Ethics and Compliance
Does your internal audit team have responsibility for monitoring and reporting on your company’s ethics hotline? In benchmarking with my peers, it seems that about a third of the companies I talk to have some direct responsibility within internal audit to perform this task, while the rest do not. However, all of them would participate in investigations if calls were received regarding fraudulent employee activities, theft, or other financial matters.
For those who maintain this responsibility, is there a perceived problem in implementing IIA Standard 2100: Nature of Work, which calls on internal auditors to “evaluate and contribute to the improvement of governance, risk management, and control processes”? There seems to be much more guidance around the role that an auditor plays in risk management than in monitoring ethics and compliance calls. I suppose that an objective external resource could be used to evaluate the governance processes if internal audit played a significant role in designing and managing these processes, so from an independence standpoint, the organization could still receive feedback on the performance of this activity.
If your company has a dedicated and separate ethics and compliance function, does internal audit periodically perform audits of this governance process? For larger, more established audit functions, I presume the answer is “yes” or “covered through Sarbanes-Oxley testing of entity-level controls.” But I’m just wondering.
Posted on Aug 25, 2011 by Kiko Harvey
Share This Article: