Governments and not-for-profit organizations come in all shapes and sizes. They range from large to small, urban to rural, high-profile to low-profile, and very complex to relatively simple. However, they all share some commonalities, such as the need to comply with regulatory requirements and service demands that typically exceed their capacity. These common characteristics warrant a culture and operations focused on protecting and optimizing assets and resources.
Due in large part to the Great Recession, governments and not-for-profits are relying more on their internal audit functions to safeguard assets, demonstrate transparent decision making, and achieve efficient and effective operations. To do so, they’ve required internal auditors to break out of their traditional focus on internal controls and expand their purview to overall management and operational performance. In addition, internal audit groups are being asked to move beyond providing findings to also delivering solutions, recommending policy and procedure changes, process improvements, and training.
This paradigm shift is growing. Cities, counties, special-purpose districts, state departments, institutions of higher education, tribes, federal agencies, charities, associations, foundations, cultural institutions, and other not-for-profit organizations alike are expecting more from their internal audit functions or are adding an internal audit function for the first time. Whether you rely solely on internal audit employees, supplement your internal team with specialized external expertise, or completely outsource your internal audit function, here are three essentials to a more holistic and impactful approach to internal audit.
Think Beyond Controls
Internal controls play a critical role in protecting assets and resources and processing and reporting timely financial information. However, internal audit activities shouldn’t stop with internal controls. They should also focus on assessing enterprise risk—analyzing people, processes, facilities, and systems—as well as evaluating performance. By taking a more holistic approach to internal audit that encompasses internal controls, risk management, and performance, organizations can create a culture of safety, transparency, efficiency, and effectiveness.
Provide Practical Solutions
Have you ever heard the statement: “The last thing I need is another finding”? One of the most common criticisms of internal auditors is that they only provide general recommendations, limiting themselves to identifying the need to develop missing policies, update outdated procedures, simplify processes, or increase effectiveness. But internal auditors are uniquely positioned to deliver solutions, because they can evaluate situations independently and objectively. The next step is sharing best practices from other organizations, helping to guide the process of implementing robust policies and procedures, streamlined processes, and enhanced performance through strong communication, collaboration, coordination, reporting, and decision making.
Collaboration and independence aren’t mutually exclusive. One of the greatest misconceptions is that internal auditors and auditees can’t partner to make improvements. In fact, the opposite is true: without collaboration, an organization’s ability to achieve improvements is inherently limited. Through collaboration, auditors can gain the insights of auditees, verify facts, and test the practicality of recommendations. So as an auditor, think outside the box, and work with your auditees rather than on them. As an auditee, seek out best practices from your auditors and tap their expertise for practical advice.
Pulling It All Together
Auditees realize a superior return on investment in internal audit activities when internal auditors:
- Address controls, risks, and performance
- Focus on delivering practical solutions
- Work collaboratively with auditees
Learn more by contacting your Moss Adams professional.