Auditing at the speed of risk with an agile, continuous audit plan 

Auditing at the speed of risk with an agile, continuous audit plan 

We need to stop auditing the past and turn towards auditing what matters today and will matter in the future.

Risks and business conditions change all the time, so an annual plan or even one that is updated quarterly won’t lead to auditing what matters today. You audit what used to matter.

That requires making sure you understand changes in risk and the business as they happen, anticipate the risks the business and its leaders will face in the coming period, and update the audit plan accordingly.

Rather than an audit plan that is annual, semi-annual, or even quarterly, it needs to be updated on a far more continuous basis. A rolling audit plan that reflects what should be audited now and soon helps an internal audit activity remain both relevant and valuable.

We need to audit at the speed of risk and the business.

Both Richard Chambers and I have been talking about this for a long time, and I practiced it over two decades as a CAE.

However, talking about it in blogs and at conferences is not enough.

People need practical guidance, so I have written a new book, Auditing at the Speed of Risk with an Agile, Continuous Audit Plan.

It explains continuous risk assessment, what should be in the audit plan, how to communicate it, and more.

The book includes detailed examples of audit plans from three of my companies, as well as many stories about specific situations and how the continuous approach led to audits that delivered huge value to executives and the board.

I was privileged to have a review board of distinguished practitioners and leaders of the profession, who made sure this book will lead internal auditors towards the goal of world-class performance.

I welcome your thoughts.

Share

Related Posts

Imagen 1

Privacy risk management – by design

I’ve discussed the Privacy by Design principle before, in the Inside Internal Control newsletter. In case you don’t know, PbD is an approach developed by Dr. Ann Cavoukian, the Privacy Commissioner of Ontario, which proactively embeds privacy protection by default in the design of an organization’s practices and products.

Colin Braithwaite

Read more
Imagen 1

Hiring controls: a close look at managing the risks of hiring

Human capital is a firm’s most important and profitable asset. Recall Swiss banking giant UBS’ rogue trading disaster in 2011, during which the bank reported a $2.3-billion loss as a result of one man’s unauthorized trading. UBS’ chief executive officer resigned as a result, and the bank also lost two high-ranking executives who took indirect responsibility for the incident…

Occasional Contributors

Read more
Imagen 1

Understanding enterprise architecture and related risks

Enterprise architecture is an important topic to organizations from executives, to IT/business resources, to customers, at all levels and around the globe. This blog post features input from three EA experts, from Canada, the United States and the United Kingdom.

Ron Richard

Read more