I have taken a special interest in Internal Audit as a career path for emerging CA’s.
When I was CFO in corporate, the role of the internal auditor was considered a necessary evil. In my case we decided to outsource the process and used one of the mid-tier auditing firms.
As internal audit was part of my responsibilities, I executed on the mandate but I always found the internal function overrated and essentially valueless. This was largely because the findings were petty and often mitigated by compensating controls.
It was here that my interest was first piqued. The head of the outsourced Internal Audit function was a delightful gentleman by the name of George Williams*. I have yet to meet an individual who has so much passion for the role of internal audit.
Through our many enjoyable chats, George kept reminding me of the real role of internal audit in the context of high level risk assurance.
George expounded his views:
Ideally, he said, Internal Audit should report to the Risk Committee. It’s functionality should start here and then cascade downwards, giving assurance on all aspects relating to risk.
Although I laughed it off at the time I actually was not surprised when this very same issue emerged at a discussion group that I attended at SAICA last year.
Besides being vague on the whole topic of integrated reporting and its consequences, I found the discussion enthralling. The issue that emerged was the identification and auditing of non-financial risk. The environment and social responsibility were the obvious ones.
But when the debate moved onto the external auditor’s capacity to sign off on an integrated audit report, it all became even more interesting.
Of course it is a very important question and no doubt poses some challenges for the profession as a whole.
However, when the panel was asked how non-financial risk will be assured, a very prominent lawyer and proponent of a number of issues related to governance, responded that the Internal Audit function was going to need to play a greater role in this process.
And then I got it!
Remembering that SA is a world leader on corporate governance (The King Reports, being a leading authorities on this topic) the career of internal audit will take on a completely different slant, creating new opportunities for CA’s (who have largely stayed away from internal audit for obvious reasons).
What also emerged which was even more intriguing was the fact that Integrated Thinking is really a risk identification process, especially as regards non-financial risk.
Here are two quite important things about this issue:
1. Investor need for longer term profit sustainability
2. Directors’ personal liability risk in terms of the new Companies Act
Both these aspects will drive the integrated thinking process forward. And accordingly the need to spend money on this assurance process will not be blocked.
In other words this issue is not going away. In fact it is just being born!
Hence the career of competent CA’s in the field of Internal Audit and Assurance is looking quite bright and exciting.
* George Williams is currently the CEO of BDO Risk Advisory Services (Pty) Ltd a division of the auditing and accounting firm BDO South Africa.