Sunday, December 30, 2012

New Year Resolution suggestions for Internal Auditors!‎

As we are about to start a New Year in our professional life, I thought of putting together an example of suggested New Year resolutions for internal auditors:

- Improve your IT skills & knowledge (this is a must-have).
- Keep current with the latest business, corporate governance, and internal audit issues.
- Have the courage to report things as they are.
- Keep a close eye on current and developing risks.
- Be a strong advocate and promoter of internal audit and corporate governance.
- Listen more, speak less ( you need to speak up when you have to).
- Make sure you fully understand your company's strategic objectives.
- Educate Audit Committee (and others) on current trends in business, internal audit & other issues.  
- Set a goal of learning something new every day.
- Add value in everything you do.
- Always be proactive,
- Look at the big picture,
- Don't wait until December to earn your CPE!

Wishing you all a successful and prosperous new year.

Monday, December 17, 2012

Risk - based vs. Objectives - based Audits !

In complying with the IIA CPE requirements , I have re- read some of the articles in the Ia magazine .This has given me the opportunity to think about one particular article in the April 2012 issue " Step up to the Plate ".

The authors of the article say that internal auditors are shifting away from the traditional risk-based approach toward one where the company's goals and objectives become the focus.They define the new objectives - based approach as the approach where the company's objectives and goals become the central focus of the audit.The authors explain that " After all, risks are only relevant when seen in the context of the company's objectives".
The authors explain the advantsges of the new approach as follows :
"The chief advantage of the objective-based approach is that it enables a more targeted audit by focusing audit resources only on those risks that truly matter to the organization’s strategies and goals. It also accounts for low-priority risks and enhances the capacity of internal audit to achieve its objectives. Implementing an objective-based approach involves:
  • Relying on people for risk input. Managers across the organization deal with risks every day. Because they understand their objectives, they tend to know instinctively which risks may impact those objectives, making them best positioned to help auditors understand the relationship between the company’s objectives and its risks.
  • Mapping risks to objectives. Internal auditors can use managers’ responses to quantify the relationships between risks and objectives. Applying this method enables practitioners to discover risks they had not considered.
  • Identifying risk patterns. Risks interact with each other and with objectives in complex ways. Auditors need to understand these interactions instead of looking at each risk in isolation. The whole is often more dangerous than the sum of its parts—much like reading a book while crossing a road is more dangerous than doing each activity independently.
  • Focusing risk management on the most critical objectives. By putting objectives before risk, auditors can mitigate those risks that impair the achievement of objectives and exploit risks that enable value creation. This helps internal auditors use audit resources efficiently, facilitate transparency, and align risk management with business strategy."
 Do you agree with the above ? Are you shifting your focus to the objectives - based approach?
 Do you recognize the difference between the two approaches ,or do you think they are the same ? Aren't both of them , at the end of the day, focus on risks to the achievement of objectives?

Whatever you think about this subject ,I strongly recommend that you read the entire article .

Are you getting the most from the ethics mandatory hours?

 Like many of you at this time of year, I have been looking to take the mandatory two hours of ethics training to comply with the IIA cpe  r...