One of the most important lessons to come from the highly publicized governance debacles of the past decade is the realisation by internal and external stakeholders that organisational “intangibles” – such as integrity, ethics values, and management operating style – contribute as much to an organisation’s control environment as traditional internal control measures. To assist organisations in navigating these complex and sensitive elements of governance, The Institute of Internal Auditors (IIA) has released a practice guide titled "Auditing the Control Environment" – strongly suggested guidance under the profession’s International Professional Practices Framework.
“The importance of such audits cannot be overemphasized,” says IIA Vice President of Standards and Guidance Beryl Davis, CIA. “The internal auditor’s review of the control environment is considered by many stakeholders as an effective ‘line of defense’ in preventing and detecting fraudulent activities that can lead to governance failures.”
Auditing the Control Environment provides guidance to the internal auditor on the significance of the control environment and details on how to conduct an assessment. Within the control environment, which is the attitude and actions of the board and management regarding the importance of internal control, often little time or energy is expended determining how to measure these areas. Assessing the effectiveness of the control environment may involve auditing “soft controls,” which traditional testing methods and tools are not designed to measure. The practice guide provides real-world examples of how to think “outside-the-box” to gather sufficient, competent evidential matter that provides a legitimate measure of the environment.
MORE ARTICLES ON AUDITING