Mitigating risk and driving business value by expanding the reach of internal audits

Joseph “Jody” R. Allred, CPA, CITP, CISA, Advisory Services Partner, Weaver

For the young, small, or medium-sized company, it can be inherently difficult to measure the value of the internal audit. As an example, upstream and midstream energy companies often employ fewer people and use less sophisticated administrative processes than similarly sized companies in other industries.

But the unique circumstances faced by these companies highlight the need for risk mitigation, and savvy energy executives have found a way to leverage the internal audit to help define the company’s strategy and manage risk.

“It’s critical to identify and mitigate risk in energy companies,” says Jody Allred, advisory services partner at Weaver. “But auditors also have the ability to offer objective advice, create operating efficiencies and resolve myriad issues, if they’re empowered to execute that charter.”

Smart Business spoke with Allred about the opportunities to create strategic business value by expanding the reach of the internal audit function beyond traditional audits.

Why is risk mitigation a priority in E&P and pipeline companies?

Preventing loss is always important, but it may mean the difference between success and failure in E&P and pipeline companies that require a substantial capital investment and simply can’t afford errors or inefficiencies. A relatively small E&P company requires 10 to 12 times the capital investment of similarly sized manufacturers, and also lacks the resources and streamlined operations when compared to these companies. Plus, survival hinges on its ability to exploit its assets and ensure the success of early projects.

All of this means that risk is higher and there’s a greater need for an internal auditor’s objective assessment.

How can an internal auditor create value by identifying, assessing and responding to risk?

Auditors create value by combining their industry experience, intuition and professional training to conduct assessments, identify risks and quantify the exposures. Savvy auditors know how to boil down massive amounts of data, so the risks can be prioritized and dealt with through a recommended course of action. And since they’ve seen the movie before, experienced auditors know what to look for in E&P companies, so investors are protected in cases where operational processes and procedures are often less sophisticated or mature.

Can an auditor really improve business processes and create new efficiencies?

It isn’t unusual for auditors to spot ways to streamline processes while reviewing the current systems and workflow during the risk assessment phase. But auditors are capable of going beyond risk assessment by finding solutions to recognize and solve business problems across the enterprise.

For example, a client was about to hire a consultant after a department struggled to comply with a set of operating procedures. After listening to the issues, we found that cultural differences were the root cause of the problem. So, we explained the need for the process to the department manager, made some minor adjustments and resolved the issue for a third of the cost of a consultant. Since auditors are detail-oriented, they often spot opportunities to streamline or eliminate bureaucratic processes during an engagement. They may even identify opportunities to negotiate better deals with vendors, garner higher margins or lower costs by utilizing business process outsourcing.

But to be effective in a broader, more strategic role, internal auditors must be empowered to go beyond risk mitigation by the company’s executives and audit committee.

Why is it important for an auditor to provide executives with insight and objective advice?

Executives often take a broad view of the operation, since they rarely have hands-on experience in every functional area. For example, they may need help assessing and understanding the risks in departments that require high levels of control like accounting and finance or IT.

An auditor can help executives determine whether the company’s security systems are adequate, calibrated and functioning effectively. Plus, they can help executives find the right balance between risk and cost, so the organization can achieve its business plan. Auditors can also assess the company’s operational effectiveness by providing benchmarking against peer organizations. Since auditors have the opportunity to work across multiple departments within a company, they have the knowledge that no one else has about the cross-functional interaction of the company.

The bottom line is that an auditor’s vast skills are often underutilized, since they can provide a valuable perspective and potentially play a greater role in adding value across the enterprise.

How can executives support the transformation process so internal auditors create value instead of police reports?

First, the executive-auditor relationship has to be built on trust, which seldom happens when auditors are relegated to creating police reports. Launch a cultural shift by changing the auditor’s marching orders and measuring them on value creation and financial contributions, not just the problems they find.

Second, executives need to understand the audit process, so they can identify opportunities for auditors to make recommendations. Give auditors an opportunity to prove their value-creating capabilities and ability to liaise with executives by giving them a crack at an under-performing business process or an area where costs are accelerating.

Third, view auditors as trusted advisers that are capable of making viable recommendations and be open to hearing them. Finally, maximize your investment in the internal audit function by expanding the reach, because companies can’t afford errors or inefficiencies in today’s competitive business environment.

Jody Allred is an advisory services partner at Weaver. Reach him at [email protected] or (817) 882-7750.

Leave a Reply

Your email address will not be published. Required fields are marked *