Article

Agility and internal audit – four ways to do more with less

Nov. 18, 2020 · Authored by John Romano

Do more with less…and please, can you identify risk faster and provide more value? As a result of COVID-19 and the changing environment, including sustained work-from-home (WFH) arrangements, stakeholders are asking how internal auditors can address risks faster, be more efficient, use data analytics more effectively, and achieve internal audits’ mission and objectives with fewer internal audit resources. The ongoing challenge: do more with less.

Auditing during the pandemic while organizations transform faster to meet consumer demands is a challenge, but it also presents opportunities to the internal audit mission and function:

The challenges and opportunities above serve as examples. Look at the opportunities as approaches to answering these questions: How can we be more agile? Can we do more with less?

Implement these four quick takeaways to get started now:

Modify virtual meetings’ fit for the purpose, not fit for you.

In today’s environment, many of us experience an ongoing virtual meeting overload. As a result of COVID-19, internal auditor productivity (in some cases) has increased based on the number of meetings and connection points with management and key business owners. In other cases, the productivity has decreased due to lack of face-to-face contact. What once was a simple face-to-face conversation with the business owner or a team member is now a virtual meeting blocked on someone’s calendar for a half-hour -or –hour-long increment. Instead, fit the time for the purpose and be cognizant of other people’s time. Booking an hour for a meeting when you know will require only 30 minutes creates the “opportunity cost” for you and the member of management; both of you lose that additional time that could have been spent on another critical call or discussion.

Further, meeting purpose (including a defined agenda) has become increasingly vague. Ask yourself these questions when scheduling that default half-hour appointment block or the one (1) hour “walk through” with business owners.

1. Is this meeting to share information only (e.g., a status update)? If yes, would an email and use of team collaboration and sharing tools suffice?
2. Is the meeting to discuss information to obtain immediate feedback from your peers or understanding from a key business owner (e.g., a discussion on an approach to address a risk or a virtual walkthrough of a process with a business owner)? If yes, have you confirmed in advance you have the right people included in the meeting? Do you have too many individuals which may result in not achieving the objectives?