Internal audit as the strategic partner of the business


Source: Biznis Magazine

The point of an internal audit is to look at a particular business process, understand it and identify the weak points in the key controls, or, in other words, risks, by conducting audit procedures. The integral part of the process is also to look at the potential for further process improvements in order to achieve the company’s business goals.

On December 31 of 2019, the Internal Audit Department of NIS was awarded with a certificate of compliance with international standards. For NIS Internal Audit, this is a sign of recognition and proof of excellence, but for the general public – what does it really mean?

According to Jelena Popara, Internal Audit Director at NIS, this means that she and her team operate in accordance with the best international practices, which brings multiple benefits. In an interview with the Biznis Magazine, she explained that the Internal Audit Department was evaluated against the industry’s gold standard, which means that the work of the department was compared to the best internal audit practices in the oil and gas industry.

This does not fully describe this achievement. NIS is currently the only Serbian company holding such compliance certificate. Commenting on the document that confirms the high level of competencies at NIS Jelena Popara says:

“This certificate attests to the credibility of the company and allows us as a company to proudly say that the services we provide are in accordance with the highest world standards, as confirmed by independent experts. This answers the question: Who audits the Internal Audit?”

How important is internal audit for a large company like NIS, and what is your role in the company’s business?

By definition, the primary role of internal audit is to provide independent and objective assurance, that is, to provide consulting support aimed at improving business processes in the company with the goal of adding value to the company. The importance of internal audit is multifaceted, but I would single out three basic elements: independent control, due professional care, and objectivity. A focus on these three elements enables key stakeholders to understand the intrinsic value provided by internal audit.

How is your team organized and how do you protect the company from loss of assets?

– Teams are divided by business areas, as an auditor must possess specific competences relevant to the process they audit. This is why we have an upstream audit team, a downstream audit team, specialists for capital construction, financial reporting, business compliance, and information systems, so that each team member contributes their competencies to the quality of the audits performed. The team consists of 22 members, which makes us the largest audit team in the business sector in Serbia. In the middle of the year we will be joined by two new colleagues, who are now completing their master studies in Russia under the NIS Energy of Knowledge scholarships.

In addition to the protection of assets, the audit includes the tasks of verifying compliance with legal requirements and internal regulations, checking whether the risks are appropriately identified, assessed and controlled, whether the goals and plans of organizational units are achieved.

I would say that the point of an internal audit is to look at a particular business process, to understand it and to identify the weak points in the key controls, or, in other words, risks, by conducting audit procedures. The integral part of the process is also to look at the potential for further process improvements in order to achieve the company’s business goals.

What types of audits do you do and how often?

We carry out different types of audit, but depending on the objectives, we can divide them into the following key types: business compliance audit, operational audit, financial reporting audit, and information systems audit. Also, special focus is placed on audits during project implementation that are done to objectively evaluate the progress of a certain project and  identify of deficiencies in the internal control systems on time.

How do people in the company react to being audited?

– Internal audit in various forms has existed in the company for over 20 years, so everybody knows what internal audit is and what we do. There is a culture of cooperation in the audit process. The process is completely transparent. In the oil and gas business there are a lot of regulatory checks in areas like tax, customs, or HSE. In addition to legal compliance, we look at the entire process, from setting goals to achieving them. That is why we can say that no one knows the company better than the internal audit team.

How are you activities viewed by the management? Are you controls there to support the management?

Audit findings are aligned with the business, and the business creates the plans to eliminate identified deficiencies and sets the deadlines. In addition, the business completes a questionnaire assessing the quality of team work and audit recommendations. This feedback helps us improve our processes and work. But generally, cooperation is key. The business also initiates some of the audits when it wants to review and improve the process overall, or has difficulty achieving its goals.

How did you come to the current state of full compliance with the international standards?

Is did not happen overnight. It is a result of many years of trying to improve our methodologies and practical approaches to internal audit. We received great support from our colleagues from Gazprom Neft as they also recently received this certificate of compliance.

Compliance with the international standards means we will be able to provide top-quality internal audit services helping the company improve the system of internal controls, risk management and corporate governance. This directly benefits the CEO, the Board of Directors, the Audit Committee under the Board of Directors, external auditors, management, regulatory bodies, internal auditors, and all company’s employees.

How important is it for NIS and for the internal audit team?

The importance is that the certificate of compliance with international standards obliges us to the continued professional development of internal auditors and enables the improvement of the quality of internal audit work, while maintaining the value of the company. On top of this, we are entering the company of world-renowned internal auditors, which will make the company an attractive employer for aspiring auditors.

Having received the certificate we can now assure all key stakeholders that the internal audit is objective, competent, and professional, and operates based on the criteria that are globally recognized and accepted.

What are the typical findings you come across during audits and how do people react when you point them out?

Most often these are findings related to insufficient process controls. In such cases, we try to emphasize the need for a reliable control system, with particular emphasis on the benefits of automation. At the same time, we make recommendations that will make the process more efficient. It is important that the process is able to achieve its goals and that internal audit helps to improve the business.

I have to say that the most difficult thing to change was the traditional perception of internal audit as a “police officer”, and we put a lot of effort into establishing ourselves as a strategic partner who is there to help improve the company’s operations. What really makes this profession exciting is that you are always learning. The range of audit subjects is so diverse that you always have to familiarize yourself with new processes, follow current trends, and develop new skills. With that in mind, I can safely say that this is a very dynamic profession that never lets you settle.