The Accountant-May-June 2017

More documents

Recommendations

Info

Financial reporting and assurance WHERE WAS INTERNAL AUDIT? Reflecting on risk management responsibilities By CPA Gitare David Kariuki, gdkariuki@gmail.com It is common knowledge that executive management is ultimately responsible for managing enterprise risks. However, when corporate financial scandals come to light through whistle blowing, which studies show to be the leading means of uncovering occupational fraud and abuse, it is not uncommon to hear stakeholders and non-stakeholders alike asking the question; where was Internal Audit? According to the International Professional Practices Framework (IPPF), Internal Auditing is defined as independent, objective assurance and consulting services designed to add value and improve an organization’s operations by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of governance, risk management and control processes. In the light of this definition, it is evident that an internal audit function has a role to play in supporting organizations to have in place an effective risk management framework that addresses among other risks, fraud risks. However, as the spot light shines on the internal audit function for failing to detect fraud, little discussion revolves around the role of the first and second lines of defense. The Institute of Internal Auditors (IIA) in its position paper dated January 2013 described the workings of a “three lines of defense” model in effective risk management and control that organizations ought to have in place. 6 MAY - JUNE 2017
Financial reporting and assurance The model distinguishes among three groups (or lines) involved in effective risk management: • Functions that own and manage risk by implementing corrective actions to address process and control deficiencies (operation management) • Functions that oversee risks and assist management in developing processes and controls to manage risks (risk management and compliance functions) • Functions that provide independent assurance on the effectiveness of governance, risk management and internal controls including the manner in which the first and second lines of defense achieve risk management and control objectives (internal audit function) The position paper goes on to state that the “three lines of defense” model is best implemented with the active support and guidance of the organization’s governing body and senior management. Separately, the IPPF recommends a dual reporting relationship for the head of the internal audit function; to senior management and the Board. In light of these authoritative views, are what we call internal audit failures in fact failures of management and the Board? Practice today is that the head of internal audit functionally reports to the Board’s audit committee. The IPPF describes functional reporting by way of examples to include: • Approving the internal audit charter; • Approving the risk based internal audit plan; • Approving the internal audit budget and resource plan; • Receiving communications from the head of internal audit on the internal audit activity’s performance relative to its plan and other matters; • Approving decisions regarding the appointment and removal of the head of internal audit; • Approving the remuneration of the head of internal audit; and • Making appropriate inquiries of management and the head of internal audit to determine whether there are inappropriate scope or resource limitations As functional supervisors of the internal audit function, should stakeholders start asking; where was the Board’s audit committee? Brown Governance Institute (BGI), a respected thought leader in corporate governance issued a publication in 2011 titled ‘Boardroom Behaviour and Governance’. The publication explored the symptoms of good and bad boardroom behavior and recommended great tools and resources that can help Boards improve boardroom behavior and from these, strategies that can immensely assist Board audit committees to effectively supervise internal audit functions. The foregoing narratives do not seek to entirely absolve internal audit functions from internal control failures. The IPPF through its attribute standards requires internal audit engagements to be performed with proficiency and due professional care, and that internal auditors independence and objectivity must not be impaired in fact or appearance. In addition, the head of internal audit is required to develop and maintain a quality assurance and improvement program (QAIP) that covers all aspects of the internal audit activity. Specifically, external assessments must be conducted at least once every five years by a qualified, independent assessor or assessment team from outside the organization. When non-conformance with the Definition of Internal Auditing, the Code of Ethics, or the IPPF impacts the overall scope or operation of the internal audit activity, the head of internal audit must disclose the non-conformance and the impact to senior management and the board. In conclusion, it should not be lost on stakeholders and other interest groups that the organization’s management has the primary responsibility for managing risks. This means that operational and executive management is responsible for identifying, analyzing, evaluating, treating, monitoring and reviewing risks. The second and third lines of defense provide support to operational and executive management but must not accept responsibility for any of the risk management steps. The Board’s audit committee or its equivalent is mandated to effectively supervise the internal audit function and is strategically placed to counsel executive management on risk management priorities and strategies. Board audit committees or their equivalent should consider assessing themselves against BGI’s ‘Boardroom Behavior and Governance’ standards. Finally, effective internal audit functions are those that fully comply with the IPPF. References: 2013 International Professional Practices Framework (Institute of Internal Auditors website) Debra L. Brown and David A. H. Brown, Boardroom Behaviours and Governance (2011) 2016 Report to the Nations on Occupational fraud and Abuse (Association of Certified Fraud Examiners website) IIA Position Paper, The Three Lines of defense in Effective Risk Management and Control (2013) MAY - JUNE 2017 7
Page 1 and 2: JOURNAL OF THE INSTITUTE OF CERTIFI
Page 3 and 4: TABLE OF CONTENTS 26 COVER STORY Wi
Page 5 and 6: EDITORIAL Dear Reader, The matter o
Page 7: Financial reporting and assurance T
Page 11 and 12: Business Practice and Development I
Page 14 and 15: Business practice and development O
Page 16 and 17: Economy THE IMPACT OF HYPERINFLATIO
Page 18 and 19: Management THE POWER OF PERSUASION
Page 20 and 21: MANAGEMENT UNDERSTANDING THE RISK M
Page 22: MANAGEMENT Gor Mahia fans engaging
Page 25 and 26: Finance and Investment will also ne
Page 27 and 28: Information Technology DATA GOVERNA
Page 29 and 30: COVER STORY Daniel Susskind, a lect
Page 31 and 32: CPA Centre TO LET Structure • Ele
Page 33 and 34: governance the generation of a plan
Page 35 and 36: Public Policy Auditor General Edwar
Page 37 and 38: Public Policy and ensure government
Page 39 and 40: WORK PLACE If you are in the catego
Page 41 and 42: WORK PLACE Wherever, you find yours
Page 43 and 44: WORK PLACE Does this thought ever c
Page 45 and 46: WORKPLACE working remotely and bein
Page 47 and 48: WORK PLACE Being self-employed mean
Page 49 and 50: INSPIRATION don’t always come tru
Page 52 and 53: SOCIETY POSTPARTUM DEPRESSION IS A
Page 54 and 55: SOCIETY immediate family members an
Page 56 and 57: ENVIRONMENT Society in collaboratio
Page 58 and 59:
HEALTH DEALING WITH CONSTIPATION Co
Page 60 and 61:
HEALTH lower back, using your arms
Page 62 and 63:
TID BITS Below are selected article
Page 64 and 65:
BOOK REVIEW Reviewed by Angela Muti
Page 66 and 67:
STAR OF THE MONTH STAY FOCUSED A gr
Page 68 and 69:
TRAVEL By Clive Mutiso, clivemutiso
Page 70 and 71:
KAMPALA ««««« PICTORIAL PROGRE
Page 72 and 73:
ACCOUNTABLE RECIPES By Sharon Gaton
Page 74 and 75:
PEN OFF questions effectively open
show all

The Accountant-May-June 2017

Create successful ePaper yourself

Delete template?

Save as template?