A recent tweet by Richard Chambers, Global CEO of IIA, has inspired me to write this post. His tweet read as follows :
"Absence of an internal audit function is a leading indicator of a company headed for risk management and control calamity "
"Absence of an internal audit function is a leading indicator of a company headed for risk management and control calamity "
I certainly strongly agree with this statement. I would like to add that there are two types of absence :
- Actual absence: meaning that internal audit function does not exist
- Intentional absenting of internal audit by management: meaning that internal audit is disempowered and constrained by management.
Actual absence, when internal audit is not mandatory, maybe due to :
- Size of organization
- Available resources
- Assurance is provided by other sources such as external auditors, risk management and management monitoring
- Management does not appreciate the value of internal audit
Absence. when internal audit is mandatory, is the failure to comply with regulations for reasons that may include the above or simply an indication of a possible act or intention of misconduct!
Absenting may be due to :
- Management not believing in internal audit ( whether as a philosophy or based on past experience).
- Failure of internal audit to be relevant and to add value
- Possible management misconduct or intention to commit one!
In my opinion, absenting of internal audit is far more dangerous than its actual absence. It should raise a big red flag!
We all know the consequences of not having an effective and efficient internal audit function. The question is how the absence or absenting of internal audit is treated by boards, regulators and those in power to make things happen!
These are my thoughts, please provide yours!
No comments:
Post a Comment