Audit client steadily over the past several years, requiring internal audit to increase its value delivery and become more relevant to day-to-day business. Yet practitioners often struggle to meet these expectations, as reported in a 2016 KPMG report, Seeking Value Through Internal Audit. Only 10 percent of the financial executives and audit committee chairs surveyed agreed that internal audit adequately identified and responded to emerging risks. Respondents indicated that audit results too often confirm concerns already identified by management instead of identifying new issues and emerging risks. Some chief audit executives have been quick to explore new service and delivery models that can provide value to stakeholders beyond assurance, leading to the development of advisory services and consultative reviews. But these efforts have not always considered how to improve existing audits.
To address this challenge, internal audit teams at German automaker Daimler have looked for ways to improve assurance services and tap into the unrealized value of its process audits. Although the annual audit plan offered numerous ways to increase value to the organization, internal audit sought to explore new ways to add value within the framework of existing audits. To identify and exploit new opportunities, the team launched a program called Signature Audits, aimed at increasing internal audits contributions during regularly scheduled client engagements.
LAUNCHING THE PROGRAM
The audit team introduced its Signature Audit methodology by first selecting an engagement that offered a suitable environment to pilot the concept. Daimler was poised to launch new technologies and services considered strategically important to the organization and monitored by top management. To identify unknown risks and potential workarounds to processes being implemented, an unconventional audit approach was required. The audit team needed to look beyond existing client policies and procedures to capture emerging risks and resolved to deploy audit techniques that are typically used less frequently during traditional processes. Practitioners used a hands-on approach that involved re-performance of controls or simulations such as mystery shopping--where the identity and purpose of the customer is not known by the group being evaluated.
In another type of simulation, two of the auditors created a fictitious account consisting of customer information from one auditor and bank account information from the other. The practitioners used this...