Internal Audit - Reality Check
Arif Zaman FCCA, CIA, CISA, CPA, CFE, CCSA, CRMA, CRBA
Head Internal Audit & Risk | Consultant | Trainer | Speaker | Author | YouTuber I xEY I xEmaar I xTelenor
I started my career as an auditor and continued so far. I had the privilege to work and observe the internal audit set-up in many countries across the globe. According to the IIA's International Professional Practices Framework (IPPF) definition, internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations but is it the case?
To answer this question, I will say, it depends!
In reality many companies have a different view of internal audit department, it's based on multiple factor such as risk maturity of the organization, industry, sector, regulatory framework, size, culture, leadership, etc. As part of my professional career, I observed many global audit set-up, below is my observation (reality check) how internal audit is perceived and function in different entities (irrespective of jurisdiction):
Independent Auditor - Entities in which auditors have Board support, auditor report to the Audit Committee, who understand and realized the important role of the audit.
Auditor acting as Compliance Officer - These are entities in which auditor are hired as a result of a regulatory requirement as doing simply compliance check. Auditors are tasked to meet the regulator's requirements not internal audit to avoid fine and penalties.
Auditor as Watch Dog - These entities have less trust in employees and they like to play the role of carrot and stick approach. They use auditor to spy against employees.
Auditor as Enforced Role - These entities are either sister company or the shareholder demand from entities to have one. Management dislikes but smiles at the auditor.
Submissive Auditor - Entities where the role of internal auditor reports to CFO sometimes to CEO. These auditors work for top management and it's a death of auditor independence. The audit is responsible to highlight operational issues merely and being cautious to report something serious against the CFO or CEO.
Auditor as Change Agent - These entities are very few, where the result of the audit is used to bring positive change rather than merely a tick-box approach without bringing humiliation to the subject (employees, department etc.).
Recommended by LinkedIn
The above are just some example of how internal auditors are perceived and function in different companies. However, just because something is being done for so long does not mean correct, we as auditors have a responsibility to raise the bar, spread the awareness and share the right approach gradually without losing our sight from adding value and improving an organization's operations.
ABOUT THE AUTHOR
Arif Zaman brings more than a decade of proven experience in internal audit, risk management, and corporate governance. He is the Head of Internal Audit at Private Joint Stock Company based in Dubai, UAE. He holds MSc in Professional Accountancy from the University of London and a BSc Hons in Applied Accounting from Oxford Brookes University along with an impressive set of professional certifications including ACCA, CIA, CISA, CFE, CCSA, CRMA, CRBA, CPA, and CGA, etc.
For more immediate reading, here are some other articles I have written:
Corporate Governance: Future Corporate Governance. GRC - Big Time Confusion. Family business governance. Corporate Governance.
Oversight Functions: Difference between the role of internal control, compliance, risk management, and audit?
Risk Management: No need to have Risk (ERM) department . Establishing Risk Department in 7 simple steps . Strategic Risk Leaders Conference - Risk Management FAQ. Risk Appetite . Create a risk register in 4 steps .Annual risk assessment (4 steps) .
Internal Audit: Agile Auditing . Role of internal audit in risk management . Why you shouldn't be an auditor . The Pivotal Role of Evolving Internal Audit by Embracing Latest Technologies . Do not trust Artificial Intelligence . . Annual audit planning process (5 steps) . How to become Internal Auditor? . How to Gauge Audit Department . How to establish Internal Audit Department in 8 simple steps . Political pressure on CAE . Internal audit is a dying career? . Internal audit - Innovate or stagnate . Internal audit insight from IIA President . Auditing business ethics . Cloud computing - Internal audit perspective . The impact of emerging technology on auditing . New IPPF 2015 (summary) . Internal audit function maturity curve
Other: Road Map to Data Analytics . Real story - Ponzi scheme . Business email compromise . How did I start writing . Feel like you are falling apart . My most vivid childhood memories . I think of my failure as a gift . Life changing story - From admin staff to TV anchor . Remove toxic people from your life . Africa is not a country . The best time of the day to do things at work . Build your personal brand . Pass the 6 second CV scan test
Internal Audit-Risk Advisory Professional | COSO | SOX | ICFR | EMPOWER ENERGY PJSC(Utilities)| Deloitte | Protiviti | RSM Alumni |ACA | FCCA | CIA | GRC
3yThat is a true reality check Arif Zaman
Director at xpertsleague
3yvery true Arif Zaman. Thanks for sharing
VP (Head) Internal Audit in a PIF Company | Cybersecurity Committee | I Help Develop and Improve Governance, Risk, and Controls| (x)IA Head in a Listed Co. in KSA, Alkhorayef, Zamil Groups, KPMG | Cyber, CIA Trainer 💚
3yNice and concise article. As you mentioned in the article, it depends. In my experience, the role of auditor in companies also keep on changing between the roles you mentioned in your article.