The selection of processes to be audited should factor the degree of vulnerability and importance of the function
Wipro is an organization with an employee base of over 1,70,000. And HR audit practices have helped us improve our employee services, efficiency and control mechanisms. HR audits aimed at process efficiency covers the entire employee lifecycle – from hire to retire including compensation and payroll, recruitment, learning, performance management systems and retirement, all are formally audited. While processes like succession planning and leadership development are not audited formally, we study the processes – to understand whether we have identified the right candidates and whether they have received a learning roadmap and development plan. There are three principal areas which are critical for audit purposes in HR: the first is payroll, given that we have a large employee base; the second area is recruitment including background checks; and the third area is employee separation – with a gamut of employee exits, processes such as final settlements and closures.
The objective driving our audits is two-fold: one is to check whether we are in compliance with statutory laws and financial controls, and the second objective is to identify areas for long-term process improvements. The approach to auditing our processes involves joint discussions between the internal audit team and the process leads and subject matter experts to understand the process at work. Then an annual calendar is outlined and audit areas are identified along with the people who will be driving the process. The selection of processes to be audited is entirely based on the degree of vulnerability and importance of the function. In fact, we call for an audit if we observe or believe the process isn’t having the desired impact and is not running efficiently. The internal audit teams, led by the Chief Audit Officer, drive the audit processes. They work closely with functional heads to comprehend the intervening variables. After analysis of data – first for a small sample, and then a large sample (in case potential risk is identified), key stakeholders are involved in the discussion before the report findings are finally presented, after which the audit report is finalized. The benefits that we have periodically derived from audits have significantly improved our processes.
The real purpose of audit can only be achieved if the recommendations are implemented – and that is also where the biggest challenge lies. An audit doesn’t end at the recommendation stage – how well the organization implements suggestions and carries out their process improvements determines the degree of success of an audit engagement. This could involve changing the process, automating it, or it may also involve outsourcing it.
We have a global shared services organization, and operate in a number of countries. Due to this, we had local vendors helping us with the payroll processes; we suddenly realized that there were 43 different vendors handling our payroll. So when the audit was conducted, we realized there was no one common platform – opening us to risk areas across immigration, tax and statutory requirements. So we identified a global resource specialist program (RSP) and outsourced the process and after testing the platform, we ensured that the risk was mitigated using the platform.