28 Aug The role of the internal auditor
Who watches the watchmen? The role of the audit profession and its regulators has been under increasing scrutiny in recent times. Auditors have been censured for failing to spot irregularities, a lack of rigorous financial scrutiny; and in some instances for being too close to the company, acting as advisers as well as auditors.
In order to tighten up on financial scrutiny a number of measures are being put in place, not the least of which is the replacement of the Financial Reporting Council (FRC) with a new body, the Audit, Reporting and Governance Authority (ARGA). The new body will be accountable to Parliament, with stronger statutory powers. These will not only impact on auditors and companies but also individual directors, in particular on chief executives and audit committees.
Whilst the transition to ARGA is still ongoing and therefore the exact shape of the new regime has yet to be clarified, it is perhaps worth noting that the Competition and Markets Authority (CMA) 2019 report on the UK audit market recommended that ‘the regulator should hold audit committees more vigorously to account.’ This not only re-emphasises the role which companies have in ensuring the independence and robustness of the audit process, it also highlights the way in which audit is not a purely external function. In fact, as a 2018 paper by the Chartered Institute of Internal Auditors commented: “Internal audit provides objective assurance and insight on the effectiveness and efficiency of risk management, internal control, and governance processes.”
In a move to further the internal audit role the Chartered IIA has released a draft code of practice. The code, which is out for consultation until 11 October, builds on a set of recommendations which were previously developed for financial services firms. The new code makes thirty recommendations which are aimed at providing internal auditors with:
- unrestricted access across the organisation
- full access to senior meetings including board and executive committee meetings
- full and timely access to key management information
In line with other corporate governance practices the recommendations are principles-based rather than rule-based. They also tie closely in with governance and culture with, for example, the second recommendation requiring the board, its committees and executive management to ‘set the right tone at the top to ensure support for, and acceptance of, internal audit at all levels of the organisation.’ It is hoped that implementing these recommendations, thereby clarifying expectations and requirements, the effectiveness and impact of the internal audit function will be increased.