What is Internal Auditing?
According to the Institute of Internal Auditors (IIA), internal auditing is: “An independent, objective assurance and consulting activity designed to add value and improve an organization’s operations.” It helps an organization accomplish its objective by bringing a systematic and disciplined approach that evaluates and improves the effectiveness of risk management processes.
Cost-Effective Internal Auditing
For internal auditing to be cost-effective, a goal for all companies, two questions should be asked in each situation:
- What delivery model is best suited for us?
- What should our total internal audit investment be?
These two questions are interrelated, and the answers of one will impact the other.
What Delivery Model is Best Suited for Us?
Many companies utilize varying resourcing options to help deal with this dilemma. Resourcing models can involve hiring an inside team, known as “insourcing,” hiring an outside provider or vendor, known as “outsourcing,” or utilizing a hybrid model of both, known as “co-sourcing.”
The Insourcing Model
The auditors work internally under the organization. Such an audit function is usually managed by an in-house manager.
The Outsourcing Model
The auditors work for an outside organization, which has been contracted to work for the current organization. The organizations that utilize this method often don’t have the necessary skill set available internally or the training or methodologies to develop the skill set come at too high a cost.
The Co-Sourcing Model
This model can be a structured approach to suit the needs of a company with an existing internal audit department which faces a range of different challenges. This can be developed using several alternatives under the co-sourcing model including strategic sourcing or partial outsourcing.
What Should Our Total Internal Audit Investment Be?
In an organization’s service budget, the estimation and budgeting for internal audit cost is (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Ifeanyi Egede. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/z9UPC_0SN1g/