The corporate laws and guidelines of various countries and the Institute of Internal Auditors mandate independence of internal auditors. I wonder is this something really feasible when the Internal Audit Department and Chief Audit Executive (CAE) are part of the organization. The questions which come up are:
- Do we really expect the board and C-suite executives to give a pat on the back of internal auditors for a job well done? Is the expectation from CXO's to judge fairly and impartially correct, when reports are submitted with strong criticism on the business operations and ethics. In such a scenario do we envisage the internal auditor losing his / her job or getting promotions and increments?
- Do we assume that all organization cultures are constructive and there will be no retaliation against the internal audit staff for finding critical gaps in which the operation teams face flak and political wars ensue because of it, and some may end up losing their jobs? On issuing strong reports, the political survival of the internal audit teams could have been in jeopardy if the organization has a destructive organization culture. Here, the probability is high, that the internal audit teams are only going to issue comfortable reports to safeguard their positions.
- In a few companies the Head of Internal Audit reports to the Chief Financial Officer. Here, how can we expect the internal audit team to report financial frauds which the Chief Financial Officer maybe an accomplice?
- The relationships between the Audit Committee and CAE are not strong enough in most cases. In few situations the Audit Committee does not have political power to protect the CAE if he / she upsets the board by issuing candid reports. The percentage of CAEs who were terminated after issuing a critical report is significant. The informal feedback organizations provide regarding the terminated CAE is that "these guys are trouble makers, do not play ball". Here is the CAE's have a tough time getting another job.
The 2010 KPMG report on "Highlights of the Sixth Annual Audit Committee Issues Conference" shows two points of interest:
- 27% of the boards encourage contrarian views and discourage group think. 64% do it somewhat, and 9% do not do it at all. That is, 73% of the time the Chief Audit Executive may at risk for holding a discrepancy view to the board.
- 48% reported that the largest hindrance to improving governance was the ability / willingness to challenge management.
In the report of Crowe Horwath November 2009 – Avoiding the Black Swan: Barriers to Improving Risk Management – 36% of the CFO's reported that the barrier to risk management is perception of risk management as an unnecessary interference with business activities and 24% stated organizational resistance . However, only 5% declared lack of independence as a barrier. Are we ignoring the relationship between perception and resistance to risk management with the independence issue?
In such a scenario we can reasonably expect the internal auditor to risk professional death to maintain his / her independence? In the recent financial crises the role of internal auditors was not even significantly questioned. They ideally should have been able to highlight the fallacies of the transactions and the extensive mortgage decisions taken by the operations team. Is this a condition acceptable by the legal board that internal auditors do not have the political position to question the real operational and financial risks being undertaken by the organization? The irony is that the internal auditors are in the best position to highlight these risks, but they are only kept as "yes men".
To protect the economy from further corporate disasters, we really need to give more political power to the internal auditors. The question comes up how to we ensure independence of internal auditors in spirit and culture and not just on paper.
Please share your thoughts on the subject.