Internal Audit: Assurance Process for Directors & Shareholders is key
Hardly a week goes by without news of a high-profile corporate collapse or fraud being committed. Whether it be the demise of HIH or Enron or the behaviour of recalcitrant expoliticians, members of the public are rightly entitled to ask the key question - how could this occur?
The simple answer is typically a lack of corporate governance. A key part of any organisation's corporate governance is an effective and efficient internal audit function which aims to address some key points:
Are systems working as expected?
Internal audit provides assurance that the internal control environment is working effectively and efficiently and mitigates key business risks.
Whether a listed public company or a small proprietary company, directors have a fiduciary duty to ensure an effective internal control environment. For many nonexecutive directors, the internal auditor represents their 'eyes and ears' in how the organisation functions, and can highlight areas of control weakness.
"Internal audit promotes good governance, increased internal communication, transparency and a focus on corporate values which help to strengthen an organisation and its culture."
Is the system's design appropriate?
As importantly, internal audit allows for a 'fresh set of eyes' to review an entire business process that will improve the efficiency and effectiveness of the process, and potentially save significant amounts of time and money through system improvements. Staff typically do today what they did yesterday. An internal audit promotes and encourages an organisation to think about why they do things a certain way and if an alternative approach is more efficient.
The importance of Internal Audit from a governance perspective has been underlined by the revised ASX Corporate Governance Guidelines for listed companies that mandate the disclosure of:
- the internal audit function, how the function is structured and what role it performs; or
- if it does not have an internal audit function, that fact and the processes it employs for evaluating and continually improving the effectiveness of its risk management and internal control processes.
The ASX Guidelines serve as best practice governance framework and accordingly, NFP organisations and private companies as well as listed companies should take note of this inclusion.
Irrespective of corporate structure, business owners and directors should consider the following questions in respect of a company's operations:
1. Procurement: What processes do we have in place and are they working as planned in respect to the purchase of stock & services? How do we know we are getting value for money?
2. Revenue and debtors: Are we billing the correct amount to our customers? What processes do we have in place to collect our debtors efficiently?
3. Payroll & HR: What recruitment and retention strategies do we have? How do we know there aren't any ghost employees on the payroll? Are our employees being paid the correct amount and are their leave balances accurately calculated?
4. IT Access and Security: What IT security controls do we have in place to prevent unauthorised access of confidential information?
5. Disbursements: Who authorises the disbursement of funds by cheque or EFT? What delegation levels are in place for the payment operating and capital expenditure and are they being adhered to?
It's typically not possible for business owners and directors to be involved in the day to day operations of a business or to review all transactions. If owners and directors are too far removed from the operations to know the answer to these questions, then an internal audit can provide the assurance to satisfy their fiduciary duties.
An effective internal audit function can play a crucial role in the governance of any organisation and provide assurance that a company's systems are working as efficiently and effectively as possible.
Contact our Audit & Assurance Partner, Martin Matthews, for more information.