Internal auditors' approach to beat risks

MetricStream has written a short insights guide for internal auditors to take a step back from the chaos of the pandemic to audit the risk-based audit plan.

Click here to see what they have to say.


Overview

Risk-based internal auditing, that keeps an organisation’s risk appetite alive and assures the board that effective risk management processes are in place, received a gargantuan jolt as the COVID-19 crisis crippled the world. Many in IA teams realized that their organiations had not created a “common risk language” for an effective audit plan.

As a result, when the pandemic rampaged the corridors of businesses, there was a rude awakening - in this case, no one common language or definition in terms of "risks" and "controls" for organisations to follow.

Internal auditors are now, therefore, cognizant of the fact that having a common definition or language of risks and controls must be embedded in the audit plan itself. They needed to take a step back and start auditing the risk-based audit plan itself.

Today, it is more about pre-empting risks than mitigating them. 

Some of the strategic steps internal auditors can take today are:

  • Start thinking global
  • Adopt a forward-looking audit plan
  • Don the "buddy" hat
  • Think small, plan big
  • Bet on Big Data
  • Embrace a more quantitative approach
Content reviewed: 10 August 2021