Collaborative Risk-Based Audit Planning: Creating a More Impactful Audit Plan

Stop trying to perform risk assessments alone! Internal audit is part of an organization’s assurance program. Auditors should collaborate with business leaders, other assurance teams, and other departments that are performing risk assessments in order to gain a comprehensive perspective on their risks. 

If we want to perform more meaningful risk assessments, we cannot work in a silo. We must align with the business to understand management’s objectives in detail. After all, by definition, internal audit “helps an organization accomplish its objectives.” Read on to learn more about better aligning your risk assessment and audit planning efforts with the business’s priorities. 

How Do You Create a Collaborative, Risk-Based Audit Plan?

Your audits will be impactful if your risk assessment process brings in multiple perspectives to create a more comprehensive audit plan. There are several key ways to create a collaborative, risk-based audit plan, including aligning the plan to management’s objectives, moving to more frequent risk assessments rather than relying on an annual risk assessment, and performing a skills assessment to ensure the internal audit team has the capabilities needed to audit new areas and appropriately identify risk.

1. Aligning With Business Objectives

The first step in collaborative, risk-based audit planning is understanding management’s objectives. Too often, we start our audit planning with a listing of entities and generic risks. Collaborative risk-based audit planning starts with identifying organizational objectives, then understanding risks that could prevent management from achieving those objectives. At a high-level, business objectives are readily available in annual reports, but talking with management will uncover the underlying steps that support those objectives — this is where we perform impactful audits.

2. Assessing Risk at the Speed of Change

We can perform the risk assessment now that we understand management’s objectives. Internal audit’s risk assessment should include known and emerging risks. We can add value to the risk assessment process by incorporating risk assessment data from process owners and other assurance teams and adding our perspective along with additional risks as the environment changes. Changes impact our organizations so quickly that we cannot rely only on annual assessments. If you have not already done so, it’s time to move to more frequent risk assessments. Risk assessment software that is designed to support collaboration is key to completing more frequent assessments without increasing the time spent on the task. 

3. Allocating the Right Resources

Next in our audit planning is typically building a schedule for the team. Collaboration at this level can include working with your audit team to allocate the right resources to the right engagements. Incorporating diverse skills can equip the team to handle a variety of situations. If you have team members with diverse skills, such as IT skills, an operational audit background, or financial audit expertise, you can create a multi-skilled team that can test all of the controls they come across in any process. You may need to perform a skills assessment to determine which individuals best suit your upcoming engagements. Keep in mind that the skills needed for next-generation auditing will continue to evolve as we move deeper into auditing topics like artificial intelligence, machine learning, and bot governance. When you have the right resources allocated to each engagement, the team should be positioned to handle whatever they find in the audit. They can thoroughly test the controls and report on the issues they uncover, adding value to their business leaders.

The End Game: Collaborative Planning Leads to Impactful Audits

You can achieve more impactful auditing with collaborative, risk-based audit planning. When you start with business objectives and assess based on the current risk landscape, your audits are directly related to what worries your business leaders. Therefore, any issues your team identifies are directly linked to what senior leaders want to address since these affect their ability to lead the organization toward meeting its objectives. The final issue is figuring out where to begin.

Getting Started on the Path to Collaborative Planning

To get started, ensure you understand the company’s objectives and then engage in conversations. The conversations can include other assurance teams and members of management who can help you dig deeper into the underlying objectives that support the larger goals. At the same time, this information should be used to update your risk assessment and planning approach. Factor in emerging risks and other concerns that were previously not included in the assessment. Finally, use all of the information to build your plan and assign resources. Through collaborating with multiple stakeholders across your organization, you can gather different perspectives and facilitate a more comprehensive and meaningful audit plan that supports the organization in a way that those depending on your work will truly appreciate.