Expertise Beyond the Numbers

Internal Audit: Adding Value to High-Performing Organizations

The value that internal audit provides to an organization, whether at a strategic level or as a result of specific audits, can be perceived in various ways and typically depends on the audience. Throughout each audit, various “groups” or parties are involved that roll-up to a collective audience, each with their own expectation of audit results, benefits, and value.

A typical audit audience is comprised of both high level/global and direct/front line audiences. The global audience includes executive leadership, an audit committee, and external stakeholders. The front-line audience includes Internal Audit management and department level (auditee) management, and departmental end-users.

Internal audit can measure its results both quantitatively and qualitatively. Examples of areas where value is added either directly or indirectly were highlighted in Understanding the Benefits of an Effective Internal Audit Function.

Examples of Value Add

SC&H’s Risk Management practice partners with organizations to conduct internal audits, business process improvement reviews, and consulting focused engagements. The results of these engagements often touch on a combination of the categories of value. Examples of measured results we’ve provided for our clients include the following.

Financial value:
Depending on the subject and objectives of the audit, outcomes can result in increased revenues (through complete and accurate billing, etc.) or cost savings (through added efficiency, reduced waste, etc.) to the organization.

Identified instances where:

  • A vendor performed over $200,000 of work that was above the not-to-exceed amount authorized by the client’s Board.
  • A vendor performed over $600,000 of work outside the period of performance documented in task orders.
  • A vendor performed work outside the scope of services identified in the contract and task orders.
  • Item pricing was not based on a formulized methodology to ensure production costs were covered.
  • All prices listed on the provider’s website did not display accurately, several items listed below cost and all were listed for less than the expected retail price per the accounting system. Items listed below cost were honored at this price, resulting in a financial loss.

Time savings:
Audit procedures can identify potential process inefficiencies, communication gaps, excessively manual tasks, etc. that impact employee productivity and process workflow timing.

Identified instances where:

  • Using data analytics, identified an opportunity to expand a purchase card program and alleviate/reduce the volume of invoices that required AP processing (resource utilization).
  • Identified potential system functionalities that could be maximized to increase workflow automation.
  • Recommended the reduction of the organization’s credit card providers from two to one (administrative burden).

Valued resource:
Benefits can be measured based on the perception of, and reaction to, internal audit within the organization. In organizations where internal audit is seen as a valuable strategic asset, stakeholders are encouraged to engage internal audit not only for scheduled audits, but also for special assignments based on specific identified risks, objectives, and concerns.

Identified instances where:

  • Partnered with Executive leadership to draft and formalize internal policies and standard operating procedure documentation, which increased organizational accountability and promoted consistent application of internal controls.
  • Assisted with the development of formalized request/approval forms, as well as required reconciliation documentation.

Risk mitigation:
Internal audit is a risk-based function. Risks are constantly evolving and it is crucial for any organization to assess risk (financial, operational, regulatory, safety, IT, etc.) periodically. An effective internal audit function is third line of defense to highlight these risks and ensure that they’ve been properly considered and addressed, to mitigate the potential for negative events occurring.

Identified instances where:

  • Performed data analytics of the vendor master file and identified vendor records with multiple names, numbers, and/or addresses.
  • Recommended restrictions of allowable merchant codes within the purchase card program to prevent misuse/abuse.
  • Cash was inappropriately diverted from an agency in excess of $150,000.
  • Unauthorized bank accounts were created.
  • Expenses were not properly approved and did not have a business-related need.

Internal audit departments should be viewed throughout an organization as a valuable independent resource and partner, comprised of experienced individuals with specific skill sets to solve problems, analyze data and information, and help develop potential solutions. This can be especially helpful within organizations that experience constant change within their internal and/or external environments, or could benefit from independent assessments (“from the outside, looking in”).

The more internal audit is approached for assistance and given the opportunity to help, the more it can be seen as a value-added component of the organization. Organizational leadership should be considering the specific goals they are trying to achieve, the unique risks and challenges faced by their organization, and the resources needed to appropriately address each risk. Each of these factors need to be considered together to determine the optimal strategy for maximizing available resources to best evaluate and mitigate risks, thus allowing the organization to most efficiently and effectively achieve its mission, goals and objectives.

If you’d like to learn more about the value that internal audit could add to your organization, or if you think you may benefit from specialized expertise, please contact SC&H for more information.