Audits – A Risk-Based Approach
I used to work in
financial services. Given the importance
that most people attach to their money, it’s no surprise that some banks have
very strict internal audit procedures which are often more intensive than the annual
audit carried out by external auditors as part of the preparation of the year’s
financials.
When I started in finance, audits consisted mainly of auditors
coming around with checklists. There was
little effort made to understand the nature of the business or its
market(s). Either you were doing it “by
the book” or you weren’t. There was
little or no appeal, even if the audit recommendation patently didn’t make
sense in the particular environment.
Fast forward twenty years and I’m delighted to say that
things had improved. The Audit
Department had realised that some recommendations were likely to add costs
and/or result in lower levels of customer service and impact the bank’s
reputation. They wouldn’t compromise on certain aspects of control (and rightly
so), but there was more effort to understand the particular business and to
appreciate that not every branch (or, indeed, country) worked in the same way.
The result was that branches, areas and even countries were
classified as higher or lower risk and, as a result, received more or less
frequent visits from the Audit Team. Auditors
became advisors where they could without being conflicted by their duty to
report honestly, but the net result was a team effort to identify where
potential risk lay and deal with it before it became a problem.
The “Risk-Based” approach is the logical way to approach any
situation where control and standards are required. Although civil servants passionately believe
the opposite, not every business can be slotted neatly into little boxes. Even government is probably an area in which
you don't always need to “do it by the book”, as we have seen plenty of
examples of decisions that patently made no practical sense, but which followed
the rules (and therefore protected whichever functionary took the decision).
Similarly, mass production, where producing lots of items at
the same time and to the same standard, may also be a candidate for “doing it
by the book”. However, even this can
change, as countless examples of “Kaizen” have shown.
There’s no harm in changing “the book” if it results in a
better audit and more secure operations, or better quality production. What hurts is not to want to change it
because it’s “the book”. How many of us
are willing to step up?
I have spent more than half my life delivering change in different world markets from the most developed to “emerging” economies. With more than 20 years in international financial services around the world running different operations and lending businesses, I started my own Consultancy to provide solutions for improving performance, productivity and risk management. I work with individuals, small businesses, charities, quoted companies and academic institutions across the world. An international speaker, trainer, author and fund-raiser, I can be contacted by email . My website provides a full picture of my portfolio of services. For strategic questions that you should be asking yourself, follow me at @wkm610.
Labels: Leadership, Regulation, Strategy
posted by William Martin @ 10:08
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home