Internal auditors are told they need to develop a risk-based audit plan, but many internal audit activities simply risk rank their audit universe and believe that is risk-based auditing. Another common mistake is to identify risks to audit without ever determining if they are relevant to the organization’s objectives.

Risk-based internal auditing is really about aligning the annual audit plan, and corresponding audit projects and efforts, with the objectives of the organization. In a NEW book (http://goo.gl/atHlQZ), author Jason Lee Mefford takes a unique approach to risk-based auditing by incorporating risk management and internal audit concepts to create a new Risk-Based Internal Audit Framework, while still being consistent with internal auditing standards.

Understanding the concepts discussed in this book will help internal auditors modify their audit plans, add more value to their organizations, and make their audits more in line with internal audit standards.

The risk-based internal auditing framework shows how internal audit activities can consider the key objectives of their organizations, the strategies utilized to meet those objectives, and what major threats, and corresponding risks, cause uncertainty about whether the organization can meet those objectives. This is the basis of risk-based internal auditing.

The risk-based internal auditing framework includes seven related components: Understand, Identify, Assess, Plan, Perform, Report, and Monitor. The main focus of this book is to explain how to approach the Understand, Identify and Assess components of the framework in an innovative way, improving the overall value internal audit can provide to its organization, instead of testing the same internal controls over and over again.

The principles outlined in this book are applicable to all internal audit activities, regardless of geographic location, industry, or type of organization. They can be used in the private or public sector, for profit or non-profit, large or small organizations. The concepts in this book can be used to improve the audit quality in any organization and ensure the internal audit activity is adding value by focusing on helping the organization meet its objectives, not just adding and testing internal controls. It helps the internal audit activity provide much better assurance on what the governance group and management is really concerned about – meeting the organization’s objectives.

This book provides answers and practical how-to information to help internal audit activities take that next step in the evolution of the internal audit profession. It is a must read for any internal auditor.  If you have struggled to know how to implement a truly risk-based approach to internal auditors, you must get this book.

You can purchase a copy of Risk Based Internal Auditing book at http://goo.gl/atHlQZ or through your favorite e-book store.

 

Author bio

Jason Lee Mefford is an internationally acclaimed speaker, trainer and business coach. He specializes on ethics, corporate governance, risk management, compliance, GRC and internal audit topics. His unique perspective on blending risk management and internal audit concepts has lead to the development of the Risk-Based Internal Audit Framework discussed in this book.

He has been the chief audit executive at two different multi-billion dollar manufacturing companies. His role also included being in charge of information security and being the Chief Ethics and Compliance Officer and Chief Risk Officer. Prior to that he was a manager at both Arthur Andersen and KPMG, performing internal and external audits and advisory services for clients in various industries. He was also a national instructor at both firms.

Jason is a Certified Internal Auditor (CIA), Certified Public Accountant (CPA), Governance, Risk Management and Compliance Professional (GRCP), GRC Auditor (GRCA), Certified Risk Based Auditor (CRBA), Certificate in Risk Management Assurance (CRMA), Certified Government Auditing Professional (CGAP) and Certified Internal Controls Auditor (CICA).

He is a member of the Institute of Internal Auditors (IIA) and has been an active IIA volunteer serving at the local and international level. He is currently an OCEG Fellow with the Open Compliance and Ethics Group (OCEG) a nonprofit think tank that uniquely helps organizations drive Principled Performance® by enhancing corporate culture and integrating governance, risk management, and compliance processes.

He has been recognized by Yale University as a rising star in corporate governance, and was a finalist for the Corporate Secretary Magazine rising star in corporate governance award.

Jason is a graduate of Boise State University (BBA, Accountancy) and the University of Southern California’s Marshall School of Business (MBA).

You can purchase a copy of Risk Based Internal Auditing book at http://goo.gl/atHlQZ or through your favorite e-book store.

Leave a comment

Share
RSS