Next, we consider how the internal audit (IA) function can be used to facilitate more effective continuous improvement. According to the Institute of Internal Auditors’ own definition, internal audit is “an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”
Some of the key compliance activities of IA are to maintain its independence; to conduct auditing activity of awareness and adherence to policies, procedures, internal controls and corporate governance, including those relating to legal, compliance and ethics risks; to ensure there is follow up of recommendations made in IA reports, including those relating to compliance and ethics risks, including to track and report on management follow up; assist and collaborate on internal investigations, including having IA provide audit expertise in dealing with internal controls and financial data; assist in both design and auditing of internal controls and follow up as required. Clearly this is a function which is and should be integrated into compliance.
For its part, the compliance function can leverage IA resources and professionals on audit techniques and analysis of internal controls and such integration extends the corporate compliance influence through the company’s IA network. Finally, it allows the corporate compliance function to be made aware of relevant concerns uncovered during audits, so compliance is more fully able to participate in recommendations and follow up.
Three key takeaways:
- Internal audit can be used to provide continuous improvement to and for compliance.
- Internal audit can also fill a gatekeeper role in your compliance regime.
- Compliance should leverage IA resources and professionals, on audit techniques and analysis of internal controls.