How innovate is your team’s approach to Internal Audit?

Through knowledge sharing of best practices via Audit Leaders- we discuss below how Internal Audit can get innovative?

Organizations do not achieve their objectives by merely adhering to adequate systems of internal control. To succeed, for-profit organizations are expected to innovate to remain viable in today’s competitive environment, and even non-profit entities are realizing that they must also search for new products and services and re-examine their operating practices to reduce cycle-time, lower costs and increase quality.

This is a reality for those on the operational side of things, but internal auditors must realize that they are not immune to these changing dynamics and the same expectations are levied on them too. As the governance, risk and compliance landscape continues to evolve, internal auditors must search for new ways to evaluate what is in their audit plans and become creative in support of management’s pursuit of business objectives.

There are many trends driving innovation in internal audit. For example, the requirement to prevent and detect fraud, the need for faster and more agile auditing, adding value with fewer resources, transitioning to risk-based auditing, using data analytics to examine more substantial numbers of records, better root-cause analysis, practical problem solving, formulating pragmatic recommendations, and helping management improve efficiency and effectiveness.

Following are some examples of ways that innovation can help internal auditors.

Risk Assessments

1.      Expand the rating of risk impact beyond monetary measures. The impacts can also include bodily injury, reputational damage, negative publicity, brand erosion, lost opportunities, employee demotivation, lower productivity, lawsuits, and excessive turnover.

2.      Add velocity and persistence to risk assessments. Velocity pertains to the speed at which the risk may affect the organization. While some risks are slower to occur (e.g., demographic changes) others occur more quickly (e.g., technological change and cybersecurity attacks).  Persistence relates to the length of time over which the risk’s impacts may linger if the risk were to occur after the cause of it stops. Some risks’ impacts are short-lived, like a trucking company accidentally spilling milk, while others may last a long time, such as the same company spilling gasoline or pesticides.

3.      Expand the risk rating used beyond letters (e.g., High, Medium and Low) and consider using a numerical scale more conducive to mathematical calculations.

4.      Expand the assessment of risks to incorporate statistical inputs, historical error, accidents, insurance claims, incident rates, correlations, simulation, and probabilistic elements.

5.      Conduct broader brainstorming sessions to seek input from younger and not only more experienced personnel, from operationally involved but also individuals removed from day-to-day participation in the process, and those who think differently and creatively about unusual, emerging and diverging scenarios.

6.      Develop a partnership with management to use Key Risk Indicators (KRIs), so the organization moves toward pre-emptive risk management, and continuous monitoring and auditing.

Audit Plan

1.      Offer a broader selection of consulting and advisory services to the organization

2.      Recalibrate the allocation of time between compliance, financial, IT, operational, cybersecurity and advisory services based on the organization’s evolving risk maturity

3.      Audit non-traditional, yet essential, subjects, such as Corporate culture and ethics, Knowledge management, Physical security, Training and development, Social media, Project management, Change readiness and execution:

Planning

1.      Identify the business objectives every audit attempt to help management achieve. If business objectives are not defined, work with management to do so.

2.      Brainstorm risks on the program, process or unit being audited rather than only making cosmetic changes to past audit programs.

3.      Evaluate business dynamics more thoroughly, so only key risks and controls are tested.

4.      Examine more rigorously the timing, type, format, and extent of data and documents requested

5.      Brainstorm fraud scenarios with every audit.

6.      Make your department’s mission, and vision statements the driving force behind every engagement.

Fieldwork

1.      There are different types of sampling methodologies, so question the method used.

2.      Go beyond sampling and test the entire population whenever possible and feasible.

3.      Develop testing procedures based on the answer to the question: How do we know if this risk is happening?

4.      Include fraud detection procedures with every audit based on the answer to the question: How can we find out if fraud scheme X is occurring?

5.      Use subject matter experts (SMEs) whenever possible to help test unusual dynamics.

6.      Require root cause analysis and promote the use of tools, such as Ishikawa Diagrams, Affinity Diagrams, 5 Whys, Is-Is Not Comparative Analysis, Pareto Charts, Scatter Diagrams, vigorous brainstorming, Process Flow Analysis, SIPOC Maps, Run Charts, Control Charts, and Histograms.

Reporting

1.      Use various templates to be used based on the type and urgency of the communication.

2.      Update the layout of internal audit and audit committee reports.

3.      Increase the use of charts, graphs and other visual elements in audit reports.

4.      Streamline the reporting cycle to publish communications faster.

5.      Write every audit report from the perspective of a change agent.

Performance Monitoring

1.      Instill and reward individual skills and competencies applicable to modern internal auditing, such as critical thinking, business acumen, data analytics, flexibility, communication, and innovation.

2.      Make sure performance evaluations balance technical and soft skills that measure individual and team results.

3.      Develop Key Performance Indicators (KPIs) that focus on outcomes, not only output.

4.      Balance quantitative and qualitative performance metrics from within the internal audit department, but also from clients.

5.      Introduce and sustain a post-audit client survey and a 360-degree review program.

Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us on 0041 4350 830 59