control, and governance
A CAE recasts his audit plan to focus on operational activities, only to find the audit committee is more concerned with addressing new regulatory requirements.
Charlie Wilson, chief audit executive at Ranger Communications, regards keeping abreast of stakeholder expectations one of his most important job responsibilities. Accordingly, he has spent a great deal of effort over the past three years staying attuned to the “Big 3”: the audit committee, executive management, and operations management. And while internal audit has focused primarily on regulatory and policy compliance during that time, Charlie’s discussions with operations management have led him to change direction and consider a more progressive approach to audit (see “Change is Hard”). Executive management agrees that internal audit should take a more consultative role that provides insight on operational opportunities and not just recommendations for further control tightening. Charlie is developing an audit plan that reflects this change in direction and preparing to review it with the audit committee.
Charlie feels confident about his decision, already knowing that two of his BIG 3 will be pleased with the new approach. And even though it was a tough sell, he was able to convince the members of his audit team that the change in perspective would broaden their exposure to new areas. He also assured them it would be beneficial to their long-term career development.
As the next audit committee meeting begins, the committee chairman compliments Charlie and his group on how well things seem to have gone during the last year. He then pulls out a few articles that recently appeared in well-known business publications. Some of the articles detail new regulations that would impact Ranger; others describe regulatory and control lapses at several large, publicly traded companies that resulted in reputational damage and financial penalties. The chairman asks Charlie to explain to the committee how his audit plan would address these types of issues and “help keep Ranger and this committee out of the news and off the front page.” The other committee members nod in agreement.
Charlie is caught completely off guard. His plan covers only the basic regulatory testing required by the U.S. Sarbanes-Oxley Act of 2002, and he’s not sure he can connect the plan to some of the issues cited by the chairman, including security breaches, payment of bribes, and recent regulations like the U.S. Dodd-Frank Wall Street Reform and Consumer Protection Act. He wonders if the planned level of audit coverage will be sufficient to address the committee’s concerns. Should he move forward with his plan to convince the committee that his proposed change in perspective holds value for Ranger? Maybe he should have at least previewed the plan with the committee chairman before the meeting? At this point his options are limited. How is it possible in the current regulatory environment and uncertain economic conditions for any audit group to cover all the bases?
COMMENT ON THIS ARTICLE
Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online, or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to edit/remove comments.