TFL Vsebine / Revija SIR*IUS

Policies for better penetration of internal audit

Notranje revidiranje lahko doseže ustrezno prodornost le na podlagi izbire in izvedbe posameznih poslov, ki bodo visoko na prednostni lestvici poslovodstva. Takšen izbor bo zahteval njegovo vključevanje v poslovodske odločitve v povezavi s postavitvijo okvira sprejemljivega tveganja. Glede na skromne zmogljivosti notranjega revidiranja v posamezni organizaciji bo ta zahteva pogojevala prepoznavanje in prehod na tisto raven dozorelosti notranjega revidiranja, ki jo je možno v trenutnih razmerah tudi doseči. Šele ob takšnem izkoriščanju obstoječih virov bo možno izvesti primerno prednost revidiranja ter tudi izbrati ustrezne strokovne rešitve pri izvedbi posla, ki bodo poudarjale vsebino pred obliko revizijskega procesa. Možna bo proaktivna obravnava perečih tekočih tveganj v sodelovanje s poslovodstvom in s tem primerno zapiranje vrzeli negotovosti s strateškimi, taktičnimi in operativnimi rešitvami. To bo dejansko pomenilo, da bo morala notranja revizija iz procesa obvladovanja tveganj vstopiti v ostale procese delovanja organizacije. Register tveganj bo postal opomnik in ne končni namen, področja revidiranja bodo sledila tekočim potrebam, in ne zgolj preteklim izkušnjam.

Internal auditing can achieve adequate penetration only on the basis of the selection and execution of individual engagements that will be high on the scale of the management’s priorities. Such selection will require the inclusion of internal auditing in the management’s decisions regarding the frame of acceptable risk. Given the current modest capacity of the internal audit in an organization, such tasks will require the recognition and appropriate positioning of internal audit at a level of maturity that can be achieved in the given situation. Only with such utilisation of the existing resources, internal audit will be able to implement the appropriate priority of auditing, and to choose the adequate professional solutions in the performance of engagements, which will emphasize substance over form in the audit process. This will also enable proactive addressing of current pressing risks in the cooperation with management, and appropriate closing of the gaps of uncertainty with strategic, tactical and operational solutions. This will actually mean that internal audit will not only deal with the process of risk management, but will rather enter into all the processes of the organization’s operations. The risk register will become a reminder and not the ultimate purpose, the scope of auditing will follow the current needs and not just previous experience.