Page 29 - Internal Auditor M.E. (English) - June 2018
P. 29
TO cOMMenT on the article,
eMail the author at aabunabaa@yahoo.com audit committee
required by the stakeholders of an maximize efficiency and effectiveness an external consultancy provider if
organization. (At the same time, to ensure necessary business coverage. possible, after a cost-benefit analysis.
refraining from providing advisory The same advisory guide referred 5) Ask staff to provide a daily report of
services will deny the organization to another way to coordinate an tasks performed, as this will improve
utilizing the Internal Audit team’s assurance processes, namely by using
benefits such as scientific knowledge, a Combined Assurance Model, where their awareness of self-assessment.
practical experience and skills’ that internal auditors coordinate assurance 6) Think Continuously about the “Added
may not be available to members of activities with the departments Value” of the report and Adopt a very
executive management and other performing Second Line of defense important principle which is “The
staff). functions (according to the “Three number of observations is not an
lines of Defense Model” by the IIA), indicator of productivity”. Therefore,
2) Coordinate with external controls (i.e. such as compliance management. All it is preferable to avoid wasting time
an external auditor) and other internal this in order to minimize the nature and effort on non-important notes,
control departments (if any) to avoid and repetitiveness of internal audit especially the ones addressed during
the occurrence of the so-called tasks. the audit task. It is also advisable for
“Assurance Stress” or “Audit Stress” the team leader to keep an eye on the
by these departments. This occurs 3) Improve the formulation of audit tasks audit team’s observations, to approve
when different assurance activities – objectives that greatly assist internal or drop as necessary, as this helps to
independent and non-independent auditors in identifying the actions complete the work as efficiently as
are not coordinated (such as internal taken and prioritizing high-risk possible.
audit departments, compliance, risk actions.
management, security, safety, quality, 4) Prior to determining the initial IV. Report audit results:
etc.) and do not cooperate sufficiently, requirements for an audit task, I recommend the following when reporting
which may lead to a duplication the results of audit tasks:
of effort and failure to ensure the a meeting with the auditee’s
necessary and expected coverage management is preferred. To discuss 1) write all non-critical notes under the
of such departments. Therefore, these requirements and clarify their heading “Other Notes”. This way, a
the Head of an Internal Audit relevance to the objectives and lot of time is saved in the formulation
Department must share information scope of task in case there is a lack of full-featured notes (Criteria,
and coordinate activities with internal of management’s conviction and for Condition, Cause, and Corrective
and external assurance and advisory early identification of any constraints Action).
service providers, to ensure the in providing them, and working 2) Develop auditors’ abilities to
necessary process is completed and to overcome them or finding the understand the work and activities
avoid duplication of effort. Standard appropriate alternative. they are auditing, develop analytical
2050 referred to the need for the skills and logical conclusions, and
Chief Audit Executive (CAE) to III. During execution of audit tasks: develop their skills in discussion
perform this process of preparing the I recommend the following during the and persuasion, especially when the
Internal Audit plan. In addition, the execution of the audit tasks (fieldwork) are: employees of the audited activity are
Standard’s advisory guide indicates not convinced of the importance of
a way to coordinate the coverage 1) Focus on the most important goals observations and recommendations.
required for the assurance task: which and benefits from the Pareto Principle
is to develop an Assurance Map. (80% of the results achieved by 20% of 3) Do not repeat observations of other
By linking the identified large Risk effort). internal control departments and only
Categories and relevant Assurance 2) Develop internal auditors’ skills in refer to them in case they reappear
sources, then assessing the level of using computer applications used by and/or have not been addressed.
assurances available for each category audit clients, and rely on their skills to We achieve efficiency –and therefore,
of Risk since the comprehensiveness extract the data and reports needed in effortlessness- when there is planning,
of this Map can show deficiencies the fieldwork. organization, and management of
and overlaps in coverage of assurance time, resources, control and follow-up.
tasks, enabling the CAE to assess 3) Distribute audit tasks so that each Productivity is not just how hard work is
assurance services in each Risk area. audit team has two tasks at the same done, rather, it is how smart done.
The results of this assessment are time (one large, comprehensive, one
then discussed with other assurance smaller), and distribute work-hours Ala’ Abdelaziz Abu Naba’a
providers so that an agreement is among them, in order to best exploit cPa, cia, crMa, cicP, Macc
reached between the parties on how the time of the internal auditors. Head of audit and corporate excellence at
to coordinate activities that would 4) Assign audit tasks that consume iFa international Financial consulting
avoid duplication of efforts and most of management resources to Group - Kuwait
JUNE 2018 INTERNAL AUDITOR - MIDDLE EAST 27
