Internal audit is an important part of modern management and management control. Internal audit of corporate governance can promote the perfection and virtuous circle of corporate governance. The following author talks about the role of internal audit in corporate governance:
The role of internal audit in the process of enterprise risk management
Internal audit should actively put forward relevant suggestions for establishing risk management process to the management when the enterprise has not established risk management.
If the enterprise has not established a risk management mechanism, internal auditors should draw the attention of management and put forward relevant suggestions for establishing risk management. Because internal auditors have long been based on the specific positions of enterprises and are familiar with the business of their own units, they can go deep into the whole process of production and operation at any time to understand and master the specific situation. Auditors can only make a comprehensive and feasible audit work plan according to the principles of importance and cost-effectiveness by carefully investigating beforehand, collecting a lot of first-hand information, finding hidden problems with risks and conducting risk analysis. However, if the management establishes a risk management mechanism, the information from comprehensive risk management will help internal auditors to make audit work plans faster and improve work efficiency. Therefore, internal auditors can promote the establishment of risk management process, or make it possible to establish risk management process.
Internal audit can actively assist in establishing the company's risk management process through consulting services.
Risk management is a complex system engineering, and responsibilities should be clearly divided within an organization. The board of directors is responsible for setting strategic objectives, the senior leaders are responsible for one aspect of risk management, other managers are assigned some tasks by the management, operators are responsible for daily monitoring, and internal auditors are responsible for regular evaluation and supervision. Internal auditors can promote and assist the establishment of risk management mechanism, but they are not responsible for risk management.
Internal audit takes risk management evaluation as the focus of audit work to check and evaluate the adequacy and effectiveness of risk management process.
Internal audit mainly evaluates the adequacy and effectiveness of the risk management process from two aspects. (1) Evaluate the completion of the main objectives of risk management. It is mainly manifested in evaluating the development status and trend of this enterprise and the same industry, and determining whether there may be risks affecting the development of the enterprise; Understand the acceptable risk level of the unit; Discuss the objectives, existing risks and activities taken by the management to reduce risks and strengthen control with the relevant management, and evaluate their effectiveness; Assess the appropriateness of the risk monitoring and reporting system; Assess the adequacy and timeliness of the risk management result report; Assess whether the management's risk analysis is comprehensive; On-site observation and direct testing of management's self-assessment to check whether the information on which the self-assessment is based is accurate; Assess management weaknesses related to risk management and discuss with management, board of directors and audit committee. (2) Assess the applicability of the risk management methods selected by the management. Due to the different cultural atmosphere, management concepts and work objectives of each company, the implementation of risk management is also very different. Every enterprise should design the process of risk management according to its own activities. Generally speaking, large enterprises that raise funds in the market must use formal quantitative risk management methods; Small-scale, business is not too complicated, you can set up an informal risk management committee to carry out regular assessment activities. The responsibility of the internal auditor is to evaluate the appropriateness of the company's risk management model and the nature of the company's activities.
Internal audit should actively and continuously support and participate in the risk management process, and manage and coordinate the risk management process.
Under the modern enterprise system, enterprises have established a risk management process in an all-round way, and internal audit can undertake the function of risk management. First of all, internal audit starts with evaluating the internal control system of each department, looking for management loopholes in production, procurement, sales, financial accounting, human resource management and other fields, identifying and preventing risks, and making relevant evaluations. Secondly, internal audit can go deep into the subtle links of enterprise management to find problems and analyze their rationality. Internal auditors are more based on the possibility of risk, and go deep into every process of operation and management to find and prevent risks. Third, internal audit also plays a coordinating role in departmental risk management. Not only do all departments have internal risks, but all management departments have comprehensive risks shared by * * *. As an independent third party, internal auditors can coordinate various departments to manage enterprises and prevent the risks brought by wrong macro-decisions.
The role of internal audit in the process of internal control
Testing and evaluating the soundness of the internal control system
Internal auditors collect relevant management systems, rules and methods, investigate relevant departments and personnel, and use audit methods such as flow chart method, questionnaire method or description method to test the correctness and perfection of internal control processes and some control points. By analyzing the test data, the reliability of the control system is evaluated. In view of the weak points and out-of-control points of internal control, find out the loopholes in management and put forward improvement measures. Robustness test mainly solves the problems of whether the internal control system is reasonable and sound, and whether the key points of internal control are complete and accurate.
Test and evaluate the compliance of internal control system.
By testing some control points of the internal control system, internal auditors analyze which control points have established a strong internal control system and which control points have weak links, so as to evaluate the implementation of the internal control system in actual business activities and review the use of the management system in implementation. The main inspections are as follows: Although the control points have provisions, they are not implemented or not fully implemented; The specified control points are unrealistic, which makes it impossible or impossible to implement them. Compliance test is used to solve the compliance degree of the internal control system, and to know whether all the control measures of the audited entity really exist in the management system and whether they fully and consciously abide by the system provisions. According to the analysis of the reliability of the test site, evaluate the internal control degree of the tested system, find out the control weaknesses and out-of-control points, and determine the audit focus to decide to include them in the substantive test.
Test and evaluate the scientific nature of the internal control system
By testing the critical control points, internal auditors can evaluate whether they have played their due role in restriction and control, or whether they have achieved their due management effects. Scientific testing solves the function of internal control system, whether it works and how effective it is.
The role of internal audit in the construction of moral culture
Corporate governance is an effective way to achieve enterprise goals and values, and the effectiveness of corporate governance in fulfilling its functions depends to a great extent on the construction of corporate moral culture. Therefore, state-owned listed companies should actively create corporate culture and create a corporate moral atmosphere. The role of internal audit in this process is mainly reflected in:
Suggested function
The internal audit department plays an advisory role in the process of corporate governance mainly through the following work: (1) through the audit of the economic responsibility of the person in charge of the enterprise during his term of office, he advises the operators to operate legally; Through the equity investment audit, it is suggested that the management strive for the return on investment and consider
We should consider both the short-term interests and the long-term interests of enterprises; Through the audit of financial revenue and expenditure and operating performance, it is suggested that enterprises issue comprehensive and true financial reports and urge financial personnel to abide by professional ethics.
evaluation function
Internal auditors can help management to establish a set of corporate ethics through a series of internal evaluation work. For example, through the scientific and effective evaluation of the internal control system, the loopholes and deficiencies in the implementation of the internal control system are found; Through the enterprise risk assessment, we found the omissions in formulating enterprise policies; Through the evaluation of the economic benefits of the enterprise, it is found that the operators are deficient in abiding by the law and operating steadily, and the management is reminded to establish corresponding ethics, so as to strengthen the sense of responsibility of the senior executives, improve the leadership level and strengthen the legitimate business concept of the operators.
evaluation function
As advocates of good ethics, internal auditors should regularly evaluate the effect of the company's good moral culture construction, that is, through a series of special audit activities, assist the discipline inspection department to collect evidence of letters and visits, cooperate with the regulatory authorities to carry out special inspections on the efficiency supervision of the company's operating performance, evaluate and improve working procedures, and play different roles in the process of corporate governance. For example, whether there is a strong supervision mechanism for leading cadres, whether there is a reporting system to protect informants, whether there are institutions that accept reports to strengthen the company's clean government and play an anti-corruption and anti-fraud role; Evaluate whether the company has a corporate culture publicity and education mechanism, whether the purpose of corporate culture construction is clear, and play the role of corporate culture disseminator; Evaluate the corporate image and employee image, whether the company leaders have set an example of spiritual civilization and established a good reputation relationship with business customers, so as to urge managers and employees to be loyal to their duties, abide by laws, ethics and social responsibilities, gradually form a healthy and upward moral and cultural atmosphere in the company, and play the role of good moral advocates.