AN OFFENSIVE AND DEFENSIVE STRATEGY FOR ANY BUSINESS
EDITORIAL | BUSINESS MANAGEMENT
INTERNAL AUDIT & RISK MANAGEMENT
AN OFFENSIVE AND DEFENSIVE STRATEGY FOR ANY BUSINESS
PETER FRANCIS
Managing Director , aceia Pty Ltd
Peter Francis is a respected advisor to a number of Australian and international corporations in risk management and internal audit . Peter is a former Chair of the Institute of Internal Auditors Australia ( Victoria Chapter ).
WHAT IS INTERNAL AUDIT ?
Internal Audit is integral to the running of any business large or small . It helps businesses achieve their objectives by evaluating and improving the effectiveness of risk management , control and governance processes .
All businesses face challenges - delivering products to market , making a profit for shareholders and operating in an ever-changing environment . Every business is faced with risks that threaten or reduce its ability to function . Managing these risks and monitoring the effectiveness of internal controls is critical for preventing or minimising the irreparable damage that a breakdown in internal controls can have on a business .
Internal audit ensures that you ‘ know ’ your business at all levels - reducing the risk of incidents arising and providing the opportunity for your business to grow in comfort .
HOW DOES INTERNAL AUDIT WORK ?
Internal auditors work with management to methodically review the systems and operations of a business . Reviews , or audits , objectively identify how well internal controls are working , where efficiencies and / or innovations may be made , and advises on areas for improvement – ultimately providing a perspective on the extent to which an organisation is ready for success .
Internal audits are based on the strategic needs of an organisation and can be ongoing or conducted as a one-off review . “ Any system that has an impact on the effective operation of an organisation may be included in the scope of internal audit ,” explains the Institute of Internal Auditors Australia ( IIAA ) 1 .
Internal auditors work across all levels and areas of a business , including the core areas of financial control and information technology ( IT ) as well as operational ( e . g . supply chain and IT systems ), culture and ethics . A review that we completed for one of our customers focused on their warranty and goodwill processes . This review alone delivered over $ 1 million in potential savings and opportunities for our customer .
Internal audit is not to be confused with external audit . According to the IIAA , “ External auditors focus on the accuracy of the annual report and financial statements whereas the internal auditor has a wide reaching brief which considers anything which might be important to an organisation ’ s success .” 2
INTERNAL AUDIT AND RISK MANAGEMENT
Risk management is a crucial defensive and offensive strategy for businesses . Risks and internal controls are often overlooked and only tend to be considered after a serious event has occurred . Preventative measures are often a low cost way to minimise or even eliminate the risk of irreparable damage .
One of our customer ’ s had invested heavily in the IT systems of their Melbourne head office . As a result of their investment and risk management planning , they decided to replicate their head office operating environment in a virtual sense at an alternative location . Months after this had been completed , their office , including all major IT systems , was destroyed by a storm . By having their systems stored at another location , they were able to switch the system over and were back up and running the next day – without any loss of files or operating activity .
A risk management and internal audit framework ensures that a business has a comprehensive approach for identifying , assessing , evaluating , managing and testing business risks – whether it is a customer potentially slipping on a wet floor , fraudulent activity or an unexpected natural or human induced event .
A risk can encompass anything that may affect a business in terms of operations , finance , strategy and compliance . These risks can stem from triggers such as economic , technological and people factors .
HOW CAN INTERNAL AUDIT HELP MY BUSINESS ?
There are many reasons why your business may need internal audit and risk management :
1 https :// www . iia . org . au / about-iia-australia / WhatIsInternalAudit . aspx 2 https :// www . iia . org . au / about-iia-australia / WhatIsInternalAudit . aspx
18 Summer 2017