Article for the Non-Executive Director, A service from The Financial Times Ltd.

Philip is also Head of Group Operational Audit at DS Smith Plc and non-executive director of mychumsclub.com

In these difficult economic climes, the importance of boards being on top of the risks affecting their businesses stands out in stark relief. It is perhaps no surprise then that the Institute of Internal Auditors (UK and Ireland) (the IIA) is working hard to raise its profile and to get its members better access to the boardroom. It is currently consulting with its members as the first step towards getting the recognition that comes with being awarded Chartered status.

Philip Ratcliffe is the current President of the IIA and also Head of Group Operational Audit at DS Smith Plc. “Organisations, whether they are publicly funded or private commercial entities exist to deliver value to their stakeholders and shareholders,” he says. “Internal audit exists to ensure that the organisation, through its management of risk is capable of achieving its objectives over the long term.

“The governance role of non-executives is a critical part of the process. Whilst they provide guidance on strategy and policy they also importantly provide a check and balance to the executive. When that balance does not exist or is out of equilibrium problems arise, as we have seen in the financial sector.

“But it’s probably fair to say that non-executives need and want much greater understanding of the key risks their organisations face across the entire organisation not just financial risks, which is often their focus. They also need a greater education and understanding on how they should engage with their Head of Internal Audit, to get maximum value.”

“I know of one very senior Chairman of a FTSE 100 organisation who recounted to me a very interesting anecdote.  During a discussion on risks, he gave each member of the Board a blank sheet of paper and asked them to list what they each individually considered to be the really important risks to the business – what would keep them awake at night. Each member came up with a very different set of critical risks. His point was that as a board they needed first to have a shared view of the key risks if they were to have an effective risk management strategy and internal control framework.”

Typically, the internal audit function will report into the Audit Committee rather than having a direct line to the full board. However, the latest international standards, which have just been released, specify that internal audit should have access to the board as a whole. Initially Philip says he was sceptical about the need for wider access to the board rather than just the audit committee but on reflection he feels it is the right way to proceed. “The problem with the audit committee is that, almost by definition, it is very concerned with purely financial matters. It has a clear remit on accounts and audit, but risks arise throughout a business. The board, and in particular its non-executives, should be looking at the whole spectrum of risk and the internal audit function can help them to do this.”

One of the biggest advantages of internal auditors is their independence. They have no axe to grind. They are not directly responsible for any of the operations of the business, they do not report in to executives who are, so they have nothing to lose by being totally open and objective.

“The internal auditor is in the unique position of being able to look directly at every part of the business, they know exactly how it operates. With the possible exception of the Chief Executive, they know better than anybody else how the whole thing fits together. An external auditor is expected to be an expert on accounting standards, auditing standards, reporting requirements and so on. I would not expect them to be an expert on management accounting, management information, operational controls or the management and controls, for example, of health and safety or environmental risks. I would not expect them to consider risks around the strategy of a business and the execution of that strategy. The internal auditor looks at all these things and understands the impact they have on the business.”

It is also worth noting that it is not only the largest companies that benefit from having an internal audit function. Many boards of smaller companies, although they may not feel they  warrant having a full time internal audit department, do use the services of specialist internal audit consultants.

“It is important that the non-executives understand the function of internal audit and how it can help them in their oversight role,” concludes Philip. “Increasingly internal auditors are having meetings with the non-executive Chairman of the Audit Committee and this is very welcome, but all non-executives should be familiar with their internal auditors and how to get the best possible value from them.”

The IIA would be delighted to hear from non-executives who support their drive to further develop the internal audit profession’s profile in the boardroom and achieve Chartered status. You can contact the Chief Executive as follows:

Gail.easterbrooke@iia.org.uk ( Chief Executive)

Gail Easterbrook, Chief Executive, IIA – UK and Ireland, 13 Abbeville Mews, Clapham Park Road, London SW4 7BX 

This article appeared on
www.non-execs.com in February 2009.
The Non-Executive Director, A service from The Financial Times Ltd.