Internal audit as a differential in the business transparency process

Internal audit as a differential in the business transparency process.


There are many challenges a company faces, and one of them, which can be recognized as a differentiator in the business world, is the adoption of a set of measures aimed at improving the efficiency of organizational processes and bringing greater transparency in the eyes of the market, partners, investors, employees and other interested parties.

With the current process of “moralization” that our country has been suffering, the word “transparency” has never been so present in the negotiation circles and among the main concerns of investors.

In practice, the individual or company that intends to invest their money in any business is increasingly aware that the greater the level of transparency, the greater their security in relation to the liquidity of the profitability of this investment. In this sense, for many who are not used to technical terms, there is a doubt about what would be the main measures that an organization should take to increase its level of transparency.

Nowadays many are the terms used by specialists and consultants that involve the topic of transparency. The most usual and that encompasses the issue more comprehensively is GRC: Governance, Risks and Compliance. But, in practice, what does each component of the acronym GRC mean?

Governance: is the set of processes, customs, policies, laws, regulations and institutions that regulate the way a company is directed, managed or controlled (definition of the Brazilian Institute of Corporate Governance – IBGC).

Risks: are all events, internal and external, to which the organization is exposed and which, if they materialize, will impact the business at different levels and intensity.

Compliance: a term in English, used as such in Brazil, that means “conformity”, “to be in conformity with”. Being “in compliance” means that an organization, process or activity is in conformity with the set of norms, policies, laws and procedures that guide them.

Each company is at a different stage with regards to the structure of processes, computerized systems, level of knowledge of risks and monitoring activity of controls. Therefore, the adoption of governance measures needs to be very well thought out and structured, in order not to make internal processes too bureaucratic and cause the business to lose productivity and competitiveness. This is definitely not the goal of a proper GRC implementation process.

To implement or improve an organization’s level of transparency, it is necessary, above any advanced control system, to engage and commit top management. This is essential to spread throughout the company, especially among employees, the need to adopt best practices in carrying out work activities and ethical conduct corresponding to the company’s values.

No business in which an attractive return on investment is expected is risk-free, and the objective is not to get rid of risks, but to map the main areas and activities of the organization, so that everyone involved in the process is aware of the main existing risks and create sufficient control tools to mitigate or reduce them to the lowest possible probability of occurrence. In order to ensure its effectiveness and integrity, all controls implemented to reduce the possibility of risks occurring must be permanently revisited, improved and monitored.

In order to carry out risk mapping activities, to help implement controls and monitor them, it is essential to have an Internal Audit department that is independent from management, which can be composed of professionals hired by the company or outsourced to a specialized auditing company. auditing and consulting, being the last option, as it is an independent company, the one that adds the most value, speed and transparency.

Companies that submit their processes to review by an internal audit are much more recognized by investors, creditors and the market. In addition, it is a fundamental control tool in the prevention and detection of corporate fraud, which currently represents a significant loss of resources, assets, revenue and image to organizations.

The idea that maintaining an internal audit environment is applicable only to large companies is completely wrong, as it is a control that can be perfectly applied to small and medium-sized companies, always considering their level of complexity and maturity. The internal audit, if efficient, in addition to being a fundamental control tool, will be important in detecting work performed that is inefficient and meaningless, conflicting functions, waste of resources and financial losses due to poor cost management and identification of opportunities for process improvements.


Written by Aline Poiani, Head of Advisory at PP&C Auditores Independentes.

This site is registered on wpml.org as a development site.