Procurement audit is still an evolving practice and such new issues keep emerging. Among the common issues emerging issues in procurement auditing include the use of technology. Since 2016, Canadian Public Accountability Board has also come up with a raft of new issues that could be key to procurement audit. These include changes to auditor reporting, auditing in foreign jurisdictions, mandatory rotation and tendering, audit quality indicators.
Decisions to leverage on technology to secure best practices in sourcing and procurement auditing are very crucial. Technology that supports procurement audit has moved on dramatically in recent years with spend analytics, e-Sourcing, Supplier and Contract Management, e-Workflow, spend management and analysis, savings visibility/tracking and budget management. Combining these cutting-edge technologies with market intelligence and data will synergize procurement. Further, it will propel audit effectiveness and efficiency, improve processes, and ensure better tracking/visibility, and process accuracy and authentication.
Technology must be implemented in the entire supply chain, integrating procurement organizations’ enterprise to the supply partners. This enables professional sourcing and procurement processes in a well-supported fashion.
• Changes in auditor reporting.
Globally, oversight bodies have observed that there is a need for procurement auditors to provide more relevant information to investors, analysts and other users of the auditor’s report. They have lent support for more integrity, objectivity and openness in audit reporting. They opine that an auditor will add more value to the auditee sharing more information on crucial audit issues in the audit report which will ensure greater focus on risk management.
• Auditing in foreign jurisdictions
There has been a concern of whether the transnational procurement auditors have rights to evaluate or verify reporting issuers and report on entities domiciled in foreign jurisdictions. Analysts, investors, securities regulators, and other audit regulators have also expressed concerns about the quality of these companies’ procurement reporting. There is need to undertake risk- based reviews of audits of foreign operations of procurement entities on an ongoing basis. Auditors must execute the audit of foreign entities with high degree of professional skills and proficient grasp of the business environment of such entities to ensure the selected procedures for audit sufficiently and satisfactorily cover risks arising from the foreign jurisdiction’s business culture.
• Mandatory Rotation and Tendering
Mandatory audit firm rotation has been considered as a best practice for quality improvement. It aims at improving quality, independence, objectivity and professional scepticism. The main reasons for calls for mandatory audit rotation are the concerns about familiarity, self-interest threats and biasness at institutional level that may arise after an extended period of time with the same organization. Alternatively, many in the auditing cycles have increasingly argued for mandatory comprehensive audit firm review because its focus on enhancing audits quality. It is a periodic review aims at improving how professional auditor applies professional scepticism for improvement of audit quality.
• Audit Quality Indicators
International procurement audit regulators have noted that until recently, there is dearth of information available to auditors on measures that can be used to evaluate the audit quality. In response to these quantitative measures of audit quality indicators have been developed. In procurement some of these may include cost, timeliness, and flexibility, return on supply chain management (ROSMA), defect percentages.
• Audit Committee
The primary role of a company’s audit committee is to provide oversight of the financial reporting process, the audit process, the company’s system of internal controls and compliance with laws and regulations. The composition of audit committee depends mainly up on the nature and the size of the business. An audit committee, generally, consists three to five members.
Robotic process automation and cognitive intelligence
Internal audit should support them in identifying, assessing, and monitoring the risks that come along with these technologies
Cybersecurity: In recent years, cybersecurity audits have often focused on regulatory compliance—areas such as data privacy, information technology (IT) security, and business continuity.
Third party risks auditors: should understand the organization’s entire approach to third-party relationships.
Culture risk: An organization’s culture plays a major role in business
performance and marketplace reputation. Audit plays a vital role in culture
risk management. A culture risk assessment can provide insight into intangible drivers of risk, controls effectiveness, compliance failures, and potential misconduct.
Crisis management: A crisis management plan provides a framework and contingency plans for senior executives should the need arise.
Agile Internal Auditing: Principles and practices of agile development are being applied to audits. Agile methods foster rapid response to emerging issues, closer collaboration with stakeholders, faster delivery cycles, and streamlined reporting