I have two hands. While one is slapping at PwC and their paper on risk oversight, the other is stretched out in acknowledgement of an excellent short article by them on internal audit.
"Agility and Internal Audit? Yes, These Two Can and Should Go Hand in Hand," published in Accounting Today, is spot on target.
While I still believe that it is not internal audit's role to identify risks (as the author, Jason Pett, says at one point), it is certainly imperative that internal audit engage on every major initiative and ensure that risks to their achievement are being identified and addressed by management.
In this time of technology innovation and disruption, the technology specialists in internal audit (previously known as IT auditors) have a critical role to play.
I like Jason's talk about:
- Preparedness, or thinking ahead. "… agile internal audit requires auditors to face forward, plan strategically, and then share their perspective with other departments and the C-suite. Working across the organization to build in flexibility and enable faster reactions are all part of preparedness."
- Adaptiveness. "Agile internal audit functions are sufficiently flexible that they can shift their audit plan development, audit planning, fieldwork, and reporting as circumstances change." As Richard Chambers and I have both said, "audit at the speed of risk" or "audit at the speed of the business." Discard annual audit plans in favor of agile, continuously updated audit plans that reflect the risks of today and tomorrow, not the past.
- Having the skills to execute. Where necessary, partner with cosourcing providers to enhance the internal audit team's ability to go where the risks are and will be.
The IIA's core principles for effective internal audit talk to this. An effective internal audit function:
- Provides risk-based assurance.
- Is insightful, proactive, and future-focused.
- Promotes organizational improvement.
I welcome your comments.
Please join the conversation by clicking on the Subscribe line below.