Internal Audit Coverage of the Organization's Risk Management and Governance Processes - Essay Example

What is the internal audit coverage of the organisations risk management and governance processes? By What is the internal audit coverage of the organisations risk management and governance processes? The terms risk management and governance process are of significant importance in the current corporate world, because the present business environment is increasingly exposed to a range of internal and external risks. Hence, the modern corporate managements have taken numerous measures to deal with their risk management and governance processes. It is identified promoting the internal audit coverage of these processes is a potential way to achieve greater operational transparency and to gain investor confidence. The major aim of this project is to describe the internal audit coverage of the organisations risk management and governance processes with the support of academic literature. This project will also provide recommendations for future research on this particular topic. Rationale The chosen topic is really worth investigating in the context of the current business world that is increasingly exposed to a wide range of market risks. The horrendous economic times of the last decade have had a profound impact on the way companies operate today. Companies that relied on forecasts and projections to operate smoothly in the past now tend to refrain from such activities because of the uncertain nature of the current economic environment (CIA, n.d.). As a result, organisations have been shifting their focus to risk management for the last few years so as to regain their competitiveness in the marketplace. Today companies believe that the ability to identify and manage risks before those risks actually affect the business would help firms to operate more confidently and efficiently. More precisely, deep knowledge of the risks likely to face can benefit organisations to think about various options in advance. Effective risk management coupled with strong internal control processes may assist the organisation to take proactive measures to address emerging risks and to respond to market changes appropriately. Internal audit is a process designed to ensure that an organisation’s risk management, governance, and internal control systems are operating effectively. Hence, internal audit coverage of the risk management would aid the organisation to make sure that risks are identified and managed at an earlier stage; and therefore, this practice is of great importance in the current corporate world. Similarly, effective governance process can benefit an organisation in several ways, particularly in the current context of an uncertain market environment. The most potential advantage of improved governance process is that it can ensure that the organisation’s operations are in line with the established government and/or corporate laws and policies. It is obvious that the general public would develop confidence in the operations of an organisation if it makes decisions in a transparent and accountable way. As a result, the stakeholder groups including the public would sense that the organisation is operating in compliance with the accepted community standards. Therefore, gaining community confidence is one of the primary objectives of a good governance system. When there is an effective governance process in operation, the management would make well-informed decisions that reflect the broad interests of the community. Such a practice will certainly assist the organisation to achieve greater community support, the key factor influencing the long term sustainability of the business. In addition, well-managed governance processes may assist the organisation to comply with the requirements of local governments or apex corporate bodies and to eliminate the chances of unwanted lawsuits. Therefore, it is vital for an organisation to develop and implement improved governance processes in order to enjoy immense public support and promote sound decision making. At this juncture, internal audit of the organisation’s governance processes may help the firm ensure that its governance processes are properly managed to generate better operational outcomes. Hence, conducting a research on this topic is of great relevance. Research Questions The main research question is: what is the internal audit coverage of the organisations risk management and governance processes? This research question will be addressed in the following literature review with the support of existing research knowledge and academic literature. First, the scope of the concepts such as risk management and governance processes in the current business era will be discussed separately to provide readers with an overview of the topic. In the following sessions, internal audit coverage of the organisation’s risk management as well as governance processes will be evaluated individually to gain deep insights into the subject matter of the topic. This paper will integrate a range of theories and empirical evidences to support the arguments and provide most credible information. Finally, the paper will draw prospective conclusions to summarise the findings and include some reasonable recommendations for future research. Literature Review 1. Internal audit coverage plans Today companies give particular emphasis to internal audit coverage plans so as to improve operational transparency and to promote shareholder values. With the occurrence of a series of bank failures and corporate scandals over the last decade, corporate operations shifted their internal audit strategy focus to credibility and transparency (Zahran et al 2010). In the light of the recent global financial crisis, internal audit strategies were restructured to change risk priorities and audit coverage in an attempt to meet changing stakeholder expectations (Ibid). Currently, internal audit has a more strategic role to play in an organization, and it focuses more on enterprise risk management processes and economic crisis related risks. This policy change assists the stakeholders to ensure that line businesses are reporting their activities, risks, and outcomes constantly and accurately. The relationship between internal auditor and the audit committee has become strong, and this in turn enhances better communication and result-oriented activities. With the shift in the scope of the internal audit, managerial personnel are required to work more closely with internal auditors to brainstorm and identify emerging risks (Ernst & Young, 2011). This system fosters shared responsibilities of managers and internal auditors and allows no organisational task to be performed by a single management executive (Ibid). Now the scope of internal audit is not limited to operational risks only but it also covers areas like cost and expense reduction and liquidity and credit risks. Today the internal auditor serves as a risk management educator who is able alert the top management regarding emerging risks. 2. Risk management and governance processes In today’s business context where the level of uncertainty is increasingly high, the concept of risk management is of great importance. According to Garman and Forgue (2007), “risk management is the process of identifying and evaluating situations involving pure risk to determine and implement the appropriate means for its management” (p.268). The major aim of risk management is to mitigate any risk or potential for risk through effective advance planning (Ibid). While dealing with risk management, the executives try to make most efficient arrangements before a loss occurs actually in order to minimize the post-loss effects (Condamin, et al, 2006, pp. 131-135). As mentioned already, today the market uncertainty is very high mainly due to unexpected financial market fluctuations and frequent government policy changes. Under such circumstances, businesses would suffer huge financial losses unless they are ready to meet those unforeseen events. With an effective risk management process in operation, an organisation can notably minimise its exposure to market risks and increase the certainty of its business future (Fadun, 2012). Governance processes, more specifically corporate governance processes, have been at the core of business management since the failure of a few corporate giants over the last decade as a result of accounting fraud. Governments and other higher business bodies think that good compliance with the corporate governance policies may assist organisations to promote the accountability and transparency of their operations to increase shareholder values significantly (IFAC, 2009). High quality governance processes are vital to regain investor confidence in the business and to find potential financial sources to propel the market growth. 3. Internal audit coverage of risk management The Chartered Institute of Internal Auditors (n.d.) describes what constitutes the internal audit coverage of risk management or risks to achieving strategic objectives. It states that the internal audit activity should assess the organisation’s risk exposures relating to its governance, operations, and information systems. While addressing risk management, the internal audit activity must give specific emphasis to the accomplishment of the firm’s strategic objectives and the protection of assets. In addition, the internal audit tries to increase the credibility and integrity of financial and other operational information. Another major objective of internal audit with regard to risk management is to ensure that the organisation’s operations are in compliance with laws, regulation, policies, procedures, and contracts. It is the responsibility of the executive management to identify and manage risks in pursuit of the organisation’s strategic objectives. The board has the responsibility to make sure that all strategic risks are recognised and managed to an acceptable level within risk tolerance ranges. In order to deal with risk management effectively, the internal auditor should be well aware of the organisation’s strategies like how they are implemented, the associated risks, and how these risks are being addressed. The internal audit can focus effectively on the crucial risks to the organisation only if the organisation’s strategy is set to be the foundational element during the development of a risk-based audit plan (Vagadia, 2013, p.81). Such an approach can align the scope of the internal audit with the organisation’s strategic priorities and make certain that the firm’s resources are well distributed across the areas of significant importance (Ibid). At the time of developing the internal audit plan, the internal audit team should influence key management operations and other assurance functions to clearly identify the risk factors that pose potential threats and opportunities to the accomplishment of the organisation’s strategic objectives. It is important to note that the strategic threats and opportunities can greatly influence the management’s development and execution of short-term as well as long-term strategic initiatives. In addition, they may also drive the firm’s crucial investments that aim to deliver value to its stakeholders (Executive Excellence Pub, 2008, p.25). The internal audit generally considers extending assurance services related to these strategic initiatives when working on the development of its audit plan (Arens et al, 2013, pp.32-33). This policy would benefit the internal audit to determine whether the strategic risks are addressed effectively to an acceptable level, giving particular focus to some or all of the mitigation efforts. Such a practice may also benefit the internal audit to provide advisory services that can have a direct impact on the organisation’s evolution (Ibid). By identifying the strategic risks to include in the audit plan, the internal audit department can assess whether it has all the required skills and knowledge to execute applicable assurance or advisory engagements. This assessment may assist the internal audit department to source (internally or externally) specialised skills and knowledge if it seems necessary. To conclude, the internal audit works closely with the executive management to identify the existing risk factors in the organisational environment that pose serious threats to long-term business sustainability and to take effective risk mitigation efforts for the future. The internal audit policy will be in line with the organisation’s strategic objectives, and therefore, the coverage of risk management may not lead to conflict of interests. Evidently, collaborated efforts between the executive management and the internal audit department would address the risk management process more effectively. RBIA is an effective tool helping the internal audit coverage of the organisation’s risk management (Chartered Institute of Internal Auditors). The organisation defines “risk based internal auditing as a methodology that links internal auditing to an organisation’s overall risk management framework” (Ibid). RBIA assists the internal audit to assure the board that risk management processes are performed efficiently, paying particular attention to risk appetite (RIMS Executive Report, n.d.). Although different organisations have different attitudes to risk, structure, processes, and language, experienced internal auditors can easily adapt to their organisations’ specific structure and processes. RBIA always strives to reinforce the responsibility of the management and the board in relation to risk management practices (Chartered Institute of Internal Auditors). Today internal auditors seek to ensure that the organisation’s risk management framework is strong enough to promote better risk management practices like RBIA so as to improve the overall internal control system. However, it may not be easy for the internal auditors to gain top management approval for RBIA as it is a new concept to the organisation. The RBIA process can effectively identify, evaluate, and respond to various risks above and below the risk appetite (Collier & Agyei-Ampomah, 2008, p.196). Another potential feature of this strategy is that the responses to risks are not excessive in addressing inherent risks within the risk appetite. In addition, this tool is very potential in circumstances where residual risks are not in line with the risk appetite (Pickett, 2010, p.676). RBIA is really a proven approach to monitor risk management processes, including responding to risks and completing actions constantly and effectively. Finally, internal auditors can properly classify and report risks, responses, and actions while following the RBIA approach. In total, RBIA is a potential strategy to improve the internal audit coverage of the organisation’s risk management processes. This approach can enable the top management to critically analyse the design and execution of risk management processes. As it can aid the management to classify various risks according to their priority, this risk based internal auditing framework is helpful for the organisation to address risks in the order of their relative magnitude. 4. Internal audit coverage of governance processes Over the last few decades, developing good corporate governance principles and complying with them has become an essential part of sustainable business management. This situation has put organisations under increasing pressure to design potential corporate governance strategies that would enhance the credibility and transparency of business operations. In fact, risk management is an integral part of the corporate governance because the current business environment is increasingly exposed to a range of potential risks. In addition, well-structured governance processes are vital to maintain a sound system of internal control that can eliminate the chances of fraud and errors in the organisational environment. Although the responsibility of promoting governance processes belongs to the management, internal auditors are to assure that those processes are carried out in line with the organisation’s strategic objectives. While analysing the internal audit coverage of governance processes, it is necessary to evaluate the provisions of the UK Corporate Governance Code, which was formed by making a number of amendments to the Combined Code in 2009. UK Corporate Governance Code 2014 is the latest updated version of this Code, and it explains the proposed corporate governance principles under five sections such as leadership (Section A), effectiveness (Section B), accountability (Section C), remuneration (Section D), and relations with shareholders (Section E) (Financial Reporting Council, 2014). According to Sealy (2012), the Listing Rules of the Financial Service Authority requires the UK public listed companies to disclose how they have abided by the requirements of the Code and where any why they have ignored the Code. Hence in the case of public listed companies, an internal auditor has the responsibility to ensure that the organisation really adheres to the laws and regulations of the Code. Here, the internal auditor pays specific attention to principles described under the five sections as well as Schedule A and Schedule B of the Code. Today, the internal audit coverage of the governance processes seems to be effective at establishing a strong internal control system. A potential coverage area is that internal audit is very crucial to prevent the fraud committed by the managerial personnel and to ensure that top executives do not take unfair advantages of their position (Gul, 2007, p.235). The internal auditors consider assessing and recommending appropriate solutions for improving the governance process in an effort to help the organisation to achieve its long-term goals and objectives. The internal audit seeks to manage the governance processes with intent to establish enhanced ethics and values within the organisation (The Institute of Internal Auditors, n.d.). Undoubtedly, developing improved ethical standards and other values is inevitable for the organisation to maintain a relaxed worksite environment. In addition, such a worksite culture would assist the organisation to foster collaborative workplace relationships and to eliminate frequent worksite conflicts. Since good governance process is necessary to keep employees motivated by applying different employee motivational tools such as job promotion and financial incentives, the internal audit can assist the organisation to manage its employee motivation strategies effectively and keep the workforce loyal to the firm in the long term. Such a practice may also benefit the organisation to improve the staff turnover rate, an important factor influencing consistent flow of production and other supply chain activities. In this perspective, the internal audit process may aid the top management to ensure that their employees do not waste the organization’s valuable resources. Internal audit also aims to achieve improved organisational performance and accountability identifying and addressing gaps in the organisation’s governance process (Wieland, 2003, p.77). As an internal auditor is always watchful for suspicious financial transactions or other organisational activities, he/she can instantly report compliance issues to the top management if found any. This favourable situation would assist the management to identify governance weaknesses timely and to take immediate measures to address the issue in an effective manner. Hence, the internal audit can communicate risk and control information regarding governance processes to appropriate areas of the organisational management. Currently, the concept of internal audit also covers the area of information technology as it is an important element to enhance the smooth flow of the governance process (Kogan Page, 2006, p.441). To explain, communication is a major component influencing the success of the governance process, and therefore the internal audit department takes great efforts to promote the workability and efficiency of the telecommunication technologies deployed. By employing different approaches, the internal auditors seek to ensure that the organisation’s operations are in line with the stated governance laws and processes so as to enhance shareholder values. The internal audit would put a check on employee morale, and hence employees may refrain from committing fraud and other malpractices. When employees are effectively motivated to act in the best interests of the organisation, the top management can focus more on emerging risks and opportunities. The internal audit pays great attention to all supply chain activities starting from raw material acquisition to marketing and distribution, and therefore, no area of the governance process would go unnoticed. In short, internal audit covers the whole governance processes in an organisation and thereby assists the business to promote greater integrity and transparency of operations. Conclusions and Recommendations From the above discussion, it is clear that the concept of internal audit is really effective to deal with risk management and governance processes in an organisational environment. The global financial crisis 2008-09 and the resulted corporate failures have influenced investors and shareholders to freeze their investments due to the fear of huge financial losses. In this context, organisations promoted the scope of internal audit to cover the organisation’s risk management and governance processes so as to regain investor confidence in the business landscape. In the current market scenario, effective risk management and governance process are inevitably important to minimise the organisation’s exposure to existing and emerging market threats. An efficient risk management programme can assist the top management to be alerted of unexpected market events. This will mitigate adverse impacts to a satisfactory level. In addition, improved governance process may benefit the board of directors to ensure that the organisation is operating with greater transparency and hence there is little room for accounting fraud or financial misconducts. With the internal audit coverage of the risk management, organisations try to address their risk exposures to governance, operations, and information systems keeping in line with their strategic objectives. For this, internal auditors work to make sure that the organisational management adheres to the stated laws, regulation, policies, procedures, and contracts that have utmost strategic importance in the organisational environment. Sticking to the organisation’s policies and procedures is crucial to perform risk management processes in the best interest of the shareholders. In order to drive the risk management process in the long term interests of the organisation, the internal auditors should be well informed of the firm’s strategic priorities and resource distribution structure. A collaborated operation between the top management and the internal audit department facilitates enhanced knowledge/information sharing and collective distribution of responsibilities. When the internal auditor works closely with the executive managerial personnel, he/she can be well aware of the top managerial policies and affairs. This will help the internal auditor to design their operations so as to manage risks accordingly. When upward and downward communication becomes effective in this way, the internal auditor can keep the top management informed of the emerging threats and opportunities and recommend some potential solutions to address the organisational issues. In terms of risk management, the internal audit is an important technique to identify the risk factors that pose serious threats to the accomplishment of the organisation’s strategic objectives. Such a realisation is inevitable for an organisation to understand what limits its competitiveness in the marketplace and to make necessary changes to their policies and operations. The internal audit coverage of the risk management greatly benefits the top management to ensure that all the strategic risks are identified and addressed timely. Further, this will help the firm to invest more money and time in improving the overall organisational productivity. More clearly, in an organisational environment where risk is managed to an acceptable level, the top executives can direct their efforts toward the achievement of the firm’s long term objectives and promotion of shareholder values. The Chartered Institute of Internal Auditors states that risk based internal auditing (RBIA) is an effective approach to enhance internal audit coverage of the organisation’s risk management. This approach links the internal auditing process to the organisation’s overall risk management framework. Experts indicate that the RBIA framework has the potential to respond to various risks above and below the risk appetite. A fascinating feature of this internal auditing approach is that it contributes significantly to the efficient performance of the internal control system, which in turn can assist the organisation to enhance its operational transparency. As the RBIA is capable of monitoring the risk management solutions implemented, it can help the management identify whether the issue is resolved successfully. Similarly, the internal audit is a good way to ensure that the organisation’s governance processes are carried out in a fair and responsible way. In the current global economy that is yet to recover from the shock of the recent recession, organisations cannot gain investor confidence unless they are able to convince investors that the business can achieve improved profitability. For this, the UK government has developed and implemented an operational framework called UK Corporate Governance Code. Hence, today organisations are taking intense efforts to ensure that they have an improved governance process in operation and all their activities are in line with this process. In this regard, internal audit can play a remarkable role in promoting the successful execution of the governance process. Management professionals reflect that improved internal audit coverage of the governance process may assist organisations to strengthen their internal control system and minimise exposure to internal and external risk factors. In addition, the internal audit can aid the top management to ensure that the organisation’s resources are used in an optimised way and hence there is no productivity loss associated with poor deployment of resources. In addition, internal audit together with the internal control system can prevent the use of resources for unproductive purposes. One of the major advantages of internal audit with regard to the governance process is that it would make employees and other top executives accountable for their operations, and hence this system would persuade the staff to demonstrate greater integrity and sincerity in their work. Finally, this topic discussion offers great scope for future researches considering the growing significance of corporate governance in the modern business landscape. In addition, organisations are investing heavily in corporate social responsibility (CSR) in order to gain strong public support and stakeholder loyalty in the long term. Since an organisation’s CSR activities involve a great deal of financial investment, financial misconduct or other issues are likely. Therefore, future researchers may analyse the scope of extending internal audit coverage to CSR activities to increase the value of stockholders. In addition, limitations of internal audit can also be a potential topic for future research. References Arens AA, Best P, Shailer G & Fiedler B (2013) Auditing, Assurance Services and Ethics in Australia. AU: Pearson Higher Education. Chartered Institute of Internal Auditors. Internal audit coverage of risks to achieving strategic objectives. Available at: https://www.iia.org.uk/resources/global-guidance/practice-advisories/2120-3-internal-audit-coverage-of-risks-to-achieving-strategic-objectives/ Chartered Institute of Internal Auditors. Risk based internal auditing. Available at: https://www.iia.org.uk/resources/risk-management/risk-based-internal-auditing/ Collier PM & Agyei-Ampomah S (2008) Management Accounting Risk and Control Strategy. US: Elsevier. CIA (n.d.). The Importance of Risk Management In An Organisation. Available at: http://www.careersinaudit.com/article/the-importance-of-risk-management-in-an-organisation/ Condamin L, Louisot JP & Naim P (2006) Risk Quantification Management, Diagnosis and Hedging. US: John Wiley & Sons Ltd. Executive Excellence Pub. (2008) Leadership Excellence, Volume 25. Cornell University. Google Books. Ernst & Young (2011) Internal audit’s evolving role: a proactive catalyst of business improvement. InSights for North American Audit Committee Members. Available at: http://www.tapestrynetworks.com/upload/Tapestry_EY_ACLN_InSights_Apr11.pdf Fadun OS (2012) Risk Management and Risk Management Failure: Lessons for Business Enterprises. International Journal of Academic Research in Business and Social Sciences, 3 (2): 225-239. Financial Reporting Council (2014) The UK Corporate Governance Code. Available at: https://www.frc.org.uk/Our-Work/Publications/Corporate-Governance/UK-Corporate-Governance-Code-2014.pdf Garman ET & Forgue R (2007) Personal Finance. US: Cengage Learning. Gul FA (2007) Hong Kong Auditing: Economic Theory and Practice. City University of HK Press. IFAC (2009) International Good Practice Guidance. Evaluating and improving governance in organizations. Available at: http://www.ifac.org/sites/default/files/publications/files/IGPG-Evaluating-and-Improving-Governance.pdf The Institute of Internal Auditors. Governance, Risk & Control. Available at: https://na.theiia.org/standards-guidance/topics/Pages/Governance-Risk-and-Control.aspx Kogan Page (2006) British Qualifications. Kogan Page Publishers. Pickett KHS (2010) The Internal Auditing Handbook. UK: Wiley. RIMS Executive Report (n.d.) Exploring Risk Appetite and Risk Tolerance. Available at: https://www.rims.org/resources/ERM/Documents/RIMS_Exploring_Risk_Appetite_Risk_Tolerance_0412.pdf Sealy R (2012) The UK’s Approach to Women on Boards: The Davies Report and Beyond. Exchange of good practices in gender equality, Norway. Available at: http://ec.europa.eu/justice/gender-equality/files/exchange_of_good_practice_no/uk_discussion_paper_no_2012_en.pdf Vagadia B (2013) Enterprise Governance: Driving Enterprise Performance Through Strategic Alignment. US: Springer Science & Business Media. Wieland J (2003) Standards and Audits for Ethics Management Systems: The European Perspective. Springer Science & Business Media. Zahran MM, Chulkov NV & Inomata T (2010) The audit function in the United Nations systems. Joint Inspection Unit Geneva 2010. Available at: https://www.unjiu.org/en/reports-notes/archive/The%20audit%20function%20in%20the%20United%20Nations%20system.pdf Read More