A typical internal audit project has six phases – planning, inception meeting, fieldwork or data collection, exit meeting, reporting, and follow up. Working as an Internal Auditor in Nile Bank sometime in 2002, we used to spend a lot of time in planning – when you have several audit areas to review, what informs your priority list? Why audit one area and not the other?
The answer was found in risk-based auditing. And so, internal audit has to work with other experts like risk management department to review their risk management processes and assess whether to rely on their risk register or not. At the time, risk management function was ad hoc, without clear risk management processes.
As internal auditors, we would first undertake the enterprise-wide risk assessment, identify the high-risk processes and departments, as well as to conduct business impact analysis, to make sure critical processes and functions were given more time in our annual internal audit plan. Once the plan was done, a budget would be drawn to enable the successful conduct of the identified audits. We would also provide for tools, internal team training needs in the budget.
After approval by the board, we would get the ball rolling – implementing the internal audit plan. First, our focus was on improving the audit -removing surprises from our work. We knew that the role of internal audit is “to provide independent assurance that an organization’s risk management, governance, and internal control processes are operating effectively. Audit documentation or work papers or working papers the written record of the basis for the auditor’s conclusions that provides the support for the auditor’s representations, whether those representations are contained in the auditor’s report or otherwise.”
We put a lot of effort into individual project planning. First, we would send a notification letter to the auditee department to let them know of our timing, documents required, the support needed and the people we would speak to as part of understanding the department. This always gave comfort to the auditee that we meant good. We would gather some background information and inform our audit program.
By the time we held an inception meeting, we had gathered a lot of background information about the department, the team, processes, and value delivered.
Are you an internal auditor or external auditor?
How do you deliver internal audit value? You can contact us for a free demo of summitBI Internal Audit software, that helps process your internal audit processes and frees your time to focus on value analysis and insights. No more time wastage in manual data analysis and log report writing when software can help you do so in half the time.
For a demo, contact us at finance[at]summitcl[dot]com. Do you need a free presentation about enterprise risk management software? Contact us. If you are an auditor or consultant, stand a chance to earn passive income by becoming one of our resellers. In this Coronavirus times, passive income is gold. Work smart contact us today.
Copyright Summit Consulting Ltd, 2020. All rights reserved.
