First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

How does your organization assess the effectiveness of internal audits?

Typically, the stewardship responsibilities of a board of directors include the identification of an organization’s principal risks, the implementation of systems to manage them, and the integrity of internal control and management information systems. Typically, an internal audit function plays a key role in assessing and reporting on these areas.

In general, directors are expected to satisfy themselves that the internal audit function of an organization is done and effective.

But are these things happening for your organization, and how does your organization assess the effectiveness of internal audit?

“Good internal audit functions have processes for assessing their own effectiveness” says the response to question 14 of the Canadian Institute of Chartered Accountants publication, 20 Questions Directors Should Ask about Internal Audit, Second Edition.

The recommended practice further says those processes should include related performance measures that are developed by the chief audit executive in agreement with the audit committee.

Within the listed example measurement techniques are internal quality assurance reviews (e.g.).

At this juncture, it would be interesting to know (whether or not on the agenda for the upcoming national conference Sept 23, 2012), if many organizations have implemented IA quality reviews, perhaps using something like an internal audit quality assessment manual or quality assurance and improvement program.

It would also be interesting to know if those reviews suggest that anything different should be done to harness the full potential of internal audit or to address any inherent risk of future obsolescence such as unless IA takes on a more risk-centric mindset (e.g.).

As always, feel free to comment and to let us know what you think. Don’t hesitate to share with your peers what you are applying in your organization.

Ron Richard
Quality Management Specialist

Follow me

Ron Richard

Quality, Information Technology and Enterprise Risk Management specialist at Ron Richard Consulting
Ron Richard, Quality, Information Technology and Enterprise Risk Management specialist has held positions at most any level of an organization, and acquired more than 30 years of relevant experience including related work done at the College of the North Atlantic. Ron is author of Inherent Quality Simplicity and the Inside Internal Control newsletter Modern Quality Management series. Read more
Follow me

, , , , , , , , , , , , ,

Comments are currently closed.