Senior management bear a specific responsibility to achieve an efficient internal audit & control implementation. Many companies fail to do so as their senior management doesn’t realize the cost and implications of such a system: they wrongly leave those principles definition with risks experts.
Efficient internal audit & control systems is not granted: such system can be complex and costly. They indeed have a very large spectrum by covering all activities of the company. But on average, senior management doesn’t dig into its principles, leaving the implementation decisions with risk experts.
Risk experts can potentially take COSO as a good leverage for empowerment. Indeed they can make senior management sign obscur decisions for by themselves and operational managers.
Symptoms of an un-efficient internal control system
- Operational managers, in charge of internal divisions or of subsidiaries, do not understand well the value of the system
- The result of internal audits are useless in business decisions.
- Resolution of audit findings are weakly followed and are not taken in managers evaluations
- The cost of the internal control system is unclear or the cost of controls are not negligible compared to the risk covered.
- General risks are the main risks.
A second post for senior management is also critical to gains efficiency of internal audits.