Internal audit units should be examined for their efficiency, effectiveness, and cost-effectivenessin this line.10
Opening up collaborations between the audit team and company leaders to find emerging risksand opportunities is another practical strategy to improve internal audit operations. Internal auditprofessionals use their accounting and corporate governance backgrounds, as well as theircuriosity and business knowledge, to ask business leaders the kinds of questions that few, if any,others are asking. Different departments within a company rarely have the opportunity to swapnotes. As a result, one business may be unaware of a potential danger that has the potential tonegatively impact them. The internal audit team can bring to the surface key issues while helpingdecision-makers prioritize some of the most serious problems by knowing everyone’s topconcerns and risks through meaningful dialogues.Internal audit risk assessment is another practical technique to improve internal audit operationsat the municipality. As a result, for internal audit departments that do not yet have a riskassessment, the first step in improving their operations is self-evident. Many internal auditdepartments use the SOX risk assessment to guide their internal audit plan, but others do not.Perhaps this is due to the fact that many CAEs come from a traditional accounting background,or because stakeholders are unaware of the entire spectrum of Internal Audit’s capabilities.Internal auditing, as defined by the Institute of Internal Auditors, is the process of assisting a firmin achieving its goals. Meeting stakeholder expectations, expanding revenues and market share,innovating on new products and services, achieving new initiatives, and managing humanresources are all mission crucial objectives for a typical C-suite executive. Internal Audit willneed to acquire buy-in from its stakeholders before focusing its resources on these areas. Thesimplest way to gain buy-in is to change the risk assessment method. Risk identification,assessment, and reporting are all aspects of most internal audit risk assessments.11
Many explain key business processes in the organization, evaluate the chance risk events couldoccur, and analyze the consequences if those risk events happened. Some go so far as to measurehow quickly the impact would be felt (velocity) and how often (frequency) the impact wouldoccur over a period of time (persistence) (persistence). However, the problem with this method isthat many of these risks are already known to management; otherwise, there would be nosystems in place to handle them. Internal auditors should aim to understand their organization’score objectives, the strategies in place to achieve those objectives, and the processes in place tosupport those strategies, rather than focusing first on business processes. This will assist inidentifying the most critical processes as well as highlighting new developing hazards that havenot previously been considered. Fortunately, this is a rather simple task.
Upload your study docs or become a
Course Hero member to access this document
Upload your study docs or become a
Course Hero member to access this document
End of preview. Want to read all 19 pages?
Upload your study docs or become a
Course Hero member to access this document
Term
Winter
Professor
N/A
Tags
Internal Audit Agency
