Nsight Blog | Ncontracts

Importance of Auditing or What Does Internal Audit Do | Ncontracts

Written by Michael Berman | Aug 25, 2022 11:00:00 AM

Good decisions require good information. Whether it’s booking a vacation, choosing which car to buy, or running a financial organization, accurate information helps us make informed decisions. It prevents us from visiting the beach during monsoon season or paying for unnecessary dealer add-ons. (I’m looking at you, window etching.) It gives us the data we need to make wise credit decisions.

The key word here is accurate. Information is only valuable if it’s true. If you get a bum steer on monsoon season or get swayed by a salesperson because you don’t know about high-cost add-ons, you can easily be led astray. 

Accurate, trustworthy information can be difficult to find. Anyone can publish or share information, and opinions are commonly presented as facts making it hard to separate fact from fiction. 

How can a weak internal audit function hurt you?
Read our post: Internal Audit Failures Costs JP Morgan $250 Million 

If only there was a way your organization could employ an independent fact checker, someone whose sole purpose is to investigate your company’s most pressing concerns, combat misinformation, and deliver the information you need to make smart decisions. 

Get ready for some amazing news: You already have that person (or people) on staff or under contract. It’s your internal auditors. Whether you have full-time employees as internal or a third party conducting internal audits, this function is critical.

Audited information is trustworthy information

Internal auditors play a crucial role in financial organizations. They are tasked with verifying the effectiveness of systems, processes, and controls. They provide assurance that everything is as it should be and point out when it is not. 

Internal auditors can do this because they are: 

  1. Independent. Internal auditors are independent and able to work without outside influence. They aren’t involved in creating or running the business lines and functions being audited and aren’t rewarded for findings that support a particular narrative. They are free of conflicts of interest.
  2. Objective. As the third line of defense, the audit function exists to check the work of others to assure everything is functioning as intended. They are a set of fresh eyes, drafting findings and recommendations to show where improvements are needed. 

    Auditors don’t begin an audit with preconceived notions of how the business line or function should be structured or expectations of what they will find. They don’t care if controls work or don’t work. They are just there to find out the truth and offer suggestions for improvement.

  3. Experts. Auditors bring a wealth of experience to your financial organization because of their experience with other organizations. This experience, combined with their focus on how controls can impact risks, creates valuable insights to improve risk management functions throughout the entire organization.

What do internal auditors do? A financial organization’s internal auditor is a risk management fact checker. Their job is to assure the board and management systems are working as they should and highlight areas where there are deficiencies so they can be remediated.

Just consider some of these key questions an auditor might try to answer:   

  • What procedures are in place to prevent/address the risk of management override of controls?
  • How do you assess the information systems control environment?
  • Are complaints properly identified and managed? 
  • Are IT access controls changed when an employee is terminated? 
  • Are we regularly analyzing fair lending data? 

These questions are essential to understanding whether a financial organization is operating in a safe, sound, and compliant manner. Financial organizations want to believe that each of these functions is adequately managed, but the only way to know for sure is to double check. And double checking is only effective if the person doing the double checking is open to the possibility that things aren’t perfect.

Does Your Financial Institution Need an Audit Committee? 
Get the rundown in our post. 

That’s what makes audited information so valuable. It’s not built on assumptions or biases. It is not wishful thinking. It’s systematically, independently, and objectively evaluated data. 

Whether considering new products and services, entering a new line of business, or allocating resources, audited data is data you can rely on to make important decisions.

Internal audit: Are your decisions based on trustworthy audit data?

The future of banking is in data driven decision-making. The need for trustworthy, verified data will continue to grow.

Audit Management Is Evolving. Are You Keeping Up?
Read our post to find out.

Just consider the implications for artificial intelligence. The algorithms that feed AI are based on real-world data. If that data isn’t accurate, the conclusions the algorithms reach will be flawed. Financial organizations with strong audit programs will have a competitive advantage going forward. Their accurate, fact-checked data will give the board and management raw data when making strategic decisions while providing the AI applications with the data needed to generate next-level insights.

The purpose of audit is to help reduce operational risk. While many functions look forward, auditors look backwards to identify everything from mistakes to systemic problems.

While the role of whistleblower may not help auditors win popularity contests, the internal audit function is a foundational element of a strong risk culture. Failure to listen to auditors is a common theme in many recent enforcement actions. (See: Mortgage Company Sued by CFPB After Ignoring Compliance, Audit Warnings & a Whistleblower Complaint and 3 Tips for Avoiding an Equifax-Style Breach.)

Any institution that wants to build a strong risk and compliance culture needs to ensure the internal audit function has the tools it needs and be prepared to follow up on findings.

Don’t let your organization get sidetracked by biased or inaccurate data. Recognize the value internal auditors, testers, and other quality assurance providers bring to the table. Build a culture and invest in the tools that enhance the effectiveness of your audit program. 

Just as important, show your audit team the appreciation it deserves. They may not be the most popular department, but they make every area of an organization better just by being brave enough to ask the tough questions. They make it possible to have faith in your data. 

And that makes all the difference.

Your auditors are pointing out concerns—what are you doing with those findings? Download our whitepaper Best Practices for Tracking Audit & Exam findings to learn how to manage findings and turn them into a risk management tool.