As part of its roles and responsibilities, the audit committee needs to manage financial and other risks that affect the integrity of external reports issued by the company. To achieve this, the audit committee, on behalf of the board, needs to evaluate the design and implementation of internal financial controls and the effectiveness of the finance function
Root Cause Analysis
There is a custom where when the Internal Audit findings are presented, Audit Committees normally want to treat the symptoms and not the roots of the problem. Roots cause analysis leads to identifying the underlying problem. However, there is a preference of addressing the symptoms, mainly because the root cause leads to other issues that may be more complex to deal with. Including considerations of controls weakness at strategic and governance levels.
Conducting a proper root cause analysis, management, assurance providers and the audit committee obtain overall insights on what the underlying problem is, and this is important especially when dealing with recurring audit findings / issues. The root cause is normally attributed to people, processes or systems, and a possible lack of integration of all these three resulting in suboptimal operations.
However, in trying to find better solutions, all that may be required is for those involved in the day-to-day process to step back and invite someone from another division/department to provide a different perspective as often, process-owners get so married to their ideas and habits. This results in them not being able to clearly come up with long-term solutions to existing problems.
Internal Audit Controls
The audit committee has an oversight role of ensuring that an adequate and effective system of internal controls exists, which safeguards assets and allows for efficiencies in operational processes. The audit committee needs to start asking the tough questions, the questions that lead to the root-cause of problems, to ensure that solutions address the root cause and are more thought off and long term, and not superfluous.
In the public sector, where compliance is key to avoid irregular, fruitless and wasteful expenditure, the next problem leads to concerns of compliance being more considered than operational efficiencies. An example would be when reviewing the Supply Chain management process, which directly affects service delivery in the public sector, the focus becomes how we ensure that we comply with applicable Treasury Regulations, the PFMA and MFMA, instead of asking how we optimise operations, as well as what are the hindrances in implementing proper processes that lead us achieving both compliance and operational efficiency.
We need to be thinking above just compliance and more on optimisation of operations whilst being compliant. This toppled by all the uncertainties, with the current economic landscape, the mindset now has moved to having oversight in a time of crisis. Understanding that not all will be perfect, but we need to function, and not letting the current system provide leeway for lawlessness or non-compliance. The question is, thus are we operating optimally and being compliant and are all necessary controls and measures in place to ensure service delivery.
