Two Offices Under One Directorate: What’s the Difference?

The Exchange Office of Inspector General (EIG) and Internal Audit share common goals to improve operations while providing expertise in areas such as audits, compliance, process controls, assessments, inspections and investigations to improve efficiency and effectiveness for the enterprise.

Although IG and Audit have the same senior vice president and their objectives often overlap, there are differences between the two. The key difference lies in the level of depth and focus within their assignments and projects.

In 2014, the Office of Inspector General was realigned with Audit to create one directorate, AU/IG. Both divisions serve a vital role in promoting economy, efficiency and effectiveness while seeking to prevent and detect fraud, waste, abuse and mismanagement in Exchange programs and operations.

Inspectors general and auditors assess compliance with standards, but they have several differences that can be seen in the level of depth within their respective roles and responsibilities.

The IG accomplishes its mission through four functions outlined below:

• Assistance: The Fraud, Waste, and Abuse (FWA) Hotline serves as the main source of the assistance function and receives approximately 500 messages per year.
• Inspections: Inspections focus on operational compliance with standards including Exchange Operating Policies, Department of Defense directives/instructions and federal regulations. Inspections are done at the direction of Director/CEO Tom Shull.

The terms inspection and audit are often used interchangeably, but they are two separate processes. Audits are performed by auditors, and inspections by inspectors general. Also, inspections may not incorporate as much analysis as audits when accomplishing objectives.

• Investigations: The Exchange Office of Inspector General conducts investigations into violations of policy or regulations when directed. Investigations may also be initiated when reports of alleged mismanagement, unethical behavior or misconduct are received.
• Teach and Train: The teach and train function is integral to the first three functions. Because of the nature of their job, IGs possess a wealth of knowledge and expertise. The experiences gained in assisting, inspecting and investigations are in turn used to train associates at all levels about policies and procedures.

While EIG’s inspections are done at the direction of the Director/CEO, the Exchange Audit Division maintains an extra level of independence. Audits are performed based on an annual Audit Plan, which is developed after an evaluation of risk and approved internally with the Board of Directors Audit Committee’s input. The Exchange Audit Division conducts two types of audits (Performance and Agreed-Upon Procedures). Each provides Exchange management and the Board of Directors value through the division’s independent and objective reviews. The engagements must conform to established standards set by the U.S. Government Accountability Office, and they typically entail some level of business analytic reviews.

• Performance audits typically have a broader scope and focus on specific Exchange functions or operations. For example, the FY 2024 Audit Plan’s topics included merchandise return processes, food plant operations and third-party risk management. Each planned topic is unique and may encompass worldwide operations or may solely be focused on CONUS, OCONUS or directorate operations. Each is focused on key Exchange strategies to excel.

It should be noted here, that during the course of performance audits, any mid-term report communications, whether it is briefing notes after a facility visit, interim briefing notes, or an audit report discussion draft should not be shared outside of a recipients chain of command as this could skew observations and potentially result in unnecessary travel expenses when documents have been altered to “correct” records prior to an audit visit. Although it is commendable to want to be represented well during an audit, these types of corrections potentially mask enterprise-wide operational improvement opportunities and thwart review objectives. This is true with mid-term inspection results as well, with the exception of firearms inspections. Sharing results from the latter can aid other facilities in passing federal AFT firearms inspections and potentially save location Federal Firearms Licensing.

Recommendations (i.e., opportunities for improvement that management agrees to act on within a specified time) that flow from these engagements are based on observations from risk-based testing conducted using and measured against solid criteria such as DoD Instruction, EOPs or leading industry practices.

• Agreed-Upon Procedures are unique as they are conducted based on a specific request from management, and only testing approved by the requestor will be conducted. Also, these engagements do not have recommendations. Instead, Audit solely provides information answering management’s questions/objectives. The engagements have a much tighter scope of review than performance audits and are conducted on an ad hoc basis and performed in addition to planned performance audits.

Regardless of who has the lead, there simply is no substitute for effective oversight. The Exchange’s commitment to an Internal Audit Group and an IG validates the importance of management’s attention to internal controls, fraud risk awareness and the overall benefits derived from continuous process improvement.