Building a Department of Integrated Auditors

Your Recent History

Select Country

Language

English

Careers | About Us | Contact Us

\|	Solutions Business Operations Improvement Finance & Accounting Excellence IT Consulting Internal Audit & Financial Controls Litigation, Restructuring & Investigative Services Risk & Compliance Transaction Services	\|	Industries Consumer Products & Services Energy Financial Services Government Healthcare & Life Sciences Industrial Products Private Equity Technology, Media & Communication	\|	Insights Browse by Content Case Studies Current Challenges Events Featured Articles Flash Reports Newsletters Podcasts Points of View Resource Guides Survey Guides Live Surveys & Benchmarks Webinars White Papers Browse by Role Board Member Chief Audit Executives / Audit Professional Chief Financial Officer / Finance Professional Chief Information Officer / Technology Professional Chief Risk Officer / Risk Professional Legal Professional Browse by Industry Consumer Products & Services Energy Financial Services Government Healthcare & Life Sciences Industrial Products Technology, Media & Communication KnowledgeLeader Blog	\|
\| GRC Software \| KnowledgeLeader \|

Home >
United States >
Insights >
Browse by Content >
Featured Articles >
Building a Department of Integrated Auditors

Insights

Building a Department of Integrated Auditors

Jim Kaplan, AuditNet.org
Jim Kaplan, Founder and CEO of AuditNet® the global resource for auditors is an Internet for auditors pioneer. As the founder and principal of AuditNet®, he developed an Internet Web site that links auditors around the world with over 1,300 audit related resources and over 2,000 audit work programs. The AuditNet® Web site www.auditnet.org is used by auditors at Fortune 500 companies, public and private companies, government agencies and organizations, around the world searching for audit-related information. This article is a natural outgrowth of his original idea of developing an online information network for auditors. Jim can be reached at info@auditnet.org.

Source: Protiviti's KnowledgeLeader

As internal audit leaders look to improve staff skills and increase audit efficiencies, they should put at the top of their priorities the concept of “the integrated auditor.” An integrated auditor combines both generalist and specialist skills, particularly the ability to use and apply the most effective technologies and the traditional responsibilities in financial, operational and compliance areas. Having integrated capabilities greatly increases an audit team’s technical and functional competencies. Rather than settling for minimum proficiency levels defined for auditors, training your staff to become integrated auditors opens up opportunities to build further expertise and enhance your department’s capabilities.

Decades ago, when electronic spreadsheets were first introduced into the business environment, auditors shifted from using columnar pads to using computers for work papers. Today, the concept of the integrated auditor represents a further evolution of the same paradigm shift. It is only logical that auditors today need to become “technologically literate,” able to use and apply the latest audit software tools and techniques to improve the quality of their audits and to mitigate the risks of oversight and error. In today’s world, technology has become integrated into every aspect of business operations and the volume of data to be audited has exponentially increased. If every aspect of business is touched by technology, auditors need to use technology to address it.

The integrated auditor knows how to use a wealth of new tools available for the desktop and laptop. PC-based software packages such as ACL and IDEA (Caseware)offer powerful audit tools and data analysis, and require only minimal training. Other audit departments may benefit from numerous sophisticated Excel spreadsheet add-ons like ActiveData and TopCAATs that can perform a slew of data analytics including sampling, aging, duplicate analysis, stratification digital analysis (Benford’s Law), and GAP analysis. There is also a category of software programs such as CCH Teammate, a paperless audit management system that provides audit teams with a total solution for the audit process, thereby facilitating planning, documenting, scheduling and reporting.

Five Benefits of Integrated Auditors
Training your staff to be integrated auditors offers five distinct advantages. First, audit capability and accuracy are vastly improved to keep pace with the rising volume and complexity of data. In today’s enterprise, every business process has gone digital. Technology allows an auditor the ability to match fire with fire power. In searching for anomalies such as duplicate invoices among hundreds of thousands of transactions, technology makes it a snap to analyze the entire data population with 100% accuracy, rather than just sample a small number of items and expect to be accurate.

A second benefit is a significantly higher efficiency in your audit capacity. Audit organizations that embrace the use of technology can tweak and refine their processes to focus on auditing the right things in more areas. In effect, audit departments can do more with what they have by being able to do more audits and cover more priority areas. Both in terms of compliance and to protect corporate interests, it’s simply no longer excusable to tolerate inefficiencies that add risks or waste time when it comes to tracking down anomalies or investigating potential fraudulent activity.

The improvements in efficiency and accuracy translate into a third advantage: potential cost savings. With technology, there is often less need to go out into the field to manually pull paper documents or research information. Travel budgets can be reduced and productivity increased with less time lost to travel. The organization already produces vast quantities of digital information that can be available electronically to auditors without stepping out of the office.

Fourth, technology tools help audit departments reduce risk through higher quality, more comprehensive and faster audits that produce results on a timelier basis. Today’s world of complex business processes and global interconnections increases the number of risks companies are exposed to, but technology gives auditors far greater control and oversight capability. One area in particular is cycle time for audits. Whereas a department may have been able to conduct a specialized risk assessment only once every two or three years, technology makes it possible to do those projects every year. This also allows the department to respond more effectively to management and board audit committee demands that often ask auditors to devote unplanned time to high-priority projects.

Finally, the fifth benefit is that integrated auditors with technology skills can produce a faster turnaround and delivery of audit reports to key stakeholders, ensuring a timelier reporting of critical issues.

Training Integrated Auditors
Chief audit executives (CAE) are responsible for ensuring their departments are trained in the right areas, so it is already in the standards that training integrated auditors will fall to them. As in any change initiative, this transition needs a champion within the organization to present the advantages and persuade management of its value.

Building a department of integrated auditors requires systematic planning to select the tools most appropriate to your needs, identify which people to train, and develop a training program according to best practices. To some extent, these planning requirements overlap such that they do not present a hard and fast sequence of steps but rather an overall plan.

Regarding tools, it can be valuable for the CAE to research the available software tools and to begin narrowing down a selection most relevant to your department. Every department’s needs and structure are different, so this decision must be customized. Having some knowledge of the tools can provide criteria for selecting the right people and developing training according to the skill sets needed.

Selecting the right people to train as integrated auditors means choosing staff that either already have the technology knowledge, skills and abilities (KSAs) to meet the objectives or they are willing to acquire them. Keep in mind that being a certified auditor does not imply that the person has had any training in technology. Also, many college and university programs today provide only basic exposure to these tools, so recent graduates are not necessarily conversant in the new technologies. As a result, each CAE needs to evaluate their current staff regarding their KSAs and then make a selection to optimize the department’s capabilities. Whenever possible, however, it can be advantageous to train multiple people in the same tools to avoid a knowledge gap if a trained staff member leaves or changes positions.

Converting staff members from being process auditors to professionals in using technology requires a sound training program tailored to close the gap in each person’s KSAs relative to the minimum acceptable skill level for each tool. The amount of training required depends on the software technology selected, but introducing a new technology often requires a learning curve ranging from several months to a year. In general, training an integrated auditor needs to focus less on the old concepts of auditing and evaluating information systems and more on developing expert data analysis skills. This area represents the single largest challenge in the future of auditing.

Internal audit leaders should track the training progress of department staff to ensure it meets the required objectives. There should be a system in place to monitor progress and measure the quality and effectiveness of the training. Identifying best practices is an area where organizations, like The Institute of Internal Auditors ( http://www.theiia.org/), could help take the lead. CAEs might also look to create a forum to share experiences and identify the criteria needed to transition process auditors to integrated auditors.

Moving Toward Best Practices in Risk Management
In today’s business climate, the audit profession has a responsibility to improve the governance, risk and compliance (GRC) standards within their organizations. It is critical that every auditor have the right technology skills to evaluate and report on risk management within their area of expertise. Given that the technology tools for assessing risk and control within organizations are constantly improving, every internal auditor has an obligation to continue acquiring and maintaining their skills to use the latest methodologies. In the future, there is no doubt the best practices in the auditing profession will specify that all projects use the best available technologies, especially data analytics, in every audit project, and that all functions use continuous monitoring and auditing technologies to facilitate early-issue identification.

Reliance on technology is clearly an ongoing paradigm shift in the auditing profession. Those audit organizations that do not stay current with technology run the risk of finding their function outsourced to outside companies that know how to use the best available technologies and have the trained staff to apply the tools. Despite the risks of using external firms to staff internal audit departments, organizations today cannot afford to maintain internal audit departments that fall behind in performing their audit responsibilities.

Download the PDF:

Building-a-Department-of-Integrated-Auditors.pdf

Related Resources can be found on KnowledgeLeader: Password is required. Free trials are available to non-subscribers.

The integrated auditor at Microsoft
Exception Management Explained
Role of Technology in the Risk Assessment Process


Site Map \| Glossary \|Terms of Use \| Privacy Policy \| Site Feedback \| Media Center \| Events

© 2012 Protiviti Inc. All Rights Reserved.