Risk management and risk mitigation is now the prime objectives of the internal control departments of an organization. In my research I have found that internal auditors particularly in the Indian context have been kept far away from being a part of internal auditors.
Examples of objectives include achieving profitability, ensuring efficiency of operations, manufacturing high-quality products or providing high-quality service, adhering to governmental and regulatory requirements, providing users with reliable financial information, and conducting operations and employee relations in a socially responsible manner. But in Indian context I find internal auditors are less being asked to get into the day to day activities and more often being taken into the system as an outsider who will conduct and prepare for the statutory audit.
A organization face many risks of not achieving reliable financial reporting and this the place where internal auditor comes into an active play. The role of the internal auditor can be viewed from the below mentioned examples where, a salesperson may overstate sales to improve the likelihood of receiving a bonus. Employees in the receiving area may be too busy to accurately record inventory when it is received. Hence enterprise risk arises from number of segments within an organization. Management needs to identify the risks to their organization of not achieving reliable financial reporting.
Once these risks to reliable financial reporting are identified, management implements controls to provide reasonable assurance that material misstatements do not occur in the financial statements. Management gets internal auditor into other day to day activities and dislocates them from their prime responsibilities. In much organization I have found that internal auditors are kept for the sake of management regulations but they are given the work of back office end. Management needs to identify the risks to their organization of not achieving reliable financial reporting. Once these risks to reliable financial reporting are identified, management implements controls to provide reasonable assurance that material misstatements do not occur in the financial statements.
Management forgets that for every decision making there is a significant demand for quality information. This information should be accurate and precise so that decision making process gets close to the process development. Effective internal control improves the quality of information, thereby allowing for more informed decisions by internal and external users of the financial information. The seed of the problem is that internal auditors are given less importance and value within an organization which leads to a significant threat for the organization itself in the long term.
We read in many books about various roles of internal auditors but the prime part which is never practiced that they are the pillars of the decision making process. The internal auditor understand a company’s internal controls in order to anticipate the types of material misstatements that may occur and then develop appropriate audit procedures to determine whether those misstatements exist in the financial statements. Hence internal auditors are the pillars for enterprise risk management.
0 Comments:
Post a Comment