j a m e s g r e c h - risk - advisory - internal audit

What we do

We provide professional services, which include advisory, risk management, internal audit and education in Malta.  Our unique knowledge, specialist skills and internal audit experience help clients improve operations, manage risks and hence add value for both owners and stakeholders alike.

We do not believe in “one size fits all” solutions, so we strive to customise our approach and resources to the particular client’s needs and objectives of the clients within the parameters of international standards and code of ethics which we abide with.

LATEST NEWS

Internal Audit Roles – Moving Away from the Myths

Article written by James Grech and published on the Malta Business Weekly issued on 12 August 2010

Fundamentally Internal Auditing exists in order to provide “assurance” i.e a level of comfort to Senior Management and the Board of Directors that their organisation’s governance structure is sound and risk management and related internal control processes are working efficiently and effectively as intended.  Building on this expectation, the most important role of internal auditors can be viewed as that of informing Senior Management and the Board about the residual risk status of the organisation they are directing.  In this article I will try to expand on this aspect while keeping in mind a question which invariably many investors and other stakeholders are consistently asking:

Did Internal Audit fail?

In the wake of significant corporate governance and risk management failures of major companies worldwide, which led to the latest international economic crisis, many are posing this question – where was internal audit before these failures occurred?  Why were no warning signals given?

To answer these questions I feel the need to reproduce hereunder the definition of Internal Auditing which provides a powerful mandate to internal auditors.  The Institute of Internal Auditors defines Internal Auditing as being “an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”  My first simple conclusion is that if the important elements of this definition were not included in the Audit Charter, then yes the Internal Audit function has some level of blame.  The Audit Charter is the official document setting out the roles and responsibilities of the function and the oversight role played by the Board of Directors, hence its intrinsic importance in serving as the terms of reference for both parties.  Equally, if the major roles of the Internal Audit function were adequately reflected in the Audit Charter, but for some reason the function fell short of conducting adequately planned risk-based assurance assignments in accordance with professional Internal Auditing Standards and good practice, or failed to make adequate recommendations to address major deficiencies noted – then again the function failed its purpose.