Читать книгу Lean Auditing - Paterson James C. - Страница 15
PART 1
Lean and Lean Auditing in Overview
5
The Wider Benefits of a Lean Audit Approach – and How to Use This Book
ОглавлениеAs I mentioned in the introduction, lean auditing offers much more than simply a more efficient and effective way of carrying out internal audits. Given the unique role of internal audit it is possible to see a “cascade effect” in which new ways of working by audit have a wider impact on organizations. This effect will not simply derive from more impactful audit assignments, but also from the way that audit sees its role and leads organizational changes through its influence over key stakeholders.
To explain how this cascade works, I will outline the key hallmarks of a lean progressive approach to audit. I will then describe how this approach can impact other functions, such as compliance and risk (sometimes called the “second line of defence”), as well as management and staff (sometimes called the “first line of defence”).
Key Hallmarks of a Progressive Lean Audit Approach
In my experience, these include:
• A recognition of the unique role that audit can and should play in providing an independent and objective perspective on Governance, Risk, Compliance (GRC) and the delivery of organizational performance;
• An orientation towards adding value in everything that audit does;
• Having a clear focus on ways of working that visibly and demonstrably add value, that drive out non value adding activity, and eliminate other waste (Muda);
• Discharging the internal audit role in a pragmatic, but flexible way, with a clear strategy to act as a catalyst for organizational improvement and development;
• Having a role that encourages and supports the co-ordination of Risk Assurance across the organization, so that roles and responsibilities (including those of internal audit itself) are optimized to add value, and eliminate waste;
• A recognition that the role of audit is more than just carrying out audit assignments: it is about providing valuable advice and assurance that will improve an organization over the short, medium and longer-term;
• Measuring audit performance in a pragmatic, efficient but rigorous way, that drives value add and continuous improvement;
• Having clear requirements when selecting staff and developing them to ensure audit can deliver its full role and support the wider organization.
Many of these principles link to attributes and standards that have been developed by the Institute of Internal Auditors (IIA), the global professional body for the internal audit profession.
Particular IIA standards and attributes of note include statements that:
• The CAE should manage the internal audit activity to ensure it adds value to the organization;
• The CAE should share information and co-ordinate the work of other compliance and assurance providers with the work of internal audit;
• Internal audit should operate with an understanding that the “Three lines of defence” framework (with management, compliance functions and audit each in separate “lines of defence”) is likely to be the most effective way to manage risks;
• Internal audit should act as an independent and objective function to assess, amongst other things, the effectiveness and efficiency of the organization’s operations.
At face value, therefore, lean ways of working can appear to be a helpful “bolt on” to the current IIA standards, since they can support the delivery of a value adding and efficient audit service. However, as we will see later in this book, lean ways of working can question a number of commonly held perceptions about the role of internal audit, for example:
• That the role of audit should primarily be to deliver internal audits;
• That the audit plan should cover known risk areas of concern;
• That auditors should strictly adhere to predetermined assignment and test plans;
• That auditors should look for fraud in each and every assignment;
• That audit should proactively follow up the progress of management in remediating all open points;
• That audit should mostly be comprised of qualified finance and audit staff.
As we will see in later chapters of this book, I am not arguing that audit should ignore its role to look out for fraud, to follow up on open actions, or to have trained audit professionals, but unless care is taken there is a risk that:
• Internal audit ceases to be a key player in visibly improving Governance, Risk, Compliance and Assurance activities and processes;
• Internal audit is not seen to be a vital source of value add in organizations;
• Internal audit starts to become a substitute for processes and activities that should be carried out by management, or other functions.
The Mindset of a Lean, Progressive, Auditing Approach
Underpinning a lean auditing approach is a mindset that some more traditionally minded internal auditors may find rather challenging, namely:
• A view that stakeholders should be regularly engaged in relation to what they value from audit;
• A view that stakeholders should also be challenged when necessary in relation to the role of audit, and the tasks it should perform;
• A view that audit should take a proactive interest in the Risk Assurance picture for the whole organization, and work to influence the roles of key functions if there are gaps or overlaps of concern;
• A view that audit should regard all risk areas equally in terms of their potential coverage and be careful not to favour traditional areas, such as financial controls or compliance;
• A view that the recruitment of staff into audit should be influenced by the value needs of the wider organization as much as the need for qualified audit staff;
• A view that audit should be just as interested in cultural and behavioural issues across the organization as straightforward audit findings;
• A view that management risk appetite judgments should be challenged when necessary.
Конец ознакомительного фрагмента. Купить книгу