"Internal Auditors and Direct Operational Involvement; Balancing Standards, Ethical Boundaries, and Real-World Challenges"

Internal auditing plays a pivotal role in strengthening organizational governance, enhancing risk management, and fortifying internal controls. As defined by the Institute of Internal Auditors (IIA), “Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes”.

The definition highlights independence and objectivity (unbiased) in providing assurance and consulting services, emphasizing a systematic approach to enhance risk management, control, and governance, in addition to that the newly positioning internal audit as a trusted advisor and a partner in achieving organizational objectives. However, traditional organizational dynamics increasingly call for internal auditors to expand their roles beyond assurance activities to include operational tasks, such as validating supplier payments, managing transactions, overseeing end-to-end procurement processes, and closely monitoring production. While these responsibilities may seem logical from a management perspective, they challenge the fundamental principles of independence and objectivity—cornerstones of the internal audit profession as outlined in IIA Standards, & other related bodies, ACFE, INTOSAI, IOSCO, OECD, COSO, G20, SEC (own jurisdiction), etc., and their principles and code of professional ethics.

This article delves into the complex landscape of internal auditing, emphasizing the ethical and professional boundaries that must be upheld while addressing the practical challenges internal auditors face in balancing operational involvement with their core assurance functions.

The Importance of Independence and Objectivity:

Independence and objectivity are critical to maintaining the integrity of internal auditing. IIA Standard 1100 requires auditors to remain independent from the operations they evaluate to ensure unbiased assessments and avoid conflicts of interest. Standard 1130 further mandates the disclosure of any impairments to independence or objectivity to maintain transparency.

When auditors engage in operational tasks, such as approving transactions or validating payments, they introduce the audit risk of undermining their impartiality. This scenario can lead to a self-review threat, where the auditor is essentially reviewing their own work. For example, an auditor who approves vendor payments may struggle to objectively assess the same procurement process later, as they may have influenced the outcomes. This creates a conflict of interest, eroding the credibility of the audit.

Operational involvement challenges an auditor's objectivity and increases the risk of biased evaluations. To preserve the effectiveness of internal audits, clear boundaries between assurance activities and operational roles are essential, ensuring the continued strength of the organization’s governance, risk management, and control frameworks.

Absolute Assurance on Financial Transactions or Compliance Activities:

A common misconception about internal auditors is the expectation that they provide absolute assurance on financial transactions or compliance activities. For example, management may expect auditors to validate payments or approve invoices to ensure the integrity of financial records. This expectation misrepresents the role of internal auditors and creates unrealistic demands that undermine their professional responsibilities.

Internal auditors are tasked with providing unbiased, objective assurance, not absolute or reasonable assurance. They assess the effectiveness of processes, controls, and systems by evaluating risks, identifying weaknesses, and recommending improvements, rather than verifying every transaction’s accuracy in operation level. Absolute assurance is unattainable, particularly in complex operational environments where auditors cannot examine every detail of every process. Instead, their role is to evaluate the adequacy of the controls governing those processes.

In some cases, top management or the company itself may be involved in corruption, and they may seek to have auditors review and "validate" potentially corrupt payments to cover up wrongdoing and show compliance. This not only compromises the auditor’s independence but also raises serious ethical concerns. It constitutes a violation of the auditor's code of ethics, which includes the principles of integrity, objectivity, professional competence, and confidentiality. By engaging in such activities, auditors would breach their duty to provide impartial assessments and risk violating professional conduct standards.

When internal auditors become directly involved in operational tasks, as often demanded by management, they risk creating audit risk and introducing a self-review threat. For instance, if an auditor is tasked with approving transactions or validating payments, it undermines their objectivity in evaluating those same processes later. This dual role can lead to conflicts of interest, jeopardizing the independence necessary for reliable audits.

Attempting to provide absolute assurance not only dilutes the audit function’s focus but also exposes the organization to potential risks, such as fraud, mismanagement, and regulatory non-compliance. To maintain the integrity of the audit process, auditors must focus on assessing control effectiveness and avoid becoming entangled in operational tasks that compromise their objectivity and independence.

Operational Involvement and Ethical Boundaries:

The ethical framework of internal auditing, as outlined in the IIA’s Code of Ethics, emphasizes integrity, objectivity, and independence. When auditors engage in operational tasks, they risk breaching these ethical principles and compromising their professional integrity.

Operational involvement can take various forms, such as validating payments, managing procurement, or overseeing compliance with tax authorities. While these tasks may align with management’s immediate needs, they undermine the auditor’s role as an independent assessor. For example, an auditor who validates vendor payments may inadvertently align their actions with management’s interests, creating a conflict of interest that impairs their ability to evaluate the procurement process objectively.

This ethical dilemma is particularly pronounced in regulated industries or jurisdictions with stringent legal requirements. In countries like Bangladesh, internal auditors play a critical role in ensuring compliance with laws such as the Money Laundering Prevention Act, 2012, and the Public Procurement Act. However, when auditors directly engage in operational tasks, they risk violating these laws and exposing themselves and their organizations to legal and reputational consequences.

To uphold ethical boundaries, auditors must resist pressure to perform operational tasks and focus on their core responsibilities of evaluating governance, risk management, and internal controls. By maintaining their independence, auditors can provide unbiased assessments that strengthen organizational compliance and integrity.

Balancing Operational Demands with Audit Responsibilities:

The growing demand for auditors to engage in operational roles creates a tension between their assurance responsibilities and the expectations of management. To navigate this challenge, auditors must establish clear boundaries and communicate their role effectively to stakeholders.

Governance mechanisms, such as an audit charter, can be instrumental in defining the scope and limitations of the audit function. The audit charter should clearly state that auditors are not responsible for operational tasks and emphasize their role as independent assessors. This document serves as a reference point for both auditors and management, ensuring that expectations are aligned and that the integrity of the audit function is protected.

When faced with pressure to engage in operational tasks, auditors should escalate their concerns to the Audit Committee or Board of Directors. These governing bodies are responsible for safeguarding the independence of the audit function and can intervene to resolve conflicts of interest. By maintaining open communication with these stakeholders, auditors can ensure that their responsibilities are understood and respected.

Supporting Organizational Compliance and Ethical Governance:

Internal auditors play a vital role in supporting organizational compliance and ethical governance, particularly in industries with complex regulatory frameworks. By focusing on evaluating the effectiveness of controls and processes, auditors can help organizations mitigate risks and navigate regulatory challenges effectively.

For example, in industries such as telecommunications and financial services, auditors assess whether controls are in place to prevent fraud, corruption, and financial mismanagement. This includes evaluating compliance with laws such as the VAT and Supplementary Duty Act, 2012, and anti-corruption regulations. By identifying weaknesses in governance and risk management frameworks, auditors provide actionable recommendations that enhance organizational integrity and compliance.

However, when auditors engage directly in operational tasks, they compromise their ability to perform these evaluations objectively. For instance, an auditor who validates payments may inadvertently facilitate unethical activities, such as fraudulent invoices or misclassified expenses. To avoid such risks, auditors must focus on assessing the processes and controls that govern transactions rather than becoming involved in the transactions themselves.

Conclusion

Internal auditors face significant challenges in balancing the demands of management with their professional responsibilities. While the pressure to engage in operational tasks is increasing, auditors must maintain their independence and objectivity to uphold the integrity of the audit function. By adhering to ethical principles and focusing on their core responsibilities, auditors can provide valuable insights into organizational governance and risk management.

Through mechanisms such as audit charters and open communication with governing bodies, auditors can establish clear boundaries that protect their independence and enhance their ability to deliver meaningful assurance. By resisting operational involvement and concentrating on strategic assurance, internal auditors contribute to the long-term success of their organizations while safeguarding their professional credibility and integrity.

?

Md. Jamshed Ahmed

???????? ???????????????????? & ???????????????? ??????????, ?????? ??????????????

?????????????? ????????????????- ??????????????????????????, ???????? ??????????????????? ?????????????- 2024

?????????????????? ???? ???????????????? ????????????????, ???????????????????, ??????-?????????????????? (????)- 2023

??????????????????, ??????????????????? ????????????????? ?????????????????????? ????????????? ???????????????- 2016-2018