Internal auditing is a key activity to ensure that your organization is compliant with applicable regulations and laws. The internal audit process must be efficient, effective, and — most importantly — user-friendly. So what does effective internal audit program look like? I would say the following are key components:
By tracking audit risk assessments and data in one place, it allows your organization to start comparing risk over time and build trending reports on risk. This can be valuable information to include in the annual audit report to executive management.
Document and review any management requests prior to the development of the annual audit plan. Make sure to think about any meetings and team projects, association group participation, training, research and development, assistance with examiners and auditors, and other administrative tasks.
Track statuses, assignments, due dates, and follow-ups for all internal and external items to ensure they are handled in a timely manner. Create notifications to department managers to assign and resolve findings.
Define the core management team that will be responsible for responding to and mitigating findings based on requirements. Create expectations for what is to be completed and the depth of the response that is needed.
Make sure the audit process and methodology is well documented and added to the annual audit plan. This should be easy to understand and explain all critical items and processes that are completed within your audit program.
Reviewing and analyzing data for the year is easier when it has been summarized in pie charts or other visuals.
Create reportable action items that can be assigned to management. From there, you can base notifications on due dates and hold management accountable for responses.
Define audit tests and schedules based on a repeatable process. Then create reports and oversight charts to manage the process and make sure the testing is accurate.
Once admins have been trained and data is in the audit software, create a few pilot department managers to help with any new processes. Once you’ve confirmed there are no issues, then release the solution to the entire management group.
Map out tasks, capacity, and time requirements to ensure that the overall audit timeline and any due dates are reasonable for the organization.
About the Author:
Andrea Tolentino is a certified business resilience auditor (CBRA) and principal solutions consultant at Quantivate.