The Three-Part Approach to Closing the Audit Plan

In our personal and professional lives, the end of the year is a great time for introspection and goal setting. Putting time aside to see what worked, what did not, and how to improve can set the stage for a great year ahead.

Typically, auditors have this moment of reflection built in through the use of an annual internal audit plan. By mapping out guidelines for the upcoming year, auditors can plan for risk, and by reviewing that plan at the end of the year, they can find tangible areas of improvement.

Still, effectively closing the audit plan and landing on specific action items to pursue can be a challenge. Follow these three steps to close this year's audit plan and prepare for next year.

1. Analyze audit performance and communicate results

As stated in the International Professional Practices Framework from the Institute of Internal Auditors, the purpose of the internal audit function is to "provide independent assurance that an organization's risk management, governance, and internal control processes are operating effectively." In doing so, it helps companies save money and minimize risk.

Accordingly, the first component of a successfully closed audit plan is to analyze its success.

Ask yourself these questions to assess the success of your audit plan:

• Did we do what we said we were going to do?
• Were we able to do more with the plan than we had in the past?
• What did we accomplish? What did we fail to accomplish?
• What were the findings we provided to management? Did they help mitigate risks?
• How were we able to provide foresight vs. hindsight?

To further evaluate the performance of your plan, leverage a balanced scorecard audit. The scorecard provides a balanced view of metrics and key performance indicators (KPIs) that highlight areas that effective strategic risk management can assist.

These metrics and KPIs commonly include staff utilization, cost-to-serve, report timelines, operating budget vs. spend, planned vs. actual hours, and engagement surveys. According to the 2017 Audit Technology Capabilities and Needs Assessment survey, half of internal audit teams surveyed are not currently leveraging a balanced scorecard or quality assurance review (QAR) for process improvement.

2. Evaluate the effectiveness of the audit plan and how results were achieved

The performance of your audit plan is only one component of the issue. If your plan performed well, but you are not sure precisely how it achieved the results you set out to attain, there is a significant gap of important information. In addition, replicating that success next year will be a challenge.

To evaluate the effectiveness of your audit plan alongside its performance, ask yourself these questions:

• How did we get to these results? What path did we follow?
• Did we work in part with the business?
• Are our audit activities aligned with our internal audit standards?
• Did we perform our audit plan in accordance with IIA standards?

3. Identify how the current audit plan impacts next year's plan

Closing a yearly plan does not mean one book is shut and another is open. Rather, it means another chapter has opened. Everything that happened this year can and should influence next year's trajectory.

To identify how your current plan will impact your next plan, ask these questions:

• What lessons did we learn this year that can apply to the next plan?
• Which processes, if any, can be streamlined by switching to a quarterly audit plan?
• Does our auditing apply to key risk?
• How are we able to shift as our business moves or emergencies arise?

The case for a quarterly audit plan

I have a contrary—maybe radical—opinion about closing the audit plan: for many organizations, approaching an audit plan on a yearly basis may not be the best approach. Traditionally, these yearly audit plans are rigid, which can put internal auditors in a difficult position when emergencies arise. Instead of anticipating changes, they must react to them and shift priorities around.

By changing the focus from year-end to quarter-end, internal auditors can more accurately anticipate risk and have clearer foresight for important, business-defining decisions.

If the prospect of quarterly audit plans sounds daunting, technology can help companies fill in the gaps. With a work management platform that helps highlight blind spots and automate processes, internal audit teams can focus on the big-picture issues that make their organizations work.

To identify and prioritize various risks, many companies employ a risk assessment matrix. Find out how to make it work for your audit processes.

Whether you adopt a rolling quarterly process or stick with the traditional annual program, take advantage of the three steps outlined in this blog to close out this year and jump-start the audit planning process for next year.