Professional Documents
Culture Documents
Internal-Audit Techs PDF
Internal-Audit Techs PDF
in Internal Audit
Gone are the days when internal audits were limited to annual
assessments of operational and financial controls alone.
Today’s internal auditors are expected to do more – to step out
of their comfort zones and provide assurance on a range of
new and emerging risks, while also delivering timely insights to
guide key strategic decisions. Stakeholders are increasingly
relying on internal auditors to help them navigate the choppy
waters of rapidly changing regulations, large-scale data breach-
es, complex global business ecosystems, and geopolitical un-
certainties. How internal audit responds to these expectations
will determine their success, relevance, and value in the coming
years.
With that in mind, here are 5 best practices for internal auditors
to successfully meet stakeholder expectations, and drive excep-
tional business performance in their organizations:
1
Put Risk at the
Front and Center
of the Audit Plan
Insight Recommendations
We live in a world where risks are changing at an • Get a sense of the top risks to the business
incredible pace; where events that might not have through conversations with stakeholders, internal
been foreseen a year ago have become a reality. observations, surveys, and industry analyses
Consider the unprecedented vote by U.K. citizens to
exit the EU, the bitter and deeply divided political • Coordinate with other assurance groups to assess
battle in the U.S., the simmering refugee crisis in and score risks in a top-down manner
Europe, or the increasing cyberattacks against criti-
cal infrastructure. • Tailor risk assessments to understand how various
risks are interconnected and what causes them
For internal auditors, these developments are a
strong reminder that risks need to be constantly • Rank and prioritize the risks based on their impact
reassessed, and audit plans revised to reflect the and likelihood; make sure to get management
changing risk environment. While risk identification buy-in on the risk priorities
is ultimately a management responsibility, auditors
would do well to stay informed on the new and • Ensure that the areas of highest risk and the
emerging risks that would hinder the achievement associated controls are audited more frequently
of the organization’s objectives. They must be able than others
to provide assurance that existing risks, as well as
the big risks around the corner are being properly • Conduct periodic reviews throughout the year to
controlled. Achieving these objectives calls for con- determine if the prioritization of risks is still applica-
tinuous, risk-based audits. ble
2
Collaborate
Closely with the
Second Line of
Defense
Insight Recommendations
For the board and management, it can be frustrat- • Establish a common risk and control language that
ing and confusing to receive multiple reports from will enable the second and third line of defense to
various assurance functions, each addressing simi- communicate with each other, and report risk more
lar risks and issues, but talking in a different risk effectively
language, and providing different recommenda-
tions. If internal auditors are to truly add value, they • Conduct periodic meetings between internal audit
must collaborate and communicate more effective- and other assurance functions to share informa-
ly with the second line of defense, working towards tion, and to align risk priorities
a holistic, integrated view of risk and compliance.
This kind of combined assurance gives stakehold- • Don’t hesitate to question and challenge the
ers better visibility into critical risks and opportuni- findings from risk and compliance functions
ties which, in turn, enables them to make better,
faster business decisions on how to tackle the • Link the risk function’s assessments of key risks to
changes in the risk and regulatory environment. audit planning; in turn, share the risk-based audit
plan with the risk function to get their insights and
perspectives
Many organizations are addressing these skills • Build relationships with external service providers
gaps in their teams through comprehensive who can provide specialized audit skills without
training. Others are hiring new audit professionals, long-term investments
while still others are looking at co-sourcing and
outsourcing options.
5
Automate Wherever
Possible with
Technology
Insight Recommendations
While internal audit’s roles and responsibilities may • Consider replacing siloed spreadsheets and tools
be increasing, budgets are limited, and talent is diffi- with integrated audit systems that can streamline
cult to come by. In fact, auditors often find them- and automate audit workflows across the enter-
selves having to do more with less. Many are turn- prise
ing to technology to simplify and automate manual-
ly-intensive audit processes, thus freeing up time to • Build a centralized library to integrate and map
focus on more value-added activities such as risk audit data, including risks, objectives, controls, and
analysis. auditable entities (This tightly-knit data model helps
understand the relationships between various data
With big data analytics, technology also provides elements, and enables more targeted and focused
the ability to aggregate and analyze tremendous audits)
volumes of data (from both inside and outside the
organization), and deliver risk and compliance intel- • Leverage mobile auditing tools to enter audit find-
ligence in real time. These insights enable auditors ings on the go, and to easily capture photos and
to better predict the risks, issues, and opportunities videos as evidence
that lie ahead, thereby providing timely advice to
the board and leadership team. • Implement intuitive dashboards and reporting
tools that can roll up audit and risk data from
across the enterprise, summarizing key observa-
tions, and highlighting critical information
Email: info@metricstream.com
US: +1-650-620-2955 Europe: +41-615-880-111 UK: +44-203-318-8554
Copyright MetricStream.
India: +91-(0)80-4962-8000 UAE: +971-50-728-724 Australia: +61-870-708-014 All Rights Reserved.