Free «The Role of Internal Auditing in Enterprise-Wide Risk Management» Essay Sample
Table of Contents
Internal audit is a process that is carried out in the company in order to analyze the accounting and internal control. Nowadays, internal audit extends its functions and covers various areas of the enterprise. This process helps the company to identify the degree of risk in a particular transaction as well as to develop specific strategies to reduce it. The internal audit is aimed at increasing the effectiveness of the institution and obtaining information about the shortcomings of the financial system of the company. Risk management is a relatively new phenomenon for the enterprises in the global market. Despite the fact that risk management is not implemented in the active management of various companies, enterprises are paying more attention to internal audit. It gradually begins to equate to the external control because of its strategic importance and necessity. The most popular areas of use are the sale of assets and mergers and acquisitions of various companies. Today's business environment requires focusing the attention on this kind of audit and evaluating its strategic role in the enterprise management of business risks.
The Role of the Audit Committee in Decision-Making Related to Risks
The audit committee does not report to the executive bodies of the company. The main features of the work of this committee are independence, objectivity, loyalty, responsibility, confidentiality. In most cases, audit committees are responsible not for all risks of the enterprise. In the main, their activities involve risks that are relevant to the preparation of the financial statements, information technology, and compliance with laws, standards, and requirements. They monitor the new processes and observe the progress of the old ones. These committees provide an overall picture of the financial position of the company and provide this information to potential investors. Information includes data on a variety of financial and non-financial indicators that will enable us to analyze and evaluate the whole situation from the inside. The important point is to predict the development of the company in a particular market segment, given the number of competitive factors and industry-specific. The committee's duties also include assessing the company's ability to provide itself with money in both the short and long term. Like any other type of analysis, internal audit is to measure the nature of operations, as well as information about the variability of cash flows of the company. Evaluation of transactions for the purchase and sale of assets is considered to be the most important functions of the audit committee.
Different companies make extensive use of technology risk management in its operations in order to reduce the number of unsuccessful operations. To achieve its goals and increase profits, the firm can participate in high-risk transactions, thereby jeopardizing the reputation and income. In most cases, risk management is a preventive measure, which is of great value to the enterprise. For example, HSE (Health and Care Security) recently developed a system and a classification of different risk exposures, which can be used by other companies, thereby protecting themselves from unwanted outcome of the transactions.
Risk Management and Policy
Business theorists state, “risk management functions and approaches at major financial firms continue to evolve at a very rapid rate” (Basel 3). In order to do its jobs effectively, the audit committee should possess specific knowledge and skills. Theoretical knowledge and practical approach are equally necessary for the proper performance of the audit work. It is advisable to highlight some key points that should be considered in this case. First of all, managers need to organize this procedure in obedience to the system of a particular enterprise. Provided that management is able to identify and describe all the goals of the company, the internal audit will be able to ascertain the range of control and risk management more accurately. In the second place, the audit committee has to find out how the risk evaluation takes place in the operation. The probability of the risk and damage to the company is considered to be the most tangible indicators that must be taken into account in risk management. The complete information on capital risks should be given to the Board for making the final decision. One of the principal areas of internal audit is the analyzing of the capital risks that are directly related to such phenomena as corruption and bribery. These risks require special attention since the integrity management is the key to the success of operations and improving the profitability of the company. Precautions are necessary to maintain a positive image of the organization and the formation of an integrated system of the organization, which will have no omissions. The audit committee has to be in cooperation with other agencies of the company, such as the board of directors and other committees. This cooperation will help to improve the system of financial control and minimize losses. The internal auditors can also play an advisory role, which will be useful in the analysis of the company's resources and capabilities. Such areas as authorization of transactions with assets, data logging operations, safeguarding the assets, the implementation of the inventory are the responsible tasks for this committee. Provided that all the principles of the company are met, the internal audit is considered to be effective when the performance indicator exceeds the index value. The principal task of the internal audit in the sphere of the enterprise-wide risk management is a complete analysis of all aspects and conditions under which the transaction should be concluded. It is recommended to define the strengths and weaknesses of the organization, evaluated the stability of its position in the social systems of higher order, as well as the prospects for its development.
The internal audit performs a variety of functions, among which there are three main areas. The first category, which includes the role of risk assessment and approval processes, is the most important among them. The second category consists of functions that are designed for the implementation and development of the risk management system with its further improvement. The third category includes those tasks for which the internal audit is not responsible. Such distribution is necessary for the efficient operation and good performance of the core functions of the internal audit.The internal audit plays an advisory role, but it cannot make management decisions on its own. If there is a misunderstanding between the audit committee and board of directors, the latter always makes the final decision. Auditors' conclusions have an indirect influence on the decisions and consult the various organs and departments.Sometimes different circumstances may affect the objectivity of the internal audit findings. In this situation, the scope of activities of the risk committee narrows and functions reduce for the work to be directed in the right direction.The above concepts and features should be taken into account when considering the scope of the internal audit activity. Depending on the situation, the internal audit functions expand or contract.
The Risk of the Corruption of Data and Process of Internal Control
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) emphasizes several points. The main function is identified, “assist management and the board of directors or audit committee by examining, evaluating, reporting on and recommending improvements to the adequacy and effectiveness of the entity’s enterprise risk management” (COSO 88). In addition, there are some more tasks for audit committee. Theorists state the functions, “assisted in identifying risks, facilitated risk workshops, integrated and aggregated information from the workshops, helped develop ERM processes, and generated risk reports” (Walker et al. 16). The sphere of financial transactions is crucial to the audit committee, so it should be given attention for several good reasons. In the first place, it should take into account all the situations in which there is a risk that could have the effect of distorting the financial statements. Such measures are needed in order to provide a prudent policy and limit the losses of the company. The next item is the evaluation of the integrity of the managers. The employees must be highly motivated to perform their functions accurately and coherently. The staff should also pay attention to the information that comes into the organization through anonymous information channels.
The system of the internal control and enterprise risk management is among the most important areas of fiscal and accounting actions of the enterprise. The internal audit is effective if it meets the needs of the enterprise regarding the control of operations, prevention of fines and penalties for incorrect actions. A high level of risk of various operations, as well as fraud in transactions with high interest and non-standard operations, forces companies to take precautions. At the present stage of development of management and the organization of companies, the internal control is regarded to be a principal factor in the enterprise-wide risk management.