The simple truth is that a Quality Assessment Review (QAR) is a mandatory event. Failure to perform a QAR could result in penalties and fees. It leaves the audit department and the corporation open to unwelcomed critique and the need to proclaim that they are non-compliant.
There are a number of reasons that companies fail to perform a QAR in a timely manner. The first misstep is that your company may have already, inadvertently, missed the deadline - simply because you misunderstood the starting point. The five-year clock starts ticking the precise day your audit department is formed. Not when you hire an audit executive or even when you put a compliance strategy into place – literally the day you form your internal audit department the five-year QAR clock starts ticking.
What does not having a Quality Assessment Review mean to your company? </b>To begin with, every document and report that goes out to your board needs to read: “This document does not abide by the IIA professional standards because we have not gone through a five-year QAR process.” This makes your company’s non-compliance transparent, but it’s also a big red flag as to the authenticity of your internal systems. Even if your standard operating practices are 100% spot on, having that outside voice concur and provide an overall approval is vital.
Although internal audit departments have vast and endless responsibilities, seeing the disclaimer regarding the lack of a timely QAR, a responsible CFO or Audit Committee Chairman may very well demand that the Assessment be moved on the top of the priority list.
The assets of having a QAR are many. Retaining an outside group that will impress you with their responsiveness, creativity and innovative approach to creating custom tailored solutions that deliver effective results will largely assist your internal QAR. It may also lead to unexpected opportunities. The fact of the matter is that the average CFO or Audit Committee Chairman is not the expert on internal auditing; they rely on each of their internal audit departments to show them compliance. It’s very possible that if a company is NOT compliant, the CFO could be unaware, simply trusting that each department is following SOP (standard operating procedures) and meeting their marks. The most common mistakes found by that outside assessment are crucial to a well-run audit chain.
For the focus in 2013, KPMG’s Audit Committee Priorities of 2013 ” report states a key priority is to “Set clear expectations and making sure the internal audit has the resources, skills and expertise to succeed." A QAR provides the perfect roadmap for both the Chief Audit Executive and the audit committee, to ensure they are communicating and executing on the organizations expectations.