A Better Objective for an Audit

Over the years as a CAE, I learned that there was a better way to steer the audit team. Instead of asking them to assess the system of internal control over a process or business unit (an approach that is disconnected from enterprise objectives), or whether the controls provide reasonable assurance that specified risks are at desired levels (a far better approach), I ask them to answer this question:

Do the processes and controls meet the needs of the business?

This makes the members of the audit team think!

What is management trying to achieve with this business unit, activity, process, etc.?

Does the way they are operating, which includes the controls they are relying on, provide reasonable assurance that they will be successful?

That means that not only do they need to take the right risks but seize the right opportunities. Are they doing that?

How well are they leading the organization and its people, obtaining optimal performance from both?

Is there a better way? What can and should be improved?

Answering my question enabled my auditors to assess the management of risks and opportunities and the related controls.

What do you think?

Try it for yourselves.

Like this:

Like Loading…

Подробнее…

Актуальные книги на английском

The Decision Intelligence Handbook: Practical Steps for Evidence-Based Decisions in a Complex World

Читать на английском

An Introduction to Decision Theory (Cambridge Introductions to Philosophy)

Читать на английском

Algorithms for Decision Making

Читать на английском

Wise Decisions: A Science-Based Approach to Making Better Choices

Читать на английском

Business Data Science: Combining Machine Learning and Economics to Optimize, Automate, and Accelerate Business Decisions

Читать на английском

An Introduction to Management Science: Quantitative Approaches to Decision Making

Читать на английском