Page 29 - BCICAI-Connect-Dec-2023
P. 29
Article
Maximize the value
of Internal Audit:
Thematic Audits CA Bharath Venkat
Manager, KPMG Advisory
Thematic Audits Internal Audit can assist by understanding how
prepared their organization is, for the climate crisis
Internal audit functions must remain agile when and the current activities being undertaken, to
developing their audit plans as organizations assess risks and opportunities for the organization.
face evolving challenges. Thematic audits help Internal Audit can also examine this area at an
internal audit functions to focus on specific areas operational level, given its knowledge of processes
of interest and meet required audit objectives. that relate to and are impacted by sustainability,
A thematic audit is an in-depth examination of a from materials sourcing, to transport and logistics
selected area. It may have both compliance and and waste management.
performance audit objectives.
3. ESG (Environmental, Social and Governance)
While the below is not an exhaustive list of thematic
areas, these can serve as a starting point from The role of Internal Audit - Internal Audit should
which the Internal audit function can leverage provide advisory support on the readiness of the
when assessing the organization’s risk profile and organizations for Corporate Sustainability Reporting
control environment. Directive (CSRD). Organizations will be required
to build appropriate governance and control
Key thematic areas to consider.
frameworks to support this new non-financial
1. Economic and geopolitical uncertainty reporting regime. This will include the acquisition,
The role of Internal Audit - Internal Audit need aggregation, quantification and reporting of ESG
to consider how both the first and second lines metrics in a manner that will be subject to external
of defense in their organization are identifying, assurance by statutory auditors. Internal Audit can
assessing, and addressing these risks, which play a key role not only in advising on readiness but
should include some form of scenario planning also in performing assurance procedures over the
for adverse outcomes. Internal Audit should also reporting control environment.
be involved in reviewing key risk areas across the 4. Cybersecurity and data privacy
organization, including the following: long-term The role of Internal Audit - Internal Audit should
strategies as they look to manage these financial assess the existing controls to mitigate cyber
and operational risks; third-party suppliers security risks and consider applying the NIST Cyber
exposed to economic shifts; capital planning Security Framework: Identify, Protect, Detect,
and management processes; and the process Respond and Recover. Example reviews could
for compliance with the current international include Cyber Security governance, Cyber Security
sanctions’ regime.
Attack Paths, Post COVID-19 New Ways of Working
2. Climate change and sustainability Review, Data Security practices, Incident Response
The role of Internal Audit - Internal Audit increasingly and Recovery strategies. Internal Audit should also
recognizes the challenge and risks organizations assess the Data Privacy and Protection controls
face in achieving their sustainability goals and in place including data storage and the type of
minimizing their contribution to climate change and data collected, used, stored, secured, retained and
the impact of climate change on their organization. disposed of in the organization. This should include
| 29
