municate with auditors, and auditors try to catch managers doing something wrong.
There is nothing to be gained by this. All that is accomplished is wasted energy and
negative output. The organization is the loser in the process. Other managers truly see
the auditors as team members. The major public accounting firm of Pricewater-
houseCoopers offers ten imperatives to help the internal audit function succeed in a
post-Enron world:
- Sharpen dialogue with top management and directors in order to clearly es-
tablish the value-added objectives of internal audit (i.e., strategic issues, risk
management and protection of company assets). - Realign to meet key stakeholders’ expectations (stockholders, executive man-
agement, external auditors and regulators). - Think and act strategically.
- Expand audit coverage to include “tone at the top,” the conduct of executive
management in protecting the company. - Assess and strengthen expertise for complex business auditing.
- Leverage technology in high-risk areas.
- Focus on enterprise risk management capabilities.
- Make the audit process dynamic, changing with changed business conditions.
- Strengthen quality assurance processes.
- Measure the enhanced performance against expectations of stakeholders.
If everyone begins to view the internal audit function as a truly challenging expe-
rience for which only the best and brightest are selected, the company will have a
truly outstanding function. The function will work with management in helping them
fulfill their responsibility for maintaining strong internal controls.
Internal auditors have five main stakeholders—the board of directors, the outside
auditors, senior management, operating management, and regulators. It is important
that the audit function clearly define how it will interact with each of these groups.
As can be gathered from discussion on hiring the best and brightest, the cost of a
top internal audit function is significant. If the function is considered as purely detec-
tive, managers will question that cost, to the detriment of the overall organization.
However, if auditors are accepted on the risk assessment team and make their contri-
bution in controlling exposures, their costs will be considered more than acceptable.
32.10 COSO’S VIEWS OF THE CONTROL ENVIRONMENT AND THE IMPACT ON
INTERNAL AUDITING. As indicated previously, COSO, which included represen-
tatives of the IIA, public accounting profession, the American Accounting Associa-
tion, the Institute of Management Accountants, and Financial Executives Interna-
tional, undertook to define the elusive framework of internal control and to set some
guidelines of what would be considered an appropriate framework. That effort helped
to clarify management’s responsiblity. One of the historic discussions has always
been to ascertain who is the keeper of corporate internal controls. Is it the internal au-
ditors, the external auditors, or both? Managers had a hard time accepting responsi-
bility for something they could not define.
What the COSO document did was to help internal auditors turn to an authorita-
tive source in explaining to managers their role in the internal control process. The
32.10 COSO’S VIEWS OF THE CONTROL ENVIRONMENT 32 • 13