Introduction
The
Institute of Internal Auditors defines Internal auditing as an
independent, objective assurance and consulting activity designed to
add value and improve an organization's operations. It helps an
organization accomplish its objectives by bringing a systematic,
disciplined approach to evaluate and improve the effectiveness of
risk management, control, and governance processes.
(2013).
Problem Statement
If
you entered the Internal Audit profession twenty or thirty years ago
you would not recognize the above definition of internal auditing.
The fact is that Internal Auditing has changed significantly over the
last decade. Much of those changes have been driven by new regulation
and regulatory demands, new technology, new professional standards, globalization new ways of working especially the need for
collaboration as well as a more proactive, dynamic and risk based
approach to auditing. The fact is that many career auditors need to
re-tool, re-think and re-train to carry out their new expanded responsibilities effectively.
Previous Options
In the
old traditional, conventional approach to auditing. Internal auditing
was a compliance based activity. The traditional internal auditor
armed with his checklists, standard audit tests and annual audit plan
felt capable of providing assurance to management that internal
controls were working effectively and that all assets had been
safe-guarded. With the role of the internal auditor being redefined
in line with the introductory definition above, more is needed for
the Internal auditor to be able to help his organisation accomplish its operational objectives while improving the effectiveness of of
risk management, control, and governance processes, by his objective
independent consulting activity.
Clement Ashley Consulting's Solution
Clement
Ashley Consulting recommends a Risk Based Internal audit approach
that has a business focus rather than an audit focus. The Risk based
approach should have a process forcus rather than a transaction
focus, it should focus on improvement of risk identification rather
than compliance for compliance sake. The risk based approach to
internal auditing should use open questioning techniques rather than
the traditional closed questioning. The mindest of the risk based
internal auditor should be one of change facilitation to improve
performance rather than policy adherence.The risk based internal
auditor should see himself as a consultant rather than a policeman,
if he holds himself accountable for performance improvement results,
he will be seen as adding value and not as a cost center this in turn will enhance his ability to move into other management
positions. The risk based internal auditor should be more interested
in the future than the past and therefore be more proactive and less
reactive. The risk based internal auditor should focus on solutions
rather than problems and hence major on performance rather than
conformance.
Benefit 1
A risk
based audit approach maximizes the use of scarce internal audit
resources.
Benefit 2
Using
the risk based approach you will have the ability to identify new and
emerging risks that can affect achievement of your organisations
goals and objectives.
Benefit 3
A risk
based approach will force a prior implementation of enterprise risk
management, which will directly improve organisational performance.
Benefit
4
The risk
based approach to internal audit has the benefit of not only
highlighting risks that are not properly controlled but also those
that are over-controlled and thereby consuming scare organisational
resources.
Summary
As Mike Thomas CIA says 'the
risk-based auditing approach encompasses the attributes of business
knowledge, macro-risk assessment, strategic audit planning, and
detailed risk assessment necessary to effectively and efficiently
deploy audit resources. If performed correctly, this approach will
allow the internal auditor to focus on the areas of risk
proportionate to the potential exposure to the company. The cycle of
continually assessing risk, efficiently planning audit activities,
and effectively performing, delivering, and reporting audit
activities can result in overall lower risk to the organization at
reduced cost'.
Author
Ijeoma Rita Obu is the managing Consultant of Clement Ashley Consulting and can be reached at robu@clementashleyconsulting.org
No comments:
Post a Comment