Internal Audit report to the audit committee, not CEO or CFO
Internal audit is one of the company’s departments that is set up to review and improve corporate government, internal control risk, risk management, and detecting any possible risk of fraud.
There is no legal requirement for the company to create an internal audit department. It is the opposite of the external auditor which is the requirement to ensure reliable financial statements. Internal Audit is mainly to ensure the proper internal control is established and performed by all staff in the company. It helps to ensure all the risk is prevented and detected at the right time. The scope of an internal audit may be different depending on the situation and requirements of the board of directors.
Auditor has to ensure that the internal control is prepared to detect and prevent risk. It must be reflected in the business operation which changes over time. If there are weaknesses in the internal control, they should raise to the management as well as the board to modified base on the real situation.
If the internal controls are appropriate for the company, internal auditors have to ensure that everybody follows the same procedures. All the employees must comply with internal control, especially the management team. There is no management override control which will lead to ineffective control.
Internal auditors are also required to work closely with the accounting department to ensure compliance with accounting standards. They help to analyze the business transactions and apply accounting treatment based on the proper standards. It will help to ensure reliable financial information.
When external auditors audit the company’s financial statement, internal auditors play an important role in assisting their work. External auditors may decide to put some reliance on the work performed by internal auditors.
Audit committee is the group of people who are the company board of directors. They include both the executive board and the non-executive board of directors.
Audit committee plays an important role in managing the internal audit department. They act for the best interest of shareholders, so they have to be independent of the company management team. Managers are the people who work on behalf of the shareholders, so there must be someone to review their work performance.
Why Internal Auditor report to Audit Committee
As we know, internal auditors are the people who overlook both the operational and financial performance of the company. They are the one who will raise the issue related to internal control weakness, compliance, bad corporate government, and any possible fraud.
In short, they are the ones who review the company’s performance that is led by the CEO and management team.
If they found any error or weakness, they will raise and suggest the recommendation to the management. At the same time, they have to report to someone who has the power to enforce the recommendation.
In a serious case, an internal auditor may find the fraud that links to the management team. So they need to have an independent party to review and act in the best interest of the company. It will ensure the “whistleblowing” channel for the internal audit in case of serious misconduct.
The audit committee is the independent board that works for the shareholders. they do not have influence from the management team. They work and comply with the board director and chairman.
Audit committees are the people who have enough power to enforce the management team. They have included the non-executive directors who are purely working for the best interest of the shareholders.
Is it Ok to report to CEO or CFO?
CEO is the top management in the company and he overlooks everything. CFO is the management of the finance department that prepares the financial statements.
Both of them are the people who are responsible for both operational and financial transactions.
Internal auditors have the role to review and report any weakness in the operation and financing transaction. If they report to the CEO and CFO, it means they report the mistake or error to the people who make those mistakes.
It will be a crucial problem if internal auditors found the fraud related to CEO and CFO. It is not possible to report the fraud to the person who commits it.
The internal auditor will no longer be independent in the public perspective. There is no reporting line for them to report.