CAE Briefing E23: 2019-11-03

The Chief Audit Executive (CAE) Briefing is now a FREE course for all CAEs. If you are the CAE in your organization, or you report to a CAE in a large organization, you may register for this course at: 

https://jasonmefford.mykajabi.com/offers/ezsxLzjQ

If you are NOT a CAE, this course is not for you.

Sign up to receive the CAE Briefing directly to you in-box at: http://meffordassociates.com/caebriefing/

I’ve had risk-based internal auditing on my mind for the last several weeks. Two webinars on the topic in two weeks, so this week’s video carries on some of the same theme.

If you are like most CAEs I talk with, you are still trying to improve your risk-based approach and have a lot of questions on how to really get there practically.

Fear not, I provided a lot of answers to the most common questions during the last two webinars I did.

Here are links to the last two webinar recordings:

https://ondemand.criskacademy.com/p/deeper-dive-risk-based-audit-approach-with-questions-and-answers-q-a/

https://ondemand.criskacademy.com/p/establishing-or-improving-a-risk-based-audit-approach/

Let me know what questions you have about risk-based internal auditing, so I can help answer more this next week.

00:00
welcome to another edition of the chief
00:02
out of the executive briefing hey if
00:05
you’ve been listening to me for a while
00:07
you know that I have been talking about
00:09
some of the challenges in the internal
00:12
audit profession and these are actually
00:15
real challenges that we’re seeing we’re
00:18
seeing them all over the world you know
00:20
about kind of this disconnect between
00:22
the value that we believe we’re
00:25
providing and the value that management
00:28
thinks we are providing and you know the
00:31
more that I think about it talk to
00:33
people and look back on my own
00:36
experience there’s a few things that
00:39
you’ll hear me continue to talk a lot
00:41
about and that is trying to move to
00:44
really be a trusted adviser and also to
00:48
take more of a risk-based internal audit
00:51
approach those two things will actually
00:55
help us take advantage of some of the
00:58
opportunities that these challenges are
01:01
presenting to our profession now I’ve
01:04
had risk-based internal auditing on my
01:07
mind a lot lately I’ve done two webinars
01:09
on that in the last two weeks and what I
01:13
find usually when I talk to people is
01:17
people kind of fall into three different
01:21
camps there’s the group that says you
01:24
know what we’re not even really trying
01:25
to do risk based internal audit right
01:27
now we’re just doing compliance work or
01:29
Sox work there’s a group that says you
01:32
know what we’ve really you know we’re
01:34
doing risk based auditing we’re fine but
01:37
then what I find too is there’s a lot of
01:39
people that think they’re doing it but
01:42
actually or not and what ends up
01:44
happening is when I start asking a few
01:46
questions to people they realize very
01:49
quickly that maybe their audit plan and
01:52
what they’re doing is not really as
01:55
risk-based as it should be
01:58
so included below I’ve got like I said I
02:02
just did two webinars on this in the
02:03
last two weeks one that kind of talks
02:06
generally about the principles of risk
02:08
based internal auditing because again I
02:11
believe that there’s some Mis
02:13
conceptions and myths that are out there
02:15
about it and as a result we’re kind of a
02:18
lot of people are going about it the
02:20
wrong way
02:20
and the second one is a deeper dive into
02:24
it where I really answer more questions
02:27
that people had so if this is an area
02:31
that you are trying to improve your
02:34
risk-based approach at your organization
02:38
I’d suggest that you go out and take a
02:40
look at it now some of the things that
02:42
we talked about in there relate to
02:44
things like emerging risks so a lot of
02:47
people are asking well how do I identify
02:49
or figure out what some of these
02:51
emerging risks are or the risks that are
02:53
kind of coming around the corner that my
02:56
organization hasn’t seen before
02:58
well I actually answer that in him those
03:01
webinars also talk a little bit more
03:03
about some of the process about
03:05
processes and about levels of risk and
03:08
categories of risk because again that is
03:11
one of the reasons why there is a
03:14
disconnect because often internal audit
03:17
is focusing on different levels or types
03:21
of risks that are completely different
03:24
than the ones that executive management
03:26
are really concerned about so take a
03:29
look at that there’s links down below
03:31
for that and as I said this has been on
03:35
my mind a lot you’re gonna hear me
03:37
talking a lot more about this but just
03:41
again wanted to make sure and get that
03:42
out there to everybody this week so I
03:46
hope you have a great week and I will
03:49
talk to you this next week