Introduction:
Auditing the auditors has a wide scope because the subject “auditor” does not just refer to Internal or External Auditor but refers to any assurance provider within the second and third lines of defense. Some of the auditors in the second line of defense include Internal Control, Business Ethics and Compliance, Enterprise Risk Management, HSEQ and Operational Risk Management functions. Some of the auditors that are found in the third line of defense are: the External Auditors, Internal Auditors, third party asset valuers and CIPE-Independent Compliance Assessors. Auditing any of the audit functions with the second and third lines of defense requires good understanding, interpretation and application of the applicable legal and regulatory standards, frameworks and best practices principles.
Why auditing the Internal Auditors is good for the companies.
Every organisation hires for expertise and the expertise comes into play on the quality of work products, impacts and contributions to the achievement of the overall corporate goals and objectives. The Internal Auditors are performance enablers for business growth, cost savings and long-term sustainability. They achieve these by performing the following functions:
- Providing independent and objective assessments of the organization’s risk management, governance, control and compliance systems to ensure that they are appropriately designed and operating as expected.
- Providing insight into the gaps, strengths and actions required to improving the systems.
- Reducing unnecessary costs and expenses.
- increasing cost savings.
- Enhancing revenues and profits.
- Providing foresights and visibility of the key risk exposures, emerging issues and changes in the business environment.
- Establishing the real issues, root causes, impacts and solutions.
- Enhancing the ability of the companies to adopt agility, proactive planning and responses in making risk-informed decisions and taking proactive actions.
- Reinforcing stakeholders’ confidence and trust to maximize the business opportunities for the best interest of the companies.
- Providing hindsight into the past and current performance on managing the risks in their business and the impacts.
The performance of the internal auditors in carrying out the above job functions needs to be periodically measured against best practices standards and the specific criteria established by their organisation. The primary goals for the measurements are to:
- identify areas of strengths, weaknesses, improvement opportunities,
- proactively take appropriate actions to addressing the weaknesses, reinforcing the strengths and optimizing the improvement opportunities.