Asha Ganesh Supervisory Senior Consultant WithumSmith+Brown

Internal Auditors’ roles include understanding business and IT processes, evaluating organizational risks and controls and monitoring compliance with policies, procedures, and applicable laws. Working in partnership with Management, Internal Auditors should make recommendations for improving processes, policies and procedures to provide assurance to stakeholders that the Organization’s corporate governance is effective. A complex economic environment and globalization, among other parameters, have placed increased demands on the role of Internal Auditors in any organization. Below are five things every internal auditor should be doing:

I. Prevent erosion of Enterprise value and safeguard the interests of all the stakeholders, by ensuring that established policies, procedures and guidelines are adhered to, at all levels in the Organization.

II. Perform periodic risk assessments and ensure that all significant risks are addressed, including:

• Compliance Risk – In a dynamic business environment, ensure conformance to new/ changing regulations pertaining to the organization.
• Strategic Risk – Challenge Management’s assumptions while setting strategic objectives and entering into partnerships, evaluate if business unit objectives are aligned to the strategic objective, and evaluate the outcome.
• Fraud Risk – Evaluate sufficiency of whistleblower policies and procedures, preventive controls, and use of IT application controls in fraud prevention and detection.
• Technology Risk – Evaluate effectiveness of IT Controls that are critical to achieving business process objectives in a secure environment.

III. Proactively respond to changes within the organization, such as:

• Change in operational and financial systems.
• Change in process controls due to organizational changes arising from new hires, change in staff and/ or terminations.

 IV. Ensuring that the Internal Audit function provides added value by:

• Understanding Management and Board level expectation from a medium and long term perspective and communicating periodically with the Board.
• Engaging with Management to include Internal audit as a part of the business plan.
• Suggesting process improvements and engaging with process owners in a manner that internal audit is considered a value addition and not an intrusion.

 V. Establish and operate an efficient and effective Internal Audit Department by:

• Using the right technology tools.
• Being cost conscious in establishing the controls.
• Implementing industry best practices in performing internal audits.
• Conducting periodic training for internal audit staff.

Internal Auditors should take a proactive approach in designing their function to make their role in the organization relevant, reduce financial and operational surprises, and gain the confidence of stakeholders.