Where Angels Prey

Where Angels Prey is a novel by Ramesh S Arunachalam. Please refer to www.whereangelsprey.com for more information

Saturday, March 12, 2016

Why is a rigorous, independent and objective internal audit system critical for the well-being of MFIs, especially those desiring to practice responsible commercial microfinance?

Ramesh S Arunachalam

From a larger perspective, internal audits are perhaps the first means for well-meaning MFI boards to get regular feedback on whether the concept of responsible microfinance is being implemented on the ground. In other words, a rigorous, independent and objective internal audit system can provide useful feedback on how processes and procedures (to promote responsible microfinance) are supposedly being implemented on the ground. Therefore, even before credit/social ratings and/or any established code of compliance assessments point out any discrepancies, it is the internal audit system that can provide and will provide useful early warning signals for the MFIs and their boards. Without question, just as charity begins at home, the first step in responsible microfinance is to ensure that MFIs have a rigorous, independent and objective internal audit system in the first place. That is yet to happen at many places in India and within many MFIs in real time even as on date…If that had happened, then, the agent led model of microfinance would not have flourished, as it has in Indian Microfinance - unless of course, the MFI boards themselves supported and incentivized the agent led of microfinance!

So, what do I mean by a rigorous, independent and objective internal audit system? Let me first set out the strategic context of internal audits from which it will be apparent that their rigor, independence and objectivity are critical and necessary. This strategic context clearly determines the extent to which internal audits can become a powerful and independent tool that boards of MFIs can use to ensure responsible microfinance on the ground and in real time.

Essentially, according to The Institute of Internal Auditors (www.theiia.org), internal auditing is defined as:

An independent, objective assurance... activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

This definition is critical because it sets forth the parameters on which an internal audit system can be designed at the MFIs.

First and foremost, an internal audit system must be independent of the MFI activities being audited. This implies that internal auditors at MFIs do not report to line management and/or senior management. Often, at some MFIs, which had an elaborate internal audit function, the independence of this function was hugely compromised because the internal audit department came under the (VERY SAME) senior management, whose very activities were also to be assessed.

Tell me, how can an internal audit department that reports to the CEO or CFO (or anyone else who is part of the line/operational management) accurately assess and provide objective feedback on the working of processes, procedures and operations? Therefore, MFI boards must ensure that there is an internal audit department that reports directly (and independent of senior management) to the board or its audit subcommittee. This is mandatory and this independence in functioning will facilitate greater objectivity in the working of the internal audit department. It will also position the internal audit department appropriately within the MFI, in terms of its strategic context.

Second, an additional caveat is in order here. Many organizations including MFIs may find it tempting to get internal auditors to design their risk management, control, and governance systems. While it is true that internal auditors have GREAT intimate knowledge of what systems work on the ground and why, if they are asked to design these MFI systems, then, it is unlikely that they would be able to assess the functioning of these systems dispassionately and objectively. This means that at no time should MFIs use their internal auditors to design the risk management, control, and governance systems and processes. At best, feedback—through discussions with the internal auditors and/or studying of their internal audit reports—could be taken with regard to these systems so that appropriate on-course corrections are made. This again will ensure that the internal auditors are truly independent of the activities and operations that they are auditing.

A third issue is relevant here. That is the scope of internal audits and this again is critical to understanding the reality across the organization (i.e., MFI). Very often, the activities of the senior management are excluded from internal audits for various reasons. That should not be the case. If only this had perhaps been done at Sahayata Microfinance,[1] much of the damage could have been avoided.

Fourth, senior management in MFIs preach extensively about internal audits but they forget one important aspect—ensuring its independence. Take a look at what Mr Ajay Verma, MD of Sahayata Microfinance (in 2011), said in a promotional video for a global microfinance consulting company:

“The Internal Audit (IA) function is designed to check, whether the internal controls in the MFI are functioning as intended? Internal controls are designed to provide reasonable assurance regarding the efficiency and effectiveness of operations, the reliability and completeness of financial and operational information, and the compliance with applicable laws and regulations.

Ajay Verma, CEO, and Sahayata: In terms of internal audit and controls, you need to very clearly define what is auditable and what is not auditable. Like what we have done, we have three types of audit. One is the process audit which happens in the field, then second is the branch audit. We audit all the branch documentation, which the loan officers have to do and the branch manager has to do; and third one is the cash and the finance audit which happens on the branch and the head office levels.”[2]     

All of these sound good to hear but the Sahayata Microfinance case[3] demonstrates that senior management do not necessarily practice what they preach. And if only the internal audit function had been independent, the Sahayata board would perhaps have got some early warning signals of the impending crisis in 2011. Sadly, this independence is never permitted by senior management, and then, internal audits become useless. This is the case in many MFIs even in 2016 sadly! 

In short, internal audits must (independently) cover each and every activity at the MFI with the objective of evaluating (but not limited to) the following:

·       Integrity, reliability, and effectiveness (including the relevance, accuracy, and comprehensiveness) of risk management, control, and governance processes and related systems;

·       Monitoring of legal compliances—with extant laws and regulations—including any changing requirements from regulator/supervisors; and

·       Safeguarding of all assets of the MFI.

Without question, the need for strong, rigorous, independent, and objective internal audits has never been more important in the Indian microfinance sector. I certainly hope that the boards (in MFIs) recognize this and facilitate the adoption of well-functioning independent internal audit systems that can go a long way in protecting their MFIs and enhancing their reputation as real practitioners of responsible microfinance in India. And this again is something that the regulatory architecture can seek to promote as part of the minimum standards required for accreditation as an MFI, whether NBFC, small finance bank, payment bank or microfinance bank!

[1]Award winning Sahayata Microfinance is the latest to go astray
(http://moneylife.in/article/award-winning-sahayata-microfinance-is-the-latest-to-go-astray/21549.html), by Ramesh S Arunachalam, November 18, 2011 and What is said at conferences is very different from what is implemented in practice

[3]Award winning Sahayata Microfinance is the latest to go astray

(http://moneylife.in/article/award-winning-sahayata-microfinance-is-the-latest-to-go-astray/21549.html), by Ramesh S Arunachalam, November 18, 2011 and What is said at conferences is very different from what is implemented in practice

No comments:

Post a Comment