One of an audit committee’s most important responsibilities is
to oversee the organization’s internal audit function. Here are 10 steps audit
committees can take to facilitate proper oversight and direction of internal
audit:
Evaluate the current and projected scope of internal audit coverage of risk management and governance. Internal auditors have increased their focus on risk management and governance processes, and audit committees have stepped up their interest, too.
Ensure that internal audit’s risk-based plan is flexible and responsive to change. Amid complex and dynamic risks, many internal audit groups update their risk assessments and audit plans more than once a year.
Determine how internal auditors are using technology. New tools such as data mining are increasingly used to enhance internal audit’s efficiency and effectiveness. The audit committee also should be aware of the specialized skills and budgetary support required by internal audit to achieve its technology objectives.
Assess the strategic vision and plan for internal audit. Internal auditors must plan effectively to keep their internal auditing processes current with new developments, technology, and skills.
Define how internal audit will provide value to the organization. Providing assurance is a core and expected value driver for any internal audit function. Other value can come from providing high-quality talent to organizations, and providing monitoring and data-mining capabilities to improve business-unit performance.
Strengthen communications and relationships between internal audit and the audit committee. Audit committees and chief audit executives (CAEs) can jointly attend training. Having a CAE’s direct reports meet periodically with the audit committee chair and make presentations to the audit committee also can build relationships and aid in succession planning for the CAE.
Ensure that internal audit’s activities fully comply with The International Standards for the Professional Practice of Internal Auditing. The audit committee should request periodic confirmation that its internal auditors are following the global standards of the Institute of Internal Auditors (IIA).
Understand the role internal audit plays or could play in addressing the broader talent needs of the organization. A measure of internal audit staff quality is the degree to which the function is seen as a source of talent for other parts of the organization.
Inquire about the training internal audit is receiving. Effective training needs to go beyond basic accounting or auditing skills to address critical areas such as data mining and analysis, risk management, governance processes, new-product marketing, and new technological applications. Softer skills also need to be stressed.
Determine whether internal audit periodically assesses its skills to identify gaps and address them. Audit committees need to have a critical discussion about skills with their internal audit leadership. In posing questions to the CAE and senior auditors, the audit committee should start with the internal audit risk assessment, not the audit plan. The central questions should be: Has internal audit identified all the skills needed to address the organization’s risk profile, and where does it stand relative to acquiring the needed skills?
Evaluate the current and projected scope of internal audit coverage of risk management and governance. Internal auditors have increased their focus on risk management and governance processes, and audit committees have stepped up their interest, too.
Ensure that internal audit’s risk-based plan is flexible and responsive to change. Amid complex and dynamic risks, many internal audit groups update their risk assessments and audit plans more than once a year.
Determine how internal auditors are using technology. New tools such as data mining are increasingly used to enhance internal audit’s efficiency and effectiveness. The audit committee also should be aware of the specialized skills and budgetary support required by internal audit to achieve its technology objectives.
Assess the strategic vision and plan for internal audit. Internal auditors must plan effectively to keep their internal auditing processes current with new developments, technology, and skills.
Define how internal audit will provide value to the organization. Providing assurance is a core and expected value driver for any internal audit function. Other value can come from providing high-quality talent to organizations, and providing monitoring and data-mining capabilities to improve business-unit performance.
Strengthen communications and relationships between internal audit and the audit committee. Audit committees and chief audit executives (CAEs) can jointly attend training. Having a CAE’s direct reports meet periodically with the audit committee chair and make presentations to the audit committee also can build relationships and aid in succession planning for the CAE.
Ensure that internal audit’s activities fully comply with The International Standards for the Professional Practice of Internal Auditing. The audit committee should request periodic confirmation that its internal auditors are following the global standards of the Institute of Internal Auditors (IIA).
Understand the role internal audit plays or could play in addressing the broader talent needs of the organization. A measure of internal audit staff quality is the degree to which the function is seen as a source of talent for other parts of the organization.
Inquire about the training internal audit is receiving. Effective training needs to go beyond basic accounting or auditing skills to address critical areas such as data mining and analysis, risk management, governance processes, new-product marketing, and new technological applications. Softer skills also need to be stressed.
Determine whether internal audit periodically assesses its skills to identify gaps and address them. Audit committees need to have a critical discussion about skills with their internal audit leadership. In posing questions to the CAE and senior auditors, the audit committee should start with the internal audit risk assessment, not the audit plan. The central questions should be: Has internal audit identified all the skills needed to address the organization’s risk profile, and where does it stand relative to acquiring the needed skills?
No comments:
Post a Comment