Page 26 - Internal Auditor M.E. (English) - June 2018
P. 26
Value adding TO cOMMenT on the article,
eMail the author ayman.abderlahim@outlook.com
management. The plan is characterize by risk factors that An audit plan based on adding value
influence the choice and prioritization of audit engagements.
At this phase, the internal audit ability to influence the The internal audit plan is the cornerstone that determines whether
company is much greater than the previous phase, but only internal audit is effective or not, selecting influential auditing
limited to internal audit perspective. engagements that serve the company and achieve the required
from the internal audit is one of the most difficult decisions to be
* Advanced Audit Phase – Added-value based audit: Audit made by the CAE.
practices at this phase are characterize by future-focused and
insight, as required by the new internal audit principles, and A value-added plan must take into account value-creation
preparation of the plan is based on the success factors of the activities that encourage positive outcomes as well as value-
company, taking into consideration the risk assessment and protection activities that deter the negative events. Production,
not relying solely on it. At this phase, the internal audit ability sales and after-sales activities are some of the activities that add
is very influential in the company so that will become as a value to the company’s products. However, Inspection, quality
trusted advisor. control, risk management and compliance are examples of value-
protecting activities. In order to achieve a comprehensive plan,
With this simple analysis, you can know which phase your internal
auditing practices have reached, also you can set a goal for the the activities that add value to the company and the activities
development and progress to new phase to make a greater impact that protect it must be balanced within the audit plan, it is not
on your organization. necessary that the higher risk activities are the most important to
the company. Here are the basic steps to setting up an audit plan
Risk based audit plan based on adding value:
If you asked any professional internal auditor about the best * Review value-adding strategy of the company and considered
ways to prepare an internal audit plan, the first thing that comes
to mind to answer your question is a risk-based plan. Although it as one of the inputs to during the preparation of the plan.
there is no uniform way to build the plan, different practices are * Take the stakeholder opinion regarding the identification of
similar only to the name, there are no correct approach and wrong activities that add value to the company and the activities that
approach, but each method depends on the judgment and meet protect the value.
the requirements of internal audit and stakeholders in some cases.
* Identify the audit universe and classify it into activities that
Perhaps the most effective approach to risk-based planning is the
internal audit standards as it clearly stated in the standard No. value-creation and value-protecting activities.
2010 (Planning) that a risk-based audit plan must be develop. I * Divide the audit universe by type of evaluation (risk
believe that standard 2010 may not be consistent with the previous management, control, governance).
standard No. 2000, related to managing the internal audit activity,
* Identify the factors on which the audit priorities will be
which stated the importance of internal audit effectiveness to assessed (factors must consider the importance to the
ensure the addition of value. How can a value be added if the audit
plan is based on risks without taking into account the internal company and the importance to the audit).
audit objective of adding value? !! * Determine the evaluation criteria for the factors that will rely
upon in priority setting.
* Take the stakeholder opinion regarding the method of
preparing the plan and the factors to be relied upon.
* Evaluate the audit universe, prioritize auditing universe, select
audit engagements and get the approval of the plan.
Finally, I am convinced that a risk-based plan is necessary to
prioritize the audit, but it is time to changing the traditional way
of preparing the internal audit plan that extend for two decades
and walk a step forward towards achieving the main objective of
internal audit which is “ add value and improve an organization’s
operations”. In addition, move to a new level of maturity may open
the door for internal audit to be more effective.
Ayman Abdelrahim, MQM, cia, ccSa, cFe
24 INTERNAL AUDITOR - MIDDLE EAST JUNE 2018