In promoting good governance, auditors should be physicians, not morticians
Uncertainty regarding the depth, duration and full impact of the COVID-19 pandemic has forced overseers of good governance and transparency in institutions to repurpose their operations and solutions in order to achieve outcomes that were hereto routine.
The standard rules and policies that guide the operations of, for instance, how a Board of Directors prosecutes their oversight role have to be responsive to the evolving environment, while ensuring organizational objectives are met.
However, these transformative interventions should be implemented while respecting the key tenets of established good corporate governance practices, including promoting sustainability, corporate responsibility, societal engagement and corporate citizenship.
These new solutions should also respect and maintain the time-tested benefits of documenting processes and procedures as well as inculcating risk management and business continuity in all operations.
In this ecosystem, the centrality of internal auditors cannot be overstated and demand for their services has increased significantly. They link the Board and Management by providing independent and objective assurance aimed at ensuring that an organization’s risk management, governance and internal control processes are effective.
Internal auditors should take a more pragmatic role in executing their duties by ensuring that the pandemic-driven changes are adaptable to the good governance practices established over years.
Auditors should boldly point out weaknesses in governance structures and practices that may compromise the independence of the Management in making day-to-day decisions. Further, the clear separation of roles and responsibilities between the Board and Management should be upheld.
One of the major positive developments from the COVID-19 pandemic is that many organizations have automated their service delivery processes, including Public institutions that have typically shunned this move.
Automation has mostly targeted the core operation areas of businesses that directly interface with external customers. This is commendable since it was crucial that service delivery remains uninterrupted or is the downtime is minimized following disruptions brought about by the restrictions on movement and physical interaction.
But as core functions are automated, public and private organizations should also automate their audit function, failure to which they risk forfeiting the gains accruing from the capital-intensive investment in new systems.
Automation of the audit function will enable auditors undertake continuous checks more efficiently since they eliminate the need for human interaction and exchange of physical records. Such audits can be conducted in a planned way with the auditees’ involvement or randomly in the background.
Another key benefit of automation is that systems can be configured to automatically flag certain transactions which do not necessarily raise queries, but that necessitate keen scrutiny as close to their execution as possible. For instance, the system may flag transactions that exceed a certain value, prompting auditors to review them and ensure everything is above board. Where queries are raised, corrective action is prompt.
In is also key that auditors normalize evidence gathering and interrogation through innovative modes, including video conferencing and photographic information, should act as substitutes of in-person interactions.
Secondly, the Covid-19 pandemic was a tough lesson for many in terms of understanding the centrality of risk management in securing the future of a business. Not only did the risk materialize unexpectedly, but it rapidly evolved, leaving many in a tailspin especially with regard to handling their internal and external customers.
Now that businesses have adjusted to the new normal, internal auditors should ensure that the culture of risk awareness and planning is integrated across their organizations, from the rank and file officers to the Board.
Additionally, risk management frameworks should evolve from being periodic assessments to continuous reviews. This will enable institutions to anticipate, detect and mitigate emerging risks in their environment at the early stages.
Auditors should strongly advocate that all projects undertaken by organizations are subjected to vigorous risk assessments to ensure their successful and efficient implementation. This will make it easier to provide assurance on such projects and provide those charged with governance with up to date reports to inform decision-making.
In turn, Boards should expect and demand more frequent updates on the effectiveness of the implemented controls and their effectiveness in ensuring organizational objectives are being met.
Going forward, internal auditors are expected to be more agile in their approach to providing assurance on controls and governance processes. As auditors, our calling is not to be morticians, but physicians.
Ochieng Ochiel, Manager Internal Audit – Competition Authority of Kenya
For feedback, email info@cak.go.ke
Comments :