A new internal audit model is needed to restore confidence and make internal audit relevant after the dramatic changes in the business environment of the past few years.The new approach to internal audit should allow for auditors to work with management to integrate strategic and business objectives to improving governance, risk management, and internal controls. With a more proactive model the internal audit leaders can more effectively assess and monitor the business, identify areas for improvement and manage risk in a fluctuating economic environment. An audit model that follows the natural steps management would take in designing a business process to meet the business objective, considering risks that could prevent the process from working optimally, and designing controls into the process to mitigate those risks would be easily understood by management.
The COSO board recognizes that management’s assessment of internal control often has been a time-consuming task that involves a significant amount of annual management and/or internal audit testing. Effective monitoring can help streamline the assessment process, but many organizations do not fully understand how to take full advantage of this important component of internal control. COSO’s Monitoring Guidance is designed to improve the use of monitoring by helping organizations:
Identify and maximize effective monitoring, and
Identify and improve ineffective or inefficient monitoring
Source: COSO framework.
Therefore, need to transform internal auditors to a strategic role rather than continue to categorize them as ‘policemen’. Internal audit becomes a critical sounding board to management to prevent risks rather than be the cure, after the event.