Challenges of Internal Auditor in Banking institutions

by W. A. Wijewardena, Deputy Governor, Central Bank of Sri Lanka

The precise role which an auditor should play in an organisation has always been subject to much debate. Different schools of thought had held different views on the subject based on their personal feelings and ideologies.

When we were studying auditing at the university some four decades ago, an adage which was firmly planted in our heads was that 'an auditor was a watch dog and not a blood hound'.

This principle which had ruled the sphere of auditing for decades had been established in many legal cases that had been judged in the United Kingdom and elsewhere by reference to the common practice of auditing.

This simple expression amply described what role an auditor was expected to play in an organisation. His role was to simply to keep a watchful eye on the operations of a business and alert his masters of any irregularity that was happening. Once this was done, it was the responsibility of the masters to take corrective action.

An ambitious audit officer may be tempted to go beyond the bound of this adage and take upon himself the responsibility of passing penal judgments on those whom he finds as miscreants of financial responsibility.

But, the auditor's role is simply to function as a pointer and not a financial crusader. If he chooses to function as a financial crusader, he may not only embarrass his masters, but also endanger his own position as well. Without any penal power vested in the auditor, it is also practically impossible for him to act as a penal authority.

Auditor, a Watchdog not a blood hound

Businesses today, specifically those involving banking institutions, are very much complex in nature. Hence, one may rightly question whether the old adage relating to auditing could still serve a purpose.

Though the complexity of the businesses has grown tremendously, I feel that the old adage relating to auditing is still valid and relevant. It has demarcated the boundary within which an auditor has to operate.

If he steps outside this boundary, the most likely consequence would be the creation of a hostile atmosphere for the auditor to perform his duties. No organisation, whether big or small, could function effectively and efficiently in that scenario. This caution is equally valid for both external auditors and internal auditors.

Role of the Internal Auditor

Internal audit, as against the external audit, is the first safeguard available to the management and owners to run their business free from financial irregularities and misbehaviour.

Internal auditor is available on site throughout the period and, therefore, can play his role as an effective watchdog continuously. His screening and evaluation of the operations of an organisation makes the work of the external auditor easier.

It cuts the cost of the external audit which otherwise has to conduct all audit examinations and tests on his own to arrive at his audit conclusions. By relying on the audit trails continuously conducted by the internal auditor, the external auditor could complete his audit examinations on time by conducting only the relevant sample tests. In this sense too, an internal auditor is a necessary element in modern organisations.

Internal Auditor or Management Auditor?

Over the years, the scope of the internal audit has expanded to cover new areas which have become important to an organisation from the point of view of efficiency and productivity. Modern business is fiercely competitive and unless an organisation acquires a competitive edge over its rivals, it would not be able to continue in business.

This is specifically relevant to banking institutions.

Hence, in addition to the normal routine surveillance over financial matters, the internal auditor was required to comment on the efficiency of operations as well.

This involved his examination of processes, systems and methods to gauge whether the money spent by a business really makes a contribution to the business in return.

The new work-load changed the title of the internal auditor to management auditor. He was, therefore, required to function as an in-house management consultant and advisor to the top management of organisations.

Today, we do not make any distinction between 'internal audit' and 'management audit'.

Whatever term we use to call him, an internal auditor has to function as a management auditor as well.

New challenges for Internal Auditors

The expansion of banking business both horizontally and vertically over the years has posed new challenges to the internal auditor. This expansion has resulted in creating giant banking holding companies encompassing almost all areas of financial services.

A bank which was confined only to borrowing and lending some six, seven decades ago is now a universal bank that provides all types of financial services to its customers.

They may do it through different units or departments set up under one umbrella or through the establishment of a host of associate and subsidiary companies under one holding company.

An internal auditor in a bank, therefore, cannot simply confine his work only to the main business of banking. Since there are cross-border risks involving different segments of a banking holding company, he now has to expand his area of operation to cover the entire business as a single entity.

This adds not only a new work-load, but also a new challenge to an internal auditor. It behaves on the auditor to acquire new knowledge and skills to handle the job effectively.

Hence, an internal auditor today has to be an all-rounder in banking and associated financial business, if he is to do his job effectively. This makes it necessary for the internal auditor to put him on a continuous learning path so that he could update himself of the new developments in banking as well as his own field.

To be continued