> Risk > Internal Audit mistakes
Internal Audit mistakes
I want to share Garyn’s fine post on Six Common Internal Audit Miscues to Avoid.
I fully endorse this former IIA vice president’s comments about “overemphasizing independence and objectivity”. Hal’s points that objectivity is far more important and that we need to do what is best for the organization (with the support of the audit committee) and absolutely right.
I recall one CAE telling me that they couldn’t use the same analytics software as management because they had to maintain their independence. Absurd!
The point about needing to complete the annual audit plan is also spot on. Internal audit needs to move to an audit plan that is continuously updated, rather than what was considered important up to a year earlier.
I also agree with his point that “it makes sense to pursue conformance with the Standards, but don’t prioritize it to the level where it risks making internal audit less relevant in your organization”.
I agree with his fourth point about co-sourcing and setting up a strategic relationship with your provider. I just wouldn’t call it out as a major mistake.
His fifth point is far more important, although I would phrase it differently. We should:
- Audit the risks that matter to the achievement of…
