SETTING INTERNAL AUDIT’S LONG-TERM PRIORITIES

Abstract

ABSTRACTAs I have discussed in past articles, internal audit efforts must be risk-based and contribute to the long-term assurance needs of the organization and its board. A formal risk-assessment audit must be completed at least annually and the results of that assessment should direct audit priorities. Periodic updates throughout the year are also highly recommended. Over time, a focus on short-term results (quarterly financial results, meeting current regulatory requirements, etc.) has driven the priorities of management and consequently the organization toward a short-term perspective. Similarly, internal auditing’s efforts has commonly moved toward this short-term focus, boiling down priorities to whichever audits the company needs to complete in the immediate quarter or two. During the challenging business environment period some would say it is not a good time to refocus sights on the long-term horizon. I disagree. For example, knowing what the organization want to achieve in the next two to five years, and what does it need to do to get there, is critical to success! Certainly, each organization will have different goals, objectives, issues, and challenges, and no single “standard” long-term internal audit plan will work; but I took a shot at it anyway, and present the results in this article.