Challenges of Internal Auditor in Banking institutions
by W. A. Wijewardena, Deputy Governor, Central Bank
of Sri Lanka
Part 2
High Tech and Associated Risks In modern banking, the internal
auditor has been challenged by a new dimension of business process
development in banks.
This has basically arisen from the extensive employment of advanced
technology, namely, information and communication technology, in banks
and the consequential business process outsourcing that has sprung up
throughout the world as an efficient cost-cutting method for banking
firms.
The second would not have been possible, had the first had not taken
place. With regard to the employment of high-tech in business
processing, banks have been the pioneers in the game.
With the rapid advancement that took place from around early 1960s,
banks successfully resorted to advanced ICT so as to cut costs, have a
wider customer outreach, supply a wide range of financial products and
out-beat their less tech-savvy rivals. This resulted in a tremendous
growth in banking business in the subsequent decades.
Internal Auditor as Principal Risk Manager
The very same development has now paved the way for a further quantum
leap type of business expansion in the form of business process
outsourcing. Both have been beneficial to banks. Yet, they have brought
new types of risks as well to banks.
The internal auditor of a bank is the principal risk management
officer as well. Since banks are highly leveraged institutions, they
also face different types of risks which other businesses do not
normally face.
These risks are numerous and usually range from operational risks to
fraud risks to liquidity risks to reputation risks and so on. These
risks, unless properly managed, are often fatal to a bank. It is,
therefore, necessary that a bank should be adequately prepared to
successfully mitigate or avoid these risks. The failure to do so will
lead the bank to closure of business.
A bank which operates well by any standard may soon find itself
boggled with a serious liquidity issue arising from some external shock.
If it is unable to raise funds quickly to meet liquidity, it will face a
general bank-run forcing it to plead for assistance from other banks,
authorities.
The recent liquidity crunch due to the sub-prime issue is a case in
point. It had been reported that one such bank that had faced this
liquidity crunch severely had boasted of itself in August that it was
indeed a well-run robust bank.
To its much embarrassment, just one month later, it had to swallow
its pride when it had to plead with authorities for assistance. This
points to the fact that the internal auditor has to develop risk
assessment and mitigation systems in a bank and take effective measures
to give advance warning in the event of an impending risk crisis.
Significance of Systems and Governance Principles
Given the gigantic nature of the risks faced by banks and the
inability to foresee the delivery of external shocks, the life of the
internal auditor is made miserable today. He has to function as an
effective watchdog. But, he does not possess a set of well tested
paraphernalia to do this job. He may be an honest, genuine and committed
worker. But, the rest in the organisation may not be so to the same
degree. Hence, any mishap can occur without warning or the knowledge of
the internal auditor.
If it so occurs, the internal auditor himself is driven to a serious
quandary. The way to overcome this risk is to develop and place in place
suitable and effective systems, processes and methods across the
organisation at all levels. The internal auditor could just monitor and
ensure that the systems are genuinely and effectively followed by all.
An important element which also helps him to perform his job
effectively is to introduce and follow to the letter the good governance
principles in the organisation.
These governance principles would bind all in the organisation by a
common code of ethics.
The absence of proper governance will lead to misuse of the resources
to the detriment of outside stakeholders.
The internal auditor cannot keep a watchful eye on everything that
happens in a bank. A good deal of discipline that should be inculcated
throughout the bank comes from self-discipline and there again, through
the strict adherence to governance principles.
Need for Continuous Learning
It is, therefore, in the interest of the internal auditor to promote
governance to facilitate his job in a bank.
These new challenges that are faced by internal auditors require them
to acquire the necessary skills and competencies on a continuous basis.
This makes it necessary for them to place them on a learning path so
that they could update themselves with new developments. The internal
auditor should be an all-rounder. He should know all aspects of banking
to perform an effective job as an internal auditor. In this respect, the
work done by the Institute of Internal Auditors in developing a
wholesome internal auditor is laudable.
In addition to providing professional qualifications, it conducts
regular seminars, lectures and short-term training programs to keep its
membership continuously updated of the new developments.
In the modern world where human knowledge is subject to the fastest
depreciation and obsolescence, the cry by any professional should be
learning, learning and learning. I hope that this seminar will fulfil
that task.
Conclusion
The functions of internal auditors have expanded substantially over
the years due to the expansion of business, addition of new risk
elements and adoption of advanced technology. Yet, the basic character
of the auditors remains the same.
They should function only as extended ears, eyes and arms of the top
management and owners. They may point at irregularities, but would not
act as penal authorities.
Hence, the auditor, including the internal auditor, is still a
watchdog and not a bloodhound.
Concluded |
