Quite possibly the G.O.A.T. (greatest of all time) of your institution, your internal audit department is one of the most important groups. Serving as your third line of defense, auditors play a critical and proactive role to ensure that you are adequately protected against known risks while also providing insights that can identify new risks.
But to do their jobs effectively, reviewers need four things from you: independence met with clear internal policies, strong partnerships across departments, direct access to the board, and solid technology.
When reviewers report to their boss or their financial institution’s executives, they are sometimes afraid to report egregious violations or other types of findings that uncover questionable management. They don’t want to rat out a coworker or lose their jobs for simply being the messenger.
That’s why financial institutions must have clear policies in place to protect reviewers from retaliation. Reviewers should not be fired (or afraid of being fired) because of reports. Any type of disciplinary action taken against them should be reviewed by the board.
To facilitate their reviews, reviewers should have the authority to communicate with business units and employees without gatekeeping or red tape. It is critical that they can easily obtain work papers and test samples from different business units without pushback.
While executives are protective of their resources, reviews are like a health checkup. If you stop going to your primary doctor for check-ups, the results could be much worse.
Once reviews are complete, financial institutions should report significant observations, findings, and recommendations directly to the board.
While it’s important to provide an opportunity to respond and clarify, that courtesy should never be interpreted as an invitation for business lines to obscure and modify a reviewer's assessment.
From organizing files to planning reviews, technology makes reviewers more effective. Depending on the level of complexity, risk profile, and size of the institution, reviews can become unwieldy without the right tools.
A technology partner that understands the types of reviews or audits required to be performed by an institution can be a valuable relationship. It should also support your institution’s operations, foster collaboration, and make the job of organizing and retaining documents and presenting and resolving findings seamless.
Ultimately, the right technology can make the entire process more efficient and help position your reviewer for success.