Updated: Aug 12, 2019
Today's fast-paced and evolving business environment requires an internal audit to consider its capabilities and needs to ensure appropriate strategic planning. How can CAEs develop strategic plans that result in their stakeholders viewing the audit function as “highly effective”? Our research has found an approach that builds on three dimensions of effectiveness that must be addressed to be highly effective:
1. Meeting stakeholder expectations
2. Operating core processes
3. Conforming to internal audit standards and applicable regulatory requirements
Meeting Stakeholder Expectations
Before we can even attempt to meet stakeholder expectations, we need to understand their needs and objectives. The IIA’s global stakeholder study identified several expectations common to many organizations.
First, stakeholders expect high-quality assurance work from the audit department. When we’re following the standards and completing an adequate review, the work we produce should always be completed with the highest rigor.
Second, it’s critical to identify key, strategic risks and align our audit plan and audit programs to these risks. We’ve also found that senior management and audit committees expect to see reporting that addresses these strategic risks.
Finally, business knowledge is expected. An auditor’s expertise is often said to be a mile wide and an inch thick. It is true that we need to have at least a basic understanding of nearly all common business processes, but we should also have a deeper understanding of the specifics related to our industry and organization.
Operating Core Processes
When evaluating our operating core processes, we should consider all aspects of the audit department. As you go through this exercise, start with the basics, the people who make up the department, and work your way out through your processes and all the tools used to support those processes.
While not exhaustive, the core processes should include:
1. Human capital
2. Risk assessment
3. Working practices
5. Knowledge management
7. Communications and reporting
8. Performance measurement
Conforming to Internal Audit Standards and Applicable Regulatory Requirements
As auditors, we should always start with the fundamentals of conformance to The Standards as a foundation for growth. Depending on the organization, these may include the IIA International Standards, Yellow Book, Green Book, or other sources of guidance. In addition to standards, we must also conform to any applicable local regulatory requirements, and specific industry regulations.
Authored by Toby DeRoche MBA, CIA, CCSA, CRMA, CICA, CFE