Definition
If an internal audit is to prove effective, the auditors must have complete independence to carry out the audit as they see fit and must be free from interference by executives. However, as the Institute of Internal Auditors (IIA) points outs:1
“The internal auditor occupies a unique position—he or she is ‘employed’ by management, but is also expected to review the conduct of management. This can create significant tension since the internal auditor’s ‘independence’ from management is necessary for the auditor to objectively assess management’s actions, but the auditor’s ‘dependence’ on management for employment is clear.”
With regard to independence, the IIA adds that:2
“The audit charter should establish independence of the internal audit activity by the dual reporting relationship to management and the organization’s most senior oversight group. Specifically, the CAE [chief audit executive] should report to executive management for assistance in establishing direction, support, and administrative interface; and typically to the audit committee for strategic direction, reinforcement, and accountability. The internal auditors should have access to records and personnel as necessary, and be allowed to employ appropriate probing techniques without impediment.”
Senior management should ensure that the internal audit department does not participate in activities that may compromise, or appear to compromise, its independence. These activities may include preparing reports or records, developing procedures, or performing other operational duties that are normally reviewed by auditors. To ensure that auditors are independent, they should be given the authority to:
-
access all records and staff necessary to conduct the audit;
-
expect from management a formal and timely response to significant adverse audit findings through the taking of appropriate corrective action.
The IIA adds that threats to independence must be managed at the individual auditor, engagement, functional, and organizational levels.
Advantages
-
Having independent auditors ensures that an objective assessment of the risks facing an organization and of the procedures in place to deal with these risks, can be carried out.
-
The independence of internal auditors ensures that audits are effective in detecting and preventing fraud.
-
Independence and objectivity are critical components of effective internal audit activity.
Disadvantages
-
There are no disadvantages of an independent internal audit function.
Action Checklist
-
Ensure that the chief audit executive (CAE) reports administratively to the chief executive officer (CEO) and not to the chief financial officer (CFO) or a similar officer who has a direct responsibility for systems being audited. Reporting to executives other than the CEO is not desirable as they can influence the internal audit work to be conducted in their area of responsibility, leading to a loss of independence by internal audit.
-
The board or its audit committee should determine the CAE’s performance evaluations and compensation.
-
The CAE should report functionally for internal audit operations to the audit committee and for administration to the CEO.
-
Ensure that the internal audit activity is free from interference in determining the scope of internal auditing, performing work, and communicating results.
-
Establish the independence and the authority of internal audit staff by detailing this in a formal document such as an internal audit charter.
Dos and Don’ts
Do
-
Ensure that there is adequate consideration of audit reports.
-
Ensure appropriate action on audit recommendations.
-
Make sure that the CAE communicates directly with the board, has regular private meetings with the board, and habitually attends and participates in audit committee meetings.
Don’t
-
Don’t allow internal auditors to assume operating responsibilities.
-
Don’t allow internal auditors to draft procedures for, design, install, or operate systems.
Notes
1 Fraser, J., and Lindsay, H. “20 questions directors should ask about internal audit.” IIA Research Foundation, 2004. Online at: www.theiia.org/iia/download.cfm?file=2927 [PDF].
2 IIA. “How does internal auditing maintain its independence and objectivity?” Online at: tinyurl.com/8tv7voj
www.qfinance.com