The history of internal auditing in general provides interesting reading. The first internal auditing assignments usually originated to satisfy very basic and sharply defined operational needs. The earliest special concern of management was whether the assets of the entity were being properly protected, whether company procedures and policies were being complied with, whether the financial records were being accurately maintained. There was also considerable emphasis on fraud detection and maintenance of the status quo.
To a great extent also internal auditing was viewed as a closely related extension of the work of the external auditor. The result of all these factors was that the internal auditor himself was viewed as a person of relatively limited responsibility in the total managerial spectrum. He was the financially oriented checker and more of a policeman than a co-worker. Understanding this situation is important because it is an image which to some extent still exists for modern internal auditors, even when the character of the internal auditing function is now actually very much different.
Over a period of time, however, the situation has changed a great deal. The operations of the various organisations were increasing steadily in volume and complexity. The managerial problems thus created have resulted in new pressure on the higher level management. The managerial executive has therefore sought new ways of responding to these pressures. It is quite natural, then, that management would recognise the possibilities of better utilisation of services of the internal auditor. The role of the internal auditor in all entities has continued to expand. This has been due in part to the acceleration of social expectations for higher standards of professional conduct and for greater protection against inefficiency, misconduct, illegality, and fraud. There has been a more realistic recognition of the fact that the internal auditors can contribute importantly to satisfying the expanded protective needs.
At the same time there is the continuing truth that entities must be productive and achieve the best possible utilisation of their resources. There is also greater recognition that internal auditors can make major contributions in helping entities achieve the needed productivity. Together, therefore, these basic needs for protection and productivity define the dual role of modern internal auditor. Being exposed as he is to the day-to-day operations of the entity, the internal auditor is uniquely able to service the total needs on an integrated basis. The formation of the Institute of Internal Auditors with its head office in Florida and with its recondition as a professional body with its professional certification has also accelerated the process. Today, the certification, Certified Internal Auditor (CIA) is a highly sought after global professional qualification for the internal auditing profession.
Internal auditing today reflects a broad spectrum of types of operational activity and levels of coverage. In many entities, internal auditing as a formal staff activity is quite new and its more permanent role is still being defined. In other situations, for various reasons, internal auditing is still functioning for a major extent at the more routine compliance level. In some other situations it still suffers from being integrated with regular accounting or other operational activities. In certain situations internal auditing is carried out entirely or substantially only in the strictly financial areas. In other situations, the focus has shifted to a varying extent to the more general non-financial operational areas.
However, in most situations, the internal auditing group has moved to very high levels in all operational areas and has established itself as a valued and respected part of top management effort. The overall situation however reflects major progress in the scope of coverage and the level of service in the individual areas. Internal auditing today is defined by the Institute of Internal Auditors as: “An independent, objective assurance and consulting activity designed to add value and improve an entity’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes”.
The definition provided by IIA describes two types of internal audit services. These are:
- Assurance Services – An objective examination of evidence for the purpose of providing an independent assessment on governance, risk management, and control processes for the organisation. Examples may include financial, performance, compliance, system security and due diligence engagements. The internal auditor determines the nature and scope of the assurance engagement. An assurance engagement ends with the communication of the assessment opinion or conclusion arrived at to the interested users by the internal auditor, and
- Consulting Services – Advisory and related client service activities, the nature and scope of which are agreed to by the client and which are intended to add value and improve an organisation’s governance, risk management, and control processes without the internal auditor assuming management responsibility. Examples include counsel, advice, facilitation and training. The client determines the nature and scope of the advisory engagement with agreement from the internal auditor.
The Institute of Internal Auditors (Ghana) was born at the most auspicious and appropriate time in the history of the country following the passing of the three key financial instrument bills; namely:
(a) Financial Administration Act, 2003 (Act 654)
- Internal Audit Agency Act,2003 (Act 658)
- Public Procurement Act. 2003 (Act 663)
The effective and efficient implementation of all these bills will demand the services of professionals like accountants and auditors, not the least, internal auditors. The Institute is poised to cooperate with all the statutory bodies established under the various acts to ensure their absolute success and the institution of good governance
Section 30 of the Audit Service Act, 2000 Act 584 established the Audit Report Implementation Committee (ARIC). Section of Act 584 states:
“(1) An institution, body or organization which is subject to auditing by the Auditor-General shall establish an Audit Report Implementation Committee, comprising members of
- The governing Board or Council of that institution, body or organization where such Council or Board exist by law; or
- A Ministerial Committee for Ministries, Departments and Agencies of the Central Government, or
- A Special committee of the District Assembly
“(2) It shall be the duty of the Audit Report Implementation Committee to ensure that the head of an institution, body or organization to which subsection (1) applies
- pursues the implementation of matters in all audit reports as well as the Auditor-General’s reports endorsed by Parliament as well as financial matters raised in the reports of internal monitoring units in the institution, body or organization; and
- annually prepares a statement showing the status of implementation of recommendations made in all audit reports as well as the Auditor-General’s reports which have been accepted by Parliament and any other related directives of Parliament.
Currently, a member of the institute serves on every ARIC established in accordance with the guidelines issued by the Internal Audit Agency.
By Kwame Gyasi
E-mail: makgyasi@ug.edu.gh