Site icon Risk and Control: Ideas for a better tomorrow

1112 – Chief Audit Executive Roles Beyond Internal Auditing

IIA Inc has revised standards on internal auditing. The revised standards become effective from January 2017.
One of the new year resolution of Internal auditor should be to update their internal audit practices and procedures, including internal audit charter to reflect the changes done in in the IPPF.
Revised IPPF can be downloaded from IIA.
One of the important changes is the recognition of role played by increasing number of CAE across the globe which goes beyond assurance.
1112 – Chief Audit Executive Roles Beyond Internal Auditing
Where the chief audit executive has or is expected to have roles and/or responsibilities that fall outside of internal auditing, safeguards must be in place to limit impairments to independence or objectivity.         
Interpretation:
The chief audit executive may be asked to take on additional roles and responsibilities outside of internal auditing, such as responsibility for compliance or risk management activities. These roles and responsibilities may impair, or appear to impair, the organizational independence of the internal audit activity or the individual objectivity of the internal auditor. Safeguards are those oversight activities, often undertaken by the board, to address these potential impairments, and may include such activities as periodically evaluating reporting lines and responsibilities and developing alternative processes to obtain assurance related to the areas of additional responsibility.
Good part: Earlier there used to be expectations and CAE has the potential dilemma of facing independence impairment. They used to either deny the role expected from them or role needed from them. Now they can breathe a little easy and plan on safeguards whenever they are called to perform other roles in the service of organization.
Bad part: In some cases, management may want to force more role on CAE and appear to provide oversight, where in reality they are not. One of the reason could to save costs and other reasons could be overloading the person with too much work. Research says that % of CAE has been asked to change their report.
Conclusion: Overall it’s a good change, which will prompt a CAE to think over ways in which CAE can contribute towards organization growth via value preservation and value enhancement.
A good number of CAE performs dual role of Internal audit and Risk management/ compliance/ running whistle-blower program, bench-marking and so on.
Some of the role which a CAE can take up with appropriate safeguards:

  1. Facilitating creation of Risk Register
  2. Facilitating policy drafts and monitoring implementing of the same.
  3. Creating drafts of policy and procedures
  4. Compiling legal checklist
  5. Becoming part of steering committee/ groups
  6. Designing Dashboards and MIS for management reporting purposes

In less mature organization, CAE will be required to emphasize again and again on the “temporary nature” of the role played by CAE.

Reference: The Chief Audit Executive: Understanding the Role and Professional Obligations of a CAE 
The Chief Audit Executive’s (CAE) Roles and Responsibilities
Call for action:
Inputs/ comments/ suggestion: I welcome inputs/ comments / suggestions from readers on how to approach this issue. Feel free to correct me, educate me.
Share the Article: If you like it, share it. If you share it with others, and they comment, we all will get more learned.
(Disclaimer: The views expressed constitute the opinion of the author and the author alone; they do not represent the views and opinions of the author ’s employers, supervisors, nor do they represent the view of organizations, businesses or institutions the author is, or has been a part of.)

Exit mobile version