Скачать книгу

knowledge. Let's be honest with each other. How many times have you been placed on an audit team but you never looked at the planning documentation to understand the business objective or reviewed the program to ensure you completely understand the section or steps you have been assigned? I will admit it. I have made that error. Auditors do not want to ask questions to other team members; there is a fear it will make them look “not smart.” News-flash – questions are one of the greatest tools for an auditor, whether the questions are internal to clarify an assignment, task, test step, or acronym or if it is a targeted question to the business owner. Auditors will not continue to learn unless they ask questions.

      So let me get this straight: You are going to enter a business partner meeting without clearly understanding the process, testing, or data you are about to discuss (and question), and you think you will feel confident in that meeting? You think the business partner is going to believe that the audit team is there to provide guidance to assist them in doing their job (achieving the business objective) in the most efficient and effective manner with less rework? Not a chance. When it comes to the data, the auditor must not only understand the details of what information is being questioned (even when the meeting facilitator did not complete the testing in question), but also the source of where the data originated. Too many times, audit and client meetings get sidetracked because the auditor could not explain where the data in question came from.

      One of the critical factors when it comes to mastering the data is to ensure and verify that the data source is pure. The best way to define pure when it comes to the data source is to validate that the data you have received from the client and are using in the testing is the complete, best source of data available. Complete means it contains all of the pertinent fields required to complete the business task. Also, verify the data is the most current and up to date available at that time for testing. Once you have confirmed the data source is pure, you can be confident when discussing the data there is no opportunity for the data to be discounted. Auditors must be aware that experienced business owners will respond to issues of potential exceptions or questionable business personnel actions by casting doubt on where the auditor got the data (the source). Do not be blindsided; make sure you have obtained the purest source of data available. The business owner might try to twist the data itself, but there is no hiding from data.

      This book has been created based on the Beyond Audit methodology, which has been developed with communication as the foundation to support the learning and execution of internal audit activities from risk-based engagements through to the communication of results to business partners and committees. There are specific excerpts of the Beyond Audit methodology, techniques, and templates mentioned throughout as well as references to access on-demand videos and interviews (www.beyondaudit.org) illustrating critical concepts, techniques, and templates. As you proceed through the pages, there will be discussions of the skills and techniques to ensure the internal audit team can successfully navigate the ever-changing demands and requirements of remote auditing. Included in this remote environment lesson will be how the focused skillset has changed, marketing your revised audit approach, ensuring your audit team understands the internal audit mission and objective, and review of the methodology keys from objective identification to execution, reporting, and action plan adoption. Also, it includes new techniques to not only evaluate your department's efficiency but track audit's progress when it comes to key deliverables. As always, the book will wrap up with education, training, and development suggestions so you can create a high-performing, world-class audit team.

      ANY TIME YOU ARE assigned an audit, the typical steps kick in as you prepare and pull together the planning requirements according to your specific audit methodology. At a minimum, you will establish the audit in your database, select a team (unless you have been assigned one), review previous audit work in the area, and begin the planning phase and all the corresponding requirements. The good news is that all of the standard audit activities you would perform for any audit will remain the same even though you will now be performing this audit remotely. So, what is the big deal? Whether the audit team is executing the audit in the office or within the business unit (the preferred approach) or doing it remotely, the auditor will still have to understand the business process, gather intelligence and data, test the data, and report the results. Simple.

      To emphasize and illustrate the remote audit approach concept, let's discuss how we as traditional auditors can effectively and seamlessly switch gears and go from the in-person approach to a remote evaluation of critical business processes. As in every assigned audit, the auditor should begin with an understanding of the audit objective. Unfortunately, most audit teams get assigned an audit and never bother to review the annual risk assessment to determine why this audit was included in the annual plan. The auditors just figure that the annual planning was completed, and it was decided to include this audit in the current year. What the auditors do not realize is that the information compiled in the annual audit plan provides a solid foundation as to what the business process includes, key personnel, systems utilized in the business process, as well as any potential process risks. Also included in the annual planning documentation is the audit history, which details when the area was last reviewed, what the audit rating (opinion) was, and issues identified that required management action. Auditors might not recognize how valuable this information could be, especially when it comes to auditing remotely. I will admit, not reviewing the annual planning documentation is probably less impactful when executing a traditional audit but it is significantly detrimental when performing a remote audit. Why? you may ask.

Скачать книгу