Business Process Audit
“Processes form the core of any business. You always want your core to operate at high efficiency to enable quick processing and make faster leaps towards your goals. To keep your processes at peak efficiency, you have to audit them regularly” (Business Process Audit in Kissflow, 2021)1.
The way a firm operates is vital to the reputation of any business, particularly regarding risk management and leadership. When it comes to business process projects, shareholders, clients, and other stakeholders can certainly be told that the plans are developing and progressing as they should, but where is the proof? An internal audit potentially provides that extra bit of credibility needed for assurance that all is as well as it seems (Green, 2022)2.
Since 2013, the New York Stock Exchange (NYSE) has made it mandatory for all its listed companies to conduct regular internal audits, recognizing that they play a vital part in corporate governance of processes and business projects, among other organisational activities (ICAS, 2022)3.
Moreover, a benchmarking survey of the internal audit profession conducted by Barclay Simpson, a governance and recruitment service, found that 35% of current auditing companies were aiming to expand their businesses in 2022 in order to meet the significant demand for internal auditing in corporations, both small and large (2022)4.
This article will show how an internal audit can play an essential role in the development and success of a business through any process or project within a company’s approved activities.
What is an internal audit?
A company’s internal controls or activities can be most effectively evaluated through an internal audit. The inner controls comprise the mechanisms, rules and processes implemented by the business with the aim to ensure integrity throughout.
Not only do internal audits assess the internal controls, but they also ensure that a business is operating within the law and necessary regulations. Overall, these audits assist in maintaining precise and appropriate reporting of a company’s finances as well as accurate data collection (Tuovila, 2022)5.
The efficiency of many facets of a company, including risk management, can be evaluated via an internal audit. It potentially provides management and other concerned stakeholders with a valuable service that can reveal defects in a planned process or project, thus allowing for amendment before initiating the plan (Tuovila, 2022)5.
It is vital that an expert internal auditor conducts the evaluation of a company’s internal controls and risk management. Ideally, this professional would be independent from the company to allow for an unbiased assessment. The resulting audit will then provide assurance that the business is operating well or disclose its flaws and suggest solutions to any apparent issues (Green, 2022)2.
The Institute of Internal Auditors, IIA, explains that auditing is:
“An independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes” (As cited in Stanleigh, 2011)6
What are business projects and processes and how do they affect each other?
It is important to clarify exactly what a project is or should be. The Oxford English dictionary defines a project as an “enterprise that is carefully planned to achieve a particular aim”. The Association for Project Management supports this but also adds the concept that a project has a limited lifespan identifying it as “a unique, transient endeavour, undertaken to achieve planned objectives, which could be defined in terms of outputs, outcomes or benefits” (Chartered IIA, 2020)7.
Projects are organized to achieve specific goals according to a set timeline and usually adhere to the stages of initiate, plan, execute, monitor, control, and finish. They are worked on by teams with a project manager in charge (Alexander, 2020)8.
Business process management must collaborate with project management to ensure success for a business. When management of business processes is enhanced, it provides a strong basis for projects to then be implemented efficiently. On the other hand, when business processes are being conducted ineffectively, work on projects may become more confusing, revealing the need for change in its implementation. Business processes need to be working well to enable the success of projects (Alexander, 2020)8.
A key tip offered by Tech Republic Premium on ensuring the success of business processes and projects is: “Monitor and track progress regularly to accurately capture changes and issues” (Alexander, 2020)8. This, of course, is where a regular internal audit plays its crucial part.
Internal audit and its importance to business processes and projects
It is generally understood in the business world that the internal audit is one of the most important aspects towards creating a successful business. For a business to efficiently accomplish its goals, it needs to improve the resources available to it, and to ensure this comes about, internal auditing is essential. The larger and more complex an organisation, the more routine internal auditing become necessary. Such regular checking allows for optimisation of a company’s resources, compliance with rules and adherence to accurate operational activities (dpncglobal, 2022)9.
The Institute of Internal Auditors sums up the internal audit process as an assurance that “helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes”. They stress that every business should execute internal audits to increase confidence that company targets can be reached, to ensure that the business is running efficiently, to protect against corruptive practices, to guarantee compliance of rules and laws and to make sure no time or manpower is wasted (dpncglobal, 2022)9.
Through regular internal audits, a business can be assured that it is adequately doing what its policies and procedures say it is doing. An internal audit can reveal weaknesses within internal control, and further recommend how the effectiveness of processes can be improved. This then allows for the processes to be considered more reliable (dpncglobal, 2022)9. Ultimately, internal audits are essential for proving that a company’s processes reflect its recorded policies and procedures (Murdock, 2017)10.
Further, there may be direct internal audits of business process improvement activities and projects where the audit is utilised to identify flaws therein and reduce potential ones. The internal audit is then designed to create changes that will ensure an enhanced performance within such process activities (CSU, 2023)11.
The guide to business process auditing, Kissflow, vigorously states that “to keep your processes at peak efficiency, you have to audit them regularly” (Kissflow. 2021)1. All in all, it seems that the crucial need for internal auditing cannot be denied at all.
A risk-based approach, via an internal audit, to the review of individual projects
A risk-based approach to the audit of individual projects can prove very useful and often necessary. Before the audit can take place, the internal auditor needs to conduct some initial research.
Firstly, certain questions need to be contemplated. These include ‘What is the project about?’ ‘Who is managing it?’ ‘Are there any potential issues concerning the project?’ ‘What are the expected benefits on completion of the project?’ ‘Can any risks be determined before start of the project?’ ‘Who, if anyone, is providing assurance regarding these risks?’
Discussion of such concerns with management and project leaders will enable the internal auditor to consider in depth the possible risks involved, the level of assurance available and the nature of the project itself. Specifically, the questions could reveal where management stands in regard to the project and how engaged the project leader and team is likely to be.
Ideally, the initial analysis by the internal auditor would allow for the discovery of a number of other essential details. An internal audit, effectively conducted, may set out to learn how far compliance to the company’s policies and internal controls have been included in the project process. It may be worth looking into how effective previous risk management approaches have proven to be. A further crucial detail that needs to be considered is how sustainable the commercial aspect of the project is projected to be. Certainly, it must also be considered carefully how achievable the expected benefits of the project are at the project’s conclusion.
A review of the process involved in the project methodology may also be executed at the same time. Although this would undoubtedly require a more substantial time commitment, there are advantages to be had. Issues in either the project or the process can be conveyed to concerned parties straight away. Further, the value of an internal audit within the business would become more noticeable. All in all, risks can also be diminished in the project at hand as well as future ones.
On the whole, an internal audit should detect and then prioritise areas needing evaluation within an organisation. Additionally, the internal audit team must be in consultation with management from the beginning to the end of the audit process to ensure the planned objectives are met (Chartered Institute of Internal Auditors, 2020)7.
Conducting an internal audit on business processes relating to projects
Auditing business processes involves objectives relating to operation and the risks concerned. This would include matters related to expense, quality, time required, capability and productivity. Implementation of the internal audit should be through various stages to ensure efficiency. Ultimately, there needs to be enough significant initial data to work with. This data could comprise document analysis as well as interviews with concerned management and employees.
The first thing that needs to be examined is the process structure. Does the process itself, as well as those involved, clearly coordinate with each other? Which stages of the process have the highest processing time? How effective is the function of the process stages? Project documents should be perused to ensure that employees’ job descriptions match the roles set for them.
Other documents that need inspecting are those concerning policy and procedure details. These important records should reveal where the highest frequency of errors occurs, any potential risks involved as well as assurance that participants should know what to do and when to do it.
Another consideration should be what technology is available to support the process and the project itself? Are there any noticeable strengths and weaknesses in the IT systems? Are there any possible risks involved? Could flaws in the system mean higher costs, errors, or setbacks in the project launch?
Further, how knowledgeable are the participating employees? Are they adequately skilled to be project team members? Where is the evidence that the company recruitment service is dependable? Does the firm provide suitable technical training? Is there a risk that participants will not know how to do the work required of them?
Moreover, it is vital that all participating employees are aware that an internal audit is to take place. There also needs to be reliable management that can take responsibility for the results of the internal audit. Someone must have the authority to ensure correct procedures are followed, that any arising issues are addressed and that expected outcomes are achieved.
After final testing, the concluding report of an effective internal audit should reveal where changes need to be made. Before any amendments are implemented, all participants must be informed and the reasons for the changes discussed. Any changes to the process may introduce new challenges. If so, it is important that everyone is comfortable with the restructured process before it is fully adopted (Kissflow, 20211 & Murdock, 201710).
References
- Kissflow (2021), ‘Business Process Audit, A Guide to Prepare, Analyze and Act on Results’.
https://kissflow.com/workflow/bpm/guide-to-business-process-audit/
- Green, N. (2022), ‘Why have an internal audit?’
https://www.unbiased.co.uk/discover/tax-business/running-a-business/why-have-an-internal-audit
- ICAS (2022), ‘Internal audit and its role in corporate governance’.
https://www.icas.com/news/internal-audit-and-its-role-in-corporate-governance
- Barclay Simpson (2022), ‘Benchmarking the internal audit profession in 2022’
https://www.barclaysimpson.com/benchmarking-the-internal-audit-profession-in-2022/
- Tuovila, A. (2022), ‘Internal Audit: What it is, Different Types, and the 5 Cs’
https://www.investopedia.com/terms/i/internalaudit.asp
- Stanleigh, M. (2011), ‘Use your Internal Auditor to Audit Projects’
https://bia.ca/use-your-internal-auditor-to-audit-projects/
- Chartered Institute of Internal Auditors/IIA (2020), ‘Projects’
- Alexander, M. (2020), ‘Project management v. business process’
- Dpnc global (2022), ‘Internal Audit and its Importance for the Business’
https://dpncglobal.com/internal-audit-and-its-importance-for-the-business/
- Murdock, H. (2017), ‘How to Audit Business Processes’
https://www.linkedin.com/pulse/how-audit-business-processes-hernan-murdock/
- Chicago State University (2023)
