The Forgotten Chapter

Independence and Objectivity of Internal Audit is on top priority list of the new Corporate Governance requirements. Reporting to Audit Committee Internal Audit has achieved the so called glare of Independence. Although now we have new definition for Internal Audit, something has been deliberately missed out due to global business trends.

The new definition of Internal Audit has two objectives in very simple words.

• To add value by improving organization's operations.
• To evaluate & improve the effectiveness of Internal Controls.

For second objective the global businesses are following COSO Internal Control framework. Either it be Sarbanes Oxley or Clause 49 in India, efforts are to improve the effectiveness of Risk Management & Internal Controls with respect to financial reporting objective of the COSO.

Now the question is how Internal Auditors are achieving the first objective? What frameworks or methodologies Internal Auditors are to pursue to achieve it? Do Audit Committees are concerned about the Operations or they finite themselves with financial reporting objective? Internal Auditor are facing disadvantage of not reporting to the Management as they are taking advantage of reporting to the Audit committees. Independence gained at the cost of objectivity.

No doubt Internal Auditors needs to work in their domain area and audit charter should define clearly scope and responsibilities, I see following four areas for Internal Audit to focus on in addition to risk management with respect to financial reporting to achieve the first objective of the new IA definition. The management should define the role of the Internal Audit to make it responsible and accountable to add value in the following.

• Management Accounting
• Resource Management
• Financial Management
• Knowledge Management

Above is nothing but the components of an Operational Audit and Value for Money Audit with assertions Economy, the measure of Input, Efficiency, the measure of relationship between input and output and the Effectiveness, the measure of output.

Steam engine describes the operational cycle, each component contributing towards the locomotion, the whole system being composed of interrelated parts, failure of one causing failure of the system. Risk Management is needed to be better understood holistically as it is not just internal control management of financial reporting or strategic/ operations risk in isolation.