Page 25 - Internal Auditor M.E. (English) - June 2018
P. 25
Value adding
By: Ayman Abdelrahim
Value-Added Based Audit Plan
The term “adding value” may differ from one
person to another; some may see it as a business
development, while others have limited traditional
view as see it only limited to providing the results
of the examination and verification carried out.
On the other hand, the changes in the definition of
internal auditing which happened in 1999 replaced
the objective from “examination and verification”
to “add value and improving the operations”. That
means moving from a limited view to a wider
view and looking from the company’s lens when
selecting area for audit. This will ensure that
internal audit speaks the same common language
within the company and become part of it.
Delivering on the Promise
In 2015, the Institute of Internal Auditors issued
Since I joined the profession of internal auditing nearly two a CBOK report under the name of “Delivering on
decades ago, I read books about the preparation of a risk based the Promise - Measuring Internal Audit Value and Performance”.
internal audit plan, the advantages of this approach, its importance The report addressed the concept of adding value. The results
and practical applications, but I was always asking is this the right of the report shows that (9) activities were adding value to the
way to build the plan? ... Is there a better way. Also, I always asking organization. The most value to the organization came from
myself the following question While the internal audit definition “assuring on the adequacy and effectiveness of the internal control
determines the objective of the internal audit is to add value to system”. The second most value was “Recommending business
the organization and improve its operations, why the internal improvement” which is unusual for internal audit because internal
audit plan is based on risk?!!, So the plan must being prepared audit consideration usually limited to a control perspective only.
based on adding value rather than being built on risk ??!
Evolution of internal audit maturity
In June 1999, internal auditing definition was changed, where the
term “add value” was introduced for the first time and the internal Over the decades, the internal audit profession and the process of
audit objective was set to “add value and improve an organization’s preparing the plan have evolved. The maturity of the audit plan
operations.” Since then, the definition has not changed and we process has been directly linked to the audit methodology and
have not seen any books or articles talking about preparing of an approach followed. The following is a simple analysis of these
audit plan based on value addition. In this article, I will introduce phases:
my thoughts on the importance of preparing an audit plan based * Initial Audit Phase - Inspection: Auditing practices at this
on adding value and moving away from the traditional method of phase are characterize by direct reliance on simple auditing
preparing the plan or as it is said “think outside the box”. practices aimed to ensure compliance with the criteria set
without looking further. The audit plan at this phase very
simple, depend on the size of the company’s activities and
Added-Value Concept covered all organization’s activities. At this phase, the internal
audit ability to influence the company is very limited.
Internal auditing standards defined “add value” as the following
“The internal audit activity adds value to the organization (and its * Mature Audit Phase - Process based Audit: Audit practices at
stakeholders) when it provides objective and relevant assurance, this phase are characterize by direct audit of process design;
and contributes to the effectiveness and efficiency of governance, and ensure the adequacy and effectiveness of controls. The
risk management, and control processes”. The concept of adding audit plan at this phase is simple, depends on the volume of
value is not limited to internal auditing, the basis of successful operations and includes comprehensive operational coverage.
business management models are built on companies need to The internal audit ability to influence the company is limited
achieve added value to their products and services in order to to operations only.
ensure that it will achieving customer satisfaction and achieving * Developed Audit Phase - Risk Based Audit: The audit practices
greater returns. at this phase provide assurance about the effectiveness of risk
JUNE 2018 INTERNAL AUDITOR - MIDDLE EAST 23
