Quality in Internal Auditing


annette-cia-exam-blogger-circleAnnette is our first exam blogger from Namibia. She passed Part 1 and 2, and is working on the last part. This is going to be her 6th attempt for Part 3.

Who audits the auditor? That was one of my first question when I started working, but the answer I received was not satisfactory. Only more than 5 years later do I know from first-hand experience what it means to have quality internal audit work.

When I started working, quality of work started with audit planning and ended with reporting to clients. We had to use certain templates and our workings was diligently reviewed by the seniors. To be honest, I did not bother to do more than that. Working at a professional audit services firm is slightly different than having and working in your own IA department. You come with a scope, you test, you report, and later come back to follow up. But there is so much more!

I have been seconded to a client’s IA department for the last, at least, 4 months. Apart from assisting on completing the annual IA plan, I have been tasked to do a QAR (more a health-check) and help design and implement a QAIP (Quality and Continuous Improvement Program) as the IIA Standards 1300 recommend, in order to get ready for the next 5-yearly external assessment. By going through Standard by Standard and checking for conformance, I realised there is so much more to IA than only planning and execution of an audit. Often the Standards are not too difficult to implement, but it is the action that requires time, i.e. the alignment between Standards, between internal policies, even between the group entities.

So, I started to continuously check and read latest IIA Guidance. I use the new Implementation Guides to help me in implementation and how to demonstrate conformance to the Standards. At university we learned the Standard, but that was purely the definitions, the number and the title, the actual meaning and practical application was never thought. I am embarrassed to say that for the past 5 years I never went back to the Standards and applied them, it’s as if I have forgotten about them. Now they are my bible and I know what they mean.

Knowing the IPPF, does not only help me in doing my work well at this client, but gives me the opportunity to apply them within every IA task I do with every client and thus even aids me on the CIA exams. It has even sparked such an interest with me that I would love to pursue to become an external assessor and help many more clients in conforming to best practice and the IIA Standards.

My suggestion to you. Offer to do an informal health-check in terms of Quality Assurance in your department or client. You might be surprised how many Standards you don’t (or partially) conform to, or maybe you do but it is not documented well enough.

Note from Stephanie

Yes, it takes time for us to appreciate what we are doing — from just aiming to “complete the tasks” to caring about what we deliver and seeing our value to the clients. This realization sets apart the good auditors from the mediocre ones.

Secondment is a great way to look at things in another perspective. I am glad you have this opportunity!

Lastly, great suggestion! In a practical standpoint, I can imagine this to be quite helpful to the CIA exam as well 😉

About the Author Annette S

Hello, I was born, raised and have been working in Namibia as an internal auditor. I finally passed my CIA exam after 7 attempts on Part 3!

  • Khawaja Zia Dar says:

    Very helpful article. I have few more questions, if you can answer via email.

  • Eli says:

    Courage Annette, i passed part 1 and 2 easily and have been struggling with part 3 for ages. Make sure you don’t waste too much time on part 3 as your already passed parts may be cancelled by the IIA.

    Goodluck on your 6th attempt.

    • Annette says:

      Hi Eli,

      Thanks for the encouraging words. That is the dilemma – I have one try left before it all expires and I would have to start over again. 1 and 2 was also not too difficult.

  • >