by Vivek Mathker As banks/financial institutions fold/merge across the globe, debates on the causes are raging. Corrective measures are being taken in the form of takeovers, etc, but preventive measures are slow: the symptoms are known but the diagnosis incomplete.
While talking of preventive measures, one issue that needs to be analysed is the role of auditors. How is that the auditors did not find anything wrong? All these institutions (those that went under and those that are floundering) are reputed and big. They would mandatorily have had external as well as internal auditors. So, either the auditors' advice was disregarded or the auditors failed to find out the root cause of the trouble. The damage is so widespread, that one point which comes out clearly is that there is a need to look at the auditing processes adopted and advocated in this murky scenario. Without going into the roles and responsibilities of external audit, let us look at internal audit. Today the difference between the functions of internal audit and external audit has become blurred. Internal auditors tend to carry out audits like external auditors. The risk factor assigned to a particular business unit in the company depends on two factors: the risk associated with the business as such (which is what external audit also finds out), and the other factor as to who mans these business units. In case the unit is manned by procedure abiding, cautious and strong team players (e.g. involving internal audit department for issues noticed by them during their day to day running of business) in that organisation, the unit faces less risk. The internal auditor needs to assess this perspective of risk. It cannot be disputed that it is difficult to assess the second aspect, but the lack of awareness of the need to evaluate this risk too needs rectification. It is important to take the pulse of the brains behind the businesses and not focus only on systems, procedures, loopholes, etc. This can be accomplished only by the internal staff, i.e. internal audit. Often, the internal audit function is outsourced. Also, if there is internal audit set up in the organisation, it is sometimes manned by people from external audit background. When this happens, the internal audit department is run like an external audit firm. It is undoubtedly difficult to take a pulse of the brains behind the businesses. However, some steps could be taken. Firstly, there should be awareness that there is something equally important that needs to be monitored, apart from systems and loopholes. This awareness results into small steps on a regular basis from the management side, such as involving the internal audit department in all important meetings/events (such as a launch of a product) whether related to audit jobs or not. This helps in the auditor being apprised of the happenings. He can offer recommendations and, most importantly, he gets a chance to gauge the minds of the participants. It is important for an auditor to analyse why, how, when and where an employee performs a particular action/transaction, irrespective of whether or not it fits into the parameters of the accounting records. Another factor that helps in this pulse reading exercise is the longevity of the audit staff in the company. History of a person/process/activity helps immensely in deciphering intentions. Normally, corrective measures have some traces of preventive measures in them. Similarly, in this situation one of the causes which surfaced is the incentives or bonus systems prevailing in the sector. Close interaction by HR department with the internal audit department would be of great help. For example, information on a disgruntled employee or an employee earning abnormal bonus will be of help to internal audit in the form of leads. Due to the influence of the external auditors on the internal audit function, a gap is created in the formats of internal audit plans. Internal audit function is too wide to be able to be covered in a plan -- both at the macro level as well as the micro level. Plans are to be prepared and adhered to. Though it cannot be disputed that plans are important, insisting that a certain audit is to be completed within a certain time casts a massive toll on the quality of audit work. External audit time is always being converted into man hours, billing and money. The main focus of external audit is on systems, risk, etc, which is more likely to be completed in the allotted time as compared to carrying out audit in an investigative manner -- trying to find out the underlying reasons for expenditure rather than seeing whether it is properly accounted. Also, the internal audit plan cannot be adhered to when a non-planned event is unearthed, and this happens quite often. Any time-wise provisions in the plan are likely to disrupt the plan. The dynamic nature in which it is essential to run today's businesses has a major impact on the plan and, worse, on the internal audit function. New activities are started, old closed, and existing ones modified at a pace that internal audit plans cannot cope with. A plan prepared in advance cannot encompass these changes. The pressure of audit committees to cover audit as per plan is most likely to result in non-coverage of these areas. Being new in nature, these activities need more internal audit attention than the planned ones. Plans are, therefore, necessary to ensure that no area is missed out and to evaluate performance of the internal audit staff: time taken versus points unearthed. The influence of external audit on internal audit has further increased due to the Institute of Internal Auditors' guidelines wherein internal audit function has to be independently reviewed by an external agency (normally an audit firm) once every five years. The intention of this guideline is commendable, but it runs the risk of reviewers mixing external audit processes with internal audit. In light of the current financial upheaval, if we go back about two years, it is possible one may find that when the sub-prime lending commenced and increased with one of the intentions of making profits quickly, the internal audit departments were busy fulfilling their existing audit plans and ticking check-lists so that the respective audit committees could be kept satisfied. The need to keep a tab on the pulse of the managers' intentions and the modus operandi adopted must have got lost in this routine. The need of the hour, therefore, is to bring the pendulum to its equilibrium so that the lopsided swing towards only theoretical audits is brought to balance taking the human aspect of audit into recognition and taking into consideration the dynamic business situations essential for today's growth/survival needs of any organisation in auditing. The author is an Indian national, currently working in Bahrain. The views expressed here are personal http://www.rediff.com/money/2008/oct/15bcrisis.htm The law of gravity says no fair jumping up without coming back down --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Kences1" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/kences1?hl=en -~----------~----~----~----~------~----~------~--~---
