How effectively are your internal audit resources being utilized today? Are they driving initiatives to help grow the company, or is most of their time spent solely on controls and compliance testing? If you answered the latter, you are not alone. A study performed in 2017 by the research and advisory firm CEB shows where Internal Audit spends the majority of its time is inversely related to the areas of business where major losses of value occur. Controls, not value, are driving audit resources.
source: The IIA
With many companies trying to cut back on costs, now is as important a time as ever for internal audit departments to prove they are more than just a cost center, but a valuable partner and a resource to help drive company initiatives. But how can an internal audit department achieve this? In this article we will discuss three ways your internal audit department can help maximize value.
Understand What Keeps Your CFO and CEO Up At Night
It seems as if everyday brings more news of cybersecurity breaches, hazardous workplace cultures, and the latest privacy laws. Recent high profile examples include the data breach suffered by a leading ancestry platform containing millions of users’ genetic data, and the billion dollar lawsuits issued at search and social media giants on the first day of GDPR enforcement. Companies are facing a myriad of risks that can keep executives up at night, and although they may not tie directly to a risk of financial statement misstatement, they can cause your company massive losses. Below are a few essential steps to ensuring you are on the same page as your executives:
- Schedule periodic meetings with your executives and ask them what risks they are most concerned about. Be proactive and keep your executives informed of any new risks that are emerging in the market.
- Send Enterprise Risk Management (ERM) questionnaires. Compile and analyze the results and identify the highest priority risks.
- Propose control activities that will help mitigate the enterprise risks identified.
- Stay on top of the cybersecurity compliance frameworks and data privacy regulations that could impact your company.
Help Identify Inefficiencies in Business Processes
Internal Audit has the unique advantage of being positioned to see the detail across all processes, while still maintaining an understanding of the overall organization. CFOs and Controllers may only have a high level understanding of business processes and process owners usually only have insight into their own line of business. Leverage this unique position to find more efficient ways to carry out business processes and cut down costs. Consider the following:
- Are there areas of your business that are redundant or that can be consolidated?
- Are there controls across the organization that mitigate the same risk, and therefore can be removed?
- Are there software solutions that can be integrated throughout your organization?
Perform Cost Recovery Audits
Your organization invests countless hours negotiating favorable contract terms, but does your company follow up to ensure those terms are being followed? If you are not familiar with cost recovery audits, there are a variety of audits you can perform to recover actual dollars for your company. Some of these cost recovery audits may include:
- Vendor contract reviews. Review high dollar invoices against contract terms to make sure that you are being billed correctly and in accordance with the agreed upon contractual terms.
- Media agency audits. Review whether the advertising that you are being billed for was actually delivered. Were they seen by your target audience, or are you being billed for ads viewed by bots?
- Accounts payable audits. Focus on duplicate payments, missed payment discounts, price discrepancies, and forgotten credit memos.
Nothing shows you are adding value like a check coming your company’s way for money you have recovered.
All of these suggestions may sound great, but if your resources are already tied up in basic controls and compliance testing, and you do not have the capacity to perform any of the value-add initiatives mentioned above - how can you apply them? Many CAEs share similar concerns. AuditBoard has helped hundreds of companies automate and streamline their SOX, operational audit, and compliance programs, saving internal auditors thousands of resource hours. With these time savings, Internal Audit is empowered to spend time focusing on the value-add initiatives that matter and become a strategic business partner to their company.