BUILDING RESILIENCE IN INTERNAL AUDIT: GUIDING PRINCIPLES FOR THRIVING IN AN AGE OF CONSTANT DISRUPTIONS

Posted in CategoryGeneral
All Discussion
  • I
    Iheonu Nkechi Gloria 2 years ago

    With disruptive technologies, dynamic business environments and changing stakeholders’ expectations impacting every aspect of an organisation, Internal Audit (IA) should reassess the manner in which it delivers services. As these unparalleled changes unfold, IA may continue to provide assurance over the most consequential risks, while simultaneously increasing its role in advising management and the Board on the shifting risk and control landscape, including anticipating new emerging risks. Now, more than ever before, IA should consider deploying digital technologies including analytics and automation, to become more resilient, cost-conscious and smarter about providing services that make an impact.

    For IA departments seeking to provide effective assurance and consulting services, there is a set of guiding principles across a standard IA lifecycle that may serve as an immediate response, enabling adjustment to the “next normal”. Taking the time to institute this set of guiding principles is instrumental in preserving IA’s ability to perform well, be present for stakeholders and remain sustainable in the long term. The guiding principles have been grouped to align with a standard audit lifecycle, addressing six areas that can be evaluated.

    Revisit the risk assessment methodology – Lifecycle phase: Plan and perform a risk assessment
    As the organisation adjusts its operations to cope with the impact of technological advancement and emerging business requirements, IA should reprioritise and reassess its strategies, audit plans and revisit its risk assessment methodology to respond to the changing landscape. This includes discussing and collaborating with key stakeholders to identify emerging, shifting or net new risks and determining how to work with the business most effectively in planning mitigation strategies. IA should remain agile in its focus and dynamic in its risk assessment capabilities. Examples of net new risk areas or those that are being significantly altered include:

    • Cybersecurity
    • Revenue assurance
    • Cost recovery
    • Crisis management
    • Forecasting and planning
    • Capital allocation and spend effectiveness
    • Human capital and benefits
    • Supply chain assurance
    • Liquidity modelling
    • Organisational resilience
    • Credit: The Guardian Newspaper 

Please login or register to leave a response.