Internal auditing is a vital function within an organization which aims at improving its operations and ensuring compliance with laws and regulations. In the past, the function used to undertake backward looking approach by evaluating the processes and controls within the engagement scope to see what went wrong and how those can be overcome in the future to avoid future errors and losses. However, currently internal audit team works as a trusted business partner by giving more foresight to the management and the board to help them achieving the organizational objectives. In essence, the auditors now help management to be more proactive in terms of managing the risks instead of being reactive as earlier which is a proven approach in every aspect as “Prevention is always better than cure”.
How can a Chief Audit Executive (CAE) implement such an approach in any organization? I have tried to answer this question in below steps from my own experience where I have combined both risk based and agile auditing approaches coupled with the usage of technology, such as audit software and data analytics:
- Risk-Based Planning: This activity starts by identifying and prioritizing the most significant risks in an organization. Using a risk assessment matrix to determine which areas require immediate attention. This ensures that the audit efforts are focused on the most critical areas in the audit universe (all the auditable areas in an organization or company).
- Agile Sprints: Break down the audit process into short, iterative cycles or sprints. Each sprint should focus on a specific high-risk area identified during the risk assessment. This allows for regular reassessment and quick adjustments based on the audit findings.
- Dynamic Audit Plan: Maintain a flexible audit plan that can be updated frequently based on emerging risks and business priorities. This dynamic approach ensures that your audit activities remain relevant and responsive to current conditions.
- Collaboration and Communication: Continuous communication and collaboration among audit teams and stakeholders. Regular check-ins, and feedback loops help ensure alignment and address issues promptly.
- Minimal Documentation: Focus on essential documentation to reduce overhead and allow auditors to concentrate on high-value activities. Agile auditing emphasizes efficiency, so keep records concise and relevant.
- Continuous Improvement: Implement a process for continuous feedback and improvement through a robust Quality Assurance and Improvement Program (QAIP). Further, regularly review audit processes and outcomes to identify areas for enhancement and ensure that the audit methodology evolves with the organization’s needs.
- Use of Technology: Leverage audit software and data analytics tools to streamline the audit process, enhance risk assessment, and improve the accuracy of findings.
In conclusion, Internal Auditing is now an active risk management partner in any organization. They now work with a forward-looking approach and give wake-up calls to the management and the board with a view to protecting and increasing the value of the organization in a sustainable manner.
By Md Maksudul Amin, FCCA, CPA
Ex-CAE of ASA International Group Plc, Ex-VP of HSBC
Global 200 Power Leaders in Finance 2024 – White Page International
Author is available at “maksudulamin@hotmail.com”.
Like our facebook page
Subscribe our YouTube channel