What is risk in an internal audit?
Risk can be defined as the possibility of events or circumstances that may negatively impact the
achievement of Savings and Credit Cooperative Organizations (SACCO’s) objectives. It represents the uncertainty and potential for harm or loss that SACCO faces in its operations, finances, reputation, compliance, or other areas.
What are the indicators of risk?
In terms of the SACCOs day-to-day operations, finances, reputation, compliance, or other aspects, indicators of risk are the signs that help auditors identify harm or loss that SACCOs are likely to face.
During internal audit for SACCOs, auditors tend to be alert for indicators of risk that may come about. Auditors focus on these indicators to help them spot potential areas of concern within the SACCOS activities.
This article shall discuss the following risk indicators:
- Risk of Fraud,
- Risk of Errors and
- Compliance Risk
Below are a few indicators of risk that internal auditors consider when during internal audit for SACCOs
Risk of Fraud
The threat of fraud is one of the most common challenges to governance that Saccos as well as other organizations face without regard to size, industry, or location. Having proper internal control procedures in place that include an appropriate response plan is fundamental to battling fraud. Internal audit possesses intimate control knowledge of the organization. A combined assurance approach is key in this regard to understand the gaps in controls to allow for the manifestation of fraud.
The following are the factors that may contribute to the risk of fraud:
A very Competent team
While some competition motivates staffs to give their best, an overconfident staff may fail to be attentive when it comes to monitoring and identifying fraudulent actions. Competent teams may also lack coordination, which could result in inadequate information and a lack of awareness, making it simpler for fraudulent operations to go unnoticed.
Time Constraints for Audit team
when auditors are under pressure and time is limited, they may tend to rely on the evidence given by the management rather than being careful and conduct appropriate testing independently.
Non-allocation for Internal Audit Resources
when there are no resources allocated to enable internal auditors carry out their assigned duties, they may end up lacking oversight and control over financial reports.
Exceed the Set Budgets
When budgets are exceeded, unauthorized expenses and false accounts may be opened. Additionally, financial statements may be altered to hide the excess.
No leave Days for specific Staff
Employees with financial constraints and who do not have paid time off are prone to commit fraud to reduce the personal burdens they may be facing. Regular leave enables managers to keenly inspect the work being done and identify fraud being committed by the employees.
Related Staff
Loan officers in Saccos, for example, might increase the risk of fraud by authorizing loans conspiring with borrowers whom they relate with for their own benefit by avoiding the regular loan-issuing procedures.
System Change over
System transitions change bring new features, processes, or interfaces that may not be known to the personnel. Employees who may not be trained enough on the upgraded system may make it possible for fraudulent operations to go undetected.
Bonus and Compensation
Employees tend to be under pressure to reach goals when bonuses and compensation are dependent on financial metrics, which could lead them to engage in fraud.
Poor Controls
Poor control can be a significant fraud indicator and a risk factor during an internal audit. When an organization has weak or inadequate internal controls in place, it creates an environment that is conducive to fraudulent activities example when there is a lack of segregation of duties, individuals may have excessive access and control over multiple aspects of a process or system. This increases the risk of collusion or the ability for a single person to carry out fraudulent activities without detection.
Staff Engaging in Board Elections Politics.
Staff engaging in board election politics can be considered a potential fraud indicator and a risk factor during an internal audit. When employees or staff members involve themselves in board election politics, it can create conflicts of interest and compromise the integrity of the audit process.
Vendor Management
Particularly in SACCOS with fewer employees tasked with keeping an eye on the vendor list, vendor management risk is likely to exist especially when there is irregular master data change, duplicate vendors or missing vendors details. Internal auditors for SACCOS advocate an automated procurement monitoring solution that can be configured to check vendors against the list automatically during the payment process.
Budget Fraud
This factor contributes to risk of fraud when there is overstatement or understatement of the budget which may result to misuse of funds.
Risk of Errors
This is the risk that takes place when individuals make mistakes unintentionally. During internal audits of SACCOs, there are several potential risks of errors that auditors should be aware of including;
A very Incompetent team.
The risk of errors may arise when the accounting staffs in SACCO are not adequately trained and fail to stay updated on the latest information like accounting standards and regulatory requirements.
Poor Record Keeping.
The risk of errors is likely to occur when documents are not filed in order or the documents get lost in the filing cabinet.
Unexplained Variances
Differences between the actual and expected transaction may be the result of errors that are made in accounting records. Internal auditors ought to investigate and find the root cause of such differences.
Compliance Risk
Compliance risk is the potential for losses and legal penalties due to the failure of SACCOS to comply with prescribed laws, regulations and internal policies. The following are factors that may contribute to compliance risk.
Tax Compliance Summons and Letters
Internal auditors investigate how SACCOS comply with the authorities in place and take responsibility for advising them on the consequences of not complying and responding timely to summons and letters and paying taxes accurately.
SASRA Reports
With the help of internal auditors, SACCOs are able to comply with typical statutory and regulatory reports that SACCO Societies use to provide the SASRA with regular updates on their financial performance and other related operations. A well-trained and knowledgeable internal auditor about SASRA reports is able to advise SACCOs on remedial activities to avoid penalties.
Statutory and other regulations
Statutory and other regulations serve as important compliance indicators of risk during internal audits of Savings and Credit Cooperative Organizations (SACCOs). SACCOs operate within a legal framework that includes various statutory regulations, such as co-operative laws, financial sector regulations, and consumer protection laws. Compliance with Co-operative Societies Act (Cap 490), Sacco Act 2010 regulations and non-deposit taking regulations 2020 is crucial to ensure the SACCO’s legal standing and operations. Auditors should assess the SACCO’s adherence to the applicable legal requirements to identify potential compliance risks.
Now that you understand Indicators of Risk during Internal Audit for SACCOs, find out how the Audit team will help you identify indicators of Risk in your business.
Also Read: Selecting Auditors for SACCOs in Uganda