It’s not the ratio of circumference to its diameter (Pi), we’re covering here. But yes, there’s a commonality; that ratio and the value of Internal Auditing being constants!
So, let’s unravel what’s this “PI” is, if it isn’t obvious though. But I won’t make this space specific to the Internal Audit unacquainted, in fact in the perspective of “PI” most internal auditors are unaware.
“PI” is:
- Performance Improvement – in the context of accomplishment of targets and objectives.
- Process Improvement – in the context of the overall conduct of work.
- Policy Improvement – in the context of governance over an area / work.
- Procedure Improvement – in the context of protocols and criteria managing the work.
Thus, it’s the overall experience improvement we’re discussing here. But what has it got to do with internal auditing, you ask? Everything because that’s what internal auditing is about. Improvement is 2x within the definition of internal auditing, adding value and improving an organization’s operations and improving the effectiveness of GRC processes.
So, basically taking improvement out of internal auditing is not possible without rendering it an exercise that could be anything but internal auditing, both in the context of assurance and advisory. One may as well think of substituting the “Internal” in Internal Auditing with “Improvement”, so that it becomes Improvement Auditing. PI and IA are inseparable with PI being the only constant in IA!
The way I see and have practiced it over the years, it is the only forward-looking assurance and consulting intervention the businesses can’t do without. It is the quintessential disruption across all business functions and processes rooting for continual improvement in Governance, Risk Management and Control.
Just recently, I had an opportunity to discuss at length how internal audit could improve an organization’s processes with the moderator insisting upon how the two are entirely different to one another and that it’s not internal audit’s scope to bring upon improvements.
This pretty old argument originates from two things:
- A rudimentary understanding of what internal audit does. An understanding that did not evolve the way internal auditing did both for the auditees and the auditors, unfortunately.
- The internal audit independence being an impediment to its scope enrichment or more emphatically it continuing to do what it used to do decades ago.
The first reason emphasizes that even though the definition of internal auditing has been around for so many years, it is still not well understood.
The second reason demonstrates that the auditors’ independence is a deciding factor in the nature (type) of engagements internal audit can undertake.
These understandings or more appropriately the lack thereof is entirely irrelevant to what internal auditing is and what it does and represent a tendency to keep internal auditing confined to a general (infantile) understanding of what auditing is, which is providing assurance. Moreover, it’s also about a lack of understanding around what constitutes improvement. Identifying the cause of non-conformance in a typical assurance engagement as a deficient control protocol triggers procedural revision and that constitutes improvement. But do we understand it?
And it’s not that its only bothersome because it comes from people who used to be external or internal auditors at a time before the internal auditing standards came into existence or those who switched careers or areas of expertise away from internal audit or maybe from the internal audit adversaries. And one can’t blame internal auditing clients / auditees for their understanding. What’s perturbing is that majority of the internal audit practitioners think that way too and therein lies the heart of the problem.
Internal Auditing is still not considered synonymous with Process Improvements because world over we continue to lack in:
- Quality of internal audit resources.
- Competence.
- Objectivity.
- Understanding of how auditors safeguard their independence.
- Professionalism of conduct and work approach.
- Quest for learning.
- Openness to evolving engagement possibilities.
- Objective and formalized approach to self-evaluation.
- Continual improvement.
Certainly, when we ourselves continue to be averse to or continue to be deficient in understanding how we should evaluate ourselves so that we improve ourselves, it’s pointless to think internal auditing can bring improvement. It’s exactly like how we understand risk; keeping static audit plans and area work programs when the management of risks they aim to provide assurance or advisory against remains dynamic because risks are always fluid.
However, there’s nothing wrong with internal auditing itself. Just like most religions preach virtues but it’s the followers who practice vice. Internal Auditing under the International Professional Practices Framework of the Institute of Internal Auditors is all about value addition and improvement through assurance or advisory based interventions. It doesn’t matter if most internal audit practitioners don’t think or act that way.
I’ve at length covered the internal audit value addition and improvement prospects in my previous blogs. You can read how internal audit is the audit of everything here and how internal auditing fuels business growth here.
Let me now give you very few real-life examples of how I triggered improvements through internal audit interventions:
|
Findings |
Dealt Through |
|
In a refining process, the inputs and outputs are measured through testing and dipping however the efficiency of the treatment / refining plant against rated efficiency at given capacity isn’t |
Efficiency measurement mechanism was developed and incorporated in procedures |
|
Periodic physical inventory is undertaken by those operationally responsible for custody and management |
Responsibility was entrusted to an independent team |
|
Dual systems of performance management |
Unified framework for performance management |
|
Redundancy in records |
Comprehensive reviews of processes to eliminate redundancies |
|
Non-standardization of records |
Comprehensive review of procedures and instructions to introduce standardization |
|
Lack of data processing controls leading to extensive manual reviews |
Application processing controls introduced through customizations |
|
Preventive maintenance not reducing unforeseen downtime |
Preventive maintenance programs were made to incorporate revisions from causation of breakdowns |
|
Applications purported to be enablers are used for record keeping only |
Protocols revised to ensure work without the application becomes impossible and processing made efficient |
|
Service requests acknowledgement, response and processing timelines not established |
Mechanisms established |
|
Lack of detailed study of feasibility and benefits of investments in hardware upgradation of generating units besides technological obsolescence |
Studies were conducted to introduce integrations with operational applications to automate data capturing and registration of problems |
|
Data manipulation to keep the KPIs performance within the criteria |
Controlled through several administrative and supervisory controls |
The diversity of the improvement-oriented findings listed above might make one believe they all represent advisory internal audit engagements. However, they represent both assurance and advisory. One cannot provide assurance on data that’s manipulated, or data that’s inaccurate or incomplete and so it’s important to be a cause for improvement even through assurance-based interventions and advisory is typically wholly about improvement.
Thus, it’s important to distinct internal auditing from most internal auditors conduct and approach and to improve one’s understanding of what internal auditing is about and if that assessment is impossible to make without substantiation through the conduct of auditors, seek out internal audit talent that’s not just best but also devout.
What does it take to seek that talent you may ask? Invest earnestly when investing in internal audit considering it a growth center, not halfheartedly as a cost center. For starters how about Chief Audit Executive’s compensation being at least 50% of the CFO’s compensation?
Yes, the query was indeed meant to scratch heads!