control, and governance
How Do I ... Deliver Audit Value?
In the past, internal auditors did not need to consider the importance of adding value when performing their work assignments. Today's auditors, however, must be much more attuned to opportunities for enhancement, as adding value is widely considered an integral part of the audit process. But what does adding value entail, and how do auditors provide it? While the answer may vary depending on individual circumstances, internal auditors make value-added contributions throughout the entire audit process and in almost every aspect of their work.
Auditors add value by simply doing their jobs for the audit committee or other reporting body. The audit function serves as a governance control, and it performs a crucial role by strengthening the organization's overall systems of control and conducting assurance reviews of the critical controls intended to address entity-level, industry, and business-line risks.
THE ANNUAL AUDIT PLAN
Most internal audit departments use a risk-based annual audit plan. Management needs to address the highest risks within an organization, and the annual audit plan must reflect and address those risks. A plan developed by incorporating the organization's highest risk departments, business units, processes, and respective controls makes effective use of internal auditing's limited resources and thereby adds value through efficiency.
THE AUDIT WORK PROGRAM
A well-developed internal audit plan or program should address the major risks both at the level of the organization and within individual departments, units, or processes. This approach should encourage the internal audit department to focus its efforts and activities where they are likely to have the most significant impact on value added.
During an engagement, internal auditors may observe numerous opportunities for process improvement or other enhancements that ultimately either increase the organization's profitability or help fulfill its mission. While this activity constitutes adding value, auditors need to be wary of going too far. In evaluating risk versus reward, auditors must determine if the effort and resources expended to find an improvement are worth the potential benefits.
To add value through reporting, internal auditors need to consider where they want their audience to focus. Accordingly, they should take into account the needs, wants, and resources of various stakeholders. The audit report should be easy for readers to navigate, and if appropriate, it should stratify findings and recommendations into categories of importance.
Internal auditors are risk assessment and internal control specialists. Their expertise in these areas enables them to help management analyze risks to the organization and design controls to mitigate those risks. By performing audits, researching issues, and benchmarking with peers on best practices, auditors can become a truly valuable resource for internal control design.
Adapted from "Delivering Audit Value" by Eric Lundin (Internal Auditor, "Back to Basics," August 2009).
COMMENT ON THIS ARTICLE
Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online, or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to edit/remove comments.