Type ’’Internal Audit’’ on your search engine. You will find many articles about the benefits, efficiencies which may be achieved, standards, IT solutions, and ISO certifications. Nonetheless, we feel that internal audit services are still not very popular in Malta except when these are mandatory by law or in the case of very large companies.
Once the benefits of internal audits are explored, you will realize the strong synergy with project management standards and philosophy. Nonetheless, there is one key difference here, an Internal auditor has to maintain his independence all the time.
It is also important to distinguish between Internal and External Audits. The two roles share one world, but are otherwise quite different. There are several differences between the two functions, but the primary one is that Internal Audit performs a risk assessment on the entire business and examines several areas like IT, operation, internal process, integrity, corporate governance, and compliance, while external auditors examine the financial records and issue an opinion regarding the financial statements of the company.
This article is the first pillar of a series of articles concerning different aspects of the Internal audit, such as:
- Business cases
- Preparation for the audit
- Resource planning
- Output and benefits
- Ex-post monitoring
- Prevention
- Improvements
- Regulatory requirements
The series aims to provide a comprehensive view of the benefits of an Internal Audit function in different business areas and cases.
Let’s look at some examples.
Gaming companies
It is a regulatory requirement for B2B and B2C licensees to appoint an Internal Auditor which is considered a Key Function under the recent updated rules issued by the Malta Gaming Authority (MGA). In accordance with Part V of the Gaming Authorisations Regulations, persons who provide a key function to a licensee shall be required to hold a certificate of approval issued by the Authority, and each licensee shall notify the Authority. The Internal auditor has to have relevant qualifications and experience to get the certificate from MGA.
Licensees have to consider whether to appoint an external service provider or not, considering the available resource pool and competencies to ensure the independence of this role.
The industry is IT-heavy and relies on B2B solutions. The licensee might have less visibility and control over the IT solutions.
Having external expertise on board, such as an outsourced internal audit function, can support you in identifying several common problems such as:
- Reconciliation matters;
- Integrity issues;
- Financial losses arising from multi-currency transactions; and
- Risks arising from manual interventions
The internal audit function would then be in a position to issue recommendations but not only. The team will follow-up on the weaknesses identified with a view of having these rectified.
Investment firms, eMoney service providers
A few years ago, most regulated entities had the opportunity to proceed with a derogation. However, the global regulatory requirements are getting stricter. Nowadays, small and medium companies are required to appoint an internal auditor. The internal auditor has to proceed with an application and seek approval from the Malta Financial Services Authority (MFSA). This requires experience and qualifications to meet the competency requirements.
Regulated entities must allocate significant resources and time to comply with the MiFID, SHRDII, CSDR, E-Money Directive, and other reporting requirements.
After establishing the internal audit universe, the internal auditor can assist the company to examine its procedures, IT system, or processes concerning these areas. The internal auditor can recommend actions in other areas, and the management can define steps accordingly to avoid regulatory fines.
Bond issuers
Although it is not a regulatory requirement for bond issuers to appoint an internal auditor, it is strongly recommended from a corporate governance perspective.
This approach can grant more confidence to the investors and service providers relevant to the project.
It can also be considered an additional control to the management to ensure that the project operates in line with the Information Memorandum and Prospectus.
Non-regulated Corporate entities
It is a common issue that companies follow routine procedures and processes for years and do not evolve or allocate the necessary time and resources for quality assurance and business developments. This approach can be an obstacle to achieving business goals.
An internal auditor can assist these entities in examining the company’s operation from different perspectives based on the company’s risk profile. The audit reports can be considered as the foundations for continuous improvements such as embarking on a business process reengineering project.
Zampa Debattista can provide various services in this respect; we offer:
- Integrated internal and IT audit services and/or support
- Outsourced internal audit function or overseeing and providing support to your internal auditors;
- Business re-engineering and transformation services
- Supervising and auditing ongoing project management activities. This approach gives comfort to management to identify risks on the project in due course.
The next articles will provide further information about the internal audit client journey, the expected results, and the benefits.