Here at Ideagen we always look at the latest industry developments and how they are going to impact the work of internal auditors, so they feel empowered and their work becomes more efficient. With so many pressures put on internal auditors, it has become more important than ever to follow the IIA’s IPPF (International Professional Practices Framework) and the industry agreed codes and guidance.
When you are part of the Pentana team at Ideagen, you spend a lot of time speaking with internal audit teams across the world as they seek to realise their objectives through technology innovation and adoption. Here, we have put together a short list of some points of interest shared by our customers that we have seen during 2016.
Continuous Risk Assessment Methodology
Traditionally, internal audit teams have completed "risk-based audit planning" once or twice a year. During this process, they risk assess their organisation and plan their audits to provide assurance over these risks. We have seen internal audit teams move towards an approach that encourages risk assessments to take place continuously throughout the year as part of the internal audit process itself.
These audit teams ask their auditors to scope an audit, define specific risks, assess the inherent level of these risks and then complete control testing before assessing the residual level of the same risks.
This risk data, collected during the many audits taking place throughout the year, is then used in the audit plan and used in risk and assurance analysis, enabling reporting on a more frequent basis.
Taking Steps Towards Agile Auditing
Many business units have adopted an agile approach. More commonly associated with software development teams, you are now likely to find an agile approach in many project management scenarios.
The agile approach is an alternative to the waterfall methodology of project management and is defined as:
"Not a methodology! The Agile movement seeks alternatives to traditional project management. Agile approaches help teams respond to unpredictability through incremental, iterative work cadences and empirical feedback." (Source: http://agilemethodology.org)
At Ideagen, we have spoken to a number of internal audit teams who are now piloting an agile audit approach. Why? Well, one of the most popular reasons any team adopts an agile approach is that they anticipate changes during the course of a project and need to make quick course corrections based on stakeholder feedback.
Focusing on information security assurance with ISO 27001
This year there have been many news stories of data breaches and hacking scandals. Information security is now one of the key risks facing any organisation and internal audit are being asked to provide assurance around this. ISO 27001 is a mature framework that gives the internal audit team clear objectives and guidance when planning an information security audit.
For example, ISO 27001 states that every application used within an organisation should have access control. ISO 27001 asks us to check that users are authorised to access information (risk) and then guides you to look at how users are uniquely identified (control) by determining the naming convention of the application (test).
Engaging the audit committee through data visualisation
Our internal audit customers quite often prove themselves to be one of the most innovative groups in many organisations. This year, we have been helping audit teams move away from the laborious task of collating information into reporting packs for the quarterly audit committee meetings by adopting industry leading reporting tools.
Tools such as Qlikview and Tableau are fantastic at putting real time information into the hands of those who need it. We've been busy helping teams hook up data sources, such as our internal audit management system, to these tools and then deliver insights to the audit committee in real time as auditors continuously collect data.
Moreover, in a blog How can internal audit be maximised in the 21st century? we share findings from the recent CBOK report by the Institute of Internal Auditors (IIA) and our thoughts about the use of technology in how it can optimise the internal audit department. The article tackles the current issues of today’s internal audit and acts as a guide for those who are looking for internal audit management software (either as a replacement for their current one or a brand new system).
Get in touch with us to discuss your specific internal audit needs and find out how we can help you future-proof your business to respond to industry trends and regulations.
Ideagen plc provides software solutions that help you manage quality, safety, risk and internal audit. Ideagen Pentana is a complete risk-based audit automation solution that delivers performance and agility to internal audit teams: saving time, simplifying the process, strengthening compliance and improving quality control.