Global Network of Accounting & Consultant Firms | Nexia | Internal audit as a differential in the business transparency process - Global Network of Accounting & Consultant Firms

There are many challenges that a company faces, and one of them, which can be recognised as a differentiator in the business world, is the adoption of a set of measures aimed at improving the efficiency of organisational processes and bringing greater transparency in the eyes of the market, partners, investors, employees, and other interested parties.

With the current process of “moralisation” that our country, Brazil, has been suffering, the word “transparency” has never been so present in negotiation circles and among the main concerns of investors.

In practice, the individual or company that intends to invest their money in any business is increasingly aware that the greater the level of transparency, the greater their security in relation to the liquidity of the profitability of this investment. In this sense, for many who are not used to technical terms, there is a doubt about what would be the main measures that an organisation should take to increase its level of transparency.

Nowadays, many are the terms used by specialists and consultants that involve the topic of transparency. The most usual and that encompasses the issue more comprehensively is GRC: Governance, Risks and Compliance. But, in practice, what does each component of the acronym GRC mean?

Governance: is the set of processes, customs, policies, laws, regulations and institutions that regulate the way a company is directed, managed or controlled (definition of the Brazilian Institute of Corporate Governance – IBGC).

Risks: are all events, internal and external, to which the organisation is exposed and which, if they materialise, will impact the business at different levels and intensity.

Compliance: a term in English, used as such in Brazil, that means “conformity”, “to be in conformity with”. Being “in compliance” means that an organisation, process, or activity is in conformity with the set of norms, policies, laws and procedures that guide them.

Each company is at a different stage with regards to the structure of processes, computerised systems, level of knowledge of risks and monitoring activity of controls. Therefore, the adoption of governance measures needs to be very well thought out and structured, in order not to make internal processes too bureaucratic and cause business to lose productivity and competitiveness. This is definitely not the goal of a proper GRC implementation process.

To implement or improve an organisation's level of transparency, it is necessary, above any advanced control system, to engage and commit to top management. This is essential to spread throughout the company, especially among employees, the need to adopt best practices in carrying out work activities and ethical conduct corresponding to the company's values.

No business in which an attractive return on investment is expected is risk-free, and the objective is not to get rid of risks, but to map the main areas and activities of the organisation, so that everyone involved in the process is aware of the main existing risks and creates sufficient control tools to mitigate or reduce them to the lowest possible probability of occurrence. In order to ensure its effectiveness and integrity, all controls implemented to reduce the possibility of risks occurring must be permanently revisited, improved and monitored.

In order to carry out risk mapping activities, to help implement controls and monitor them, it is essential to have an internal audit department that is independent from management, which can be composed of professionals hired by the company or outsourced to a specialised auditing company. Auditing and consulting being the last option, as it is an independent company, the one that adds the most value, speed and transparency.

Companies that submit their processes for review by an internal audit are much more recognised by investors, creditors, and the market. In addition, it is a fundamental control tool in the prevention and detection of corporate fraud, which currently represents a significant loss of resources, assets, revenue, and image to organisations.

The idea that maintaining an internal audit environment is applicable only to large companies is completely wrong, as it is a control that can be perfectly applied to small and medium-sized companies, always considering their level of complexity and maturity. The internal audit, if efficient, in addition to being a fundamental control tool, will be important in detecting work performed that is inefficient and meaningless, conflicting functions, waste of resources and financial losses due to poor cost management and identification of opportunities for process improvements.

If you would like to discuss any of the issues raised in this article, please contact:

Aline Poiani
Head of Advisory
PP&C Auditores Independentes
Brazil
E : a.poiani@ppc.com.br
W : ppc.com.br