Formal staff meetings provide the best opportunity for ensuring that issues are addressed timely and efficiently. In The Practice of Modern Internal Auditing, Sawyer states that one reason for staff meetings is to explain “routine administrative matters, to teach new techniques, and even to let off steam.” For example, staff members should be able to raise questions about ineffective procedures, promotions, salaries, or other problems.
Monday, September 23, 2013
Formal Staff Meetings!!!!
Formal staff meetings provide the best opportunity for ensuring that issues are addressed timely and efficiently. In The Practice of Modern Internal Auditing, Sawyer states that one reason for staff meetings is to explain “routine administrative matters, to teach new techniques, and even to let off steam.” For example, staff members should be able to raise questions about ineffective procedures, promotions, salaries, or other problems.
Tuesday, July 16, 2013
SARBANES-OXLEY OVERVIEW: KEY INTERNAL AUDIT CONCERNS
The official name for this U.S. federal legislative act to regulate the accounting
and auditing practices of publicly traded companies is the “Public Accounting
Reform and Investor Protection Act.” It became law in August 2002 with some
INTERNAL AUDIT IN THE TWENTY-FIRST CENTURY: SARBANES-OXLEY AND BEYOND
detailed rules and regulations still being released, some over two years later as
this book went to press. The law’s title being a bit long, business professionals
generally refer to it as the Sarbanes-Oxley Act from the names of its congressional
principal sponsors, and it is referred to as SOA throughout this book.
Others refer to the law with the name SOX.
SOA has introduced a totally changed process of issuing external auditing
standards, reviewing external auditor performance, and giving new governance
responsibilities to senior executives and board members. Among other matters,
the SEC has taken over the process for establishing auditing standards from the
AICPA through the Public Company Accounting Oversight Board (PCAOB).
This board also monitors external auditor professional ethics and performance.
As happens with all comprehensive federal laws, an extensive set of specific regulations
and administrative rules is being developed from the broad guidelines
in the SOA text, and the SEC has been given that responsibility.
The provisions of the SOA also have a major impact on internal auditors, particularly
in U.S. publicly traded organizations. Internal audit now must act somewhat
differently in their dealings with audit committees, senior—and in particular
financial—management, and external auditors. Because of the breadth of U.S.
business throughout the world, SOA has an impact on virtually all internal auditors.
The effective modern internal auditor should develop a general understanding
of SOA’s provisions as well as its specific provisions affecting internal audit.
U.S. federal laws are organized and issued as separate sections of legislation
called Titles with numbered sections and subsections under each. Much of the
actual SOA text only mandates rules to be issued to the responsible agency, the
SEC for SOA. These upcoming specific SOA rules to be developed by the SEC
may or may not be significant to most internal auditors. For example, Section 602
(d) of Title I states that the SEC “shall establish” minimum professional conduct
standards or rules for SEC practicing attorneys. While perhaps good to know, an
internal auditor will typically not be that concerned about these specific rules yet
to be promulgated. Others may be of more interest to internal auditors. Section
407 of Title I again says that the SEC will set rules requiring the disclosure that at
least one audit committee member must be a “financial expert.” While this definition
of a “financial expert” is subject to ongoing interpretation, this is important
information for a chief audit executive (CAE) who will be dealing with both members
of the audit committee and senior management. That “financial expert” will
or should have some understanding of an effective internal controls review process
as well as audit committee and internal audit interactions. Since this “financial
expert” may very well be new to the organization’s audit committee, this may
be a key liaison contact for internal audit.
and auditing practices of publicly traded companies is the “Public Accounting
Reform and Investor Protection Act.” It became law in August 2002 with some
INTERNAL AUDIT IN THE TWENTY-FIRST CENTURY: SARBANES-OXLEY AND BEYOND
detailed rules and regulations still being released, some over two years later as
this book went to press. The law’s title being a bit long, business professionals
generally refer to it as the Sarbanes-Oxley Act from the names of its congressional
principal sponsors, and it is referred to as SOA throughout this book.
Others refer to the law with the name SOX.
SOA has introduced a totally changed process of issuing external auditing
standards, reviewing external auditor performance, and giving new governance
responsibilities to senior executives and board members. Among other matters,
the SEC has taken over the process for establishing auditing standards from the
AICPA through the Public Company Accounting Oversight Board (PCAOB).
This board also monitors external auditor professional ethics and performance.
As happens with all comprehensive federal laws, an extensive set of specific regulations
and administrative rules is being developed from the broad guidelines
in the SOA text, and the SEC has been given that responsibility.
The provisions of the SOA also have a major impact on internal auditors, particularly
in U.S. publicly traded organizations. Internal audit now must act somewhat
differently in their dealings with audit committees, senior—and in particular
financial—management, and external auditors. Because of the breadth of U.S.
business throughout the world, SOA has an impact on virtually all internal auditors.
The effective modern internal auditor should develop a general understanding
of SOA’s provisions as well as its specific provisions affecting internal audit.
U.S. federal laws are organized and issued as separate sections of legislation
called Titles with numbered sections and subsections under each. Much of the
actual SOA text only mandates rules to be issued to the responsible agency, the
SEC for SOA. These upcoming specific SOA rules to be developed by the SEC
may or may not be significant to most internal auditors. For example, Section 602
(d) of Title I states that the SEC “shall establish” minimum professional conduct
standards or rules for SEC practicing attorneys. While perhaps good to know, an
internal auditor will typically not be that concerned about these specific rules yet
to be promulgated. Others may be of more interest to internal auditors. Section
407 of Title I again says that the SEC will set rules requiring the disclosure that at
least one audit committee member must be a “financial expert.” While this definition
of a “financial expert” is subject to ongoing interpretation, this is important
information for a chief audit executive (CAE) who will be dealing with both members
of the audit committee and senior management. That “financial expert” will
or should have some understanding of an effective internal controls review process
as well as audit committee and internal audit interactions. Since this “financial
expert” may very well be new to the organization’s audit committee, this may
be a key liaison contact for internal audit.
“WHERE WERE THE AUDITORS?” STANDARDS FAILURE
source:Brink, Sawyer modern auditing .
The corporate accounting scandals and bankruptcies that surfaced in the early
days of this twenty-first century, including Enron, WorldCom, and others, all happened
in the same general time frame. Although these scandals did not raise
questions about the quality and integrity of internal auditors, CPA certified external
auditors were faced with multiple questions along the theme of “where were
the auditors”? These external auditors were responsible for auditing the books
and certifying that the financial statements were fairly stated. It is easy to suggest
that the once highly regarded but now gone Arthur Andersen represented what
had gone wrong with the major public accounting firms. Andersen had promised
to improve its processes as part of a settlement with the SEC regarding botched
audit procedures at Waste Management several years earlier. Andersen, however,
evidently shrugged off that settlement the way a driver shrugs off the ticket for
being caught in a speed trap. When they were implicated with Enron, regulators
at the SEC soon honed in on Andersen’s procedures. Enron’s internal audit function
had been outsourced to Andersen with the two audit groups essentially
speaking in one voice, Andersen seemed to be more interested in providing consulting
services to Enron than auditing its financial statements, and many Andersen
auditors were quickly rewarded with senior management positions at Enron
after brief periods on the financial internal audit staff.
Although Andersen was the center of attention for Enron, other external audit
practices soon faced questioning. Based on off-the-books accounts, corporate
executive greed, and other matters, it soon became apparent that some audited
financial statements were not all fairly stated, per the traditional CPA/auditing
terminology. Many situations were soon highlighted where the external auditors
had missed some massive errors and frauds in their reviews of organization
financial statements. Too often, the major public accounting firms were accused as
selling their auditing services as a “loss leader” with the objective of using that
audit work to gain assignments in more lucrative areas such as consulting or tax
advisory. To many observers, the whole concept of “independent outside auditors”
was seriously questioned. How could a team of outside auditors be independent,
the critics asked, if key members of the financial staff had just recently
been serving as auditors and then had accepted positions on the “other side.”
There were too many close ties, making independent, objective decisions difficult.
With a very few exceptions, there also was little evidence of internal auditors
raising issues at these accounting-scandal-implicated corporations. Many of
the internal audit departments at these corporations accused of accounting fraud
had been “outsourced” to their responsible external audit firms. Prior to Enron’s
fall, there were published reports describing the “great partnership” that existed
between the Arthur Andersen managed internal audit function at Enron and the
Andersen external auditors. They shared offices, shared resources, and spoke
essentially in one voice. This was really in contrast to the somewhat uneasy alliances
that independent internal audit functions sometimes had had with their
external auditors in the past. Although these internal audit outsourcing arrangements
had been in place for many corporations over some years, the Enron situation
raised many questions about the independence and objectivity of these
outsourced internal auditors.
BACKGROUND: CHANGES IN FINANCIAL AUDITING STANDARDS
Some internal auditors often avoided financial auditing issues in past years. They
took pride in their skills as operational auditors and reserved financial auditing
tasks to their external audit firm. Those external auditors reviewed financial controls
and records leading up to the issuance of annual financial statements along
with their auditor’s reports on the fairness of those financial statements. Given
their operational audit and internal controls skills, many internal auditors supported
their external auditors over the years. This arrangement began to change
somewhat during the 1990s. The major public accounting firms up through about
the year 2002—then called “the Big 5”—began to take responsibility for organizational
internal audit functions through what was called outsourcing. Through an
INTERNAL AUDIT IN THE TWENTY-FIRST CENTURY: SARBANES-OXLEY AND BEYOND
22
arrangement with the audit committee, many internal auditors at that time found
themselves to be employees of their external audit firms continuing to perform
internal audits but under the management of their external auditors.
These outsourcing arrangements offered advantages to some internal auditors.
Reporting to a large external audit firm, many outsourced internal auditors
found greater opportunities for access to continuing education or the possibility to
make promotional career transfers to other organizations. Outsourcing somewhat
changed the tone of many of these internal audit functions. The public accounting
firms managing an internal audit group tended to focus the attention of their
internal audit resources more on audits in support of financial controls rather than
operational issues. Although not every internal audit function was outsourced,
this trend continued through the late 1990s in many major corporations.
As the 1990s ended, businesses were faced with predictions of computer
systems and other process-related disasters as part of the Y2K millennium
change to the year 2000. Although the millennium arrived with no major problems,
the following year, 2001, brought with it some real disasters for U.S.
accountants, auditors, and business in general. The long-running stock market
boom, fueled by “dot-com” Internet businesses, was shutting down with many
companies failing and with growing ranks of unemployed professionals. Those
same boom years spawned some businesses following new or very different
models or approaches. One that received considerable attention and investor
interest at that same time was Enron, an energy trading company. Starting as a
gas pipeline company, Enron developed a business model based on buying and
selling excess capacity first over their and competitor’s pipelines and then moving
on to excess capacity trading in many other areas. For example, an electrical
utility might have a power plant generating several millions of excess kilowatt
hours of power during a period. Enron would arrange to buy the rights to that
power and then sell it to a different power company who needed to get out of a
capacity crunch. Enron would earn a commission on the transaction.
Enron’s trading concept was applied in many other markets such as telephone
message capacity, oil tankers, water purification, and in many other
areas. Enron quickly became a very large corporation and really got the attention
of investors. Its business approach was aggressive, but it appeared to be profitable.
Then, in late 2001, it was discovered that Enron was not telling investors the
true story about its financial condition. Enron was found to be using off-balance
sheet accounting to hide some major debt balances. It had been transferring significant
financial transactions to the books of unaffiliated partnership organizations
that did not have to be consolidated in Enron’s financial statements. Even
worse, the off-balance sheet entities were paper-shuffling transactions orchestrated
by Enron’s chief financial officer (CFO) who made massive personal profits
from these bogus transactions. Such personal transactions had been
prohibited by Enron’s Code of Conduct, but the CFO requested the board to formally
exempt him from related code violations. Blessed by the external auditors,
the board then approved these dicey off-balance sheet transactions. Once publicly
discovered, Enron was forced to roll these side transactions back in to
Enron’s consolidated financial statements and forcing a restatement of earnings.
Certain key lines of credit and other banking transactions were based on its
3.1 BACKGROUND: CHANGES IN FINANCIAL AUDITING STANDARDS
23
pledge to maintain certain financial health ratios. The restated earnings put
Enron in violation of these agreements. What once had looked like a strong,
healthy corporation, Enron was soon forced to declare bankruptcy.
Because Enron was a prominent company, there were many “how could this
have happened?” questions raised in the press and by government authorities.
Another troubling question was, “where were the auditors?” Commentators felt
that someone would have seen this catastrophe coming if they had only looked
harder. The press at the time was filled with articles about Enron’s fraudulent
accounting, the poor governance practices of Enron’s board, and the failure of its
external auditors. The firm Arthur Andersen had served as Enron’s external auditors
and had also assumed responsibility for its internal audit function through
outsourcing. With rumors that the SEC would soon be on the way to investigate
the evolving mess, Andersen directed its offices responsible for the Enron audit to
“clean up” all records from that audit. The result was a massive paper shredding
exercise, giving the appearance of pure evidence destruction. The federal government
moved quickly to indict Andersen for obstruction of justice because of this
document shredding, and in June 2002, Andersen was convicted by a Texas jury
of a felony, fined $500,000 and sentenced to five years’ probation. With the conviction,
Andersen lost all public and professional trust and soon ceased to exist.
At about the same time, the telecommunications firm WorldCom disclosed
that it had inflated its reported profits by at least $9 billion during the previous
three years, forcing WorldCom to declare bankruptcy. Another telecommunications
company, Global Crossing, also failed during this same time period when
its shaky accounting became public. The cable television company Adelphia
failed when it was revealed that its top management, the founding family, was
using company funds as a personal piggy bank, and the CEO of the major conglomerate
Tyco was both indicted and fired because of major questionable financial
transactions and personal greed. Only a few examples are mentioned here;
in late 2001 and through the following year, 2002, many large corporations were
accused of fraud, poor corporate governance policies, or very sloppy accounting
procedures. Exhibit 3.1 highlights some of these financial failures. The press, the
SEC, and members of Congress all declared that auditing and corporate governance
practices needed to be fixed.
These financial failures helped to introduce some major changes to what had
been well-established financial auditing standards and practices. They caused
government regulators as well as the investment community to question and then
reform the financial auditing standards setting process and a wide range of public
accounting firm practices. Many organizations’ CEOs and CFOs were characterized
as being more interested in personal gain than in serving shareholders, audit
committees were often characterized as not being sufficiently involved in organizational
transactions, and external auditors and their professional organization,
the American Institute of Certified Public Accountants (AICPA) received major
criticism. Outsourced internal auditors caught this criticism as well; they were
viewed as being tied too closely to their external audit firm owners. Many other
previously accepted practices, such as the self-regulation of public accounting
firms, were seriously questioned. By self-regulation, we refer to the AICPA’s peer
review process, where public accounting firm A would be given the responsibility
INTERNAL AUDIT IN THE TWENTY-FIRST CENTURY: SARBANES-OXLEY AND BEYOND
24
to review standards and practices for firm B. Knowing that firm B might be
assigned to come back and review A a few years into the future, few firms ever
found that much critical to say about their peers.
These financial scandals caused many changes with the passage in 2002 of the
Sarbanes-Oxley Act (SOA) as the most significant event. SOA establishes regulatory
rules for public accounting firms, financial auditing standards, and corporate
governance. Through SOA, the public accounting profession has been transformed,
the AICPA’s Auditing Standards Board (ASB) has lost its authority for
setting auditing standards, and the rules have changed for corporate senior executives,
boards of directors, and their audit committees. A new entity, the Public
Corporation Accounting Overview Board (PCAOB) has been established, as part
of SOA and under the SEC to set public accounting auditing standards and to
oversee individual public accounting firms. Although not directly covered in the
legislation, SOA also has very much affected internal auditors as well.
This chapter discusses this very significant public accounting standards setting
and corporate governance legislation, the Sarbanes-Oxley Act (SOA), with an
emphasis on its aspects that are most important to internal auditors. SOA and the
PCAOB represent the most major change to public accounting, financial reporting,
and corporate governance rules since the SEC was launched in the 1930s.
SOA represents the most important set of new rules for auditing and internal
auditing today. The effective internal auditor should have a good understanding
of these new rules and how they apply to today’s practice of internal auditing.
took pride in their skills as operational auditors and reserved financial auditing
tasks to their external audit firm. Those external auditors reviewed financial controls
and records leading up to the issuance of annual financial statements along
with their auditor’s reports on the fairness of those financial statements. Given
their operational audit and internal controls skills, many internal auditors supported
their external auditors over the years. This arrangement began to change
somewhat during the 1990s. The major public accounting firms up through about
the year 2002—then called “the Big 5”—began to take responsibility for organizational
internal audit functions through what was called outsourcing. Through an
INTERNAL AUDIT IN THE TWENTY-FIRST CENTURY: SARBANES-OXLEY AND BEYOND
22
arrangement with the audit committee, many internal auditors at that time found
themselves to be employees of their external audit firms continuing to perform
internal audits but under the management of their external auditors.
These outsourcing arrangements offered advantages to some internal auditors.
Reporting to a large external audit firm, many outsourced internal auditors
found greater opportunities for access to continuing education or the possibility to
make promotional career transfers to other organizations. Outsourcing somewhat
changed the tone of many of these internal audit functions. The public accounting
firms managing an internal audit group tended to focus the attention of their
internal audit resources more on audits in support of financial controls rather than
operational issues. Although not every internal audit function was outsourced,
this trend continued through the late 1990s in many major corporations.
As the 1990s ended, businesses were faced with predictions of computer
systems and other process-related disasters as part of the Y2K millennium
change to the year 2000. Although the millennium arrived with no major problems,
the following year, 2001, brought with it some real disasters for U.S.
accountants, auditors, and business in general. The long-running stock market
boom, fueled by “dot-com” Internet businesses, was shutting down with many
companies failing and with growing ranks of unemployed professionals. Those
same boom years spawned some businesses following new or very different
models or approaches. One that received considerable attention and investor
interest at that same time was Enron, an energy trading company. Starting as a
gas pipeline company, Enron developed a business model based on buying and
selling excess capacity first over their and competitor’s pipelines and then moving
on to excess capacity trading in many other areas. For example, an electrical
utility might have a power plant generating several millions of excess kilowatt
hours of power during a period. Enron would arrange to buy the rights to that
power and then sell it to a different power company who needed to get out of a
capacity crunch. Enron would earn a commission on the transaction.
Enron’s trading concept was applied in many other markets such as telephone
message capacity, oil tankers, water purification, and in many other
areas. Enron quickly became a very large corporation and really got the attention
of investors. Its business approach was aggressive, but it appeared to be profitable.
Then, in late 2001, it was discovered that Enron was not telling investors the
true story about its financial condition. Enron was found to be using off-balance
sheet accounting to hide some major debt balances. It had been transferring significant
financial transactions to the books of unaffiliated partnership organizations
that did not have to be consolidated in Enron’s financial statements. Even
worse, the off-balance sheet entities were paper-shuffling transactions orchestrated
by Enron’s chief financial officer (CFO) who made massive personal profits
from these bogus transactions. Such personal transactions had been
prohibited by Enron’s Code of Conduct, but the CFO requested the board to formally
exempt him from related code violations. Blessed by the external auditors,
the board then approved these dicey off-balance sheet transactions. Once publicly
discovered, Enron was forced to roll these side transactions back in to
Enron’s consolidated financial statements and forcing a restatement of earnings.
Certain key lines of credit and other banking transactions were based on its
3.1 BACKGROUND: CHANGES IN FINANCIAL AUDITING STANDARDS
23
pledge to maintain certain financial health ratios. The restated earnings put
Enron in violation of these agreements. What once had looked like a strong,
healthy corporation, Enron was soon forced to declare bankruptcy.
Because Enron was a prominent company, there were many “how could this
have happened?” questions raised in the press and by government authorities.
Another troubling question was, “where were the auditors?” Commentators felt
that someone would have seen this catastrophe coming if they had only looked
harder. The press at the time was filled with articles about Enron’s fraudulent
accounting, the poor governance practices of Enron’s board, and the failure of its
external auditors. The firm Arthur Andersen had served as Enron’s external auditors
and had also assumed responsibility for its internal audit function through
outsourcing. With rumors that the SEC would soon be on the way to investigate
the evolving mess, Andersen directed its offices responsible for the Enron audit to
“clean up” all records from that audit. The result was a massive paper shredding
exercise, giving the appearance of pure evidence destruction. The federal government
moved quickly to indict Andersen for obstruction of justice because of this
document shredding, and in June 2002, Andersen was convicted by a Texas jury
of a felony, fined $500,000 and sentenced to five years’ probation. With the conviction,
Andersen lost all public and professional trust and soon ceased to exist.
At about the same time, the telecommunications firm WorldCom disclosed
that it had inflated its reported profits by at least $9 billion during the previous
three years, forcing WorldCom to declare bankruptcy. Another telecommunications
company, Global Crossing, also failed during this same time period when
its shaky accounting became public. The cable television company Adelphia
failed when it was revealed that its top management, the founding family, was
using company funds as a personal piggy bank, and the CEO of the major conglomerate
Tyco was both indicted and fired because of major questionable financial
transactions and personal greed. Only a few examples are mentioned here;
in late 2001 and through the following year, 2002, many large corporations were
accused of fraud, poor corporate governance policies, or very sloppy accounting
procedures. Exhibit 3.1 highlights some of these financial failures. The press, the
SEC, and members of Congress all declared that auditing and corporate governance
practices needed to be fixed.
These financial failures helped to introduce some major changes to what had
been well-established financial auditing standards and practices. They caused
government regulators as well as the investment community to question and then
reform the financial auditing standards setting process and a wide range of public
accounting firm practices. Many organizations’ CEOs and CFOs were characterized
as being more interested in personal gain than in serving shareholders, audit
committees were often characterized as not being sufficiently involved in organizational
transactions, and external auditors and their professional organization,
the American Institute of Certified Public Accountants (AICPA) received major
criticism. Outsourced internal auditors caught this criticism as well; they were
viewed as being tied too closely to their external audit firm owners. Many other
previously accepted practices, such as the self-regulation of public accounting
firms, were seriously questioned. By self-regulation, we refer to the AICPA’s peer
review process, where public accounting firm A would be given the responsibility
INTERNAL AUDIT IN THE TWENTY-FIRST CENTURY: SARBANES-OXLEY AND BEYOND
24
to review standards and practices for firm B. Knowing that firm B might be
assigned to come back and review A a few years into the future, few firms ever
found that much critical to say about their peers.
These financial scandals caused many changes with the passage in 2002 of the
Sarbanes-Oxley Act (SOA) as the most significant event. SOA establishes regulatory
rules for public accounting firms, financial auditing standards, and corporate
governance. Through SOA, the public accounting profession has been transformed,
the AICPA’s Auditing Standards Board (ASB) has lost its authority for
setting auditing standards, and the rules have changed for corporate senior executives,
boards of directors, and their audit committees. A new entity, the Public
Corporation Accounting Overview Board (PCAOB) has been established, as part
of SOA and under the SEC to set public accounting auditing standards and to
oversee individual public accounting firms. Although not directly covered in the
legislation, SOA also has very much affected internal auditors as well.
This chapter discusses this very significant public accounting standards setting
and corporate governance legislation, the Sarbanes-Oxley Act (SOA), with an
emphasis on its aspects that are most important to internal auditors. SOA and the
PCAOB represent the most major change to public accounting, financial reporting,
and corporate governance rules since the SEC was launched in the 1930s.
SOA represents the most important set of new rules for auditing and internal
auditing today. The effective internal auditor should have a good understanding
of these new rules and how they apply to today’s practice of internal auditing.
Sunday, July 14, 2013
the relation between Management and Internal Auditor !!!!!!!!!!!!!
Source: Brink -Modern Internal Auditing Magazine
2.5 MANAGEMENT AND THE INTERNAL AUDITOR
will not be directly involved when final outcomes become evident. There
are many published accounts of this practice, where a manager achieves
short-term results at a unit and because of those results either is promoted
or leaves to join a different organization. The successors must deal
with the long-term results of these short-term decisions. Auditors can
often play an important role in this short-term versus long-term results
decision process. An internal auditor frequently identifies operational
issues that may have long-term negative implications even though the
short-term results are not nearly as obvious.
A central truth of management is that conditions are always changing. A valued
employee leaves the organization, a new invention makes existing practices
obsolete, consumer preferences shift, or something else unforeseen develops. As a
result, many dimensions of the management process must be reappraised or redirected.
An organization’s capacity to foresee such possibilities and to adapt to
them is a measure of its ability to survive and prosper. This adaptive approach
often takes a rather unstructured management style. At the same time, however,
there are needs for standardization and regularity, including effective internal
control processes
Attribute of Management
source: Brink-Modern Internal Auditing
ATTRIBUTES OF MANAGEMENT
While many organizations in the past were often isolated, with their markets
local or restrained by limitations in communications and transportation, the typical
organization today operates in a more complicated and often global environment.
However, those organizations in the past “good old days” were affected
by many similar attributes even though things traveled at a much slower pace.
For example, as early as the 1880s, the price of grain in Kansas was influenced by
grain prices in the Ukraine and in Argentina. It took a few days for that price
information to travel to the market in Kansas and much longer for grain to actually
be transported to these other markets, but they each were influencing factors.
Similar examples can be found going at least back to Roman times. Today,
speed of communications and such factors as the Internet have just increased
this environmental complexity.
Modern environmental factors include economic, competitive, technological,
political, and social matters. They should be in the mind of an internal auditor
when attempting to understand why management does or does not take
some action. For example, economic factors, including dimensions of the state of
world, national, and regional economies, can have a major influence on an organization.
When thinking about an organization and its business processes, an
internal auditor might raise a series of questions such as: Who uses these products
and why? How strong is that demand in terms of other needs? Where are
the users of the product? Are there other, competitive products or services?
There are also factors relating to the supply of the product or service. Where do
the materials come from that are needed to produce the aforementioned products,
and what is their availability? What kinds of facilities are needed and what
kind of production processes are involved? What are the requirements in terms
of capital, specialized knowledge, and marketing? Finally, factors relating to
demand and supply must be considered in terms of whether there are acceptable
profit potentials.
Economic factors have an impact on all organizations, whether a privatesector
industrial corporation, a not-for-profit service organization, or a governmental
unit. For example, United Parcel Service (UPS) in the United States has
largely taken over small parcel delivery from the U.S. Postal Service due to
UPS’s ability to provide better service at a lower cost structure. The U.S. Postal
Service, once a virtual monopoly, could not effectively compete when faced with
these economic factors. An internal auditor should always consider the role of
economic, competitive, technical, and even political factors when performing
internal audits in an organization. That understanding will be valuable for a better
understanding of management needs.
This discussion of environmental factors has been from the standpoint of the
entire organization. However, management entities also exist at lower levels,
including subsidiaries, divisions, departments, and the like. The environmental
factors previously discussed also include the authority and controls of the
higher organizational levels, to which lower-level management entities are
accountable. Also included are the resources available from upper-level management
that augment and better define the environmental factors as well as constraints
of various kinds that may be imposed by the senior-level management.
In addition to these environmental factors, an internal auditor also needs to
understand other key attributes that help to define the overall process of management.
Some of the more important of these include:
• Dependence on People. People are the most important resources the effective
manager must utilize. They are important in terms of their knowledge,
skills, and experience, and have a unique importance that goes far
beyond those considerations. An effective manager is directly dependent
on people to implement plans through their definitive actions. Thus, an
internal auditor must understand how people, or the human resources of
an organization, can operate in an effective manner to provide a maximum
contribution toward the achievement of managerial goals and
objectives. As part of understanding an organization’s human resources,
management has a continuing challenge to find the best possible fit and
integration of individuals within overall organizational goals. These
human resources range from senior management to the support staff in
an organization. Each has its own general interests, motivations, and
needs; management needs to understand these factors to best utilize
human resources.
• Focus on Decision Making. Managerial action is based on various types of
decisions with some at a very high level, such as a major new line of business,
while others are at relatively lower levels. All have common elements
in their decision-making process with respect to decision principles
and methodology. The problem must be identified, alternatives explored
using all information available, and a decision made on the action to be
made. This decision-making process is similar for managers at all levels,
and only differs due to the magnitude of the problem, the extent to which
information is available, the available decision alternatives, and the
potential risks associated with the decision outcomes. The factors of time,
risk levels, and costs all affect this management process. The effective
manager should survey these issues, identify the most significant issues,
and then attempt to make the best decisions. Internal auditors should follow
this decision-making process to help assemble the correct supporting
data when making a recommendation. This will also help the internal
auditor to better understand how management reacts to audit report findings
and recommendations.
• Effect of Risk Level. There are risks associated with every management
decision. If a wrong decision is made, there may be the risk of increased
costs associated with that wrong decision, including wasted resources,
diminished future performance, or even legal liability for the organization
or the responsible manager. To a considerable extent, risk can be
reduced by better management information about operational and environmental
factors. Of course, every decision would be risk-free if the
manager had what is hypothetically called perfect information. There are
costs associated with obtaining the various types and levels of information
desired, and probability factors will affect the desired results. As a
result, total certainty is impossible because of both practical and absolute
MANAGEMENT NEEDS: INTERNAL AUDIT’S OPERATIONAL APPROACH
16
limitations. This means that management decisions reflect the levels of
risk deemed to be acceptable to the particular responsible manager. Managers
and their overall organization have varying appetites for risk, and
each manager must make evaluations within the parameters of decision
authority and risk preferences. The effective internal auditor should have
a good understanding of this risk assessment process. Chapter 5, “Understanding
and Assessing Risks: Enterprise Risk Management,” discusses
the entire process of evaluating risk in the context of the COSO Enterprise
Risk Management (ERM) framework. In order to understand management’s
needs, an internal auditor also needs to understand management’s
willingness to accept or avoid risks.
• Management Is Judged by Results. Virtually everything a manager does is
judged by how those actions further the achievement of established organization
goals and objectives. Managers should be primarily interested in
results as opposed to letting an intermediate process be an end in itself.
This attribute of judging overall management effectiveness has been a
rationale for some hostile management takeovers. Corporate raiders have
taken over many otherwise successful companies with the argument that
they could achieve better short-term financial results by selling off underperforming
assets and undertaking other restructuring actions. Although
an organization might have been considered otherwise successful, these
raiders promised better results and often took over the organization and
then reported improved short-term results. There are always decision
variables that cannot be fully predicted or adequately evaluated. As a
result, the merits of some managerial decisions may be controversial, and
managerial excellence is measured by the quality of its results. Internal
auditors should be aware of these issues when attempting to understand
management’s needs. If management wishes to achieve the best results
for the overall organization, the auditor should attempt to support and
corroborate those decisions.
• Time Span for Appraising Results. Judging management by its results
raises questions as to the time frame in which those results are to be evaluated.
A manager often can achieve short-term results such as improved
profitability even though those decisions will undermine longer-run
profits. For example, quality can be temporarily sacrificed with resulting
short-term profits, but this action can be so damaging to customer satisfaction
that future products are no longer purchased. Good managers
should think in terms of the longer term and resist the often-tempting
shortcuts that endanger longer-term potentials. When management
understands this, the correct decision should be clear. However, the evaluation
may be complicated by how long of a time span should be allowed
for decisions made today and how willing stockholders are willing to
wait for longer-run rewards. A further complicating factor is the difficulty
of measuring long-term effects. Managers often innocently make
bad estimates in these areas or are victims of wishful thinking. In other
cases, lower-level managers ignore long-term consequences because they
ATTRIBUTES OF MANAGEMENT
While many organizations in the past were often isolated, with their markets
local or restrained by limitations in communications and transportation, the typical
organization today operates in a more complicated and often global environment.
However, those organizations in the past “good old days” were affected
by many similar attributes even though things traveled at a much slower pace.
For example, as early as the 1880s, the price of grain in Kansas was influenced by
grain prices in the Ukraine and in Argentina. It took a few days for that price
information to travel to the market in Kansas and much longer for grain to actually
be transported to these other markets, but they each were influencing factors.
Similar examples can be found going at least back to Roman times. Today,
speed of communications and such factors as the Internet have just increased
this environmental complexity.
Modern environmental factors include economic, competitive, technological,
political, and social matters. They should be in the mind of an internal auditor
when attempting to understand why management does or does not take
some action. For example, economic factors, including dimensions of the state of
world, national, and regional economies, can have a major influence on an organization.
When thinking about an organization and its business processes, an
internal auditor might raise a series of questions such as: Who uses these products
and why? How strong is that demand in terms of other needs? Where are
the users of the product? Are there other, competitive products or services?
There are also factors relating to the supply of the product or service. Where do
the materials come from that are needed to produce the aforementioned products,
and what is their availability? What kinds of facilities are needed and what
kind of production processes are involved? What are the requirements in terms
of capital, specialized knowledge, and marketing? Finally, factors relating to
demand and supply must be considered in terms of whether there are acceptable
profit potentials.
Economic factors have an impact on all organizations, whether a privatesector
industrial corporation, a not-for-profit service organization, or a governmental
unit. For example, United Parcel Service (UPS) in the United States has
largely taken over small parcel delivery from the U.S. Postal Service due to
UPS’s ability to provide better service at a lower cost structure. The U.S. Postal
Service, once a virtual monopoly, could not effectively compete when faced with
these economic factors. An internal auditor should always consider the role of
economic, competitive, technical, and even political factors when performing
internal audits in an organization. That understanding will be valuable for a better
understanding of management needs.
This discussion of environmental factors has been from the standpoint of the
entire organization. However, management entities also exist at lower levels,
including subsidiaries, divisions, departments, and the like. The environmental
factors previously discussed also include the authority and controls of the
higher organizational levels, to which lower-level management entities are
accountable. Also included are the resources available from upper-level management
that augment and better define the environmental factors as well as constraints
of various kinds that may be imposed by the senior-level management.
In addition to these environmental factors, an internal auditor also needs to
understand other key attributes that help to define the overall process of management.
Some of the more important of these include:
• Dependence on People. People are the most important resources the effective
manager must utilize. They are important in terms of their knowledge,
skills, and experience, and have a unique importance that goes far
beyond those considerations. An effective manager is directly dependent
on people to implement plans through their definitive actions. Thus, an
internal auditor must understand how people, or the human resources of
an organization, can operate in an effective manner to provide a maximum
contribution toward the achievement of managerial goals and
objectives. As part of understanding an organization’s human resources,
management has a continuing challenge to find the best possible fit and
integration of individuals within overall organizational goals. These
human resources range from senior management to the support staff in
an organization. Each has its own general interests, motivations, and
needs; management needs to understand these factors to best utilize
human resources.
• Focus on Decision Making. Managerial action is based on various types of
decisions with some at a very high level, such as a major new line of business,
while others are at relatively lower levels. All have common elements
in their decision-making process with respect to decision principles
and methodology. The problem must be identified, alternatives explored
using all information available, and a decision made on the action to be
made. This decision-making process is similar for managers at all levels,
and only differs due to the magnitude of the problem, the extent to which
information is available, the available decision alternatives, and the
potential risks associated with the decision outcomes. The factors of time,
risk levels, and costs all affect this management process. The effective
manager should survey these issues, identify the most significant issues,
and then attempt to make the best decisions. Internal auditors should follow
this decision-making process to help assemble the correct supporting
data when making a recommendation. This will also help the internal
auditor to better understand how management reacts to audit report findings
and recommendations.
• Effect of Risk Level. There are risks associated with every management
decision. If a wrong decision is made, there may be the risk of increased
costs associated with that wrong decision, including wasted resources,
diminished future performance, or even legal liability for the organization
or the responsible manager. To a considerable extent, risk can be
reduced by better management information about operational and environmental
factors. Of course, every decision would be risk-free if the
manager had what is hypothetically called perfect information. There are
costs associated with obtaining the various types and levels of information
desired, and probability factors will affect the desired results. As a
result, total certainty is impossible because of both practical and absolute
MANAGEMENT NEEDS: INTERNAL AUDIT’S OPERATIONAL APPROACH
16
limitations. This means that management decisions reflect the levels of
risk deemed to be acceptable to the particular responsible manager. Managers
and their overall organization have varying appetites for risk, and
each manager must make evaluations within the parameters of decision
authority and risk preferences. The effective internal auditor should have
a good understanding of this risk assessment process. Chapter 5, “Understanding
and Assessing Risks: Enterprise Risk Management,” discusses
the entire process of evaluating risk in the context of the COSO Enterprise
Risk Management (ERM) framework. In order to understand management’s
needs, an internal auditor also needs to understand management’s
willingness to accept or avoid risks.
• Management Is Judged by Results. Virtually everything a manager does is
judged by how those actions further the achievement of established organization
goals and objectives. Managers should be primarily interested in
results as opposed to letting an intermediate process be an end in itself.
This attribute of judging overall management effectiveness has been a
rationale for some hostile management takeovers. Corporate raiders have
taken over many otherwise successful companies with the argument that
they could achieve better short-term financial results by selling off underperforming
assets and undertaking other restructuring actions. Although
an organization might have been considered otherwise successful, these
raiders promised better results and often took over the organization and
then reported improved short-term results. There are always decision
variables that cannot be fully predicted or adequately evaluated. As a
result, the merits of some managerial decisions may be controversial, and
managerial excellence is measured by the quality of its results. Internal
auditors should be aware of these issues when attempting to understand
management’s needs. If management wishes to achieve the best results
for the overall organization, the auditor should attempt to support and
corroborate those decisions.
• Time Span for Appraising Results. Judging management by its results
raises questions as to the time frame in which those results are to be evaluated.
A manager often can achieve short-term results such as improved
profitability even though those decisions will undermine longer-run
profits. For example, quality can be temporarily sacrificed with resulting
short-term profits, but this action can be so damaging to customer satisfaction
that future products are no longer purchased. Good managers
should think in terms of the longer term and resist the often-tempting
shortcuts that endanger longer-term potentials. When management
understands this, the correct decision should be clear. However, the evaluation
may be complicated by how long of a time span should be allowed
for decisions made today and how willing stockholders are willing to
wait for longer-run rewards. A further complicating factor is the difficulty
of measuring long-term effects. Managers often innocently make
bad estimates in these areas or are victims of wishful thinking. In other
cases, lower-level managers ignore long-term consequences because they
Subscribe to:
Comments (Atom)