AN OFFENSIVE AND DEFENSIVE STRATEGY FOR ANY BUSINESS
EDITORIAL | BUSINESS MANAGEMENT
INTERNAL AUDIT & RISK MANAGEMENT
AN OFFENSIVE AND DEFENSIVE STRATEGY FOR ANY BUSINESS
PETER FRANCIS
Managing Director, aceia Pty Ltd
Peter Francis is a respected advisor to a number of Australian and international corporations in risk management and internal audit. Peter is a former Chair of the Institute of Internal Auditors Australia( Victoria Chapter).
WHAT IS INTERNAL AUDIT?
Internal Audit is integral to the running of any business large or small. It helps businesses achieve their objectives by evaluating and improving the effectiveness of risk management, control and governance processes.
All businesses face challenges- delivering products to market, making a profit for shareholders and operating in an ever-changing environment. Every business is faced with risks that threaten or reduce its ability to function. Managing these risks and monitoring the effectiveness of internal controls is critical for preventing or minimising the irreparable damage that a breakdown in internal controls can have on a business.
Internal audit ensures that you‘ know’ your business at all levels- reducing the risk of incidents arising and providing the opportunity for your business to grow in comfort.
HOW DOES INTERNAL AUDIT WORK?
Internal auditors work with management to methodically review the systems and operations of a business. Reviews, or audits, objectively identify how well internal controls are working, where efficiencies and / or innovations may be made, and advises on areas for improvement – ultimately providing a perspective on the extent to which an organisation is ready for success.
Internal audits are based on the strategic needs of an organisation and can be ongoing or conducted as a one-off review.“ Any system that has an impact on the effective operation of an organisation may be included in the scope of internal audit,” explains the Institute of Internal Auditors Australia( IIAA) 1.
Internal auditors work across all levels and areas of a business, including the core areas of financial control and information technology( IT) as well as operational( e. g. supply chain and IT systems), culture and ethics. A review that we completed for one of our customers focused on their warranty and goodwill processes. This review alone delivered over $ 1 million in potential savings and opportunities for our customer.
Internal audit is not to be confused with external audit. According to the IIAA,“ External auditors focus on the accuracy of the annual report and financial statements whereas the internal auditor has a wide reaching brief which considers anything which might be important to an organisation’ s success.” 2
INTERNAL AUDIT AND RISK MANAGEMENT
Risk management is a crucial defensive and offensive strategy for businesses. Risks and internal controls are often overlooked and only tend to be considered after a serious event has occurred. Preventative measures are often a low cost way to minimise or even eliminate the risk of irreparable damage.
One of our customer’ s had invested heavily in the IT systems of their Melbourne head office. As a result of their investment and risk management planning, they decided to replicate their head office operating environment in a virtual sense at an alternative location. Months after this had been completed, their office, including all major IT systems, was destroyed by a storm. By having their systems stored at another location, they were able to switch the system over and were back up and running the next day – without any loss of files or operating activity.
A risk management and internal audit framework ensures that a business has a comprehensive approach for identifying, assessing, evaluating, managing and testing business risks – whether it is a customer potentially slipping on a wet floor, fraudulent activity or an unexpected natural or human induced event.
A risk can encompass anything that may affect a business in terms of operations, finance, strategy and compliance. These risks can stem from triggers such as economic, technological and people factors.
HOW CAN INTERNAL AUDIT HELP MY BUSINESS?
There are many reasons why your business may need internal audit and risk management:
1 https:// www. iia. org. au / about-iia-australia / WhatIsInternalAudit. aspx 2 https:// www. iia. org. au / about-iia-australia / WhatIsInternalAudit. aspx
18 Summer 2017