- BRW Lists
Published 29 March 2012 05:06, Updated 29 March 2012 05:22
Internal auditors are the “eyes and ears” of an organisation – they are the men and women who can help a company manage its risks and ideally rectify them before things turn sour.
However, the biggest barriers to an internal auditor carrying out his or her role effectively is interference from management, and the Institute of Internal Auditors (IIA) says it’s a problem that still exists in the post-Enron world.
Focus group research by the IIA and global risk consulting firm Protiviti earlier this year revealed interference can range from subtle pressure – management trying to get risks re-classified from high to low – to overt stonewalling such as actively preventing access to key information such as board meeting minutes, management reports, financial reports and other confidential company documents.
The joint research included small groups of audit committee chairs from both the private and public sector. These audit chairs said managers who viewed internal auditors as lowly-ranked, were more likely to restrict access to information and pressure auditors to conceal damaging findings.
“The largest compromise comes where a senior manager coerces the internal managers to change a rating or withdraw a finding in an internal audit report,” IIA-Australia’s technical manager Stephanie Koehn says. “Another area of coercion is limiting access to documents or trying to filter the information that the audit executive would want to report to the audit committee.”
This is not the first time IIA has produced research exposing management interference. A 2010 IIA global survey of chief audit executives in 107 countries found 22 per cent said they had been subject to coercion. IIA-Australia went further and did a follow-up survey with its own membership and 42 per cent said they had been subject to coercion.
Koehn says in such cases, the only avenue for the auditor is to raise the issue with the audit committee chair. The problem is that in the public sector audit committees don’t have the same authority as listed company boards to act as a check against the chief executive or department secretary.
After the home insulation scheme debacle in 2010, the federal government tried to strengthen the rules governing the bureaucracy. But recent state audit reports found departmental interference in internal audits is a serious issue.
Koehn says that although the private sector has various APRA regulations and ASX Corporate Governance Council principles, “there isn’t a mandated law to stop managers from interfering”.
The ASX Corporate Governance Council, which brings together business, shareholder and industry groups, has voted against an IIA recommendation that the principles regulating ASX-listed companies be strengthened.
“First, we believe that companies should have an internal function and should co-operate with internationally recognised standards,” Koehn says. “Second, if they don’t have internal audit functions, [their] reasons should be disclosed in the annual report.”
Protiviti managing director Gary Anderson says the most overt form of interference is when management decides not to have an internal audit function at all.
“Alarmingly, this is more common than you think,” he warns, pointing to the recent case of a Clive Peeters payroll manager committing $20 million in fraud. “This was a major listed company which did not have an internal audit function,” he says. “If there had been an effective internal audit function, the relatively obvious systems weaknesses that the payroll employee was able to exploit, would likely have been identified much earlier and controls put in place to prevent the fraud from the get-go.”
He says an executive’s ultimate power to hire and fire the head of internal audit is an issue. “It allows management to hold the internal auditor hostage where they do not toe the management line.”
The situation has improved post-Enron and HIH, he accepts but there is a long way to go. “Audit committee chairs need to convince management that internal audit is an absolute necessity, rather than just a ‘nice to have’. And they need to have control over the internal audit function to remove the risk of conflicts with management.”
He says chief executives need to support the role of internal audit by “communicating its importance throughout the organisation and setting the right culture of transparency and good governance from the top.”