Audit & Risk

Commercialism is it a race to the bottom?

We don’t want a system where the best and largest organisations are the only ones with specialist, professional teams, while the others settle for an off-the-peg, minimal outsourced service, writes Simon Gascoigne, deputy director of 360 Assurance.

in Features.

Article Image

Where was the internal auditor? This is a question I have heard the media ask in response to corporate failures. It is one I consider when I reflect on my responsibilities to my audit committees. Part of the answer should be “behind the audit committee”.

The board and the audit committee set the tone for internal audit activity in an organisation. However, this, in itself, presents a number of challenges. Is there sufficient independent guidance available to boards and audit committees on how to identify the organisation’s internal audit needs? What does the right investment in internal audit look like? Do audit committees understand the role of internal audit, the ways it can add value and how it is guided by audit Standards? What happens when an organisation has not got the right culture or attitude to internal audit?

There is also a danger there may come a time when the answer to this question is: what is an internal auditor? Already, there is evidence in the NHS that investment in internal audit is decreasing. This is for many reasons, including lack of money, a willingness to accept the minimum and the increasing commercialism of internal audit.

I believe this last is a serious risk. Let me be clear, assessing the effectiveness of internal audit is essential in all organisations – poor internal audit is worse than commercialism. But is commercialism the best way to assess the effectiveness of internal audit and what does it do to its independence and objectivity?

Some say that commercialism is a common requirement in external audit, so why should internal audit be different? But external audit standards are prescriptive about what is required and act on behalf of shareholders.By contrast, internal audit standards are open to interpretation and it should be a tool that supports management; we want to be trusted advisers, not suppliers.

However, increasingly, I am finding that people believe the best way to assess effectiveness is to put internal audit services out to commercial tender. All this achieves is a race to the bottom. Tenders play to the strengths of external providers, but not always to those of the client. They also encourage clients to ask why they should spend more than the bare minimum on internal audit.

When organisations lose their internal audit teams, they not only lose the “soft” benefits of having their own team and expertise, but often end up spending more on consultants instead. They also lose a valuable support function and usually end up focusing only on auditing the second line of defence.

I see these challenges more than ever in the NHS. With media attention on NHS funding, some NHS bodies are seeking large back-office savings. As levels of risk rise, investment in the third line of defence is falling. It is an equation that does not add up. If everyone competes to offer the bare minimum, what’s the point of having internal audit at all? Where is the real value added?

Of course, there are many enlightened organisations that appreciate the value of strong, professional internal auditors, who can provide a robust opinion and challenge the board when necessary. Many of these are featured in articles highlighting best practice in this magazine. But we need to be aware of the dangers of financial pressures and a drive to put everything on a commercial basis. We don’t want a system where the best and largest organisations are the only ones with specialist, professional teams, while the others settle for an off-the-peg, minimal outsourced service.

The institute is the only truly independent voice when it comes to internal audit and we need to support it as well as asking it to support us. We need to talk to audit committees about what we can offer and we could do with guidance on assessing the effectiveness of internal audit that individual auditors could use to influence boards and audit committees.

360 Assurance is an internal audit shared service operating mainly with NHS clients. It won the Audit & Risk Award for outstanding team in the public sector in 2015.

The IIA: find out more

Visit the main IIA site

Jobs

Senior Auditor

Ref: HE/3188
Directorate: Finance & Business Services
Location: Nationwide
Salary: £40,188 - £44,208
Number of Positions: 5
Full-time

Principal Auditor

Salary: £36,937 - £39,660
Permanent – 37 hours
Location: Westgate Plaza One, Barnsley, South Yorkshire

Careers advice

Destination designation

The Chartered IIA is keen to work with organisations that want to ensure all their internal auditors have the right skills to succeed in today’s industry. One of these is Citigroup, which recently launched a training scheme accredited by the institute and put 20 senior internal auditors through the Chartered by Experience route to achieve CMIIA. So what does this look like in practice?
Words: Ruth Prickett

Gold standard – the value of recognition

Being chartered demonstrates your skills and competence and gives you influence within both your organisation and the wider profession. All dedicated internal auditors should aspire to it, writes Ian Peters, chief executive of the IIA.

Chartered by Experience

There is a new route to becoming a chartered internal auditor: Chartered by Experience.

Training & Development

Destination designation

The Chartered IIA is keen to work with organisations that want to ensure all their internal auditors have the right skills to succeed in today’s industry. One of these is Citigroup, which recently launched a training scheme accredited by the institute and put 20 senior internal auditors through the Chartered by Experience route to achieve CMIIA. So what does this look like in practice?
Words: Ruth Prickett

Gold standard – the value of recognition

Being chartered demonstrates your skills and competence and gives you influence within both your organisation and the wider profession. All dedicated internal auditors should aspire to it, writes Ian Peters, chief executive of the IIA.

PwC launches cyber-breach simulation game for executives

Big four consultancy PwC has launched "Game of Threats" – an interactive game to teach senior executives the risks of cyber-attacks and encourage them to test how they would respond in real time.

Tools

Harnessing the power of technology in ERM: driving a continuous and verifiable process

Sponsored content
Some of the greatest strides in the formalisation of enterprise risk management (ERM) have occurred within the past decade – prompted by problems such as the global financial crisis and the increasing threat of cyberattacks. So how do organisations effectively focus on a formalised risk management structure? Workiva's white paper "Harnessing the Power of Technology in ERM: Driving a Continuous and Verifiable Process" suggests some answers.

You asked us

Our technical helpline provides valuable advice to members on a host of professional issues. Here are some of the questions you’ve recently asked.

Raising Standards

IIA Global is introducing two new professional Standards and updating some of its existing Standards with effect from 1 January 2017. So what are the changes?