How to Gauge the Audit Department?

How to Gauge the Audit Department?

Lead by example - Audit yourself before auditing others!

Internal Audit (IA) Department is no different than any other department in the organization. There are things which influence the performance of the IA department, some are controllable factor and some are not but there are always ways to improve the performance of the IA department by enhancing its process maturity.

"I have been approached by many internal auditors, the first concern they raise is about the budget constraint but in this article, I shall be stating that this could be only one factor but there are numerous other factors by which the internal audit functional maturity can be enhanced."

Now the question arises how to gauge the process maturity of the IA department? The answer is simple, it can be done in many ways such as by benchmarking your audit function with other good performing companies' IA department or If you are working within a large Group, then benchmark can be done within the Group by comparing to other Group entities’ Internal Audit set-up and their practices.

I usually take a slightly different approach. I choose to benchmark my audit activities with the Institute of Internal Auditors (IIA) proposed Internal Audit Maturity Assessment Model.

What is IIA Internal Audit Maturity Model?

The maturity model helps in positioning the future state of the internal audit department. The IIA Internal Audit Maturity Assessment Model is a self-assessment tool that provides levels of ambition and concrete best practices that can serve as guidelines for the Head of Internal Audit to formulate strategic objectives, evaluate the current internal audit function and define a road map to achieve the stated objectives. 

Rating on a Scale of 1 to 5

The IIA Internal Audit Maturity Model encompasses five levels. Each level describes the characteristics and capabilities of the internal audit activity. The five levels of the internal audit maturity model are initial, define, implement, managed and optimized.

  1. Initial – Internal audit is ad hoc or unstructured, few processes are defined, and practices are performed inconsistently.
  2. Define – Internal audit basic practices and procedures are performed on a regular and repeated basis.
  3. Implement – Internal audit policies and procedures are defined, documented and integrated into each other.
  4. Managed – Internal audit becomes an integral part of the organization’s governance and risk management practice.
  5. Optimized – Internal audit focuses on learning for continuous improvement to enhance the capability.

Criteria to Rate Each Activity

The detailed level assessment, pertaining to IIA's standards requirement with an example (current state case of IA Department), is given below:

No alt text provided for this image

Based on the above assessment, you can easily draw a table (fig.1) depicting the status of each standard (IPPF) requirement against the current practice in the IA Department between 1 to 5. In the end, you can simply sum up the total scores and divide the total by 60 (12 standards X 5 levels) and then by multiplying with 5 (scale of 5) to obtain overall rate. Based on the above assessment, the overall rate of the department process maturity on a scale of 1 to 5 lies at 1.75

Fig.1 – Internal Audit Process Maturity (Current State)

No alt text provided for this image

In the above case study, the IA Department maturity falls at a level 2 (Define) means the IA Department has basic practices and procedures that are performed on a regular and repeated basis.

The average rating for any internal audit department should be at least 3 (Implement) on the scale of 1 to 5. 

Conclusion

The Internal Audit Maturity Model shows the steps in progressing from a level of internal auditing typical of a less established organization to the strong, effective, internal audit capabilities generally associated with a more mature and complex organization.

Reference Material: Benchmarking Internal Audit Maturity, Internal Audit Ambition Model

If you find it useful, don't forget to Like and Share to impart knowledge and if you have something to add, comment below

ABOUT THE AUTHOR

No alt text provided for this image



Arif Zaman brings with more than a decade of proven experience in internal audit, risk management and fraud investigation. He is the Head of Internal Audit at Private Joint Stock Company based in Dubai, UAE. He holds a MSc in Professional Accountancy from University of London and BSc Hons in Applied Accounting from Oxford Brookes University along with an impressive set of professional certification including ACCA, CIA, CISA, CFE, CCSA, CRMA, CRBA, CPA and CGA etc.

For more immediate reading, here are some other posts I have written:

Technical Article

How to become Internal Auditor? How to Gauge Audit Department . Do not trust Artificial Intelligence . How to establish Internal Audit Department in 8 simple steps . Corporate Governance . Risk Appetite . Road Map to Data Analytics . Political pressure on CAE . Difference between the role of internal control, compliance, risk management and audit? . Internal audit is a dying career? . Internal audit - Innovate or stagnate . Internal audit insight from IIA President . Auditing business ethics . Business email compromise . Create a risk register in 4 steps . Cloud computing - Internal audit perspective . Annual risk assessment (4 steps) . Annual audit planning process (5 steps) . Role of internal audit in risk management . The impact of emerging technology on auditing . Family business governance . New IPPF 2015 (summary) . Internal audit function maturity curve . Real story - Ponzi scheme 

Others

Feel like you are falling apart . My most vivid childhood memories . I think of my failure as a gift . Life changing story - From admin staff to TV anchor . Remove toxic people from your life . Africa is not a country . The best time of the day to do things at work . Build your personal brand . Pass the 6 second CV scan test 

Mohd Nur Hakim Bahaman

Manager, Internal Audit & Risk Management

3y

Hi Arif Zaman , thank you for the insights. Can we trace the origin of the Internal Audit Process Maturity Model? I'm thinking of using the model to gauge our audit function.

Like
Reply
Abdallah Siraj (BFP, ACA, FCCA)

Senior Manager Corporate Planning and Treasury at Novartis Pakistan

5y

looking forward to assessing my own internal audit department

Ahmed Mazher

Qualified Internal Audit and Risk Consulting Professional with over 10 Yrs of Experience in Diverse Industries

5y

Very informative

Natalia Pishchaeva

Business. Integrity. Compliance. Ethics.

5y

I would be curious to see how the rate will change if to assign the weight to every standard. 

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics