ISACA Journal Author Blog

ISACA > Journal > Practically Speaking Blog > Posts > Adding Audit Value

Adding Audit Value

Ian Cooke, CISA, CRISC, CGEIT, COBIT Assessor and Implementer, CFE, CPTE, DipFM, ITIL Foundation, Six Sigma Green Belt, Group IT Audit Manager, An Post
| Published: 9/10/2018 3:02 PM | Category: Audit-Assurance | Permalink | Email this Post | Comments (0)

Ian CookeOne of my favorite, if not my favorite, novels is Let the Great World Spin by Colum McCann. The book is centered around Philippe Petit's 1974 high-wire walk between the Twin Towers of the World Trade Center. There is a poignant scene in the book when a mother who has just lost her son, a solider, looks out her window, sees the walk in progress and reacts with disgust—how dare he risk his life in that manner—my son is dead! However, from Petit’s point of view, this is what makes him feel alive (as his TED Talk demonstrates). This is his passion, this is what he values. Value means different things to different people, depending on their perspective.  

Similarly, according to James Roth, the definition of "value added" can vary considerably from one audit department to the next. For many practitioners, this phrase describes audit work that helps management improve the business, rather than assignments that simply verify compliance with policies and procedures. For others, the opposite meaning may apply.

However, despite the significant diversity in their specific practices,  Roth has observed remarkable similarities in certain key areas among best practice audit departments. These audit shops form a collective profile with the following 5 value-adding characteristics:

  1. Extensive staff expertise
  2. A challenging work environment (for audit staff)
  3. Organizational alignment
  4. Participative, qualitative, real-time risk assessment
  5. An array of audit services (including process audits)

I discuss 2 of these characteristics in my recent IS Audit Basics column in the ISACA Journal Add Value to What Is Valued.” Specifically, (a) achieving organizational alignment by following the COBIT 5 goals cascade or, where this is not in place, mapping upward from processes to generic IT and enterprise goals that the organization can then review from a value perspective, and (b) auditing the processes that add this value horizontally across the enterprise using the generic COBIT 5-based assurance engagement approach.

Read Ian Cooke’s recent Journal article:
Add Value to What Is Valued,” ISACA Journal, volume 4, 2018.


There are no comments yet for this post.