Page 26 - Internal Auditor M.E. (English) - June 2018
P. 26

Value adding                                                     TO cOMMenT on the article,
                                                                           eMail the author ayman.abderlahim@outlook.com



             management. The plan is characterize by risk factors that   An audit plan based on adding value
             influence the choice and prioritization of audit engagements.
             At this phase, the internal audit ability to influence the   The internal audit plan is the cornerstone that determines whether
             company is much greater than the previous phase, but only   internal audit is effective or not, selecting influential auditing
             limited to internal audit perspective.         engagements that serve the company and achieve the required
                                                            from the internal audit is one of the most difficult decisions to be
           *  Advanced Audit Phase – Added-value based audit: Audit   made by the CAE.
             practices at this phase are characterize by future-focused and
             insight, as required by the new internal audit principles, and   A value-added plan must take into account value-creation
             preparation of the plan is based on the success factors of the   activities that encourage positive outcomes as well as value-
             company, taking into consideration the risk assessment and   protection activities that deter the negative events. Production,
             not relying solely on it. At this phase, the internal audit ability   sales and after-sales activities are some of the activities that add
             is very influential in the company so that will become as a   value to the company’s products. However, Inspection, quality
             trusted advisor.                               control, risk management and compliance are examples of value-
                                                            protecting activities. In order to achieve a comprehensive plan,
          With this simple analysis, you can know which phase your internal
          auditing practices have reached, also you can set a goal for the   the activities that add value to the company and the activities
          development and progress to new phase to make a greater impact   that protect it must be balanced within the audit plan, it is not
          on your organization.                             necessary that the higher risk activities are the most important to
                                                            the company. Here are the basic steps to setting up an audit plan
          Risk based audit plan                             based on adding value:
          If you asked any professional internal auditor about the best   *  Review value-adding strategy of the company and considered
          ways to prepare an internal audit plan, the first thing that comes
          to mind to answer your question is a risk-based plan. Although   it as one of the inputs to during the preparation of the plan.
          there is no uniform way to build the plan, different practices are   *  Take the stakeholder opinion regarding the identification of
          similar only to the name, there are no correct approach and wrong   activities that add value to the company and the activities that
          approach, but each method depends on the judgment and meet   protect the value.
          the requirements of internal audit and stakeholders in some cases.
                                                              *  Identify the audit universe and classify it into activities that
          Perhaps the most effective approach to risk-based planning is the
          internal audit standards as it clearly stated in the standard No.   value-creation and value-protecting activities.
          2010 (Planning) that a risk-based audit plan must be develop. I   *  Divide the audit universe by type of evaluation (risk
          believe that standard 2010 may not be consistent with the previous   management, control, governance).
          standard No. 2000, related to managing the internal audit activity,
                                                              *  Identify the factors on which the audit priorities will be
          which stated the importance of internal audit effectiveness to   assessed (factors must consider the importance to the
          ensure the addition of value. How can a value be added if the audit
          plan is based on risks without taking into account the internal   company and the importance to the audit).
          audit objective of adding value? !!                 *  Determine the evaluation criteria for the factors that will rely
                                                               upon in priority setting.

                                                              *  Take the stakeholder opinion regarding the method of
                                                               preparing the plan and the factors to be relied upon.
                                                              *  Evaluate the audit universe, prioritize auditing universe, select
                                                               audit engagements and get the approval of the plan.

                                                            Finally, I am convinced that a risk-based plan is necessary to
                                                            prioritize the audit, but it is time to changing the traditional way
                                                            of preparing the internal audit plan that extend for two decades
                                                            and walk a step forward towards achieving the main objective of
                                                            internal audit which is “ add value and improve an organization’s
                                                            operations”. In addition, move to a new level of maturity may open
                                                            the door for internal audit to be more effective.

                                                            Ayman Abdelrahim, MQM, cia, ccSa, cFe

          24     INTERNAL AUDITOR - MIDDLE EAST                                                                                                                                JUNE 2018
   21   22   23   24   25   26   27   28   29   30   31