Steps to enhance and preserve Internal Audit independence (Governing the Internal Audit Function Part 3/5)

Introduction

In a world where trust is a cornerstone of corporate governance, the independence of the internal audit function stands as a critical pillar for upholding an organisation’s integrity. Yet, this independence isn't merely symbolic; it is a concrete standard set by globally accepted practices like the Global Internal Audit Standards and the King IV Code of Corporate Governance in South Africa.

This guide delves into essential steps that safeguard the internal audit function’s independence, ensuring it serves its purpose of strengthening the organisation’s ability to create, protect, and sustain value.

1. Empowering Independence: Role of the Board

The Global Internal Audit Standards mandate that the board is responsible for ensuring the independence of internal audit functions (Principle 7 Positioned Independently). The Standards define Independence as the freedom from conditions that impair the internal audit function’s ability to carry out its responsibilities in an unbiased manner.

The Public Finance Management Act (PFMA) also echoes this, requiring that internal audits remain free from activities they assess and maintaining unfettered access to necessary information.

Practical Steps:

• Boards must explicitly affirm their role in empowering the internal audit function. This can be achieved through formalised support, ensuring that auditors have the authority, access, and freedom required to perform their duties objectively.
• Create a robust internal audit charter outlining the independence of the function and how it should operate free from interference or limitations.

2. Appointing a Chief Audit Executive (CAE) Independently

The Chief Audit Executive’s independence is paramount. According to the Global Internal Audit Standards (Standard 7.1 Board Essential Conditions), the board must be directly involved in the hiring and dismissal of the CAE, which King IV reinforces. The CAE should have the necessary authority, objectivity, and professional acumen to function independently from management.

Practical Steps:

• Ensure that the board handles the CAE’s employment contract and remuneration independently of management. This reinforces the CAE’s impartiality and enhances the credibility of the audit function.
• Select a CAE with a strong professional background and sufficient influence to interact with board members confidently. This person should be recognised for their competence and objectivity to mitigate any perception of bias.

3. Functional Reporting to the Board

Internal auditing is most effective when the CAE reports directly to the board, rather than to management, thus strengthening the CAE’s authority and independence. As stated in the Global Internal Audit Standards, this reporting line enables the CAE to address sensitive or significant matters directly with the board without interference.

Practical Steps:

• Establish formal processes whereby the CAE can discuss important issues directly with the board and attend board meetings, as stipulated in King IV and the PFMA.
• Allow for periodic meetings between the CAE and the board that exclude senior management, creating a safe space for the CAE to express concerns candidly.

4. Safeguards in Non-Audit Services

In cases where the CAE assumes additional roles beyond auditing, safeguards must be put in place to prevent any impairment to independence, whether in fact or appearance. As the Global Internal Audit Standards note, if the CAE’s other responsibilities could affect objectivity, these should be documented, and an independent third party should be consulted for assurances.

King IV Code of Corporate Governance advises that the CAE should not be a member of executive management, but should be invited to attend executive meetings, as necessary, to be informed about strategy and policy decisions and their implementation.

Practical Steps:

• Ensure that any non-audit roles or tasks the CAE may take on are clearly documented, with established safeguards like alternate auditors or external assurance providers.
• For temporary roles, develop a transition plan to pass responsibilities back to management as soon as feasible, and assign independent oversight for those roles for at least a year after completion to preserve objectivity.

5. Addressing Impairments to Independence

Independence isn’t merely a checkbox; it requires vigilance. If the CAE or other auditors encounter conditions impairing objectivity, such incidents must be disclosed to the appropriate authorities within the organisation. The Global Internal Audit Standards (Standard 2.3 Disclosing Impairments to Objectivity) underscore that these disclosures are essential for transparency and maintaining internal audit credibility.

Standard 7.1 requires that if the governing structure does not support organisational independence, the chief audit executive must document the characteristics of the governing structure limiting independence and any safeguards that may be employed to achieve this principle.

“If a potential impairment of the internal audit function’s independence is discovered after an engagement has been completed that may affect the reliability or perceived reliability of the engagement findings, recommendations, and/or conclusions, the chief audit executive should discuss the concern with the management of the activity under review, the board, senior management, and/or other affected stakeholders and determine the appropriate actions to resolve the situation” (Standard 7.1. Considerations for Implementation)

Practical Steps:

• Develop a process for auditors to report any perceived impairments to the CAE and, subsequently, to the board if necessary.
• When impairments occur, the CAE can manage the situation by reassigning affected auditors, adjusting engagement scope, or outsourcing engagements to ensure objective conclusions.

6. Annual Confirmation of Independence

Confirming the internal audit function’s independence annually is not just best practice, it’s a requirement under the Global Internal Audit Standards. The CAE must report incidents of impaired independence, and the corrective actions or safeguards implemented.

Practical Steps:

• The CAE should provide a formal, annual independence confirmation to the board, documenting any impairments or actions taken to resolve them.
• Beyond the annual confirmation, consider a practice of quarterly updates on independence matters, keeping the board informed and responsive.

Conclusion

The independence of the internal audit function is a powerful enabler of effective governance and trust within an organisation. When positioned effectively, with an independent CAE and functional reporting directly to the board, the internal audit team can serve as an invaluable partner in managing risks and assuring stakeholders.

By following these principles and safeguards, organisations not only uphold the independence of their audit function but also reinforce a culture of transparency and accountability.

Sources:

• Global Internal Audit Standards (2024)
• Public Finance Management Act (South Africa)
• King IV Code of Corporate Governance.

Contact me at julius@ditsibiconsulting.com if you or your organisation may benefit from the following:

• Global Internal Audit Standards Masterclass – 2 days
• Personal Branding for Accounting and Finance Professionals Workshop – 5 hours
• Audit Manager Onboarding Programme – 4 days over 1 Month
• Trainee/Intern Efficacy development Course – 10 days over 3 months
• Strategy Session Facilitation
• Internal Audit Services (Co-Sourcing and Outsourcing)
• Internal Audit External Quality Assessments (EQA)
• Risk Management Services (Co-sourcing and Outsourcing)