The Contribution of an Internal Audit to the Strategic Objectives of an Organization - Coursework Example

The Contribution of an Internal Audit to the Strategic Objectives of an Organization Introduction It can be said that the internal audit is perhaps the most important component in the control of certain internal processes that help to determine how an organisation is actually performing. The overarching purpose of the internal audit is to provide some measure of independently verified assurance that the risk management procedures, governance, and internal control processes implemented by an organisation are truly operating in an efficient and productive manner. In consider the internal audit, one must work to determine its intrinsic value to the organisation. This involves the reality that auditors typically deal with issues within the company that are of the utmost importance to the organisation as a whole, and whiteout which the very survival and ultimate success of the company can be called into question. Having established, a distinction must be made between internal and external auditors, in the former goes far beyond a mere analysation of the companies financial statements and works to take an in-depth look at much broader issues. This issues can include the reputation of the organisation, its growth strategy, the impact it is having one the environment, and the way it compensates and rewards its employees. In so doing, both the strategic role of the internal audit, and addition to the contribution that the internal audit has on enterprise risk management, can be seen. This is the focus of this study. 2. Strategic Role of the Internal Audit It is well established that effective organisation strategically implement processes and plan for the future in order to adapt to changing market scenarios and to minimise the achievement of competitor’s in terms of key benchmark indicators. The internal audit is designed to help understand and analyse the fundamental of the business in order to better establish a balance between the perceived cost and the value of the products and services that is a business is offering (Abbott et al. 2010). In addition, businesses often opt to conduct an internal audit in an effort to remain relevant in an increasingly global and competitive marketplace, in addition to working towards making contributions to the overall corporate governance, risk, and internal control management processes. As a result, the strategic role of the internal audit can be established as being necessary to provide an organisational wide perspective in terms of operations, in addition to finding any gaps that may be prohibiting the company from expanding and capturing an even bigger share of the market. It can also be argued that a primary objective of an organisation is to make optimal use of their existing resources in order to accomplish it aims and objectives moving forward (Wieczorek et al. 2002). To this end, the role of the internal audit is to encapsulate a complete picture of the organisation in terms of the resources that it has at its disposal and make recommendations as to how these can be utilised even more efficiently in the future. To this end, the audit itself can function as a structured and systematic process that works to develop internal plans that will enable the broader organisation to truly be aligned with its stated vision and mission statements. The strategic role of the internal audit, therefore, can further be delineated into carrying six primary functions that are beneficial to company. Table 1: Strategic Functions of the Internal Audit Process (Wieczorek et al. 2012) Function Description Alignment The internal audit can work to identify changes that are needed in order to better align the company with predetermined organisational objectives. Maturity The audit process itself serves to assess the degree to which the organisation is growing and maturing. Risk Assessment It is important to measure the effectiveness of established risk assessment and management procedures and make any changes that are necessary in real time. Control Mechanisms Organisations must self govern in order to ensure that certain control and corporate governance measures are sufficient to ensure effective operations given their specific industry. Stakeholder Information The internal audit enables an organisation to operate in a more transparent manner, building integrity in the eyes of individual stakeholders that are concerned with overall business processes. Legal Issues Finally, it is important to note that the internal audit serves as yet another check and balance to make certain that all process and legal compliance issues have been adequately accounted for in an effective manner It has also been suggested that the role of the internal audit is to measure the effectiveness of strategic plans implemented by an organisation, in addition to providing management with the knowledge necessary to close any gaps in operational efficiency (Venables & Impey 1988). Also, the function of the internal audit is to provide the company with the means it needs to assess its current compliance with the rules and laws of the locality in which it operates. To this end, the strategic role that internal audit should not be minimised, as it is highly useful in terms of conducting a comprehensive risk assessment and to implements and develop strategies that will lead to more effective and efficient operations moving forward (Ismail, 2012). One of the key questions that an internal audit aims to answer is what can be done to ensure that the demise of an organisation does not occur. There are numerous examples of this throughout the United Kingdom every year. The goal of an internal audit is to work to correct problem areas before they become irreversible and detrimental to the long term success of the company. This process can begin with a comprehensive analysis of data and the auditing of such operations on a continuous basis. The ultimate success, or failure, of an organisation depends upon an internal audit identifying the early warning signs of trouble looming on the horizon and then working to mitigate the risks involved. This is made possible by making recommendations related to how existing business resources can be utilised more efficiently. By making the auditing process itself operate with a certainly level of continuity and frequency, the process becomes better aligned with the overall objectives and aims of the business. The internal audit process also enables for the formation of strategic initiatives and planning for the future. It is during such a process that business plans for the current fiscal year can be updated to accommodate newly defined objectives. These objective achievements can then be evaluated based upon the execution of the processes developed at each level of the organisation (Pridgen & Wang 2012). It should be noted, however, that the hierarchy in the company must develop areas of responsibility that are designed and equipped to achieve each of the goals that the internal audit recommends. The strategic planning process also aids in the identification of major areas of concern in terms of performance, the time period allotted to each task, expenses that are be to be incurred during the process, and the revenue that must be generated in order to ensure that the organisation is a viable contender in a competitive marketplace (Tysiac 2015). In answering these important questions, the internal audit also works tom minimise any risks resulting from the developed strategic initiatives. This is accomplished within a planned structure that is executed in such a way that daily operations do not deviate much at all from the state objectives and desired outcomes. Another crucial role that the internal audit plays is in the development of the overall culture of corporate governance within an organisation. Through the administration of a comprehensive employee survey, for example, the audit often reveals rifts within the staff of a company that is precluding their ability to achieved specified objectives. This perceived gap between the necessary and current skill sets amongst employees, resulting in a deficiency in terms of efficiency, is often revealed by the internal audit (Selby, 2012). It has also been observed that the compliance of the rules and laws with a given industry is determined through the process of a detailed internal audit, as this serves to create space for the business to maintain its focus and determination even in the midst of turmoil. The application and utility of the existing policies that are in place are also effectively measured by the internal audit in an effort to minimise the risks that are inherent to any organisation. It is also important to note that the internal audit process focus on developing new lines of business that can focus the organisation on opportunities for growth in the future. This part of the process has been determined to be vital to any business seeking to identify new markets that it can enter into, and the internal audit process provides a mechanism to help ensure that it does so only within suitable and valid market conditions. By way of example, mergers, acquisitions, and new market ventures should only be considered when the audit reveals that each would be suitable within the existing goals and objectives of the organisation, and that existing resources are sufficient so as to ensure its eventual success. Entry into new market must be done so in a stables and effective manner, with consideration of current competitors within the confines of the existing market structure. The needs of the businesses must be developed in such a way that the company increases in value, while at the same time minimises costs within the strutter of the new market or venture. In conclusion, the role of the strategic audit should be seen as multi-faceted, as has been demonstrated through the answering of several key questions. At the same time, a key function of the internal audit must be seen as the contribution that is makes to the overall enterprise risk management scheme within the organisation. 3. Contribution of the Internal Audit to Enterprise Risk Management All profit minded organisation seek to maximise returned while minimising the risk of loss in any key area. This is a focused and precise process that must be constantly analysed in order to ensure that risks are minimised, while opportunities for growth can be simultaneously pursued. This is certainly one of many contributions that an internal audit can bring to an organisation of almost any size. It has been suggested that any given company desires to manage the risks to its operation, while keep the path clear to ensure that they can meet their organisational objectives in a systematic and profitable manner. This is easier said than done. The larger an organisation becomes, the more potential risk enters into daily operations of the company, many of which are not always noticeable without an independent review process that takes place internally (Coram et al. 2011). In order to better identify and manage the risks that might cause a company to move away or deviate from its stated objectives, the audit will work to undertake a certain level of enterprise risk management. This function is most often initiated via a comprehensive SWOT analysis that aims to assess the current needs and risks inherent within the organisation. Both the strengths and weaknesses of an organisation must be analysed, and this is best accomplished via an internal, as opposed to an external, audit. The information uncovered through a review of internal process becomes much more proactive in terms of risk management, as the audit process is based upon discovery of risk-measured operations. There are five key areas that have been suggested to better account for enterprise risk management, and these are summarised in Table 2. Table 2: Factors Within Enterprise Risk Management (Connelly 2014) Role Function Strategic Areas that affect the achievement of strategic goals and objectives. Compliance Working to ensure that affected legal aspects of the business are in line within a particular region. Reputational This affects the public perception of an organisation, and it resulting reputation with the business community. Financial Working to ensure that the assets, finances, and technology inherent within an organisation is properly and efficiently utilised. Operations This affects the ongoing management process and practices, as revealed by the internal audit. The aforementioned strategies are important to consider within the internal audit process as enterprise risk management is necessary from the perspective of working toward maximising the probability that set organisational objectives will be achieved. The utility of resources, and the maximising of existing assets, is to be strategically planned in accordance with those same objectives. There are some key indicators that have been implemented within the internal audit process to assist in such risk management endeavours. This begins with an identification of the risks incurred within any given organisation, and the development of a list of priorities to begin the process of mitigating these risks. Subsequently, an alignment of key processes, people, policies, and systems needs to take place to ensure that they each are working in synergy with key organisational strategies. Thirdly, the internal audit process is designed to act as a key performance indicator, complete with identification and definitions. A fourth key strategy within the internal audit process is to analyse and qualify the various risk factors that any new business venture might bring. This is critical as each department within an organisation needs to maximise their use of available resources in order to not only minimise risk, but also to increase the opportunities for effective growth strategy and profitability for all affected stakeholders. Finally, another factor that must be considered within the process is to develop an understanding of the shared risks that exist among various projects and initiatives (Vlaovic & Pupovac 2012). By insuring that each of these factors are accounted for, key questions can be answered during the internal audit process that related directly to the overall effectiveness of the organisation. Audits can and must be utilised to the end because the internal structure of an organisation often prohibits key personnel from grasping the risk management strategies that must be implemented in order to protect company and stakeholder interests. The actual concept of risk management is taken to given businesses a focused opportunity to both design and implement certain steps that are designed to minimise any potential downfalls with the broader organisation. The internal audit effectively creates a platform that aids in the identification and the mitigation of risks that can affect the business, in either a positive or negative manner. It has been suggested that the role of value preservation is the key to maintaining a certain level of strength, particularly as it relates to a market where the business must work within the current state to build more value and expand within the industry (Schwartz 2013). Further research into business management principles reveals the truth that value creation with the internal audit process must focus on the finding of new ways to create skills and controls that can lead to the creation of more value for the stakeholders (Kagermann 2008). The activities that lead to this type of behavioural change include the prioritising of growth principles, looking forward to eliminated unnecessary expenses, and the reduction of the complexity of business operations leading to a more enhanced competency in terms of business enhancements within a market (Jalivand & Malliaris 2012). This is categorised by the three categories represented in Figure 1 below. Figure 1: Risk Categories As represented by this diagram, risks within an organisation can be realised as either short or long term, and are largely based upon the findings of the internal audit. The audit itself, then, serves as a tool designed to evaluate the control mechanisms within the process of business operations, each serving to mitigate any perceived risks. The internal control process can be further developed to minimise any future risks as well by evaluating the tools and objectives, along with existing employee skill sets, in order to adapt to changing market conditions on a continual basis. It can be said, therefore, that the internal audit is a key player in providing organisations with a complete picture of how successful it currently is, and what needs to be incorporate into the future business plan in order to further manage risk through the creation of internal task driven systems moving forward. To do this effectively, the internal audit needs to meet its cored objective of quantifying an enterprise risk management system, as reflected in Table 3. Table 3: Key Bench Mark Factors Involved in the Internal Audit (Fight 2002) Objective Explanation Scope and Empahasis Internal audits may address risks from various perspectives, including finance, operations, compliance measures, and strategies designed to keep up with changing business perspectives. Portfolio of Services Provides for traditional audit assurances for risk related processes along with other that enable for the monitoring of major company initiatives. Competency Development The internal audit also clearly defines the skills and competencies necessary to perform a job by constantly assessing the training requirements within the organisation. Technology The use of technology aids in the process of data more precisely, making analysis easier for the auditors to conduct. It has been suggested the five conditions are necessary in order to accomplish this effectively: Conditions, criteria, cause, consequence, and corrective action (Mohamed et al. 2012). The process described above is dependent upon a balanced scorecard approach to the internal audit itself (Anon, 2013). This approach depends upon the quality of the auditors, combined with the sated objectives handed down by management when implement the internal audit process. It has been argued that the report generated by the auditors can also be used effectively in an effort to provide a performance benchmark that provides manager with key recommendation designed to improve organisational effectiveness. The risk that any given company is able to take on is directly dependent upon prevailing market conditions, and this is to be revealed during the internal audit process. The maximum amount of risk that should be considered is that which the business can sustain given its appetite for future growth, glanced with its own available resources (Barnes and Preston 1985). 4. Conclusion In today’s increasingly global and competitive business environment, companies are more keen than ever to develop ways to maximise productivity and profitability, while minimising risk and loss. The latter, when not properly managed, can lead to the demise of even the most diverse and strong of organisation, so the internal audit process has been developed as a key step in the process to maximising effectiveness. The internal audit does set the course for the control or modification of events, all designed to negate any inherent risks that might develop as a result (Anon 2013). The identification of such risks during the audit process can lead to suitable actions that will negate the likelihood that anything harmful looming on the horizon will ultimately destroy the company. This enhances growth opportunities and maximises the potential for a profitable future. In conclusion, consider the process of risk management, as reflected by the internal audit process. This is illustrated below in figure 2. Figure 3: Risk Management: Internal Audit Processes (Schwartz 2013) The processes inherent in the internal audit process truly encompass both business merger possibilities and new venture development opportunities. The audit conducted within a particular market is undertaken within a context of a particular business model, and it provides an idea of what must be altered or modified in order to accommodate the business within that stated market itself. This is especially important when considering new markets (Apostolou & Alleman 1991). In closing, it should be noted that there has been an observation that there often exists a gap in a new market that cannot be captured within an internal audit. The is compensated for by the reality that operational risk management in an internal audit is largely based on the objectives that are set within an existing market, independent of the existing set of business conditions that are present. Given this, it is suggested that the objectives for entering into a new market, along with any compliance considerations, risk management, and governance be measured by the internal audit in order to gain a glimpse of the changes or modifications that will be necessary to suit a particular condition. References Acharyya, M. and Brady, C. 2014. Designing an Enterprise Risk Management Curriculum for Business Studies: Insights From a Pilot Program. Risk Management and Insurance Review, 17(1), pp.113-136. Anon, 2013. [online] Available at: [Accessed 4 Feb. 2015]. Apostolou, B. and Alleman, F., 1991. Internal audit sampling. Altamonte Springs, Fla.: Institute of Internal Auditors. Auditandrisk.org.uk, 2015. “Audit and Risk“ January 2015 - Audit & Risk. [online] Available at: [Accessed 17 Feb. 2015]. Barnes, I. and Preston, J., 1985. The Skuthorpe enterprise zone: an example of muddled interventionism. Public Administration, 63(2), pp.171-181 Berkowitz, S., 2001. Enterprise risk management and the healthcare risk manager. Journal of Healthcare Risk Management, 21(1), pp.29-38. Brown, S., Brown, S. and Holmes, A., 2012. Internal Audit in Higher Education. Hoboken: Taylor and Francis. Chapman, R., 2006. Simple tools and techniques of enterprise risk management. Chichester, West Sussex, England: J. Wiley & Sons. Colino, R, 1986. The People Factor in an International Enterprise in Turnaround. Asia Pacific Journal of Human Resources, 24(3), pp.10-15. Collier, P., 2009. Fundamentals of risk management for accountants and managers. Amsterdam: Elsevier/Butterworth-Heinemann. Connelly, N., 2014. Sharing in the Caring: Enterprise Risk Management, Disney style. Journal of Healthcare Risk Management, 34(2), pp.3-3 Coram, P., Ferguson, C. and Moroney, R. 2011. Internal Audit, Alternative Internal Audit Structures, and the Level of Misappropriation of Assets Fraud. SSRN Journal. Expertise.us, 2015. Auditing Strategic Risks: Turning Risks into Oppertunity. [online] Available at: [Accessed 23 Feb. 2015]. Forbes.com, 2015. Three Steps to Internal Audit Transformation. [online] Available at: [Accessed 24 Feb. 2015]. Fight, A., 2002. Measurement and internal audit. Oxford, England: Capstone Pub. Fin.ucar.edu, 2014. UCAR Ethics. [online] Available at: [Accessed 11 Feb. 2015]. Gerrard, T.H. and Bettis, M., 2011 Quantifiable Risk: Assumptions and Probability. (2013). [online] Available at: [Accessed 12 Feb. 2015] Hardy, K., 2015. Enterprise Risk Management. San Francisco: Jossey-Bass. Hodges, A., 2000. Emergency Risk Management. Risk management (Bas), 2(4), pp.7-18. Iia.org.au, 2015. Internal Auditor Magazine - Institute of Internal Auditors (Australia). [online] Available at: [Accessed 16 Feb. 2015] Isaca.org, 2015. Quantifying Information Risk and Security. [online] Available at: [Accessed 12 Feb. 2015]. Ismail, T. 2012. Internal auditors perception about their role in risk management audit in Egyptian banking sector. International Journal of Economics and Accounting, 3(2), p.196. Jalilvand, A. and Malliaris, A., 2012. Risk management and corporate governance. New York: Routledge. Kagermann, H., 2008. Internal audit handbook. Berlin: Springer. Leitch, M. 2008. Intelligent internal control and risk management. Aldershot, England: Gower. Mohamed, Z., Mat Zain, M., Subramaniam, N. and Wan Yusoff, W., 2012. Internal Audit Attributes and External Audits Reliance on Internal Audit: Implications for Audit Fees. International Journal of Auditing, 16(3), pp.268-285. Quantasneewsroom.com.au, 2014. Qantas Group Strategy Update, (Online), Available at: [Accessed 5 Feb. 2015] Theiia.org, 2014. International Professional Practices Framework (IPPF). [online] Available at: [Accessed 5 Feb. 2015] Nichols, A., 2014. A guide to effective internal management system audits. Ely, Cambridgeshire, UK: IT Governance Pub. Pickett, K., 2005. Auditing the risk management process. Hoboken, N.J.: Wiley. Pickett, K. and Pickett, J., 2005. Auditing for managers. Chichester, West Sussex, England: John Wiley & Sons. Pridgen, A. and Wang, K., 2012. Audit Committees and Internal Control Quality: Evidence from Nonprofit Hospitals Subject to the Single Audit Act. International Journal of Auditing, 16(2), pp.165-183. PwC, 2014. Business Megatrends and their implications. [online] Available at: [Accessed 10 Feb. 2015]. PwC, 2015. 2014 State of the Internal Audit Profession Study. [online] Available at: [Accessed 10 Feb. 2015]. Randall, S. 2014. Segregation of Duties: Fraud Prevention for Venture Capital and Private Equity. [online] Vonya Global Internal Audit Blog. Available at: [Accessed 11 Feb. 2015]. Schwartz, M. 2013. Do Not Audit Internal Control Over Financial Reporting Audit Internal Control!. EDPACS, 48(4), pp.1-11. Selby, S., 2012. Industry, Enterprise and Energy: Caleb Atwater and the Meaning of Ohio. Ohio History, 119(1), pp.101-118. Selim, G. and McNamee, D. 1999. The risk management and internal auditing relationship: developing and validating a model. Int. J. Audit., 3(3), pp.159-174. Smith, J., 1932. Log of Steamship "Enterprise," 1825. Transactions of the Newcomen Society, 13(1), pp.165-181. Tysiac, K., 2015. Four steps to formalize internal audit strategic impact. [online] Journal of Accountancy. Available at: [Accessed 6 Feb. 2015]. Usg.edu, 2014. Enterprise Risk Management - Internal Audit & Compliance – University System of Georgia. [online] Available at:< http://www.usg.edu/audit/risk >[Accessed 5 Feb. 2015]. Venables, J. and Impey, K., 1988. Internal audit. London: Butterworths. Vlaovic-Begovic, S. and Ilic-Pupovac, M., 2012. The role of internal audit in companies risk management. Skola biznisa, (2), pp.20-28. Wieczorek, M., Naujoks, U. and Bartlett, R., 2002. Business continuity. Berlin: Springer. Read More