Recipe for timely assurance
Jagdeep Chaggar, London member of ICAEW Council, sets out the ingredients he believes will allow companies and auditors to provide more timely assurances for financial reports.
We are a society of the now, wanting everything to happen faster and better than before and although our demands are high, they are achievable thanks to advances in technology.
Companies reaped the rewards when implementing global ERM (enterprise risk management) systems, producing reports in seconds as opposed to weeks before such sophisticated tools existed. Allowing management to respond quickly to potential issues, with the comfort of knowing that the system makes sure everything operates as intended.
However, as internal and external stakeholders, we still wait months for insight on a company’s audited performance or assurance that processes work as intended, even with all the advances in technology to date. This begs the question: how do we provide more timely assurance?
Well, like any good recipe, you generally find there are different methods but the ingredients and outcome remain largely the same; so if executed correctly, I believe the below method can solve the problem:
- very large helping of technology;
- a strong control environment for your base;
- a bowl of agile auditing;
- a handful of skilled IT auditors, and;
- a layer of continuous monitoring
Step 1: Start by reimagining the processes within your control environment from the ground up. Focus on how a process should operate and not how it does, making full use of the latest technology available to help automate and streamline where possible.
This first step is the most important; more effort put in at the start will generate greater efficiencies at the end. The business should seek to work with its in-house technology experts or external suppliers to maximise the full potential technology can offer.
Step 2: Take your findings from Step 1 and begin defining controls that represent your company’s risk appetite and thresholds to mitigate risks to an acceptable level. Make sure appropriate governance is in place across the organisation to manage the risks, start to end.
Step 3: Add to your mix by changing the focus of your audit team. Build a culture of agility to deliver work as you go rather than at the end of three months. You can achieve this by taking your goal and carving it up into smaller audits or milestones.
Step 4: Equip your audit teams with the necessary skills and personnel to audit the refreshed control environment centred on technology. Experienced IT auditors with a background in general auditing can help you reduce the work required while increasing assurance coverage, all in a shorter space of time.
Step 5: To finish it off, add a layer of continuous monitoring that again takes full advantage of the refreshed control environment. Having access to real-time data across the organisation with a full transaction history will help focus your time and energy auditing relevant and imminent risks as opposed to assumed risk.
To reap the full benefits, the above steps will need time to embed within the organisation, it can take months or even a year to embed completely.
However, to accelerate the timeline and truly deliver more timely assurance, make sure responsibility for implementing the above calls on all parts of the organisation to work together. I believe only then can you wholly achieve more timely assurance.
Jagdeep Chaggar is a London member of ICAEW Council and a member of the internal audit department at Barclays, focusing on conduct, culture and governance. The views he expresses in this article are his own.
Liked this? Read these: