Checklist
This checklist outlines the roles and responsibilities of the Chief Audit Executive (CAE) as the principal independent internal auditor in an organization.
Definition
The CAE has an in-depth knowledge of the business and is concerned principally with its systems for internal control and efficiency of operations, the reliability of its financial reporting, and its observance of relevant laws and regulations.
Corporate accounting scandals and the resultant outcry for transparency and honesty in reporting have led to a progressively more important role for the CAE. A CAE has two important and sometimes conflicting functions within an organization. The first is to examine and evaluate the organization’s systems of internal control, as part of the requirement for stricter corporate governance. The second is to be cognizant with the risks, goals, policies, and processes of the organization fully while maintaining autonomy from management direction and control.
The CAE normally reports directly to the management and audit committee and is responsible for producing an annual assessment of the effectiveness of the organization’s risk management and processes for control and governance, as set out by the board or management. Risk management deals with the way an organization sets goals, then recognizes, interprets, and reacts to risks that could affect its ability to realize those goals. Processes for control and governance deal with the effectiveness and efficiency of operations, the reliability of financial reports and conformity with appropriate rules and laws.
Advantages
-
CAEs improve business organization and risk management by providing reassurance on the effectiveness and efficiency of operations, the reliability of financial reporting, and compliance with applicable laws and regulations.
-
CAEs provide management with an in-depth and unbiased understanding of the risks that the organization may be facing, allowing for pre-emptive planning.
-
CAEs give company officers and directors forewarning of ethical and legal issues that the organization may be facing.
Disadvantages
-
Although CAEs are meant to be independent and impartial, they are paid by the company and are an integral part of the company’s management. This can lead to conflicts of interest.
-
CAEs’ judgments, estimates, and interpretations are not always objective because of their close relationships with the organizations for which they work.
-
A CAE’s relationship with the management of a company is generally informal and the CAE’s position does not carry the power to change processes.
-
Although there are international bodies such as the Institute of Internal Auditors (IIA), CAEs as a profession are unregulated.
Action Checklist
-
Has the CAE previously worked in related business fields? If so, for how long and what did they achieve?
-
How good is the CAE’s track record on risk assessment and planning for contingencies?
-
In assessing business processes, how up-to-date is the CAE with information audit technology controls?
-
To which internationally recognized standards-setting body, such as the IIA, does the CAE belong?
Dos and Don’ts
Do
-
Allow CAEs unrestricted access to information, to enable them to evaluate risks, management activities and personnel better.
-
Take into account that CAEs are not responsible for carrying out company activities; their role is solely advisery.
-
Consult with the CAE if there are any implications where ethical or legal issues may be involved.
Don’t
-
Don’t involve CAEs in decisions that might compromise their autonomy as independent internal auditors.
www.qfinance.com