The Accountant-May-June 2017
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Financial reporting and assurance<br />
WHERE WAS<br />
INTERNAL AUDIT?<br />
Reflecting on risk management responsibilities<br />
By CPA Gitare David Kariuki, gdkariuki@gmail.com<br />
It is common knowledge that<br />
executive management is ultimately<br />
responsible for managing enterprise<br />
risks. However, when corporate<br />
financial scandals come to light<br />
through whistle blowing, which studies<br />
show to be the leading means of<br />
uncovering occupational fraud and abuse,<br />
it is not uncommon to hear stakeholders<br />
and non-stakeholders alike asking the<br />
question; where was Internal Audit?<br />
According to the International<br />
Professional Practices Framework<br />
(IPPF), Internal Auditing is defined as<br />
independent, objective assurance and<br />
consulting services designed to add value<br />
and improve an organization’s operations<br />
by bringing a systematic, disciplined<br />
approach to evaluate and improve<br />
the effectiveness of governance, risk<br />
management and control processes. In the<br />
light of this definition, it is evident that an<br />
internal audit function has a role to play in<br />
supporting organizations to have in place<br />
an effective risk management framework<br />
that addresses among other risks, fraud<br />
risks. However, as the spot light shines<br />
on the internal audit function for failing<br />
to detect fraud, little discussion revolves<br />
around the role of the first and second<br />
lines of defense. <strong>The</strong> Institute of Internal<br />
Auditors (IIA) in its position paper dated<br />
January 2013 described the workings<br />
of a “three lines of defense” model in<br />
effective risk management and control<br />
that organizations ought to have in place.<br />
6 MAY - JUNE <strong>2017</strong>