|
|
 | ||
| ||
|
|
|
News < Back Sarbanes Oxley : Auditing : Back Office Optimizing the Role of Internal Audit
If not for the function's involvement in business process analysis, control testing, risk management, and forensic accounting, the business landscape would likely be littered with significantly more disclosures of material weaknesses and revelations of noncompliance with the law.But as is the case with accomplishments of this magnitude, sacrifices were made. The traditional work of internal audit -- operational and systems audits, fraud investigation, and special project audit work -- became secondary. And, with the fortunes of a company tied more closely to internal audit than ever, companies may need to react to realize the full value of their internal audit function. "In the Sarbanes-Oxley era, the responsibilities of internal audit will often need to be realigned and the reporting structure reworked," says Eric Hespenheide, global managing partner of internal audit services for Deloitte & Touche LLP, and one of several contributors to a new report issued by Deloitte & Touche titled, "Optimizing the Role of Internal Audit in the Sarbanes-Oxley Era." "Meeting the requirements of the law is obviously important," Hespenheide notes, "but the labor intensity behind compliance should diminish this year as companies get closer to achieving sustained compliance. Internal audit, properly structured, can deliver tremendous value to an organization, impacting both regulatory compliance and operational excellence." Among the key recommendations outlined in the Deloitte & Touche report is reworking the organizational structure of internal audit so that the function reports to the audit committee as opposed to executive management. Keeping internal audit separate from management helps address regulators concerned with independence, external auditors seeking objectivity, and stakeholders expecting strong corporate governance practices.Moreover, this type of organizational structure may foster better communications, encourage more direct feedback on the performance of the chief audit executive and the function, promote proper staffing and budgeting of the function, and may better enable audit committees to exert direct influence over the hiring, compensation, and firing of the chief audit executive. Recent trends indicate that direct Audit Committee reporting is much more common. More than 90 percent of internal audit departments reported to the CFO several years ago. But according to a recent survey by the Institute of Internal Auditors, only about 40 to 50 percent of internal audit departments report to the CFO today. While internal audit ordinarily will continue to play a role in Sarbanes- Oxley compliance, the Deloitte & Touche report suggests reestablishing a broader view for the function to address the multiple needs of many stakeholders. These include: ? Fraud Detection: Internal audit can assist management in determining that reasonable control activities are in place to help prevent and detect fraud and support company anti-fraud programs. ? Risk Management: Internal audit should play a prominent role in helping management with a comprehensive risk assessment process, which is critical to judging whether internal control over financial reporting is effective. ? Evaluating New Business Operations: Each new opportunity brings new risks, and internal audit should take part in identifying, evaluating and helping an organization intelligently manage such risks. ? Managing Information Technology (IT): IT usually presents significant risk management challenges to an organization, whether the computer systems are static, undergoing an incremental upgrade or in the midst of a complete migration. ? Contributing to Corporate Growth: When companies expand into new regions, distribution channels, or customers, internal audit plans and activities should reflect these areas of focus and risk, to help build top-line revenue growth. With the increased attention to and investment in internal audit - both from a regulatory and competitiveness standpoint - the optimal functioning of the department is vital. Deloitte & Touche, as well as the Institute of Internal Auditors, recommends internal audit departments undergo regular quality reviews to assess the effectiveness and efficiency of the function. The Deloitte & Touche report outlines three models: continuous quality assurance, self-assessment, and external quality assessment."Just as individuals require regular medical check-ups to remain in peak health, so too can internal audit benefit from a thorough examination," says Wayne Rose, who leads the firm's Quality Assessment Services practice and is the firm's deputy managing partner for Internal Audit Services. Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, its member firms and their respective subsidiaries and affiliates. As a Swiss Verein (association), neither Deloitte Touche Tohmatsu nor any of its member firms has any liability for each other's acts or omissions. Each of the member firms is a separate and independent legal entity operating under the names "Deloitte", "Deloitte & Touche", "Deloitte Touche Tohmatsu" or other related names. Services are provided by the member firms or their subsidiaries or affiliates and not by the Deloitte Touche Tohmatsu Verein. Deloitte & Touche USA LLP is the US member firm of Deloitte Touche Tohmatsu. In the US, services are provided by the subsidiaries of Deloitte & Touche USA LLP (Deloitte & Touche LLP, Deloitte Consulting LLP, Deloitte Financial Advisory Services LLP, Deloitte Tax LLP and their subsidiaries), and not by Deloitte & Touche USA LLP. 
|
|
|
||||||||||||
 | |||
| |||
| |||
|
© 2019 Simplex Knowledge Company. All Rights Reserved. | TERMS OF USE | PRIVACY POLICY |
