After exploring the question of who the prime customers of the internal audit function are, the next point to clarify is what specifically provides value to them. Furthermore, lean asks us to understand how much added value specific outputs deliver, and also asks us to pay close attention to what does not add value.
COMMON PRACTICES AND IIA STANDARDS OF NOTE
IIA standards currently state that internal audit functions should be managed in order to ensure they add value to the organization. It is stated that “internal audit adds value when it delivers objective and relevant assurance,” and also when it “contributes to the effectiveness and efficiency of governance, risk management and control processes.”
COMMON CHALLENGES & DILEMMAS
A “Value Gap” between the Perceptions of Audit and Stakeholders
With such a clear emphasis on the importance of adding value in the IIA standards one might imagine that all audit functions would comfortably do this. However, my experience is that:
- Some auditors may not see adding value as a priority over and above other considerations;
- Some auditors may believe they are adding value, but key stakeholders may not always agree;
- Despite doing some value adding work, a portion of audit work may be regarded as non-value adding (for example, if it generates actions that are seen to be bureaucratic).
One of the reasons for a gap in the value internal audit is seen to provide may stem from a view that by simply ...