By Godfrey Nzombe- Chief Auditor
The Internal Audit (IA) department at CP works hand in hand with other units – not
as a fault-finding department but as a partner in strengthening systems and
assuring performance. This is an independent function involving the continuous
appraisal of the functioning of CP with a view to strengthening what is already
working and suggest improvements aimed at adding value to the organization. IA
provides assurance to management that the risks of the organisation are
understood and managed appropriately while also serving as an in-house consultant
in various areas of the company.
News outlets regularly report on corporate scandals and frauds, privacy invasions,
compromised ethics, and governance lapses. The technological changes, Internet
of Things, big data, mergers, and artificial intelligence amongst others suggest an
even more chaotic future. Business leaders resultantly forecast increased risk to
companies in legal terms, information security management, continued
globalisation, and growing and blurred competition amongst the unending changing
environment. All these changes suggest new demands, challenges, and
opportunities for management. IA is there to assist management to take stock of
these and ensure that CP can achieve its business objectives under these uncertain
times.
“IA analyse the environment and the operations of the business, making
recommendations to management.”
The Institute of Internal Audit recommends that every organisation should have
some form of internal control (IIA, 2013). The IA evaluates operational efficiency,
and financial reliability as well as assists in the safeguarding of company assets. In
carrying out such evaluation, IA also provides assurance that the organisation risk
management and internal control processes are working appropriately. IA assesses
discrepancies between documented process (what it is designed to do) and what
takes place on the ground. If there are any variances observed such variances are
documented for management attention and corrective action through
recommendations for process improvement. This requires IA to fully understand
the processes being audited to make practical and feasible control
recommendations which can improve efficiency and effectiveness of business
processes. The continuous monitoring and reviewing of the organisational
processes help the organisation to be more dependent on processes rather than
people.
Internal audit reports findings to top management and the Board. The reports
analyse, appraise, counsel, and inform on CP activities. The IA assists with the
establishment of effective controls, assessment of risks, and recommending
measures to address internal control weaknesses. The IA is also responsible for
monitoring the ethics and governance practices of the company.
AI, through its scope of responsibilities and coverage, has a broad perspective and
hence is a sounding board and resource for management and the board.
The competitive nature and the unlimited demands of the operating environment
of CP mean that the company is allocating resources prudently to serve its
customers and client efficiently. Therefore, the IA department is always evaluating
the current systems and recommending internal controls, recommending risk
reduction services using their broad perspective as resource for strong corporate
governance.
A recent example of I.A intervention in compliance issues is how CP is now
charging parking time in hours rather than monetary terms which was the previous
case. The charging of parking time and subsequent carrying amount in monetary
terms was prejudicing CP of the time value of money. The switch over to carrying
owing amount in terms of units measured in hourly parking time not paid for has
ensured that unpaid parking time is now measured at the current tariff rate. This
encourages compliance while preserving value for CP. The change-over from USD
to unit-based charging highlights one of the value-adding collaborations between
management and the CP Internal Audit Department.
When management accepts and acknowledges IA, as is the case with CP, it allows
IA to support management and the board in achieving the set business objectives.
IA brings integrity, objectivity, expertise and the ability to identify enterprise-
wide risks as well as evaluation of the effectiveness of internal controls. As
partners to management, IA is positioned to assist management to identify
traditional and emerging risks with the capability of identifying opportunities and
balancing these with the vulnerabilities in the operating environment.
IA is not responsible for the management of the business of CP nor for
implementing the controls. As such, it is important to note that the responsibility
of managing the business and internal controls rests with the management and the
Board. IA comes in to identify weaknesses and recommend improvements. When
such recommendations are implemented, it is important to note that such changes
in the internal control environment are owned by management, and not IA. IA
therefore always strives to make recommendations after a thorough interrogation
of the operating environment to ensure they are practical and feasible.
The IA department has established its pivotal role in the CP structures due to its
fundamental role by being a consistent companion who identifies potential risks
thereby preventing inconsistencies in procedures, policies, and controls, allowing
management to optimize the protection of assets, operations, and, consequently,
development, growth, and financial results. IA is, and should always be seen as the
catalyst to the achievement of business objectives by all.