The value of internal audits are too often disappointing for managers ; opportunities to improve the company performance are missed. The purpose of this blog is to understand why and to share some best practices in order to make internal audits really valuable to managers.
The largest companies have set up internal audits structures and internal control processes. Beyond assessing risk management and allowing conformity to the Sarbanes-Oxley* act (issued in USA in 2002 after Enron scandal and others) they should also be opportunities to increase the company performance. Sadly, internal audits scarcely initiate performance improvements. In fact, very few audit inputs are used by management in their business decisions**.
Why so much money and clever thinking are so poorly used ? How is it possible that internal audits, involving high quality manpower (managers interviewed and auditors), end up sometimes being perceived as inquisitorial, useless, boring, irrelevant, rigid or simply stupid ?
Based on my personal experience, a blend of internal audits and management positions, I see the following best practices to solve this issue and make value for money audits. Each one is a Post of this Blog.
Best practices proposed to auditors:
- Getting clear facts
- Use an efficient report template
- Remove weak findings
- Getting high value audit findings
- Challenging senior management objectives
- High value recommandations
- Simplified internal control system
Best practices proposed to divisions managers or subsidiary CEO:
- Internal control and audit are not another administrative layer
- Risk identification is key and often more complex than risk control
- Adjust control means to risks level
- Nothing is superfluous within an integrated internal control system
Best practice for senior management (board, president of the company):
- Efficient internal audit & control principles
- Entity manager evaluation setup for a better company performance
This blog is also an opportunity to open questions and suggest best practices for international audits, especially in China.
Indeed, those are among the most difficult audits to perform by western auditors due to language, culture and regulations differences.
– – – – – – – –
If you liked this blog, please leave a comment. I plan to consolidate all posts in a white paper: just let me know if you wish to receive it.
– – – – – – – –Notice: this blog does not address external audit done by financial consulting companies (account certifications) even if they too could bring more than confidence in companies’ financial statements.
* The Sarbane Oxley act goal was setup to protect investors and any stakeholders of large companies on the financial markets through improved transparency of financial informations and risks. From there, large companies had to run Internal Audits structures and Internal Control systems compliant with the COSO framework.
** Many studies on external and internal audits all conclude the same issue of low added value from audits. Many inputs are available such as this Forbes Insight or this Anderson study. Many ressources on this topic are available on internet.
From 2010 to 2015 I had the opportunity to lead 18 major internal audits in a large international industrial company. These audits were business oriented, not only on the financials. This company has a very robust audit method : it is relying on the audit principle of hard facts and capability to trace them all the way from audit report to the root.
This blog is still quite new and some issues could raise. If you have any comments on this Blog, please write to firstname.lastname@example.org.