Lean Auditing. Paterson James C.
Чтение книги онлайн.
Читать онлайн книгу Lean Auditing - Paterson James C. страница 8
• An audit plan that is more closely, and demonstrably, aligned with the key value drivers of the organization on an ongoing basis;
• An audit function that plays a key role in understanding the overall Risk Assurance landscape of the organization (encouraging “joining up the assurance jigsaw”);
• An audit function that acts as a catalyst for positive change in the organization, delivered in a range of ways, not just audit assignments;
• Audit assignments that are appropriately resourced, and delivered to time and budget in the vast majority of instances;
• An overall audit plan that is scheduled and delivered with the minimum of delays or difficulties;
• Audit findings, reports and other forms of communication, that are short, insightful and recognize the wider context of the organization and the challenges it is facing;
• An audit function that is able to highlight appropriate efficiency opportunities, including instances where the streamlining of compliance and control policies and procedures would be beneficial;
• An audit function that can clearly demonstrate a positive return on its cost.
In addition, I will outline in this book how progressive, lean ways of working can act as a catalyst for driving improvements across a range of broader Governance, Risk, Compliance (GRC) and assurance activities.
A FEW WORDS ON TERMINOLOGY IN THIS BOOK
At this point it is appropriate to offer several reflections on the terms “audit”, “auditing”, “internal auditing”, “lean auditing”, and “progressive auditing” that will be used during the course of the book. To start: many internal auditors use the term audit when referring to an internal audit. In addition, lean ways of working are often applicable to other types of auditing (e.g. quality auditing, efficiency auditing, health and safety auditing), not just internal auditing. As a result the terms audit and auditing will normally refer to internal audit and internal auditing, but may also relate to other types of audit functions and other types of auditing, depending on the context.
In relation to the term “lean auditing,” I am referring to the practice of internal auditing as informed and enhanced by lean principles, tools and techniques. However, a number of progressive audit practices referred to in this book also focus on the themes of adding value and efficiency, which are central to lean ways of working. As a result, I will sometimes use the terms “lean auditing” or “lean progressive auditing” to refer to a “family” of audit practices that are judged to represent good audit practice in the eyes of leading audit practitioners, typically with a focus on delivering value and improving productivity.
My use of “progressive auditing” also reflects the fact that I am not overly concerned whether the term “lean auditing” gains strong currency within the internal audit profession. My prime interest is to stimulate some interest and offer practical insights in relation to the way the internal audit can push forward on a value adding agenda, and become recognized as an essential ingredient for organizational success. More than anything, I want to avoid the scenario in 10 years’ time where internal audit has been consigned to an eternal prison of primarily working on regulatory compliance and control issues, with key operational and strategic risks largely regarded as “off limits.”
5
The Wider Benefits of a Lean Audit Approach – and How to Use This Book
As I mentioned in the introduction, lean auditing offers much more than simply a more efficient and effective way of carrying out internal audits. Given the unique role of internal audit it is possible to see a “cascade effect” in which new ways of working by audit have a wider impact on organizations. This effect will not simply derive from more impactful audit assignments, but also from the way that audit sees its role and leads organizational changes through its influence over key stakeholders.
To explain how this cascade works, I will outline the key hallmarks of a lean progressive approach to audit. I will then describe how this approach can impact other functions, such as compliance and risk (sometimes called the “second line of defence”), as well as management and staff (sometimes called the “first line of defence”).
Key Hallmarks of a Progressive Lean Audit Approach
In my experience, these include:
• A recognition of the unique role that audit can and should play in providing an independent and objective perspective on Governance, Risk, Compliance (GRC) and the delivery of organizational performance;
• An orientation towards adding value in everything that audit does;
• Having a clear focus on ways of working that visibly and demonstrably add value, that drive out non value adding activity, and eliminate other waste (Muda);
• Discharging the internal audit role in a pragmatic, but flexible way, with a clear strategy to act as a catalyst for organizational improvement and development;
• Having a role that encourages and supports the co-ordination of Risk Assurance across the organization, so that roles and responsibilities (including those of internal audit itself) are optimized to add value, and eliminate waste;
• A recognition that the role of audit is more than just carrying out audit assignments: it is about providing valuable advice and assurance that will improve an organization over the short, medium and longer-term;
• Measuring audit performance in a pragmatic, efficient but rigorous way, that drives value add and continuous improvement;
• Having clear requirements when selecting staff and developing them to ensure audit can deliver its full role and support the wider organization.
Many of these principles link to attributes and standards that have been developed by the Institute of Internal Auditors (IIA), the global professional body for the internal audit profession.
Particular IIA standards and attributes of note include statements that:
• The CAE should manage the internal audit activity to ensure it adds value to the organization;
• The CAE should share information and co-ordinate the work of other compliance and assurance providers with the work of internal audit;
• Internal audit should operate with an understanding that the “Three lines of defence” framework (with management, compliance functions and audit each in separate “lines of defence”) is likely to be the most effective way to manage risks;
• Internal audit should act as an independent and objective function to assess, amongst other things, the effectiveness and efficiency of the organization’s operations.
At face value, therefore, lean ways of working can appear to be a helpful “bolt on” to the current IIA standards, since they can support the delivery of a value adding and efficient audit service. However, as we will see later in this book, lean ways of working can question a number of commonly held perceptions about the role of internal audit, for example:
• That the role of audit should primarily be to deliver internal audits;
• That the audit plan should cover known risk areas of concern;
• That auditors should strictly adhere