Study on Implementation of Internal Audit Recommendations

Background: Internal Audit Function (IAF)in an organisation has to play a very critical role for ensuring right process and controls which in turn affects the level of Corporate Governance (CG). Internal audit role requires it to perform audit of policies, process and controls including the emerging role in enterprise risk management. In performing its role, it comes out with the recommendations on various improvement aspects as well as comments on existing gaps. It is said that IAF also has a consulting role for Executive Management (EM). The reporting of IAF is normally to either the Chief Executive Officer (CEO) or Audit Committee (AC). Most of research suggest that sound governance process advises the IAF reporting should be to AC to maintain independence. This is more important as the execution of implementation recommendations lies with Executive Management (EM). This paper analyses the aspects of implementation of recommendations made by IAF and the challenges it faces in getting the effective and quick implementation.

Purpose/Objective: Organisations and the IAF are facing the challenges of effective implementation of IAF recommendations. While the role evolvement of IAF has made it very critical part of governance process, non-implementation or delayed implementation of recommendation are a cause of concern. This may be due to procedural aspect or due to intentional delay as non-acceptanceof recommendations by EM. Non-acceptance by EM may throw serious governance issue as these may be on account of individual interest within the organisation. While on the broader basis AC do get a feedback on the implementation status of recommendations, but sometime the independence and assessment of this feedback lacks credibility. This paper intends to study aspects which can improve the effective implementation. It also will analyse the possible reason or obstacles which tend to result in problem of non-implementation of IAF recommendations. There is no defined role and responsibility for implementation of IAF recommendations and it lies ultimately to process owners only. The concept of deviation approval of various procedural aspects is in place in many organisations. Presence of these deviations’ approval mechanism is further an issue as approving authority on deviations are made within the EM. The paper analyses that effective implementation will improve the IAF effectiveness.

Methodology:This paper is based on empirical studies done in past on the subject of IAF effectiveness with its linkages with implementation and also an analysis of primary data collected from around 50 senior audit executives and their views on the challenges on implementation of IAF recommendations. The participants were taken from various roles within the audit function. The questions evolved around the views on reasons for non-implementation of IAF recommendation or obstacles created by EM to implement the same.

Findings:Our study finds that there is a need of effective implementation of IAF recommendation and a design of methodology / responsibility matrix is needed. Audit Committee (AC) can play an important role in this process and should set policy and guidelines for timebound implementation of recommendations. Further our study suggests that deviation approvals of any policy should be outside the ambit of EM and must be given to an independent set of departments. Our study also find that AC needs to identify a responsible officer other than EM to monitor and report the status of implementation which should ensure a comprehensive implementation.

Limitations:This research is limited based on Indian context and need to be further tested in global environment. Further the paper is based on a survey on a population of 50 executives in IAF role, which can further be extended in larger varied group including the members from EM to capture their views.