A Recent Internal Audit (IA) Case Study
We have been working with a client ABC Pvt Ltd (Name changed) as their internal auditors. The client earlier had a CA firm who were doing a very traditional internal audit which only focused on vouching, transactional accuracy financial statements closure, etc.
We proposed to do a risk-based internal audit, and it took quite some time to explain the difference to the management and get their consensus. The initial years of audit were quite challenging because the management was used to a way of audit and a lot of questions we used to ask them about risk, and implications used to irk them.
There was a lot of resistance to implementing new suggestions from the IA team. Though the board was appreciative of the new suggestions coming up, the management was apprehensive about implementing them. Sometimes, our big IA reports used to feel a mere documents without implementation of the same.
Changing Our Approach, Seeing Results
We did a few things differently and started seeing results:
- We took the accounts team into confidence and explained the intent of the audit. We assured them that the IA is not an act of policing but to bring effective controls in the company.
2. We started focusing on the statutory non-compliance and identified the root cause of the issues. We started tackling the root cause. The root cause in the majority of the cases was the knowledge of staff at the invoice processing level regarding TDS and GST.
3. We asked the accounts team to write emails to us as and when they encountered technical queries and tried to solve them the same day. This approach helped us to build preventive checks rather than detective checks.
4. With every IA report, we discussed the recommendations and asked the teams whether the same could be implemented. So, it started becoming a collaborative effort rather than a one-way effort.
5. The management started trusting us more with every report and started acting on our recommendations diligently.
6. We started appreciating the team for improvements rather than only looking at the observations.
Turning Reports into Strong, Compliant Processes
When we presented the report recently, we found that the majority of the statutory compliance issues were cleared from its root and the processes eventually had become robust enough to find the issues and plug it before the month-end book closure procedure. This only makes us happier.
The goal is not to issue a fat IA report but to eventually aid the companies towards:
- Effective and efficient processes that are not person-dependent
- Plug revenue leakage loopholes
- Highly compliant with the governing regulations
- Build a strong culture of compliance and corporate governance.
This is a case study that makes us happy to be a small part of making companies get better and better 🙂
