By Viwe Mdyosi
18 May 2023: The month of May is celebrated as Internal Audit Awareness Month to recognise the importance of internal auditors in driving companies forward.
In a country struggling with issues like poor management, brand reputation and resource wastage, this month presents an opportunity to educate stakeholders and the public about the crucial role of internal audit in guiding effective processes to promptly resolve issues, safeguard brand reputation, prevent resource waste, and promote growth across all businesses, in both the private and public sectors.
The discussions about internal audit should raise awareness of the importance of internal auditing and its value in curbing fraud, corruption, and wastage. The goal should be to both dispel myths about the profession and to enhance the business community’s understanding of the crucial role internal audit plays in fostering robust governance, effective risk management and internal control.
As the world changes and new risks emerge, internal audit becomes even more essential to enable businesses to achieve their business strategic objectives. This is accomplished through independent and objective quality assurance and consulting engagements which entail understanding business risks, developing risk-based audits, identifying gaps in the control system, and recommending improvements.
In November 2022, the Auditor General South Africa (AGSA) released the 2021/22 general report on material irregularity for national and provincial departments and their entities. The report revealed that government has lost an estimated R12 billion due to suspected fraud and non-compliance with legislation. Furthermore, according to a 2022 Analysis of Corruption Trends report, the private sector accounts for 25% of complaints related to abuse of authority, bribery and extortion and procurement and employment irregularities.
Given this context, internal audit plays a crucial role in identifying and reinforcing the gaps that allow fraudulent and non-compliant practices to occur in both the private and public sectors.
This is done through independent and objective assurance and consulting engagements as mandated by the organisation’s audit and risk committee, by understanding strategic objectives, understanding business risks in line with set objectives, developing risk-based audits to assess whether the business has implemented controls that are sufficient to mitigate risks, highlight gaps in the controls system, and by recommending improvement and ultimately provide assurance to the audit and risk committee on the overall control maturity in the business.
Internal audit is there to drive improvement through improved governance and risk management processes.
Among the lessons that we have learned at Servest over the past 25 years is the importance of internal audits in driving efficiencies and enhancing improvements across the different business units. Furthermore, internal audit has played a crucial role in improving the control environment across our company. Through internal audits, collaboration with management, and risk-based audits, there has been a significant improvement in governance processes, including initiatives of that encourage embedding a risk-adverse culture and managing risks through effective controls.
With the Covid-19 pandemic having caused numerous setbacks to operations in many organisations across the private and public sectors, internal audit can assist in assessing strategies put in place by management to manage costs and retain clients, as well as predict whether the desired outcomes will be achieved. Internal audit can also identify indicators of fraud and provide reasonable assurance on the adequacy and effectiveness of existing controls related to fraud detection or prevention.
To ensure compliance with emerging regulations related to environmental, social, and governance (ESG) initiatives and navigate the implications of these measures, internal audit plays an important role in strengthening the second line of defence as it puts measures in place to identify, incorporate, and prioritise emerging legislation as part of business processes. Effective implementation of internal audit also assists management in enhancing the organisation’s capacity to identify, evaluate, and mitigate cyber security risks to an acceptable extent.
It’s important for organisations to understand their enterprise risk management maturity, dynamic risks, and risk tolerance processes, to prioritise critical or high risks and in turn ensure that they have mitigation plans in place.
Management should be proactive in identifying and mitigating risks, especially those highlighted by internal audit as critical. Internal auditors have a responsibility to continuously improve their knowledge and skills and educate colleagues across the business about the importance of adherence to laws, regulations, procedures, policies, and the implications of non-adherence, in accordance with international internal audit standards; and that they must never compromise in adhering to these.
Viwe Mdyosi is an internal audit manager at facilities management company – Servest. He has over 10 years of experience in the field.
