Printer Friendly
The Free Library
4,719,369 articles and books
Member login
User name  
Password 
 
Join us Forgot password?

Blindsided by outsourcing: a CAE learns executive management is considering a third-party firm for the company's internal audit services.


STEWART JAMES IS James I, king of Aragón and count of Barcelona
James I (James the Conqueror), 1208–76, king of Aragón and count of Barcelona (1213–76), son and successor of Peter II.  THE CHIEF AUDIT executive (CAE (1) (Computer-Aided Engineering) Software that analyzes designs which have been created in the computer or that have been created elsewhere and entered into the computer. ) of a franchising company located in North America North America, third largest continent (1990 est. pop. 365,000,000), c.9,400,000 sq mi (24,346,000 sq km), the northern of the two continents of the Western Hemisphere. . The organization's network of company-owned and franchise operations has grown in size during the past several years, with retail sales now exceeding US $3 billion.

Stewart's department consists of one audit manager and three senior auditors, whose professional experience ranges from two to 19 years. All of the auditors work long hours to meet their annual audit plan, which is based on The Committee of Sponsoring Organizations of the Treadway Commission's Internal Control-Integrated Framework and includes operational, financial, and compliance reviews as well as consulting engagements. Because the company is listed on the New York Stock Exchange New York Stock Exchange (NYSE)

World's largest marketplace for securities. The exchange began as an informal meeting of 24 men in 1792 on what is now Wall Street in New York City.  (NYSE NYSE

See: New York Stock Exchange ) and subject to U.S. Sarbanes-Oxley Act See SOX.  of 2002 requirements, the audit department also works with management, the audit committee, and the external auditors The examples and perspective in this article or section may not represent a worldwide view of the subject.
Please [ improve this article] or discuss the issue on the talk page.  to comply with the law's provisions.

Earlier today, Stewart encountered the company's chief operating officer Chief Operating Officer (COO)

The officer of a firm responsible for day-to-day management, usually the president or an executive vice-president.  (COO) and chief financial officer (CFO See Chief Financial Officer. ) while walking to his office. The COO asked Stewart if he had a moment to discuss something that had just been brought to his attention--as part of a corporatewide cost-saving initiative, the CFO recently solicited a proposal from a third-party firm to outsource internal auditing. Stewart was shocked by the news and the manner in which it was presented to him, particularly because his audit shop had been generating increasingly important audit findings during the past 18 months. When he asked if the COO or CFO had discussed this initiative with the audit committee or its chair, they responded, "No, this is a management issue, not a board issue, Stewart."

How should Stewart respond to the COO and CFO's proposal, and what specific actions should he take? What could he have done differently to avert this situation?

TODD FREEMAN, CIA CIA: see Central Intelligence Agency.


(1) (Confidentiality Integrity Authentication) The three important concerns with regards to information security. Encryption is used to provide confidentiality (privacy, secrecy). , CPA (Computer Press Association, Landing, NJ) An earlier membership organization founded in 1983 that promoted excellence in computer journalism. Its annual awards honored outstanding examples in print, broadcast and electronic media. The CPA disbanded in 2000.  

Director, Internal Audit

Chicago Bridge & Iron Co.

Stewart should meet with the COO and CFO to understand how this situation developed, and he needs to be well-prepared for the discussion. If cost truly is the main factor driving this initiative, The IIA's Global Audit Information Network (GAIN) database may prove helpful. Using GAIN's resources, Stewart can obtain a head count and dollars-spent analysis based on companies of similar revenue size or industry. Other benchmarking reports he could obtain include total revenue, total assets, revenue per auditor, total internal audit cost per auditor, and total expenses per auditor.

Because outsourcing the audit function could impact governance, Stewart should present his data to the audit committee. He should also discuss with them the pros and cons pros and cons
Noun, pl

the advantages and disadvantages of a situation [Latin pro for + con(tra) against]  of this initiative. The committee could become an important ally, especially given the significance of the department's findings during the past 18 months.

Ideally, Stewart should have begun preparing for this situation long before it became a reality. He and his staff may have failed to develop effective relationships with management, making it difficult for company leaders to stay abreast of the department's activities. By keeping managers informed on issues identified during the course of audit work and soliciting their input, Stewart may have been able to anticipate management's thinking and address their concerns proactively. Working with the audit committee, he could have redirected his efforts toward ensuring management's satisfaction while maintaining internal auditing's appropriate position within the company's overall governance structure.

ALAN N. SIEGFRIED, CIA, CFSA CFSA Community Financial Services Association
CFSA Certified Financial Services Auditor
CFSA Carolina Farm Stewardship Association (Pittsboro, NC)
CFSA Child and Family Services Act (Canada) , CCSA CCSA Canadian Centre on Substance Abuse
CCSA Common Control Switching Arrangement
CCSA Contemporary Ceramic Studios Association
CCSA Certification in Control Self-Assessment
CCSA California Charter Schools Association
CCSA Checkpoint Certified Security Administrator , CGAP CGAP Consultative Group to Assist the Poorest
CGAP Cancer Genome Anatomy Project
CGAP Certified Government Auditing Professional
CGAP Call Gapping Interval
CGAP Commission on Government Accountability to the People (Florida)  

Auditor General Auditor general may refer to,
  • Comptroller and Auditor-General
  • Auditor General for Scotland
  • Auditor General of Canada
  • Auditor General of Pakistan
 

Inter-American Development Bank Inter-American Development Bank (IDB)

international organization founded in 1959 by 20 governments in North and South America to finance economic and social development in the Western Hemisphere.  

Stewart's initial response to the COO and CFO should be to remind them of internal auditing's reporting relationship with the audit committee and board of directors. According to according to
prep.
1. As stated or indicated by; on the authority of: according to historians.

2. In keeping with: according to instructions.

3.  The IIA's Attribute Standard 1000, "The purpose, authority, and responsibility of the internal audit activity ... should be approved by the board." Hence, the board has a role to play, despite the CFO and COO's comment that this is strictly a "management issue." Stewart should explain that IIA (1) (Information Industry Association, Washington, DC) In 1999, IIA merged with SPA (Software Publishers Association) to become the Software & Information Industry Association. See SIIA.  standards, and the need for strong corporate governance Corporate Governance

The relationship between all the stakeholders in a company. This includes the shareholders, directors, and management of a company, as defined by the corporate charter, bylaws, formal policy, and rule of law. , compel senior management to consult the board. Assuming internal auditing reports both to the chief executive officer and the audit committee, he also needs to talk immediately with the audit committee chair to make him or her aware of this important issue.

Although he should maintain a firm stance, Stewart needs to avoid becoming overly defensive in his discussions with management. He should take the time to understand management's reasons for considering outsourced audit services, beyond the cost-savings initiative. He should also ask to see the outsourcing proposal to review the estimated costs and proposed scope of services.

Stewart should meet with the prospective service provider to get as much information as possible on the proposal, including budgeted hours. He should also meet with the COO and CFO to discuss his analysis of the proposed work scope versus his department's budget and audit plan. If Stewart's staff is highly used, the hourly and total cost to outsource the entire audit function will likely be higher than keeping it in house. Stewart should create a value scorecard showing cost savings generated from internal auditing's work. Such scorecards are becoming a widely used practice among many state-of-the-art audit activities. A value scorecard may help Stewart demonstrate that many of the department's value-added recommendations were made during consulting engagements that the provider probably would not include in its proposed scope for basic audit coverage.

Ideally, Stewart should have taken measures to prevent this situation, rather than struggling to mitigate it after the fact. Proactive steps he could have followed include:

* Communicating directly and frequently with management. Effective communication is one of the best tools for understanding company priorities and reinforcing the benefits and value of internal auditing. If Stewart was aware that cost savings was a priority, he could have established his internal audit plan with this goal in mind.

* Establishing buy-in. To help ensure client relationships are collaborative and successful, the CAE should spend time obtaining management and audit committee buy-in on internal auditing's goals, objectives, risk assessments, and audit plan.

* Ensuring quality. Internal auditing should contract for periodic external quality assessments to show that it complies with The IIA's International Standards for the Professional Practice of Internal Auditing and adds value.

* Preparing an annual internal audit report. The report should include the results of internal auditing's key issues and recommendations, as well as a value scorecard.

Lastly, Stewart would have benefited from attending key management meetings throughout the year. Participating in these discussions with company leaders can help CAEs establish themselves as knowledgeable risk management and control professionals who understand the company's key business processes and risks.

DAVID David, in the Bible
David, d. c.970 B.C., king of ancient Israel (c.1010–970 B.C.), successor of Saul. The Book of First Samuel introduces him as the youngest of eight sons who is anointed king by Samuel to replace Saul, who had been deemed a failure.  M. TUCKER, CPA

Vice President, Internal Audit

Choice Hotels International

Although the COO and CFO have put Stewart in a difficult situation, he should try to maintain his composure. He needs to remind them of his department's contributions and explain that the value internal auditing adds would exceed the additional cost of keeping internal auditing in house. A third-party provider may be less expensive, but there are benefits to maintaining an internal audit department with detailed knowledge of the company's operations. An in-house audit department can keep a pulse on the company's activities that outweighs the dollars saved by outsourcing. In addition, outsourced internal audit departments may not provide the necessary governance required for a public company.

Stewart should respectfully disagree with Verb 1. disagree with - not be very easily digestible; "Spicy food disagrees with some people"
hurt - give trouble or pain to; "This exercise will hurt your back"  the chief officers and explain why outsourcing the audit department is not solely a management issue. The NYSE requires listed companies to have an internal audit function with audit committee oversight. As a public entity subject to Sarbanes-Oxley, the company's board is responsible for evaluating audit committee effectiveness. Their evaluation should consider the audit committee's level of involvement with internal auditing, as well as its authority over the department. Outsourcing may reduce the audit committee's ability to maintain necessary oversight.

Stewart should also request that the COO and CFO notify the audit committee chair of the outsourcing proposal before making a decision. If they refuse, he should tell them he is obligated ob·li·gate  
tr.v. ob·li·gat·ed, ob·li·gat·ing, ob·li·gates
1. To bind, compel, or constrain by a social, legal, or moral tie. See Synonyms at force.

2. To cause to be grateful or indebted; oblige.  to discuss the matter with the committee chair. Stewart should have a direct reporting relationship with the audit committee, which will give him additional leverage on this matter.

If the decision hinges solely on cost-saving issues, Stewart's ability to prevent outsourcing maybe limited. Nonetheless, to ensure senior management is aware of internal auditing's value, he should market the achievements of his group--especially its contributions over the last 18 months. In fact, effective internal audit marketing may have prevented this situation from occurring in the first place.

To comment on this article, e-mail the editors at timothy.holmes@theiia.org.

If you have a case that you'd like a panel of experts to review in the magazine, send it to Timothy R. Holmes at ptholmes2@comcast.net.

EDITED BY EELCO R. VAN WIJK AND TIMOTHY R. HOLMES
COPYRIGHT 2008 Institute of Internal Auditors, Inc.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2008 Gale, Cengage Learning. All rights reserved.

 Reader Opinion

Title:

Comment:



 

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:ASK THE EXPERTS; chief audit executive
Author:Van Wijk, Eelco R.; Holmes, Timothy R.
Publication:Internal Auditor
Geographic Code:1USA
Date:Feb 1, 2008
Words:1448
Previous Article:Outlook on growth risks: auditors can help management assess the opportunities and problems the organization may encounter as it expands its...
Next Article:The audacious pastor: a trusted church leader embezzles more than US $700,000 from his congregation.(FRAUD FINDINGS)(Randall Radic a former pastor)
Topics:



Related Articles
Assisting the Board.(internal auditors and corporate governance)
Professional guidance.(Institute of Internal Auditors recommendations for improving corporate governance)
A strategic player: hiring and inspiring a chief audit executive.
The CAE's many hats: as audit executives continually take on new responsibilities, they are beginning to wonder where to draw the line.(GOVERNANCE...
A risky promotion: an expanded role for the CAE threatens to compromise internal auditing's independence.(ASK THE EXPERTS)(chief audit executive)
An overlooked risk: audits of self-funded health-care plans can apprise management not only of potential fraud, but also of compliance issues...
A shift in priority: a key company stakeholder requests a last-minute change to the approved audit plan.(ASK THE EXPERTS)
Rising to the challenge: internal auditors can play a strategic role in emerging ERM and governance programs.(Enterprise Risk Management)
Blowing the whistle.(EDITOR'S NOTE)
Addressing IT risk: a chief audit executive considers what the results of a recent technology survey mean for her organization.(ASK THE EXPERTS)

Terms of use | Copyright © 2009 Farlex, Inc. | Feedback | For webmasters | Submit articles