Posts Tagged ‘Integrated Auditing


Risk-Based Integrated Auditing and the journey so far….

It has been almost one year since my country office started transitioning to ‘risk-based integrated auditing’ (RBIA) approach from the ‘traditional internal auditing’ approach focusing on finance. Similar to any other change process, this journey of transition was not a smooth or comfortable one for our function. (In a sense, it was a humpty-dumpty ride). However, out of this transition to RBIA approach, I have learnt some good lessons both personally and functionally (which I feel worth sharing with my readers):

On the individual front —

  • I have understood the importance of flexibility and creativity for producing the best value adding audit reports. (Structured approach alone does not suffice.)
  • As an internal auditor, most often, it is good to be direct with audit clients rather than being diplomatic. Being direct have helped me gain credibility in the eyes of my clients.
  • Being part of the internal audit profession, I have now learnt to experiment and take reasonable risks within professional boundaries (rather than always being over-defensive and extra-cautious).
  • I have learnt the art of collaboration and negotiation better now. Now, I can empathize with the challenges faced by my audit clients. This has led me to hold more constructive conversations with my stakeholders.

As the internal audit function, some of our important learnings —

  • The success of the RBIA approach is primarily dependent on identifying the correct risks to review from the start.
  • It is important to ensure that both the senior management and the respective departments/ functions share the same view of risk. As a third line of defense, we ensured that they both are on same page when it comes to risk.
  • One of our initial tasks was to review our country office’s risk register and see if it is complete and accurate. Subsequently we also learnt to rank the risk by considering which of those risks would have the most serious impact. By doing so, internal audit’s prioritized areas of focus matched those posing greatest risk to the organization.
  • As skeptics, normally internal audit functions are good at pointing out what might go wrong. But under RBIA approach, (while proposing the corrective action to clients) we also learnt to imagine thinking what needs to go right so as to ensure management focus are aligned to achieve successful outcomes.
  • Our internal audit function has started emphasizing top-down risk-based planning consistent with the country office’s objectives. For this, we took into consideration the input of senior management and the Board.
  • We understood that it is important to induce the senior management to leverage on first and second line of defense when internal audit started moving towards RBIA approach.
  • We learnt that when internal audit aligns its focus with organization’s top high risks, the organizations will be deriving the maximum value.
  • Under the RBIA approach, our internal audit function has become intentional in learning about the business of our organization.
  • RBIA approach is assisting our function to understand the issue by seeing the larger picture in a holistic way rather than having a skewed perspective. As a result, our team is now able to have a more pragmatic view of materiality while stratifying the audit observation.
  • RBIA approach have underscored the importance of findings from internal audits to be commercial, strategic, cost-effective and making business sense.


Question: From your experience and expertise, do you think risk based integrated auditing is a better approach? Please share them by leaving a comment to this post. I welcome your thoughts.


What makes the integrated auditing so interesting?

It’s time for change. Starting this month, we have moved to the approach of integrated auditing in my country office; and as internal audit professionals, we are at crossroads than ever before. Traditionally, our focus was on examining financial systems and the financial records of a program or process. But, now we are moving towards a holistic approach.

This new approach of integrated risk based internal audits is helping our function to broaden our perspective by focusing on the entire gamut of risks encountered by the organization. Through such integrated audits, our objective is to achieve a more effective and efficient audit engagement with all our audit clients.

Integrated auditing approach has thrown us with wide array of opportunities as well as challenges. Some of the challenges which I foresee in this journey of transitioning from financial auditing to integrated auditing are as follows:

  • Understanding the need for increase in knowledge of staff on non-financial areas and augmenting oneself with additional skill sets
  • Developing a reasonable level of knowledge in ERM, risk identification, risk assessment and risk classification (Dealing with the unfamiliar areas that have not been traditionally reviewed will be a litmus test for my team)
  • Enhancing the knowledge of multiple audit techniques
  • And, the resultant changes that are to be done in the composition of the internal audit team

Some of the measures that are helping us in this transition to integrated audit approach:

  • Using the available resources and personnel from various departments who are experts to supplement and augment our existing audit resource knowledge. (In simple words, learning about the process and operations from the process owners themselves )
  • Learning to modify our perspective and think beyond the traditional audit scope.
  • Exploring the option of modifying the existing audit staffing plan.

With the management expecting continuous monitoring of our various area development programs and projects, the internal audit function decided to adopt integrated auditing. In the due course, this comprehensive approach is believed to increase internal audit division’s credibility and provide greater value addition to management in addressing its risk.

Developing the risk based audit procedure checklists, scoping mechanisms, audit testing methodologies, designing the engagement duration are some of the prioritized tasks in my function right now.

There tends to be certain amount of confusion or chaos while treading uncharted waters. But, this uncertainty is the element which makes the integrated auditing so exciting and interesting to me.


July 2018
« May    



Online Accounting Degree blog feature