Better Audit Reports

Here are my top eight best practices for creating better internal audit reports that hit the mark: Audit Objective: ensure that the audit objective addresses the risks to the goals and objectives of the organization.  It should drive the risk identification and assessment; and be a foundation for the audit workplan and the conduct of the audit.  And ultimately, is it the statement upon which the audit concludes. Audit Workplan:…

April 24, 2022
Read More >>

Audit Finding Attribute: Recommendation

This is the seventh in a series of articles on data analytics and internal audit. This article looks at the audit finding statement: recommendation. The focus will be on the use of data analytics to assist you in determining the recommendation. In simple terms, the recommendation is the action that management should take – putting in a control, changing a business process, etc.  If the other components of the finding…

April 4, 2022
Read More >>

Audit Finding Attribute: Impact

This is the sixth in a series of articles on data analytics and internal audit. This article looks at the audit finding statement: Impact. The focus will be on the use of data analytics to assist you in determining the impact of what was observed (the condition) and to support the recommendation. In simple terms, the impact answers the ‘why should I care.’  What is the impact of controls failing…

March 21, 2022
Read More >>

Audit Finding Attribute: Cause

This is the fifth in a series of articles on data analytics and internal audit. This article looks at the audit finding statement: Cause. The focus will be on the use of data analytics to assist you in determining the cause of what was observed (the condition) and to support the development of the recommendation. In simple terms, the cause answers the ‘why.’  Why are controls failing to prevent and/or…

March 9, 2022
Read More >>

Audit Finding Attribute: Condition

This is the fourth in a series of articles on data analytics and internal audit. This article looks at the audit finding statement: Condition. The focus will be on the use of data analytics and how the condition supports the development of the recommendation. In simple terms, the condition is “what is.” Typically, the analytics are testing for the existence of something, and the results are the condition. For example,…

February 28, 2022
Read More >>

Audit Finding Attribute: Criteria

This is the third in a series of articles on data analytics and internal audit.  This article looks at the audit finding statement: Criteria.  The focus will be on the use of data analytics and how the criteria play an important role in the development of analytics to support and inform the audit. IIA Standard 2210.A3 states that “adequate criteria are needed to evaluate controls.”  Simply put, the audit criteria…

February 20, 2022
Read More >>

Better Audit Recommendations

Setting the proper objective is critical to delivering on a quality, value-add audit.  It must be strongly linked to the goals and objectives of the entity being audited; drive the risk identification and assessment; and be a foundation for the audit workplan and conduct of the audit.  And ultimately, is it the statement upon which the audit concludes. Yet too many audits have poor objectives. I have performed analysis in…

January 20, 2022
Read More >>

The Why Factor

Too often auditors are satisfied with only finding the problem.  In fact, it is usually only ‘evidence that there is a problem’ and not the actual problem.  At which point their recommendations fall short of providing value and helping management improve controls and reduce risk. These types of audits often look something like this: Objective: Verify compliance with “A” Criterion – you are supposed to do “A” Condition – the…

August 2, 2020
Read More >>

Linking ERM and Performance Measurement – part #2

A proposed integrative model Dave Coderre, CAATS, www.caats.ca  During the strategic planning process senior managers propose goals and objectives for the coming year. ERM should evaluate objectives to ensure that risks have been considered and the chosen objectives are consistent with the entity’s mission. The risks should be analyzed and prioritized and mitigated by an appropriate response that considers the entity’s risk tolerance and risk appetite. The risk appetite will vary depending on…

October 17, 2018
Read More >>

Auditing the Right Things

Is there a mismatch between where internal audit spends its time auditing and the risks that organizations face?  Boards/audit committees should constantly re-evaluate whether internal audit is being used effectively to deliver risk-based assurance.  The fundamental questions for boards/audit committees are: are we doing the right audits; and are we doing audits right. In previous articles I have discussed ‘how to do an audit right’ – namely, the importance of…

September 20, 2018
Read More >>