The Audit Committee’s expectation from an Internal Auditor

Introduction

The Audit Committee is a group of independent directors responsible for overseeing the organization’s financial reporting process and the effectiveness of its internal controls and enterprise risk management solutions. It is one of the most important customers of an Internal Auditor.  

As one of the key stakeholders of the Audit Committee, the role of the Internal Auditor involves providing independent assurance to the Audit Committee that the organization’s risk management, governance, and internal control processes are operating effectively.  

Beyond the obvious role mentioned above, the Internal Auditor is expected to assist the Audit Committee in fulfilling its oversight responsibilities by providing objective insights, assessments, and recommendations on matters related to strategy, risk, operations, internal controls and overall performance of Internal Audit.  

Based on our decade full of experience in addressing Audit Committee across various organizations, here are some of the most desired expectations of the Audit Committee from the Internal Auditor. 

Expectations on Strategic Matters 

One of the key areas where the Internal Auditor is expected to provide valuable insights is in the area of strategic matters such as: 

• Review the organization’s structure and recommend ways to improve it in line with the company’s long-term strategy. This may involve identifying any potential conflicts of interest or areas where the organization’s structure may be hindering its ability to achieve its strategic objectives. 

• Provide an opinion on whether the organization’s risk assessment processes are sufficient to address its strategic objectives. This includes evaluating the effectiveness of the risk assessment process and the quality of the risk management plans that are put in place to address identified risks. 
• Provide an opinion on whether the organization’s risk mitigation measures are sufficient and effective to ensure the achievement of strategic objectives. This may involve assessing the adequacy of the controls that have been put in place to mitigate identified risks and determining whether these controls are being effectively implemented and monitored. 
• Provide an opinion on how the organization has responded to risks that have materialized. This may involve reviewing the organization’s risk management plans and the actions taken to address risks that have materialized, as well as assessing the effectiveness of these actions. 
• Highlight any risks that are not being addressed by the management or that the risks management has decided not to address, even though they are considered critical by the Internal Auditor. This is an important aspect of the Internal Auditor’s role as it ensures that the Audit Committee is aware of any significant risks that may be affecting the organization’s operations. 

Expectation on Operational Matters 

In addition to strategic matters, the Internal Auditor is also expected to focus on operational matters such as: 

• Assess the organization’s adoption and use of technology across various functions and highlight any areas where technology could be more effectively utilized. This may involve reviewing the organization’s technology infrastructure and systems and assessing their effectiveness in supporting the organization’s business processes and operations. 
• Identifying opportunities for cost savings by reviewing the organization’s processes and identifying areas where costs can be reduced or where more efficient processes can be implemented. consider the organization’s overall strategic objectives and ensure that any cost-saving recommendations align with these objectives. 
• Highlighting key processes within the organization that require improvement based on industry benchmarks. This involves reviewing the organization’s processes and comparing them to industry best practices in order to identify areas where the organization’s processes may be falling short. Consideration is given to a variety of factors, including efficiency, effectiveness, and compliance with regulations and standards. 

• Keep abreast of industry trends and use this knowledge to evaluate the organization’s practices and efforts to achieve its revenue targets. 

Expectations on Internal Control 

As one of its primary roles, Internal Auditor is required to provide opinion on the effectiveness of Internal Controls across the organization. This involves:  

• Reviewing the organization’s internal controls and highlighting any weaknesses or deficiencies in their design. The Internal Auditor is also expected to consider the impact of any internal control design failures on the organization’s risk profile and ensure that any potential risks are appropriately mitigated. 

• Highlight internal control execution failures that help the Audit Committee to understand the effectiveness of the organization’s internal controls and identify any areas where reforms are necessary in terms of strengthening of the internal controls. 

Internal Auditor’s Performance 

Finally, the Internal Auditor is expected to provide an overall assessment of the performance of the Internal Audit Services. This includes:  

• Audit area-wise performance of Internal Audit 

• Internal Audit Plan vs. actual audit execution achieved,  
• Summary of feedback from auditees, and  
• Internal Auditor’s compliance with the International Professional Practices Framework (IPPF) 

Conclusion 

In summary, the Audit Committee has high expectations of the Internal Auditor and relies on the Internal Auditor to provide objective insights, assessments, and recommendations on various matters related to the organization’s performance. By fulfilling this role effectively, the Internal Auditor helps the Audit Committee to fulfil its oversight responsibilities and ensures that the organization is operating effectively and efficiently and is aligned to their path for achieving its objectives.