of samples and then report their findings after the fact. Likewise, data analytics and predictive modeling enable internal auditors to quickly spot anomalies and focus the team’s resources on high-risk areas.
Conduct quality assurance reviews
Businesses should conduct regular quality assessment reviews (QARs) of their internal audit departments. The Institute of Internal Auditors’ Code of Ethics requires Certified Internal Auditors to undergo a QAR at least once every five years. This oversight helps assess the department’s performance, competence and objectivity, allowing the company to quickly identify and remedy any issues.
Functional diversity is critical
Do your internal auditors have the skills and training necessary to meet the demands of today’s volatile, complex business world? Effective internal audit teams include people from a broad range of backgrounds, including those with IT, management consulting and engineering expertise.
If these skills are lacking in your internal audit team, your organization might need to hire some new auditors to infuse fresh ideas into the department — or you might consider “co-sourcing” with an external firm to help fill any internal skill gaps. Contact us for more information.