Utilizing Dedicated Internal Audit Resources for Shared Services
The Shared Services model emerged in the mid-1980s at about the same time that Internal Audit processes were being redesigned with the introduction of control self-assessment techniques where the testing of controls is completed within the organization by the same people who are responsible for the process, and thus have the most knowledge about how the process works. The COSO framework published in the early 90s that provided guidance for monitoring internal control systems further refined this approach. In other words, at the same time that Shared Services was working towards becoming a valuable internal service provider, the focus of Internal Audit was also shifting towards becoming an effective internal consultant and business partner.
Change doesn’t always come easily. Now, almost 30 years later, even though internal auditors and Shared Services process owners have common objectives, creating a culture of collaboration and partnership can be challenging. While some may embrace it, for many the idea of having an Internal Audit function that is dedicated to monitoring Shared Services operations is an uncomfortable idea. A recent iPoll1 in the Shared Services Leadership research area asked the question, “Does your company have an internal audit function that is dedicated to monitoring Shared Services operations?” The results were surprising, with 26% who have implemented this approach and 63% who responded that the idea had not yet been evaluated.
Here are the details:
As indicated in the follow-up question below, for the 26% of companies who have implemented, most have Internal Audit resources that are co-located within Shared Services, with audit resources working onsite, side-by-side with the work processes that are being monitored.
The iPoll generated some good discussion with many respondents adding comments to provide further insight. Here are some of the comments:
- Each function within Shared Services is audited on a rotating schedule by Internal Audit, but there is not a dedicated audit team strictly for Shared Services.
- While we partner very closely with our Internal Audit team, audit priorities are still established by Internal Audit working with the Audit Committee of the Board of Directors. An audit of Our Global Shared Service-related activities is covered as appropriate. Internal Audit does request our input for each year’s priorities. Internal Audit is included in all of our process optimization efforts.
- We have 3 full-time auditors on-site for the 24 services we provide. They complete annual walk-through reviews of processes and tests of controls along with support for our external auditors.
- While we self-audit many of our functions (there are both continuous audit procedures and ad hoc activities) in Shared Services, we don’t have a dedicated Audit function within the operation.
- Our Internal Audit team sits within the Office of the CFO and audits all activity across our business (not just Shared Services).
- We have a Controller group that supports our Global Business Services group and they also provide Internal Controls audit support, but this is a relatively new group so their responsibilities may change and evolve in the next couple of years.
- We have peer review to audit Finance SSC operations, and it is managed by Finance headquarters, although testers can be from the SSC.
For the some of the 63% who haven’t yet considered the idea the issue may be largely semantics, because Shared Services processes are designed with ongoing control self-assessments in each process area, following procedures that were developed in partnership with Internal Audit. In this case, members of the Shared Services team are already doing the activities that Internal Audit might otherwise be performing onsite.
For others, there is an untapped opportunity to partner with Internal Audit to leverage their advice and guidance to ensure adequate controls are established and consistently followed. Improvement often begins with measurement, and using outside resources can be an effective way to create measurement processes that can help eliminate errors and rework, and fix broken processes.
How is your company’s Shared Services organization partnering with Internal Audit?
Who are your peers and how are you collaborating with them?
1 “iPolling” is available exclusively to Peeriosity member company employees, with consultants or vendors prohibited from participating or accessing content. Members have full visibility of all respondents and their comments. Using Peeriosity’s integrated email system, Peer MailTM, members can easily communicate at any time with others who participated in the iPoll.
Peeriosity members are invited to log in to www.peeriosity.com/shared-services/ to join the discussion and connect with Peers. Membership is for practitioners only, with no consultants or vendors permitted. To learn more about Peeriosity click here.