MetricStream has written a short insights guide for internal auditors to take a step back from the chaos of the pandemic to audit the risk-based audit plan.
Click here to see what they have to say.
Risk-based internal auditing, that keeps an organisation’s risk appetite alive and assures the board that effective risk management processes are in place, received a gargantuan jolt as the COVID-19 crisis crippled the world. Many in IA teams realized that their organiations had not created a “common risk language” for an effective audit plan.
As a result, when the pandemic rampaged the corridors of businesses, there was a rude awakening - in this case, no one common language or definition in terms of "risks" and "controls" for organisations to follow.
Internal auditors are now, therefore, cognizant of the fact that having a common definition or language of risks and controls must be embedded in the audit plan itself. They needed to take a step back and start auditing the risk-based audit plan itself.
Today, it is more about pre-empting risks than mitigating them.
Some of the strategic steps internal auditors can take today are: