Having oriented the audit plan clearly towards adding value, a fundamental question is how to ensure that the audit plan takes into account the assurance activity that is already, or should be, taking place in order to avoid waste (Muda).
IIA standard 2050 discusses the need for audit to coordinate its activities with others to ensure proper coverage and minimize the duplication of efforts. This ties very closely to lean principles. The IIA practice advisory on Assurance Mapping goes on to explain that “assurance from line management is fundamental” – which confirms and reinforces the point about the importance of having three lines of defence operating effectively in order to properly manage risks.
In the last two chapters I have explored issues around the role of internal audit and also the risk factors that should be considered when developing the audit plan (and specifically whether to focus on gross or net risks). In addition, there is an assurance perspective to consider. Here are the reflections of an experienced senior audit manager:
“If it’s transparent that the right people are making the right decisions on a problem area and there’s an action plan with a clear target date, what value are you going to add by doing an audit? They know it’s a problem!”
“If everybody acknowledges there are ...