SlideShare a Scribd company logo

Compliance and-internal-audit-a-dangerous-comb

Halimy Abdul Hamid
Halimy Abdul Hamid

Compliance & IA

Business
1 of 4
Download to read offline
Compliance and Internal Audit: A Dangerous Combination? By Urton Anderson CIA, CCEP and Sheryl Vacca, CCEP, CHC-F, CHRC, CHPC A recent column in the February 2011 issue of the Internal Auditor by Catherine Henry - “Governance Perspective: Too Close for Comfort” – addresses the relatively common practice of combining the internal audit and the compliance/ethics functions. Citing a 2009 study of 560 compliance professionals from both public and privately-held organizations, 12.2% reported that the organization’s compliance/ethics officer was also the head of internal audit. This was slightly higher than the other common practice of assigning the compliance/ethics role to General Counsel (R. Walker, “Compliance and Ethics Officer Positioning,” Compliance and Ethics Professional, December 2009, pp 46-51). Henry brings up a number of concerns surrounding combining the internal audit and the compliance/ethics functions. These concerns include not only the expected auditor independence and objectivity issues but arguments that the combination weakens the effectiveness of compliance and ethics as well. Her conclusion is that whatever advantage the combination of the two functions might bring to the organization, the dangers to the longer term interest of the organization and its stakeholders make such a combination ill advised. For higher education the issue of duel responsibility is of particular concern as the practice of combining the functions has been particularly common in the university setting as a quick Google or Bing search on “Office of Audit and Institutional Compliance” will illustrate. Susan Keller (“Building a Compliance Program in Higher Education Institutions without a Compliance Officer,” College & University Auditor, Spring 2009, p 7) argues that the IA function is a natural driver for development of an institution-wide compliance functions in universities because in the very decentralized governance structure in higher education it is one of the few groups with university-wide view of risk and control. IA, she notes, is also uniquely positioned to gather, analyze and share information across the institution. In her article, she describes how IA at three major universities has driven the successful development of the compliance function in those respective institutions, with each still keeping the two functions combined. Others have presented additional benefits to a combined function. In combined compliance and internal audit functions collaboration to achieve the responsibilities of both groups is excellent. This collaboration is critical as there are indeed shared roles and responsiblies between the two functions. Rupport (“Contrasting Roles and Responsibilities – Corporate Compliance and Internal Audit,” New Perspectives, Summer 2006) identifies the following commonalities when both functions follow best practices:  Functional reporting to the organization’s board typically through an audit or compliance committee.  Board established authority via approved charter and programs.  Administrative reporting to the CEO.  Access to the entire organization per board directive.
 Recognized and communicated understanding that management is responsible for internal control including compliance and that corporate compliance and internal audit is not.  Have the authority to conduct investigations.  Are risk based.  As cost centers the functions are not designed to contribute to the bottom line but can identify cost savings and improve organizational processes. Rupport’s point that these are commonalities when both functions are following best practices is an important qualification. In particular this implies that both functions are independent of operations. While for internal audit the need for the function to be independent from operating responsibilities for the area has long been recognized in professional standards; however, the notion of an organizational-wide compliance function independent from operations is a relatively newer practice in higher education. From an organizational perspective combining the functions has the clear benefit of reducing administrative burden on the CEO or other senior manager to whom the functions would report. A combined function would also make more efficient use of board members time by streamline reporting to the audit/compliance committee. But an even great benefit may come from the improvement in organizational governance by enabling the board members to more effectively meet their responsibilities for oversight of ethics and compliance as well as for overall risk management and internal control. Combining the functions also increases the likelihood that the organization would adopt a common risk management and control framework, further improving the effectiveness of senior management and the board oversight of the organization. For operating managers there is also the benefit of reducing assurance fatigue since a combined function dramatically improve the coordination of auditing and monitoring activities. At the University of California, we have tried to integrate the risk assessment process with IA and Compliance to leverage efficiencies of the process. Both IA and Compliance develop their own plan but the process of risk assessment is done together, i.e., interviews, collection of related information, etc.. This helps to also enhance viewpoints from each of the perspectives and identify areas which may be common for focus on the new year plan for IA and Compliance. While there are many similarities in responsibilities between the internal audit function and the compliance function there also key differences. The internal audit function’s primary role in the organization is to provide independent, objective assurance to senior management and the board that risks are being managed to an acceptable level, particularly those risks that management has elected to address through internal controls. These risks include the risk that organization will not follow legal and regulatory requirements or will violate the organization’s values and internal policies, the same risks with which compliance is concerned. However, the IA function also has concerns over risks regarding the reliability and integrity of financial and operation information, the risks that the organization’s assets are not safeguarded, and the risks that the organization will not achieve its strategic and operating objectives. The compliance/ethics function in contrast works as a change agents in facilitating and assuring that management is addressing key risk areas (such as those listed above from an IA perspective) related to compliance with any rules, regulations, laws and/or policies that must be
followed. Additionally, Compliance must provide assurance that the management mechanisms put into place to resolve compliance risks effectively mitigate the potential and/or real compliance risks identified. Compliance also has the responsibility to assure that anonymous communication methods are in place for employees to raise issues without fear of retribution and/or retaliation. Another difference in roles is that while IA may take into consideration and provide observations on the ethical culture, for an “effective” compliance program the ethical culture and regulatory compliance must be integrated. The importance of ethical culture in a compliance program has to do with:  active leadership engagement, management control systems and processes, employee commitment and  attract good people and encourage them to speak up without the fear of retaliation. Presently, those higher education institutions that have enterprise wide compliance programs have adapted the “United States Sentencing Commission: Federal Sentencing Guidelines for Organizations, Chapter 8” to build their compliance program. In Chapter 8, seven elements of an effective compliance program are identified and if evident, “credit” will be given towards the sentencing for the criminal violation under consideration. The seven elements (paraphrased) are: standards of conduct, oversight, education, auditing & monitoring, communication & reporting, and enforcement & discipline. Because of the diversity of risks, the different functions and business owners in a university setting, enterprise wide compliance programs are challenging and implemented through different structural models, i.e., centralized, decentralized, hybrid central/decentralized model. Sometimes only the key risks are addressed in compliance programs, i.e., research, athletics, etc. and these programs would not be considered comprehensive in looking at all the risks of the organization. From an internal audit perspective the issue with a combined IA and compliance/ethics function is the problems of independence of the IA function and of maintaining auditor objectivity. Some take an extreme view of independence as meaning the IA function must be free from any involvement in operational responsibilities. However such a view is not consistent with Internal Auditing Standards or with the standards for internal audit under the Governement Auditing Standards as reflected in the GAO, Government Auditing Standards ( 2010 Exposure Draft). The IIA Standards define independence as: The freedom from conditions that threaten the ability of the internal audit activity to carry out internal audit responsibilities in an unbiased manner. IIA Standard 1100 states that the internal audit activity must be independent, while internal auditors must be objective. This is a subtle, yet important, distinction. Independence is an attribute of the audit function; whereas objectivity is an attribute of the individual auditor. The attribute of the internal audit function relates to its organizational independence. At the most fundamental level, independence is the ability to conduct internal audit activities without undue influence or control. Objectivity relates to the individual auditor. Standard 1120 describes objectivity of the individual auditors and states that individual auditors achieve this objectivity when they “have an impartial, unbiased attitude and avoid any conflict of interest.” The Standards reflect the notion found in the 2001IIA Research Foundation study (Jane Mutchler,
Independence and Objectivity: A Framework for Internal Auditors) that objectivity alone is what directly produces the value of the audit. The value that independence brings to the audit table is based on its creation of “an environment that maximizes the likelihood of auditor objectivity.” In other words, in the audit environment depicted by the Standards, the Value Proposition, and related research, independence is significant because it gives the audit activity a level of autonomy that facilitates a major determinant of internal audit value — the individual auditor’s objectivity. By acknowledging that it is the individual auditor’s impartial state of mind that renders value to the audit product, not his or her abstinence from involvement in management and organizational activities, the internal audit team is free to assume a more proactive, preventive, and valuable role in the organization. What then are the additional threats to auditor objectivity in combined functions and what safeguards can be put in place to mitigate these threats? The most significant threat is where the compliance function assumes or becomes extensively involved in management operating responsibilities. However, emphasis from the Federal Sentencing Guidelines, the enforcement community and the growing reality for compliance programs to be effective, is that there needs to be reporting to the highest levels of the organization, i,e., Board and/or CEO and that there is independence from any management functions. This is difficult for compliance because the areas where this is mostly to occur is the development of organizational policies and procedures, design and implementation of controls to address specific compliance risks, and development and delivery of specialized training of employees. To assure independence, the first safeguard that can be put in place is to have separate staff assigned to the compliance and internal audit responsibilities, staff that is not involved in the conduct of audits. A second safeguard would be to make explicit that while compliance staff can assist in developing and drafting policies and procedures, such policies and procedures are ultimately the responsibility of management and should receive management’s formal approval. A final, and most essential, safeguard is to have a periodic independent review of the effectiveness of the compliance program to provide the objective assurance the board and senior management needs to fulfill their oversight responsibilities. When audit and compliance are separate functions, internal audit can provide this assurance; but when combined it will be necessary to use assurance providers from outside the organizations. Each organization must determine how to tailor both the compliance/ethics function and internal audit function so as to best meet the organization’s needs. In terms of combining the function, the organization must weigh the potential benefits to organizational efficiency and effectiveness against risk of compromising the assurance provided by internal audit and cost of additional safeguards. Resources are diminishing in higher education but it does not negate the need for either of these functions. They are critical to the survival of our organizations as each of these responsibilities have complimentary influences on the overall culture related to identifying and mitigating risk.

Recommended

FINAL PDF OF BNA HC FRAUD ARTICLE
FINAL PDF OF BNA HC FRAUD ARTICLEFINAL PDF OF BNA HC FRAUD ARTICLE
FINAL PDF OF BNA HC FRAUD ARTICLENicholas Merkin
 
Managing Organizational Risk: The Mighty Triad of Compliance, Internal Audit,...
Managing Organizational Risk: The Mighty Triad of Compliance, Internal Audit,...Managing Organizational Risk: The Mighty Triad of Compliance, Internal Audit,...
Managing Organizational Risk: The Mighty Triad of Compliance, Internal Audit,...PYA, P.C.
 
Corporate governance and organizational performance in the nigerian banking i...
Corporate governance and organizational performance in the nigerian banking i...Corporate governance and organizational performance in the nigerian banking i...
Corporate governance and organizational performance in the nigerian banking i...Alexander Decker
 
Coso framework
Coso frameworkCoso framework
Coso frameworkDarryl Woolley
 
Governance
GovernanceGovernance
GovernanceBsmah Fahad
 
THEORY Group Paper TURN IN
THEORY Group Paper TURN INTHEORY Group Paper TURN IN
THEORY Group Paper TURN INCaron Schmidt
 
Dept. of defense driving toward 0
Dept. of defense driving toward 0Dept. of defense driving toward 0
Dept. of defense driving toward 0Vaibhav Patni
 
Ethics in Audit
Ethics in AuditEthics in Audit
Ethics in AuditBikash Kumar
 

Recommended

FINAL PDF OF BNA HC FRAUD ARTICLE
FINAL PDF OF BNA HC FRAUD ARTICLEFINAL PDF OF BNA HC FRAUD ARTICLE
FINAL PDF OF BNA HC FRAUD ARTICLENicholas Merkin
 
Managing Organizational Risk: The Mighty Triad of Compliance, Internal Audit,...
Managing Organizational Risk: The Mighty Triad of Compliance, Internal Audit,...Managing Organizational Risk: The Mighty Triad of Compliance, Internal Audit,...
Managing Organizational Risk: The Mighty Triad of Compliance, Internal Audit,...PYA, P.C.
 
Corporate governance and organizational performance in the nigerian banking i...
Corporate governance and organizational performance in the nigerian banking i...Corporate governance and organizational performance in the nigerian banking i...
Corporate governance and organizational performance in the nigerian banking i...Alexander Decker
 
Coso framework
Coso frameworkCoso framework
Coso frameworkDarryl Woolley
 
Governance
GovernanceGovernance
GovernanceBsmah Fahad
 
THEORY Group Paper TURN IN
THEORY Group Paper TURN INTHEORY Group Paper TURN IN
THEORY Group Paper TURN INCaron Schmidt
 
Dept. of defense driving toward 0
Dept. of defense driving toward 0Dept. of defense driving toward 0
Dept. of defense driving toward 0Vaibhav Patni
 
Ethics in Audit
Ethics in AuditEthics in Audit
Ethics in AuditBikash Kumar
 
Coso internal control frameword executive summary_2013
Coso internal control frameword executive summary_2013Coso internal control frameword executive summary_2013
Coso internal control frameword executive summary_2013SARVJEET KAUSHAL
 
Coso 2013 icfr executive summary
Coso 2013 icfr executive summaryCoso 2013 icfr executive summary
Coso 2013 icfr executive summaryKatherine Reyes V.
 
IMA Annual Event LA 2015 Brad Monterio and Liv Watson 23 jun15
IMA Annual Event LA 2015 Brad Monterio and Liv Watson 23 jun15IMA Annual Event LA 2015 Brad Monterio and Liv Watson 23 jun15
IMA Annual Event LA 2015 Brad Monterio and Liv Watson 23 jun15Workiva
 
Thought Leadership on Ethics & Compliance scale Final
Thought Leadership on Ethics & Compliance scale FinalThought Leadership on Ethics & Compliance scale Final
Thought Leadership on Ethics & Compliance scale FinalSundaraparipurnan Narayanan
 
Impact of Corporate Governance on Firms’ Financial Performance: Textile Secto...
Impact of Corporate Governance on Firms’ Financial Performance: Textile Secto...Impact of Corporate Governance on Firms’ Financial Performance: Textile Secto...
Impact of Corporate Governance on Firms’ Financial Performance: Textile Secto...inventionjournals
 
How Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party RisksHow Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party RisksMHM (Mayer Hoffman McCann P.C.)
 
Apa style dissertation pay for performance sensitivity on executive equity ow...
Apa style dissertation pay for performance sensitivity on executive equity ow...Apa style dissertation pay for performance sensitivity on executive equity ow...
Apa style dissertation pay for performance sensitivity on executive equity ow...CustomEssayOrder
 
COSO Implementation: Getting Real, Getting It Right
COSO Implementation: Getting Real, Getting It RightCOSO Implementation: Getting Real, Getting It Right
COSO Implementation: Getting Real, Getting It RightBlackLine
 
Methodology to align business and it policies use case from an it company
Methodology to align business and it policies use case from an it companyMethodology to align business and it policies use case from an it company
Methodology to align business and it policies use case from an it companyLuxembourg Institute of Science and Technology
 
Compliance in the framework of corporate governance (side panel 2) - Oliver O...
Compliance in the framework of corporate governance (side panel 2) - Oliver O...Compliance in the framework of corporate governance (side panel 2) - Oliver O...
Compliance in the framework of corporate governance (side panel 2) - Oliver O...e-Democracy Conference
 
Microsoft 365 governance approach
Microsoft 365 governance approachMicrosoft 365 governance approach
Microsoft 365 governance approachOliver Wirkus
 
Corporate covernance as a tool for curbing bank distress in
Corporate covernance as a tool for curbing bank distress inCorporate covernance as a tool for curbing bank distress in
Corporate covernance as a tool for curbing bank distress inAlexander Decker
 
V091013 db1 oh&s issues for the board-09-10-13
V091013 db1 oh&s issues for the board-09-10-13V091013 db1 oh&s issues for the board-09-10-13
V091013 db1 oh&s issues for the board-09-10-13Marion Macleod
 
Extreme Engagement Engine with Case Studies
Extreme Engagement Engine with Case StudiesExtreme Engagement Engine with Case Studies
Extreme Engagement Engine with Case StudiesNawar Alsaadi
 
An Introduction To Compliance Program
An Introduction To Compliance ProgramAn Introduction To Compliance Program
An Introduction To Compliance Programlinhcuong
 
Corporate Governance in Subsidiary Company
Corporate Governance in Subsidiary CompanyCorporate Governance in Subsidiary Company
Corporate Governance in Subsidiary CompanyAlfred Rodrigues
 
A Synopsis On -Corporate Governance And Performance Around The World What We...
A Synopsis On -Corporate Governance And Performance Around The World What We...A Synopsis On -Corporate Governance And Performance Around The World What We...
A Synopsis On -Corporate Governance And Performance Around The World What We...Allison Koehn
 
Lean Auditing
Lean AuditingLean Auditing
Lean AuditingCorporate Excellence - Centre for Reputation Leadership
 
1082018 Printhttpscontent.ashford.eduprintAUOMM640..docx
1082018 Printhttpscontent.ashford.eduprintAUOMM640..docx1082018 Printhttpscontent.ashford.eduprintAUOMM640..docx
1082018 Printhttpscontent.ashford.eduprintAUOMM640..docxdrennanmicah
 
The relationship between organizational control environments
The relationship between organizational control environmentsThe relationship between organizational control environments
The relationship between organizational control environmentsAlexander Decker
 
Chapter 9 Managing and Controlling Ethics Programs
Chapter 9 Managing and Controlling Ethics ProgramsChapter 9 Managing and Controlling Ethics Programs
Chapter 9 Managing and Controlling Ethics ProgramsFirdaus Fitri Zainal Abidin
 
The impact of internal control activities on financial performance of
The impact of internal control activities on financial performance ofThe impact of internal control activities on financial performance of
The impact of internal control activities on financial performance ofAlexander Decker
 

More Related Content

What's hot

Coso internal control frameword executive summary_2013
Coso internal control frameword executive summary_2013Coso internal control frameword executive summary_2013
Coso internal control frameword executive summary_2013SARVJEET KAUSHAL
 
Coso 2013 icfr executive summary
Coso 2013 icfr executive summaryCoso 2013 icfr executive summary
Coso 2013 icfr executive summaryKatherine Reyes V.
 
IMA Annual Event LA 2015 Brad Monterio and Liv Watson 23 jun15
IMA Annual Event LA 2015 Brad Monterio and Liv Watson 23 jun15IMA Annual Event LA 2015 Brad Monterio and Liv Watson 23 jun15
IMA Annual Event LA 2015 Brad Monterio and Liv Watson 23 jun15Workiva
 
Thought Leadership on Ethics & Compliance scale Final
Thought Leadership on Ethics & Compliance scale FinalThought Leadership on Ethics & Compliance scale Final
Thought Leadership on Ethics & Compliance scale FinalSundaraparipurnan Narayanan
 
Impact of Corporate Governance on Firms’ Financial Performance: Textile Secto...
Impact of Corporate Governance on Firms’ Financial Performance: Textile Secto...Impact of Corporate Governance on Firms’ Financial Performance: Textile Secto...
Impact of Corporate Governance on Firms’ Financial Performance: Textile Secto...inventionjournals
 
Apa style dissertation pay for performance sensitivity on executive equity ow...
Apa style dissertation pay for performance sensitivity on executive equity ow...Apa style dissertation pay for performance sensitivity on executive equity ow...
Apa style dissertation pay for performance sensitivity on executive equity ow...CustomEssayOrder
 
COSO Implementation: Getting Real, Getting It Right
COSO Implementation: Getting Real, Getting It RightCOSO Implementation: Getting Real, Getting It Right
COSO Implementation: Getting Real, Getting It RightBlackLine
 
Compliance in the framework of corporate governance (side panel 2) - Oliver O...
Compliance in the framework of corporate governance (side panel 2) - Oliver O...Compliance in the framework of corporate governance (side panel 2) - Oliver O...
Compliance in the framework of corporate governance (side panel 2) - Oliver O...e-Democracy Conference
 
Microsoft 365 governance approach
Microsoft 365 governance approachMicrosoft 365 governance approach
Microsoft 365 governance approachOliver Wirkus
 
Corporate covernance as a tool for curbing bank distress in
Corporate covernance as a tool for curbing bank distress inCorporate covernance as a tool for curbing bank distress in
Corporate covernance as a tool for curbing bank distress inAlexander Decker
 
V091013 db1 oh&s issues for the board-09-10-13
V091013 db1 oh&s issues for the board-09-10-13V091013 db1 oh&s issues for the board-09-10-13
V091013 db1 oh&s issues for the board-09-10-13Marion Macleod
 
Extreme Engagement Engine with Case Studies
Extreme Engagement Engine with Case StudiesExtreme Engagement Engine with Case Studies
Extreme Engagement Engine with Case StudiesNawar Alsaadi
 
An Introduction To Compliance Program
An Introduction To Compliance ProgramAn Introduction To Compliance Program
An Introduction To Compliance Programlinhcuong
 
Corporate Governance in Subsidiary Company
Corporate Governance in Subsidiary CompanyCorporate Governance in Subsidiary Company
Corporate Governance in Subsidiary CompanyAlfred Rodrigues
 

What's hot (16)

Coso internal control frameword executive summary_2013
Coso internal control frameword executive summary_2013Coso internal control frameword executive summary_2013
Coso internal control frameword executive summary_2013
 
Coso 2013 icfr executive summary
Coso 2013 icfr executive summaryCoso 2013 icfr executive summary
Coso 2013 icfr executive summary
 
IMA Annual Event LA 2015 Brad Monterio and Liv Watson 23 jun15
IMA Annual Event LA 2015 Brad Monterio and Liv Watson 23 jun15IMA Annual Event LA 2015 Brad Monterio and Liv Watson 23 jun15
IMA Annual Event LA 2015 Brad Monterio and Liv Watson 23 jun15
 
Thought Leadership on Ethics & Compliance scale Final
Thought Leadership on Ethics & Compliance scale FinalThought Leadership on Ethics & Compliance scale Final
Thought Leadership on Ethics & Compliance scale Final
 
Impact of Corporate Governance on Firms’ Financial Performance: Textile Secto...
Impact of Corporate Governance on Firms’ Financial Performance: Textile Secto...Impact of Corporate Governance on Firms’ Financial Performance: Textile Secto...
Impact of Corporate Governance on Firms’ Financial Performance: Textile Secto...
 
How Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party RisksHow Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party Risks
 
Apa style dissertation pay for performance sensitivity on executive equity ow...
Apa style dissertation pay for performance sensitivity on executive equity ow...Apa style dissertation pay for performance sensitivity on executive equity ow...
Apa style dissertation pay for performance sensitivity on executive equity ow...
 
COSO Implementation: Getting Real, Getting It Right
COSO Implementation: Getting Real, Getting It RightCOSO Implementation: Getting Real, Getting It Right
COSO Implementation: Getting Real, Getting It Right
 
Methodology to align business and it policies use case from an it company
Methodology to align business and it policies use case from an it companyMethodology to align business and it policies use case from an it company
Methodology to align business and it policies use case from an it company
 
Compliance in the framework of corporate governance (side panel 2) - Oliver O...
Compliance in the framework of corporate governance (side panel 2) - Oliver O...Compliance in the framework of corporate governance (side panel 2) - Oliver O...
Compliance in the framework of corporate governance (side panel 2) - Oliver O...
 
Microsoft 365 governance approach
Microsoft 365 governance approachMicrosoft 365 governance approach
Microsoft 365 governance approach
 
Corporate covernance as a tool for curbing bank distress in
Corporate covernance as a tool for curbing bank distress inCorporate covernance as a tool for curbing bank distress in
Corporate covernance as a tool for curbing bank distress in
 
V091013 db1 oh&s issues for the board-09-10-13
V091013 db1 oh&s issues for the board-09-10-13V091013 db1 oh&s issues for the board-09-10-13
V091013 db1 oh&s issues for the board-09-10-13
 
Extreme Engagement Engine with Case Studies
Extreme Engagement Engine with Case StudiesExtreme Engagement Engine with Case Studies
Extreme Engagement Engine with Case Studies
 
An Introduction To Compliance Program
An Introduction To Compliance ProgramAn Introduction To Compliance Program
An Introduction To Compliance Program
 
Corporate Governance in Subsidiary Company
Corporate Governance in Subsidiary CompanyCorporate Governance in Subsidiary Company
Corporate Governance in Subsidiary Company
 

Similar to Compliance and-internal-audit-a-dangerous-comb

A Synopsis On -Corporate Governance And Performance Around The World What We...
A Synopsis On -Corporate Governance And Performance Around The World What We...A Synopsis On -Corporate Governance And Performance Around The World What We...
A Synopsis On -Corporate Governance And Performance Around The World What We...Allison Koehn
 
1082018 Printhttpscontent.ashford.eduprintAUOMM640..docx
1082018 Printhttpscontent.ashford.eduprintAUOMM640..docx1082018 Printhttpscontent.ashford.eduprintAUOMM640..docx
1082018 Printhttpscontent.ashford.eduprintAUOMM640..docxdrennanmicah
 
The relationship between organizational control environments
The relationship between organizational control environmentsThe relationship between organizational control environments
The relationship between organizational control environmentsAlexander Decker
 
Chapter 9 Managing and Controlling Ethics Programs
Chapter 9 Managing and Controlling Ethics ProgramsChapter 9 Managing and Controlling Ethics Programs
Chapter 9 Managing and Controlling Ethics ProgramsFirdaus Fitri Zainal Abidin
 
The impact of internal control activities on financial performance of
The impact of internal control activities on financial performance ofThe impact of internal control activities on financial performance of
The impact of internal control activities on financial performance ofAlexander Decker
 
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKPOSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKHaresh Lalwani
 
Running head business governance in an industry1 business gov
Running head business governance in an industry1 business govRunning head business governance in an industry1 business gov
Running head business governance in an industry1 business govDIPESH30
 
Tyco Internal Audit Case Study
Tyco Internal Audit Case StudyTyco Internal Audit Case Study
Tyco Internal Audit Case StudyJessica Myers
 
Designing Effective Financial Controls
Designing Effective Financial ControlsDesigning Effective Financial Controls
Designing Effective Financial ControlsStephen G. Lynch
 
The effect of risk based audit approach on the implementation of internal co...
The effect of risk based audit approach on the implementation of internal co... The effect of risk based audit approach on the implementation of internal co...
The effect of risk based audit approach on the implementation of internal co...inventionjournals
 
A re balanced scorecard- a strategic approach to enhance manageri
A re balanced scorecard- a strategic approach to enhance manageriA re balanced scorecard- a strategic approach to enhance manageri
A re balanced scorecard- a strategic approach to enhance manageriPhuong Dx
 
Hr audit white_paper
Hr audit white_paperHr audit white_paper
Hr audit white_paperatirem
 
Reinventing Internal Audit Final April 2015
Reinventing Internal Audit Final April 2015Reinventing Internal Audit Final April 2015
Reinventing Internal Audit Final April 2015Tim Leech
 
Reinventing Internal Audit Final April 2015
Reinventing Internal Audit Final April 2015Reinventing Internal Audit Final April 2015
Reinventing Internal Audit Final April 2015Tim Leech
 
Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self AssessmentManoj Agarwal
 
Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)Mohammad Wahid Abdullah Khan
 
The Effect of Working Experience, Integrity, Competence, and Organizational C...
The Effect of Working Experience, Integrity, Competence, and Organizational C...The Effect of Working Experience, Integrity, Competence, and Organizational C...
The Effect of Working Experience, Integrity, Competence, and Organizational C...iosrjce
 
2015 Tackling This Year's Audit Hot Spots
2015 Tackling This Year's Audit Hot Spots2015 Tackling This Year's Audit Hot Spots
2015 Tackling This Year's Audit Hot SpotsRon Steinkamp
 

Similar to Compliance and-internal-audit-a-dangerous-comb (20)

A Synopsis On -Corporate Governance And Performance Around The World What We...
A Synopsis On -Corporate Governance And Performance Around The World What We...A Synopsis On -Corporate Governance And Performance Around The World What We...
A Synopsis On -Corporate Governance And Performance Around The World What We...
 
Lean Auditing
Lean AuditingLean Auditing
Lean Auditing
 
1082018 Printhttpscontent.ashford.eduprintAUOMM640..docx
1082018 Printhttpscontent.ashford.eduprintAUOMM640..docx1082018 Printhttpscontent.ashford.eduprintAUOMM640..docx
1082018 Printhttpscontent.ashford.eduprintAUOMM640..docx
 
The relationship between organizational control environments
The relationship between organizational control environmentsThe relationship between organizational control environments
The relationship between organizational control environments
 
Chapter 9 Managing and Controlling Ethics Programs
Chapter 9 Managing and Controlling Ethics ProgramsChapter 9 Managing and Controlling Ethics Programs
Chapter 9 Managing and Controlling Ethics Programs
 
The impact of internal control activities on financial performance of
The impact of internal control activities on financial performance ofThe impact of internal control activities on financial performance of
The impact of internal control activities on financial performance of
 
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKPOSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
 
Running head business governance in an industry1 business gov
Running head business governance in an industry1 business govRunning head business governance in an industry1 business gov
Running head business governance in an industry1 business gov
 
Tyco Internal Audit Case Study
Tyco Internal Audit Case StudyTyco Internal Audit Case Study
Tyco Internal Audit Case Study
 
Designing Effective Financial Controls
Designing Effective Financial ControlsDesigning Effective Financial Controls
Designing Effective Financial Controls
 
The effect of risk based audit approach on the implementation of internal co...
The effect of risk based audit approach on the implementation of internal co... The effect of risk based audit approach on the implementation of internal co...
The effect of risk based audit approach on the implementation of internal co...
 
A re balanced scorecard- a strategic approach to enhance manageri
A re balanced scorecard- a strategic approach to enhance manageriA re balanced scorecard- a strategic approach to enhance manageri
A re balanced scorecard- a strategic approach to enhance manageri
 
Hr audit white_paper
Hr audit white_paperHr audit white_paper
Hr audit white_paper
 
Reinventing Internal Audit Final April 2015
Reinventing Internal Audit Final April 2015Reinventing Internal Audit Final April 2015
Reinventing Internal Audit Final April 2015
 
Reinventing Internal Audit Final April 2015
Reinventing Internal Audit Final April 2015Reinventing Internal Audit Final April 2015
Reinventing Internal Audit Final April 2015
 
Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self Assessment
 
Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)
 
I0955965
I0955965I0955965
I0955965
 
The Effect of Working Experience, Integrity, Competence, and Organizational C...
The Effect of Working Experience, Integrity, Competence, and Organizational C...The Effect of Working Experience, Integrity, Competence, and Organizational C...
The Effect of Working Experience, Integrity, Competence, and Organizational C...
 
2015 Tackling This Year's Audit Hot Spots
2015 Tackling This Year's Audit Hot Spots2015 Tackling This Year's Audit Hot Spots
2015 Tackling This Year's Audit Hot Spots
 

Recently uploaded

How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityEric T. Tung
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1kcpayne
 
Over the Top (OTT) Market Size & Growth Outlook 2024-2030
Over the Top (OTT) Market Size & Growth Outlook 2024-2030Over the Top (OTT) Market Size & Growth Outlook 2024-2030
Over the Top (OTT) Market Size & Growth Outlook 2024-2030tarushabhavsar
 
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 MonthsSEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 MonthsIndeedSEO
 
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Falcon Invoice Discounting
 
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan CytotecJual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan CytotecZurliaSoop
 
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Adnet Communications
 
Mckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for ViewingMckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for ViewingNauman Safdar
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with CultureSeta Wicaksana
 
Pre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxPre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxRoofing Contractor
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizharallensay1
 
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All TimeCall 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Timegargpaaro
 
Structuring and Writing DRL Mckinsey (1).pdf
Structuring and Writing DRL Mckinsey (1).pdfStructuring and Writing DRL Mckinsey (1).pdf
Structuring and Writing DRL Mckinsey (1).pdflaloo_007
 
New 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck TemplateNew 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck TemplateCannaBusinessPlans
 
Cannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 UpdatedCannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 UpdatedCannaBusinessPlans
 
CROSS CULTURAL NEGOTIATION BY PANMISEM NS
CROSS CULTURAL NEGOTIATION BY PANMISEM NSCROSS CULTURAL NEGOTIATION BY PANMISEM NS
CROSS CULTURAL NEGOTIATION BY PANMISEM NSpanmisemningshen123
 
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165meghakumariji156
 
PHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPanhandleOilandGas
 
BeMetals Investor Presentation_May 3, 2024.pdf
BeMetals Investor Presentation_May 3, 2024.pdfBeMetals Investor Presentation_May 3, 2024.pdf
BeMetals Investor Presentation_May 3, 2024.pdfDerekIwanaka1
 

Recently uploaded (20)

How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1
 
Over the Top (OTT) Market Size & Growth Outlook 2024-2030
Over the Top (OTT) Market Size & Growth Outlook 2024-2030Over the Top (OTT) Market Size & Growth Outlook 2024-2030
Over the Top (OTT) Market Size & Growth Outlook 2024-2030
 
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 MonthsSEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
 
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
 
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan CytotecJual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
 
Buy gmail accounts.pdf buy Old Gmail Accounts
Buy gmail accounts.pdf buy Old Gmail AccountsBuy gmail accounts.pdf buy Old Gmail Accounts
Buy gmail accounts.pdf buy Old Gmail Accounts
 
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
 
Mckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for ViewingMckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for Viewing
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
Pre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxPre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptx
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
 
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All TimeCall 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
 
Structuring and Writing DRL Mckinsey (1).pdf
Structuring and Writing DRL Mckinsey (1).pdfStructuring and Writing DRL Mckinsey (1).pdf
Structuring and Writing DRL Mckinsey (1).pdf
 
New 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck TemplateNew 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck Template
 
Cannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 UpdatedCannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 Updated
 
CROSS CULTURAL NEGOTIATION BY PANMISEM NS
CROSS CULTURAL NEGOTIATION BY PANMISEM NSCROSS CULTURAL NEGOTIATION BY PANMISEM NS
CROSS CULTURAL NEGOTIATION BY PANMISEM NS
 
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
 
PHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation Final
 
BeMetals Investor Presentation_May 3, 2024.pdf
BeMetals Investor Presentation_May 3, 2024.pdfBeMetals Investor Presentation_May 3, 2024.pdf
BeMetals Investor Presentation_May 3, 2024.pdf
 

Compliance and-internal-audit-a-dangerous-comb

  • 1. Compliance and Internal Audit: A Dangerous Combination? By Urton Anderson CIA, CCEP and Sheryl Vacca, CCEP, CHC-F, CHRC, CHPC A recent column in the February 2011 issue of the Internal Auditor by Catherine Henry - “Governance Perspective: Too Close for Comfort” – addresses the relatively common practice of combining the internal audit and the compliance/ethics functions. Citing a 2009 study of 560 compliance professionals from both public and privately-held organizations, 12.2% reported that the organization’s compliance/ethics officer was also the head of internal audit. This was slightly higher than the other common practice of assigning the compliance/ethics role to General Counsel (R. Walker, “Compliance and Ethics Officer Positioning,” Compliance and Ethics Professional, December 2009, pp 46-51). Henry brings up a number of concerns surrounding combining the internal audit and the compliance/ethics functions. These concerns include not only the expected auditor independence and objectivity issues but arguments that the combination weakens the effectiveness of compliance and ethics as well. Her conclusion is that whatever advantage the combination of the two functions might bring to the organization, the dangers to the longer term interest of the organization and its stakeholders make such a combination ill advised. For higher education the issue of duel responsibility is of particular concern as the practice of combining the functions has been particularly common in the university setting as a quick Google or Bing search on “Office of Audit and Institutional Compliance” will illustrate. Susan Keller (“Building a Compliance Program in Higher Education Institutions without a Compliance Officer,” College & University Auditor, Spring 2009, p 7) argues that the IA function is a natural driver for development of an institution-wide compliance functions in universities because in the very decentralized governance structure in higher education it is one of the few groups with university-wide view of risk and control. IA, she notes, is also uniquely positioned to gather, analyze and share information across the institution. In her article, she describes how IA at three major universities has driven the successful development of the compliance function in those respective institutions, with each still keeping the two functions combined. Others have presented additional benefits to a combined function. In combined compliance and internal audit functions collaboration to achieve the responsibilities of both groups is excellent. This collaboration is critical as there are indeed shared roles and responsiblies between the two functions. Rupport (“Contrasting Roles and Responsibilities – Corporate Compliance and Internal Audit,” New Perspectives, Summer 2006) identifies the following commonalities when both functions follow best practices:  Functional reporting to the organization’s board typically through an audit or compliance committee.  Board established authority via approved charter and programs.  Administrative reporting to the CEO.  Access to the entire organization per board directive.
  • 2.  Recognized and communicated understanding that management is responsible for internal control including compliance and that corporate compliance and internal audit is not.  Have the authority to conduct investigations.  Are risk based.  As cost centers the functions are not designed to contribute to the bottom line but can identify cost savings and improve organizational processes. Rupport’s point that these are commonalities when both functions are following best practices is an important qualification. In particular this implies that both functions are independent of operations. While for internal audit the need for the function to be independent from operating responsibilities for the area has long been recognized in professional standards; however, the notion of an organizational-wide compliance function independent from operations is a relatively newer practice in higher education. From an organizational perspective combining the functions has the clear benefit of reducing administrative burden on the CEO or other senior manager to whom the functions would report. A combined function would also make more efficient use of board members time by streamline reporting to the audit/compliance committee. But an even great benefit may come from the improvement in organizational governance by enabling the board members to more effectively meet their responsibilities for oversight of ethics and compliance as well as for overall risk management and internal control. Combining the functions also increases the likelihood that the organization would adopt a common risk management and control framework, further improving the effectiveness of senior management and the board oversight of the organization. For operating managers there is also the benefit of reducing assurance fatigue since a combined function dramatically improve the coordination of auditing and monitoring activities. At the University of California, we have tried to integrate the risk assessment process with IA and Compliance to leverage efficiencies of the process. Both IA and Compliance develop their own plan but the process of risk assessment is done together, i.e., interviews, collection of related information, etc.. This helps to also enhance viewpoints from each of the perspectives and identify areas which may be common for focus on the new year plan for IA and Compliance. While there are many similarities in responsibilities between the internal audit function and the compliance function there also key differences. The internal audit function’s primary role in the organization is to provide independent, objective assurance to senior management and the board that risks are being managed to an acceptable level, particularly those risks that management has elected to address through internal controls. These risks include the risk that organization will not follow legal and regulatory requirements or will violate the organization’s values and internal policies, the same risks with which compliance is concerned. However, the IA function also has concerns over risks regarding the reliability and integrity of financial and operation information, the risks that the organization’s assets are not safeguarded, and the risks that the organization will not achieve its strategic and operating objectives. The compliance/ethics function in contrast works as a change agents in facilitating and assuring that management is addressing key risk areas (such as those listed above from an IA perspective) related to compliance with any rules, regulations, laws and/or policies that must be
  • 3. followed. Additionally, Compliance must provide assurance that the management mechanisms put into place to resolve compliance risks effectively mitigate the potential and/or real compliance risks identified. Compliance also has the responsibility to assure that anonymous communication methods are in place for employees to raise issues without fear of retribution and/or retaliation. Another difference in roles is that while IA may take into consideration and provide observations on the ethical culture, for an “effective” compliance program the ethical culture and regulatory compliance must be integrated. The importance of ethical culture in a compliance program has to do with:  active leadership engagement, management control systems and processes, employee commitment and  attract good people and encourage them to speak up without the fear of retaliation. Presently, those higher education institutions that have enterprise wide compliance programs have adapted the “United States Sentencing Commission: Federal Sentencing Guidelines for Organizations, Chapter 8” to build their compliance program. In Chapter 8, seven elements of an effective compliance program are identified and if evident, “credit” will be given towards the sentencing for the criminal violation under consideration. The seven elements (paraphrased) are: standards of conduct, oversight, education, auditing & monitoring, communication & reporting, and enforcement & discipline. Because of the diversity of risks, the different functions and business owners in a university setting, enterprise wide compliance programs are challenging and implemented through different structural models, i.e., centralized, decentralized, hybrid central/decentralized model. Sometimes only the key risks are addressed in compliance programs, i.e., research, athletics, etc. and these programs would not be considered comprehensive in looking at all the risks of the organization. From an internal audit perspective the issue with a combined IA and compliance/ethics function is the problems of independence of the IA function and of maintaining auditor objectivity. Some take an extreme view of independence as meaning the IA function must be free from any involvement in operational responsibilities. However such a view is not consistent with Internal Auditing Standards or with the standards for internal audit under the Governement Auditing Standards as reflected in the GAO, Government Auditing Standards ( 2010 Exposure Draft). The IIA Standards define independence as: The freedom from conditions that threaten the ability of the internal audit activity to carry out internal audit responsibilities in an unbiased manner. IIA Standard 1100 states that the internal audit activity must be independent, while internal auditors must be objective. This is a subtle, yet important, distinction. Independence is an attribute of the audit function; whereas objectivity is an attribute of the individual auditor. The attribute of the internal audit function relates to its organizational independence. At the most fundamental level, independence is the ability to conduct internal audit activities without undue influence or control. Objectivity relates to the individual auditor. Standard 1120 describes objectivity of the individual auditors and states that individual auditors achieve this objectivity when they “have an impartial, unbiased attitude and avoid any conflict of interest.” The Standards reflect the notion found in the 2001IIA Research Foundation study (Jane Mutchler,
  • 4. Independence and Objectivity: A Framework for Internal Auditors) that objectivity alone is what directly produces the value of the audit. The value that independence brings to the audit table is based on its creation of “an environment that maximizes the likelihood of auditor objectivity.” In other words, in the audit environment depicted by the Standards, the Value Proposition, and related research, independence is significant because it gives the audit activity a level of autonomy that facilitates a major determinant of internal audit value — the individual auditor’s objectivity. By acknowledging that it is the individual auditor’s impartial state of mind that renders value to the audit product, not his or her abstinence from involvement in management and organizational activities, the internal audit team is free to assume a more proactive, preventive, and valuable role in the organization. What then are the additional threats to auditor objectivity in combined functions and what safeguards can be put in place to mitigate these threats? The most significant threat is where the compliance function assumes or becomes extensively involved in management operating responsibilities. However, emphasis from the Federal Sentencing Guidelines, the enforcement community and the growing reality for compliance programs to be effective, is that there needs to be reporting to the highest levels of the organization, i,e., Board and/or CEO and that there is independence from any management functions. This is difficult for compliance because the areas where this is mostly to occur is the development of organizational policies and procedures, design and implementation of controls to address specific compliance risks, and development and delivery of specialized training of employees. To assure independence, the first safeguard that can be put in place is to have separate staff assigned to the compliance and internal audit responsibilities, staff that is not involved in the conduct of audits. A second safeguard would be to make explicit that while compliance staff can assist in developing and drafting policies and procedures, such policies and procedures are ultimately the responsibility of management and should receive management’s formal approval. A final, and most essential, safeguard is to have a periodic independent review of the effectiveness of the compliance program to provide the objective assurance the board and senior management needs to fulfill their oversight responsibilities. When audit and compliance are separate functions, internal audit can provide this assurance; but when combined it will be necessary to use assurance providers from outside the organizations. Each organization must determine how to tailor both the compliance/ethics function and internal audit function so as to best meet the organization’s needs. In terms of combining the function, the organization must weigh the potential benefits to organizational efficiency and effectiveness against risk of compromising the assurance provided by internal audit and cost of additional safeguards. Resources are diminishing in higher education but it does not negate the need for either of these functions. They are critical to the survival of our organizations as each of these responsibilities have complimentary influences on the overall culture related to identifying and mitigating risk.