Thank You!

You are attempting to access subscriber-restricted content.

Are You Ready to Experience Everything Internal Auditor (Ia) Has to Offer?

​Determining Internal Audit's ROI

A departmental cost-benefit analysis can help internal audit measure and communicate its value.

Comments Views

​Like all departments in an organization, internal audit is an investment expected to yield a meaningful return. But unlike departments where return on investment (ROI) is easily calculated and traceable to the bottom line, internal audit is challenged to assess the inherently qualitative benefits of its work — such as compliance with laws, risk mitigation, process improvements, or providing management with peace of mind via assurance — against the quantitative costs it incurs, such as payroll, travel, software, and training expenses. 

While each internal audit function faces different perceptions and unique expectations of value, internal audit teams can use a cost-benefit analysis to measure, drive, and communicate their value, and, ultimately, their ROI.

COST-BENEFIT ANALYSIS

Completing a departmental cost-benefit analysis is a way to address stakeholder misconceptions and skepticism over internal audit’s value, and in some instances, help make the case against cosourcing or outsourcing the function altogether. Similar to the divisional profit and loss statements seen throughout an organization, a cost-benefit analysis can provide tangible, quantitative evidence of internal audit’s value and overall ROI. 

While each internal audit function’s cost structures, value streams, goals, and key performance indicators (KPIs) will vary, the cost-benefit analysis should incorporate current and planned monetary and nonmonetary benefits and controllable costs.

Monetary Benefits These benefits can take various forms — including cost savings and revenue recoveries — and are most likely to garner stakeholder interest and promote further usage of, and investment in, the internal audit function. 

Cost savings can be divided into two categories: savings realized directly by internal audit and savings realized by the business as the result of internal audit’s work. The first category can include external audit fee reductions achieved through reliance on internal audit’s work. Cost reductions implemented within the internal audit department, itself, such as for travel or audit cosourcing fees, will be reflected as reductions to the controllable costs section of the analysis as opposed to increased monetary benefits. The second category may include data analyses and subsequent recommendations. For example, an internal audit team at a global manufacturing firm performed analytics on the company’s accounts payable data, which resulted in the discovery of $500,000 in various duplicate payments and unclaimed vendor credits. Through internal audit’s research and communications with the accounts payable team, the company subsequently realized $400,000 of those credits, which internal audit would then factor into its monetary benefit calculation. 

Internal audit also can perform engagements that lead to funds recovery, most commonly through contract compliance audits. For example, if a company has licensing agreements with various international partners to distribute and sell its branded product, the licensor may receive royalties, which are typically based on a percentage of sales. Additionally, the licensing agreement may have minimum payment or performance requirements that stipulate additional compensation to the licensor if not met. In this instance, if the agreement contains an appropriate right-to-audit clause, internal audit can review the licensing agreement, compare it to historical schedules and payments received, request additional detail from the licensee to validate reported numbers, and, in the event of discrepancies, work with the business to ensure the collection of additional amounts owed. 

Nonmonetary Benefits The inability to measure a benefit’s monetary impact should not preclude it from being tracked and reported to interested stakeholders, especially if it can be quantified in other ways. For instance, if internal audit conducts training on data gathering and analytical techniques that results in future time savings for the participants, then the cost-benefit analysis should include the training hours and resulting time savings as nonmonetary benefits. 

While nonmonetary benefits will not alter the net monetary surplus or deficit, they should be included in a companion schedule. Tracking and reporting nonmonetary benefits will not only raise stakeholder awareness of internal audit’s many value streams, but it will also provide important context that the department’s value is not limited to the list of monetary benefits reported. 

Planned Benefits As is common in investing, an ROI goal may not be achievable in the short term. Similarly, an internal audit function, particularly a new and growing one, should not limit its cost-benefit analysis or ROI goals to a single year. Rather, a growing team may expect to incur additional costs and further invest in personnel and tools over multiple years and use them to deliver greater value in the long run.

In these cases, a cost-benefit analysis with only a one-year view may reveal a far bleaker picture than reality. While conventional budgetary reporting uses quarterly and annual views, a longer term cost-benefit analysis may paint a more accurate picture of the internal audit function and its trajectory. In “Cost-Benefit and ROI of a Global Manufacturing Firm’s Internal Audit Department: 2020–2022” (at right), the internal audit function appears to be operating at a deficit, or at least from a monetary cost-benefit perspective. However, due to investments in personnel and technology that continue to expand the department’s value-added service offerings and improve the depth and quality of work, a positive and sustainable ROI is expected to begin the following year.

While it may not be possible to fully anticipate and quantify the future benefits an internal audit team will provide, the cost-benefit analysis provides an opportunity to outline its planned benefits, which can be estimated based on a combination of goals, extrapolation of current or forecasted benefit run rates, and opportunities identified during pre-engagement risk assessments. As in any forecast, the cost-benefit analysis should document the rationale for key assumptions that support future estimates.

Not only can a long-term outlook on internal audit’s value positively impact stakeholder perceptions and increase use of the function, it also can lead to further investment in internal audit to ensure realization or an increase of anticipated returns. 

Controllable Costs Every internal audit function incurs costs. Some are direct and under its control, such as payroll, travel, professional memberships, training, software, and consulting, while others are indirect and outside its control, such as the department’s allocation of rent, utilities, insurance, and shared services. To avoid unnecessary dilution of the department’s true net benefit and ROI, the analysis should focus on direct and controllable costs. The rationale is that the chief audit executive (CAE) can budget and manage controllable costs, whereas indirect, fixed-cost allocations are likely to be incurred by the company, regardless of internal audit. As a caveat, the analysis should not disregard shared costs that are variably tied to internal audit’s resource consumption. For instance, if the company uses a cloud-based enterprise resource planning system, and pays per license (vs. fixed fee), then those costs would be considered direct and controllable and should be a part of internal audit’s costs in the analysis. 

EVALUATE RESULTS 

First and foremost, the cost-benefit analysis should be used as an internal benchmarking and planning tool. After the initial analysis, an internal audit team may discover that its costs currently exceed its benefits. The results, either surprising or expected, present a valuable opportunity for root-cause analysis and subsequent goal setting. 

The deficit may be caused by cost management, limitations on the extent of value-added projects the team can perform, quality of execution, or the inability to adequately quantify the monetary impact of its value. Regardless of the cause, CAEs can refocus their team’s efforts on addressing these shortfalls and taking steps to improve them. The CAE can use the initial 2020 cost-benefit analysis results in the chart above to further manage costs and establish goals and KPIs on the benefits side. Additionally, if the department determines that its total benefits are falling short, it can revisit its current project plan and ascertain whether different, higher value projects are necessary, provided they continue to align with key risks and board expectations, or consider expanding the scopes of current projects with higher value potential. 

The cost-benefit should be an ongoing measurement of internal audit’s progress. If the team notes a deficit in its initial analysis, subsequent analyses may reveal encouraging signs of improvement. However, in the event of stalled progress, ongoing analysis can provide opportunities for further change and improvement. 

As a caveat, internal audit’s cost-benefit and ROI analysis should not be tied to team member compensation or incentives, which could lead to conflicts of interest, impaired independence, and failure to objectively measure and report benefits. Additionally, to avoid inflation of internal audit’s reported benefits, the quantitative benefit values reported should be fully validated with the appropriate business stakeholders before finalizing.

Nonetheless, if the team remains committed to improvement and continues to measure progress and adjust as needed, the assessment results will continue to improve. Ultimately, these results can be shared with stakeholders as evidence of the department’s progress and increasing value to the organization. 

COMMUNICATE VALUE

While every internal audit function faces unique perceptions and expectations of value, each one has a customized strategy for communicating value to stakeholders. Nonetheless, each strategy should consider three elements.

Target Audience Once internal audit has completed its cost-benefit analysis and has collectively agreed to share it with stakeholders, the target audience should be considered. The audience should include stakeholders that internal audit reports to directly, such as the CEO, chief financial officer, and audit committee. However, a broader audience, including various business unit leads, may be necessary, especially if those individuals are skeptical about internal audit’s value. That may include departments where internal audit would like to establish or expand its value-added services. Sharing these analyses with internal stakeholders and clients first can further validate results and assumptions, and lead to further revisions before sharing it with executive leadership, the audit committee, and the board. 

Degree of Detail The degree of detail in a cost-benefit analysis will vary based on the stakeholder. For instance, executive leadership and the audit committee may be interested in just the total costs and monetary benefits along with a summary of key items and trends. Conversely, business unit leads may be more interested in the item-level detail of the projects impacting their areas along with past and planned benefits.

Basis for Assumptions Like other data models, a cost-benefit analysis of internal audit is both art and science. Some inputs are clear and easily measurable — such as payroll and travel expenses on the cost side or realized savings confirmed by the business on the benefits side — while others are more subjective and require assumptions. 

Limiting the analysis to easily measurable elements may represent only a subset of internal audit’s actual value. Instead, the analysis should consider other nonmonetary, quantitative benefits, such as engagements completed, recommendations implemented, and time savings, or qualitative benefits, such as prevention of noncompliance with specific laws. In situations where it is possible to reasonably estimate the monetary impact of a benefit using consistent, logical, and documented assumptions, such items should be reflected in the analysis. For instance, if during an operational audit, internal audit identifies and provides training on automated reporting that saves the accounts receivable manager five hours a week, then those weekly time savings should be considered as reportable nonmonetary benefits. However, if the time savings achieved were applicable to part-time, hourly associates whose total workload was reduced as the result of the efficiencies realized, then the potential payroll savings could be classified as a monetary benefit. 

A MEANINGFUL RETURN

Internal auditors are well aware of their function’s capabilities and potential to further drive organizational value, but many stakeholders remain skeptical due to a general lack of understanding about the function’s overall impact, particularly on the organization’s bottom line. While each audit function faces different stakeholder perceptions and challenges, each is an organizational investment expected to yield a meaningful return. Internal auditors can measure their controllable costs and benefits, set goals, and revisit their project mix to provide more value and, ultimately, report on these items to stakeholders to ensure common awareness of internal audit’s value and potential. Like any other investment, an internal audit function with a clear, meaningful, and sustainable ROI will garner widespread appreciation and merit continued investment.  

Jack Pelikan
Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to remove comments.

About the Author

 

 

Jack PelikanJack Pelikan<p>​Jack Pelikan, CPA, CISA, CISSP, is a senior director of internal audit at Caleres Inc. in St. Louis.<br></p>https://iaonline.theiia.org/authors/Pages/Jack-Pelikan.aspx

 

Comment on this article

comments powered by Disqus
  • AuditBoard-September-2021-Premium-1
  • FastPath-September-2021-Premium-2
  • All-Star-September-2021-Premium-3

 

 

Stopwatch Auditinghttps://iaonline.theiia.org/blogs/jacka/2021/Pages/Stopwatch-Auditing.aspxStopwatch Auditing
Thanks, We Already Know Thathttps://iaonline.theiia.org/blogs/jacka/2020/Pages/Thanks-We-Already-Know-That.aspxThanks, We Already Know That
U.S. SEC: Environmental, Social, and Governance Risks Better Be on Your Radarhttps://iaonline.theiia.org/blogs/chambers/2021/Pages/US-SEC-Environmental-Social-and-Governance-Risks-Better-Be-on-Your-Radar.aspxU.S. SEC: Environmental, Social, and Governance Risks Better Be on Your Radar
Newswire: Week of July 5, 2021https://iaonline.theiia.org/2021/Pages/Newswire-July-5-2021.aspxNewswire: Week of July 5, 2021