What we do

Internal auditing is an independent,objective assurance and consulting activity that strengthens and protects organisations.

About Us

Who we are

Internal auditors support achievement of organisation objectives with pragmatic insights that strengthen governance and improve business processes. We strive to make a positive difference from the boardroom to the front line, which maintains trust and confidence in the organisation.

Find out more

Interested in a new career?

What's your potential? Rise to the call of reaching your potential by launching an internal audit career right here in New Zealand. Are you starting out in your career or getting ready to rise and side-step, taking your skills to a new challenge? Your journey into internal audit starts here with IIA NZ.

Careers in Internal Audit

Maintaining Trust & Integrity

Establishing the right level of assurance and independent review

James Jong
IIA NZ Advocacy Committee Chair

Trust is essential for the conduct of most human interactions. Every time citizens access information, use services, respond to emails, buy things, and make payments etc., they implicitly trust it is accurate, legitimate, safe, and secure to do so. It is our default mindset.

New Zealanders trust that everyone will be diligent at work and honest in behaviour unless proven otherwise. We also think that organisational systems and process designed to deliver, monitor, and regulate our interactions won't fail us. But they invariably can; and sometimes do.

When things go wrong, trust and confidence are often disproportionately eroded; more so than if we did not expect better. It matters greatly to Aotearoa New Zealand simply because our national ethos would not accept anything less.

Four things to consider

Four things for governors and executive management to consider about trust.

Identify key trust areas

First, what are the activities that your organisation must get right first time, upon which trust and confidence of your customers, stakeholders and the wider public critically depend? These will be myriad and interrelated, and entail core services, hygiene factors, and a wide range of customer / public facing activities.

Collating an inventory of activities that could put trust and integrity at risk will inform your priorities. Anchoring these against your organisation's purpose and objectives will help keep them front of mind.

Know your vulnerabilities

Second, what are the vulnerabilities for each of these critical activities and how could their failure manifest in reputational consequences. We know management is responsible for managing risks and implementing controls, which is a medium-to-long term investment. But we also know they could be incentivised for short term performance. In the context of delivery in a fast-changing and increasingly connected interactions, the human tendency for optimism bias is a vulnerability not to be underestimated.

It is instructive to understand the cascading effects of failure, systemic or random, so that these risks can be prioritised for mitigation.

Calibrate assurance to risk tolerance

Third, the nature and extent of assurance should be calibrated to the risk tolerance of the entity and whether such failures are likely to be damaging.

For example, procurement probity is critical in the public service. Agency chief executives and governors will want assurances that organisational process and systems for disclosing conflicting interests are not left to chance or goodwill. In this instance, assurance attestations from line management may not be sufficient. Independent and periodic assurance from the Internal Auditor or an external probity reviewer could be warranted - particularly for high-stakes or high-value supply.

Assurance should be layered such that higher priority trust and integrity risks are safeguarded by multiple lines of defence.

How you respond can make all the difference

Fourth, recognising that it is nigh on impossible to control for every risk (and remain a viable business), how organisations respond when things go wrong can make all the difference. Affected customers and other stakeholders rightly expect an explanation of what happened, and reassurance that it won't happen again.

Often, a statement is provided by the part of the organisation responsible for the issue, which may be a proportionate response for minor issues. But for major or systemic issues, a higher degree of independent assurance is invariably required to avoid any appearance of disingenuity or lack of transparency. In such instances, it is helpful to have an assurance capability that is independent, and not mired with other management responsibilities.

Trust is hard earned and easily lost

Trust and integrity are hard earned, and easily lost. Unless we have had first-hand experience of reputational damage, our national psyche that "she'll be right" could cloud executive judgement. I hope this article encourages healthy scepticism and increases the appreciation of independent assurance to protect and strengthen confidence in your organisations.

MoST Content Management V3.0.7525