10 Factoring in Risk Assurance in the Audit Plan
Having oriented the audit plan clearly towards adding value, a fundamental question is how to ensure that the audit plan takes into account the assurance activity that is already, or should be, taking place in order to avoid waste (Muda).
COMMON PRACTICES AND IIA STANDARDS OF NOTE
IIA standard 2050 discusses the need for audit to coordinate its activities with others to ensure proper coverage and minimize the duplication of efforts. This ties very closely to lean principles. The IIA practice advisory on Assurance Mapping goes on to explain that “assurance from line management is fundamental” – which confirms and reinforces the point about the importance of having three lines of defence operating effectively in order to properly manage risks.
COMMON CHALLENGES & DILEMMAS
Auditing Known or Suspected Issues
In the last two chapters I have explored issues around the role of internal audit and also the risk factors that should be considered when developing the audit plan (and specifically whether to focus on gross or net risks). In addition, there is an assurance perspective to consider. Here are the reflections of an experienced senior audit manager:
“If it’s transparent that the right people are making the right decisions on a problem area and there’s an action plan with a clear target date, what value are you going to add by doing an audit? They know it’s a problem!”
One CAE commented:
“If everybody acknowledges there are ...
Get Lean Auditing: Driving Added Value and Efficiency in Internal Audit now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
