ISACA Now Blog

Knowledge & Insights > ISACA Now > Posts > Auditing and Knowledge Management

Auditing and Knowledge Management

Diana Hamono, Partner - Internal Audit, Governance, Risk and Assurance, Synergy Group Australia
| Posted at 3:11 PM by ISACA News | Category: Audit-Assurance | Permalink | Email this Post | Comments (1)

Diana HamonoHave you ever wondered what happens to all of that data, information and knowledge collected and created by internal auditors? Have you ever thought about audits you performed in the past; all that research, information gathering, development of findings, the useful collection of methods, questionnaires, test plans, etc.? Wouldn’t it be useful to share your learnings with your colleagues?

After 30 years in the internal audit profession, I have seen the data and information collection and sharing methods move from paper-based to electronic in various forms. I have seen new auditors enter the profession trying to learn about auditing, the techniques, technology, and the different methods of collecting and sourcing information, not to mention the best practices for writing the audit report. After learning about knowledge mapping and knowledge management systems, I applied this to developing an internal audit knowledge management strategy and blueprint for an internal audit knowledge management system.

To be a proficient internal auditor requires special skills, attributes, experience and knowledge; not all people have these or know where to find them. Most organisations are always searching for people with the right mix of skills, attributes and experience that could potentially evolve into highly proficient and valuable internal auditors.

In all organizations for which I have worked as an internal auditor, a range of existing complementary systems, tools and business processes have been considered in the design of the knowledge management system (KMS) to ensure a coherent information architecture is designed.

Auditors must collect necessary and sufficient information to produce a rational and comprehensive analysis; many auditors need to document appropriate evidence to explain and defend potentially adverse findings. All auditors require expert knowledge of governmental regulations, business norms and practices, and often generate new knowledge about the regulations, norms and practices that they examine during their engagements.

Because audit plans depend so heavily on the expertise of auditors, the quality and comprehensiveness of the information they collect, and the findings they produce, a systematic approach to knowledge management becomes critical to ensure the accuracy, efficiency and quality of audit engagements across all business disciplines.

Read this white paper about an audit team’s efforts to identify and map its knowledge, and then use that information to develop a knowledge strategy and knowledge management system. Discover how your team can also optimize the quality and management of its knowledge, leading to improved services to all clients.

Knowledge management is concerned with using to best advantage the knowledge and experiences that have been gained across an organisation. Three elements appear in a wealth of literature – data, information and knowledge – and a good understanding of these is the key to grasping the issues faced by many internal auditing organisations. Data is a series of discrete events, observations, measurements, or facts in the form of numbers, words, sounds, and/or images. In the internal audit arena, data can take many forms and can be unstructured or structured. An example of data used in internal auditing is a spreadsheet that contains accounts payable amounts, dates and vendors, purchase order numbers and so on. Information is the organised data that has been arranged for better comprehension or understanding – it has been endowed with relevance and purpose. An example of information used for an internal audit is a transcription of interview notes taken by an auditor after interviewing an auditee to extract pertinent information. One person’s information can become another person’s data. The knowledge that is used and generated by internal auditors can be thought of as a collection of specific data, specific and broad information sets, the skills attained, and experience in similar audit situations.

Being able to effectively manage not only the knowledge of individuals, but also the collective knowledge in the organisation, is crucial to the efficient and effective delivery of outcomes.

It should be noted though, that internal auditing is not a one-person job. Internal auditing requires collaboration and the integration of information and knowledge both from within the auditing organisation and from the auditee’s sources to enable a valuable outcome for all involved.

For an internal auditing organisation to benefit from the knowledge of its staff, it’s important to identify and map the knowledge that is needed to complete quality and efficient internal audits.


Auditing and Knowledge Management

I would highlight the white paper even more,especially the "Wheel of Knowledge".
Thomas797 at 6/24/2018 3:13 AM
You must be logged in and a member to post a comment to this blog.