Drive a Connected GRC Program for Improved Agility, Performance, and Resilience
Power Business Performance and Resilience
Discover ConnectedGRC Solutions for Enterprise and Operational Resilience
Explore What Makes MetricStream the Right Choice for Our Customers
Find Everything You Need to Build Your GRC Journey and Thrive on Risk
Learn about our mission, vision, and core values
In one of its reports, Moody's recommends that the Chief Internal Auditor should report to the CEO and the board and not to the CFO, if the auditor is to examine company's books and controls with an objective eye. Interestingly, audit committees face similar issues when evaluating executive management or business line managers.
In one of its reports, Moody's recommends that the Chief Internal Auditor should report to the CEO and the board and not to the CFO, if the auditor is to examine company's books and controls with an objective eye. Interestingly, audit committees face similar issues when evaluating executive management or business line managers. This coupled with increasing expectation from the board for closer insight and proactive monitoring of the business processes makes the job extremely challenging and a tough balancing act.
This calls for greater collaboration and positive relationship between the Auditor and the Auditee at all levels of the organization. Auditee should view Auditor as a business partner while the Auditor should develop better understanding of the business and operational issues. This will facilitate audit methodology that is based on mutual understanding of audit and business needs.
Internal Auditor should engage with Auditee on a periodic basis from the very beginning till the end of the audit process to discuss audit objectives, audit plan, audit findings and audit conclusions. The discussion should go beyond the audit process to discuss potential solutions to the business issues observed from a operational perspective as well as their impact on risk and compliance. The objective should be to create validation with the management with a bottom-up approach to avoid any surprises or contradictions in the final audit report.
Auditee should consider Internal Auditors as partial process owners and not as outsiders who monitor business activities for finding faults and point failures. Auditee should engage with Internal Auditors with an understanding that their primary goal is to identify key issues that may have material impact and recommend possible solutions. Sometimes, it can also serve as a way to get attention from senior management on critical challenges that require budget or resource allocation or possibly a change for better business performance that the Auditee wants to drive but is not able to garner management support and priority.
Some organizations have started to define Internal Audit group as internal consultants responsible not only providing assurance on internal controls but also in delivering consulting in the area of business process and performance improvement. As a part of the consulting role, the internal audit team develops a synergistic relationship with the business process owner, helping to improve the internal control environment across the organization.
In addition, the Executive Committee should setup and adopt a proactive approach to enhance the Auditor-Auditee relationship leading to significant value for the entire organization. The overall objective is to share best practices and solutions for common problems across the organization. This can be best executed as a joint project of Executive Committee and Audit Committee. Some organizations have taken this a step further and started organizing joint training programs and sessions for discussing common issues with the added advantage of building strong positive relationship between Internal Auditors and the Auditees.
Relationships and trust are key to effective governance. Today, more than ever before, the need is to facilitate collaborative and transparent environment of sustainable corporate governance through cooperation and equal participation of Audit Committee, Executive Committee and Business Line Managers. The responsibility lies with the entire organization and is not limited to the Audit Committee. A better governed organization will continuously strive to foster a positive culture, with shared values and standards.