4-ways-auditors-add

advertisement
4 Ways Auditors Can Add Value to Your Organisation
The value of the Internal Audit function is becoming increasingly critical to the strong
corporate governance, risk management, effective internal control, and efficient operations
of any organisation.
As per the IIA, “at its simplest, internal auditing involves identifying the risks that could keep
an organization from achieving its goals, making sure the organization’s leaders know about
these risks, and proactively recommending improvements to help reduce the risks”. It is a
common fallacy that the Internal Audit function exists to pick holes in management’s
operations. However, this is not at all the case. There are so many reasons to regard audit as
a partner in your management operations. Here are four ways that the auditors can add
value:
1. Multi-disciplinary skill set
A good auditor will come equipped with cross-disciplinary skills, allowing him/her to add
tangible value out of the audit work. Auditors are valued for their critical thinking and
communication skills, which coupled with broad organisational knowledge allows them to
provide valuable insight. An audit staff compliment usually contains experts such as
engineers, accountants and IT professionals, most of whom will be certified appropriately to
perform an audit (e.g. CIA, CISA). The best auditors also bring to the table the ability to
perform complex data-analysis to solve business problems that others in the organisation
do not have the skills to master. Furthermore, any recommendations / findings that are
raised by an auditor will be objective and independent. An effective organisation will see its
managers partnering with the auditors, leveraging these skills to more effective operations.
2. Organisational alignment
Typically, an audit division’s departmental structure aligns closely with the organisational
structure of the company. This means that audit managers are assigned to specific lines of
business where an in-depth knowledge of business-unit activities is developed over time.
Relationships with those in charge of the various business-units are also developed which
facilitate regular meetings with the business-unit managers. During these meetings, an
auditor will query changes in the business unit’s operations that may expose new risks,
share best practices that have been identified in other business units / areas, and discuss
common control weaknesses discovered in other departments. These meetings not only
build relationships, but also keep the auditors in touch with the organization's changing risk
profile.
It is not uncommon to find top auditors included in major oversight committees, process
design / redesign teams, and task forces. Their role on these teams is to ask crucial
questions about risk and contribute their knowledge of controls.
3. Data supported insight and analysis
Top class audit departments are no longer carrying out their audits using manual processes.
The technology era has allowed auditors to carry out their audits using electronic systems,
enabling results from audits conducted to be analysed over time and trends of data to be
presented. As an example, trends can be pulled based on the following:
-
Top findings by business process over time
Root causes of findings by process by region / area
Significant recurring findings over time
Top audit risks raised as a result of audit findings
Open and overdue action plans linked to significant findings
Follow-up status of audit findings
Top audit systems are enabling this kind of data to be more easily accessible and
understandable. The image below shows a graphical dashboard demonstrating top root
causes of findings over multiple audits and locations. It is clear from the dashboard that
“Inadequate Skills” is the top root-cause of the findings raised.
Selecting “Inadequate Skills” then highlights the frequency of the findings linked by business
unit and process. In the example below, it is clear that the Credit Review in the Burgundy
business unit is the top culprit of the root-cause “Inadequate skills” in the organisation.
To
view
examples
of
these
interactive
dashboards
in
BarnOwl,
click
here:
http://www.barnowl.co.za/solutions/business-intelligence/
Having access to this kind of data seriously elevates the value that an audit team can
provide management.
4. Improve the effectiveness of risk management, control, and governance
processes.
Auditors are able to improve the business processes around Risk Management, Control and
Governance processes by using their quantitative skills and risk knowledge. An auditor’s
knowledge of assessing controls and ability to identify key risks, along with the business
processes surrounding this can be leveraged by Management together with Risk
Management, to enhance the business processes in these areas.
For more information on the BarnOwl audit module please see:
http://www.barnowl.co.za/solutions/audit/
Download