Independence (Grid 16)
Independence (Grid 16)
The independence of internal audit is an important factor in its claim to professional status and can be characterised in various ways: operational independence from management processes, independence of reporting line and independence as an individual’s state of mind. Attribute Standard 10 of Professional Practice of Internal Auditing promulgated by the Institute of Internal Auditors (UK) requires that ‘internal audit activity should be independent, and internal auditors should be objective in performing their work’.
As already shown, the internal auditors interviewed were usually not wholly independent from management processes. Typically they engaged in other activities, such as process review, which would lead them to audit processes that they themselves had recommended and perhaps designed. Internal auditors undertook ‘consulting’ activity or worked with departments to implement new systems. Internal
E MERGING I SSUES :E DUCATION ,C OMMUNICATION ,I NDEPENDENCE AND C HANGE 83
auditorsfacilitatedandtookpartinriskidentificationandassessment activities which were important parts of their businesses’ management and control systems.
Internal auditors had mixed views about this. On the one hand some recognised that complete independence was not possible.
You can’t be independent of a person who’s paying you at the end of the day. But you have to be prepared to stand your ground, you know, even though it is your boss who’s the finance director or the chief executive, or whoever it is you report to. If you believe that what you’re trying to tell him is right and he’s wrong, then you have to be prepared to stick with it and you have to be prepared to go to the chairman of the audit committee and say, the finance director and I are having a disagreement about this because, from an audit perspective, I think X and he thinks Y. (A)
At least two companies fiercely guarded the independence of internal audit, indicated by reporting directly to the audit committee rather than viathefinancefunction.
We are completely independent. … We all work for the audit committee. (B)
I feel quite comfortable now we are a group function reporting directly to the audit committee. (H)
Some auditors had firm views about activities that would compromise their independence. For example, one interviewee distinguished strongly between internal audit and management:
Risk-management is part of management assurance and internal audit should be communicating totally with the risk-management function, but has to be independent … it is management’s role to ensure that the controls they are relying on to mitigate those risks are actually working and are effective.
84 T HE T URNBULL R EPORT ,I NTERNAL C ONTROL AND R ISK M ANAGEMENT :
... and then my role is to provide independent assurance on the effectiveness of the management of all business risks. (Q)
And another said:
I don’t want our guy writing policy and procedures. (P) But at the same time a certain closeness to management was
desirable and an excessive concentration on independence would mean that the auditors would:
… Get removed from the reality of the business. (N) You have to get your hands dirty and actually get in there and add
something to the process. (P) This state of qualified independence seemed to demonstrate
commitment to the organisation and was inherent in an advisory role. Even so, internal audit could be more independent than external audit and was not a ‘vested interest’. (P)
External auditors can do consultancy – I don’t see internal audit doing that. (G)