In an era when IT is embedded in almost every process, trying to audit operational, financial, and technology controls independently is not an efficient use of resources. Beyond the redundancy of effort, it results in fractured reporting to both the board and senior management. Yet many practitioners continue to use this fragmented approach, despite its numerous disadvantages. To add value and improve the organization's operations--as mandated by The IIA's Definition of Internal Auditing--audit functions should instead adopt an integrated audit approach.
Integrated auditing, as described in an IIA Practice Guide, refers to a holistic approach to internal audit engagement planning and execution that helps ensure all aspects impacting the quality or efficiency of a process are considered. The approach often requires auditors with different backgrounds and areas of expertise, at least during the planning phase, to identify all the risks and exposures that should be part of the audit engagement, including operational, financial, environmental, technological, and regulatory concerns.
Adopting an integrated audit approach focuses the chief audit executive (CAE) on developing auditors who can plan and perform engagements that consider any activity with the potential to prevent the achievement of organizational objectives. These integrated practitioners can provide an end-to-end understanding that includes policies, procedures, inputs, people, technology, outputs, environmental impacts, regulatory requirements, and more importantly their connection to organizational goals.
Integrated auditors, though, should not be expected to possess expertise in every...