So says Hal Garyn in his latest article for Internal Audit 3600.
I agree.
Both Richard Chambers and I have been preaching that we should “audit at the speed of risk”, as well as at the speed of the business, for a long time. In fact, my last internal audit book was Auditing at the Speed of Risk with an Agile, Continuous Audit Plan (rated 4.4/5 on Amazon) and Richard wrote The Speed of Risk: Lessons Learned on the Audit Trail.
Hal explains it very well and if you haven’t already seen his piece, rush to read it!
He clearly agrees with what I said in the description of my book:
We need to stop auditing the past and turn towards auditing what matters today and will matter in the future.
This new book by Norman Marks, globally recognized as one of the most influential thought leaders in internal auditing, builds on his previous publication, Auditing that Matters
(rated 5 stars on Amazon). It explains the value and practice of updating the audit plan continuously.
Risks and business conditions change all the time, so an annual plan or even one that is updated quarterly, won’t lead to auditing what matters today. You audit what used to matter.
We need to audit at the speed of risk and the business.That requires making sure you understand changes in risk and the business as they happen, anticipate the…