RIAM:Overview: Rational Internal Audit Method - Introduction

From RiskWiki
Jump to: navigation, search

What is Internal Audit?

Fundamentally, Internal Audit is a data collection and analysis arm for management. It objectively collects, sifts, analyses, evaluates, projects, and reports data on which management make decisions. It acts as a calibrator with which management can assess and tune its performance.

Internal Audit (also called Management Review or Management Assurance) goes beyond merely assessing system compliance, by evaluating the efficiency and effectiveness of the systems reviewed and adding constructive advice directed at areas of key concern to management.

RIAM extends this concept to one of Management Assurance. It recognises that management risk can be seen to have one source: failure in the quality of systems. These include strategic and tactical decision systems, financial control systems, product and service design systems, production systems, marketing systems, reporting systems, and delivery systems.

TQM, which incorporates both Total Quality Control and KAIZEN schools of management thought, emphasises the need for:

  • Use of the scientific method and structured logical deduction to the isolation of causes and effects of production, management and marketing problems;
  • Focus on process rather than merely results;
  • Customers defined quality;
  • Management by consensus;
  • Rapid application of new technology - innovation;
  • Continuous improvement in all systems;
  • Adoption of a management philosophy emphasising:
    • People and Teams (including Suppliers and Customers)
    • Process Improvement
    • Training and Education
    • Statistical Quality Control
    • Statistical Process Control
    • Quality Assurance (Quality Planning and Quality Control); and
  • Cross functional management (as well as the conventional functional management).

Criticism of TQM often revolves around the high cost of implementation of the associated concepts of quality circles and suggestion systems used in the continuous improvement process, and the loss of direction that may be experienced if the process itself becomes uncontrolled. Merging Internal Audit into the TQM process offers one way to minimise the TQM implementation cost and directly and efficiently manage the quality improvement systems.

Why is Internal Audit Important?

Internal audit's principal concern is with quality of control systems and risk. Control is about mitigating management's risks. Risk can either be:

  • Transferred Eg: Insured, Incorporated, Factoring.
  • Tolerated Eg: Assumed or Ignored, Cost-Benefit Analysis.
  • Treated Eg: Controlled, Control Systems, Security.
  • Terminated Eg: Exit or cease the business line, operational area, division, etc.

Internal Audit provides the research, information, and analysis necessary for management to make an informed choice as to the appropriate handling of Risk.

What is the focus of Internal Audit?

The focus of Internal Audit reviews is to:

  • identify aspects of administration which demonstrate sound management practice; and
  • identify aspects of administration which should be improved; and
  • recommend appropriate (constructive and achievable) modifications and improvements.

Through interviews and preliminary collection, the end product of the audits should be focused, from the beginning, to the expectations of management.

Both external and internal audit aim to express opinions. The key differences are the scope of the opinions and the identity of the client:

  • External Audit expresses an opinion on the Financial Statements for the primary purposes of users of the financial statements such as share holders and creditors; while
  • Internal Audit expresses an opinion on the systems operating within the Co-operative in line with the Scope of Work (below) for the use of the Board of Directors and management.

How does Internal Audit deliver its service?

The underlying aim is for audit and management to come to an agreement over the nature, presentation of and approach to the findings of a review. Audit should aim to facilitate an atmosphere giving management confidence in directing audit to their areas of greatest concern, and saying what they wish.

The fundamental purpose of the audit is to:

Bring about excellence in systems design and operation.

To achieve this Internal Audit needs the cooperation of management because they ultimately have to act on Internal Audit's findings for the improvement to be realised. A consultative process from planning the audits to be undertaken, through the commencement of the audit, collection of data and finally the report and exit interview helps establish management ownership of the recommendations.

Internal Audit works at the direction of Audit Committee and management, on issues important to, and specified by these two groups. Generally work is prioritised in accordance with management's perceived risks.

What is the bottom line?

The existence of effective, properly resourced Internal Audit within an organisation is a powerful statement of management's dedication to:

  • quality,
  • probity,
  • accountability,
  • legality,
  • performance; and
  • integrity.

More than a statement, Internal Audit should have a noticeable positive impact on the organisation's performance in delivering it's product. It focuses on the "engine" leaving direction, product and service definition to management.


Back To The RIAM : Overview (Main)