Risk Based Internal Audit(IA) Case Study by M S N A Associates
The Challenge – Traditional Internal Audit Limitations
We have been working with a client, ABC Pvt Ltd (Name changed), as their internal auditors. The client earlier had a CA firm who was doing a very traditional internal audit which only focused on vouching, transactional accuracy, financial statements closure, etc.
What Was Our Proposal?
We Suggested a Shift to Risk-Based Internal Audit
We proposed to do a risk-based internal audit, and it took quite some time to explain the difference to the management and get their consensus. The initial years of audit were quite challenging because the management was used to a way of audit, and a lot of questions we used to ask them about risk and implications used to irk them.
There was a lot of resistance to implementing new suggestions from the IA team. Though the board was appreciative of the new suggestions coming up, the management was apprehensive about implementing them. Sometimes, our big IA reports used to feel a mere document without implementation of the same.
Our Solution – Transforming Internal Audit with a Proactive Approach
We did a few things differently and started seeing results:
1. We took the accounts team into confidence and explained the intent of the audit. We assured them that the IA is not an act of policing but to bring effective controls in the company.
2. We started focusing on the statutory non-compliance and identified the root cause of the issues. We started tackling the root cause. The root cause in majority of the cases were the knowledge of staff at the invoice processing level regarding TDS and GST.
3. We asked the accounts team to write emails to us as and when they encountered technical queries and tried to solve it the same day. This approach helped us to build preventive checks than detective checks.
4. With every IA report, we discussed the recommendations and asked the teams whether the same can be implemented. So, it started becoming a collaborative effort than a one-way effort.
5. The management started trusting us more with every report and started acting on our recommendations diligently.
6. We started appreciating the team for improvements rather than only looking at the observations.
What We Achieved Through Our Risk-Based Internal Audit Service?
When we presented the report recently, we found that majority of the statutory compliance issues were cleared from its root and the processes eventually had become robust enough to find the issues and plug it before the month-end book closure procedure. This only makes us happier.
Benefits of Risk-Based Internal Audit –
- Effective and efficient processes that are not person-dependent
- Plug revenue leakage loopholes
- Highly compliant with the governing regulations
- Build a strong culture of compliance and corporate governance.
This is a case study that makes us happy to be a small part of making companies get better and better. 🙂
