Building a Better Auditor: Making A Difference
Blogs Larry Kowlessar, CRMA May 06, 2024
The IIA has witnessed some phenomenal milestones over the past year, from the acquisition of new chapters, institutes, and members; to great articles by some of the profession’s elite; to the evolved and updated Global Internal Audit Standards.
While the profession has made its mark and continues to adapt, the question still percolates — has there been a revolution in how we conduct our audits, help strengthen organizational value, and provide insights to become truly trusted advisors? The IIA and its dedicated staff, members, and volunteers cannot take the profession forward unless the practitioners individually make a concerted effort to strengthen the organizations we serve.
Internal auditing strengthens the organization’s ability to create, protect, and sustain value by providing the board and management with independent, risk-based, and objective assurance, advice, insight, and foresight. ~ From the Global Internal Audit Standards, Domain I: Purpose of Internal Auditing.
Conducting Our Audits
No one can change our approach to audit engagements, save the practitioners themselves. How many changes have we implemented over the last year that have enhanced our audits and our department’s delivery? We need to reflect on what we did a year ago, compare it with how we conduct our audits today, and show in a third column what has changed and what has remained constant.
Let’s not be quick to cast aspersions on the “remained constant” column, especially if “what has changed” did not bear fruit. Yet, we must be motivated to approach every engagement with a renewed fervor to improve each department’s operations, and by extension, improve the operations of the organization. In the new Standards, the Purpose of Internal Auditing in Domain I speaks to this directly, emphasizing our role in strengthening “the organization’s ability to create, protect, and sustain value.” As such, we have a responsibility to our organizations, our profession, and to ourselves, to uphold these values.
Creating, Protecting, and Sustaining Value
This language explaining internal audit’s purpose in strengthening the organization’s ability to create, protect, and sustain value is a clear indication of why the auditor was brought onboard. Can we analyze the audits that we performed during last year’s audit plan and identify our best product and why? Was it an audit that had the most observations, addressed the highest risk areas, or had great feedback from client management?
While all the above, and much more, are commendable, the organization’s concerns are all about the value we help to create, protect, and sustain during our respective engagements. How can this value be quantified — and was the audit client satisfied with our approach, deliverables, communication, and effectiveness? These and many more questions must be asked of us. Management’s satisfaction has a direct relationship with our ability to help strengthen the organization. Let us be vigilant and proactive in focusing on the organization’s value with every aspect of our service.
Providing Insights
The Purpose of Internal Auditing also explains how we are to go about strengthening the organization: by providing “independent, risk-based, and objective assurance, advice, insight, and foresight.” To catch the attention of management and the board, our insights must be meaningful, pointed, and address today’s risks. Many times, we fail or are not taken seriously because we prepare a document but aren’t able to meet with management quickly, yet the same document is brought along, one month later. That is now a history project, and risks have intensified, mitigated, been accepted, treated, or transferred — while we were still waiting to present our views. We can be left behind!
To be on top of our game, we must review and renew our key risk indicators on a continuous basis, remove those that have been addressed, reassess them, and present to management our assessment of the effectiveness of the controls. It’s all about providing meaningful insights that capture analyzed risks, with an eye on risks that are emerging.
In a LinkedIn post introducing a new report on the internal audit talent pipeline, IIA President and CEO Anthony Pugliese writes, “The next generation of internal auditors must be tech-savvy, innovative, and resilient.” This is a requirement for us all as we forge ahead to conduct meaningful audits, help strengthen the organization’s value, and provide effective insights.