Value based Audit

Value based Audit

Value-based Audit – Value-added audit plan

Since I practiced the profession of internal audit nearly two decades ago and I have read books about preparing an internal audit plan based on risks and the advantages of this method, its importance, and its practical applications, but I have always been wondering is this the correct way to build the plan? … And is there a better way? … I was always asking myself the following question. If the definition of internal audit determines the objective of internal audit is to add value to the company and improve its operations, then why is the internal audit plan based on risks?!! Is it not the first thing that the plan that is prepared is a Value-based Audit rather than being based on risks??!

Certified Professional Internal Auditor – CPIA (USA)

In June 1999, the definition of internal audit was changed, where the term value addition was mentioned for the first time, and the goal of internal audit was defined as “adding value to the company and improving its operations.” Since then, the definition has not changed and we have not seen any books or articles talking about preparing an audit plan based on adding Value In this article, I present to you some ideas about the importance of preparing an audit plan based on adding value and moving away from the traditional method of preparing the plan or, as it is said, thinking out of the box.

Value-based Audit Term

Internal audit standards define the term value addition as follows: “Internal audit adds value to the organization (and stakeholders) when it provides an objective and relevant assurance and contributes to the effectiveness and efficiency of governance, risk management, and control processes.” The term value addition is not limited to internal auditing. Successful business management models are built on the basis that companies also add value to their products and services, in order to ensure continuity in achieving consumer and customer satisfaction and achieving a greater return for them.

The term value addition may be interpreted differently from one person to another. Some may see it as concerned with business development, while others see it as a limited traditional view, which is limited to presenting the results of examination and verification that have been completed. On the other hand, the change that took place in 1999 on the definition of internal audit replaced the goal of “examination and verification” to “add value and improve operations”, that is, it moved from a limited view to a broader view so that what is audited is viewed with the same view of the company in order to speak Auditing is in the same language that prevails in the company and is a part of it.

The evolution of internal audit maturity

Over the decades, the internal audit profession has evolved, and with it, the process of preparing the plan, the maturity of the process of preparing the audit plan has been directly linked to the method and approach of the audit followed. The following is a simple analysis of these stages:

Initial audit stage – Inspection-based Audit:

The audit practices in this stage are characterized by being directly dependent on simple auditing practices aimed at ensuring compliance with the standards that have been set without looking further, while the audit plan at this stage is very simple and depends on the volume of activities The company so as to cover all its activities and at this stage, the ability of the internal audit to influence the company is very limited.

Mature audit stage – Transactions-based Audit:

The audit practices at this stage are characterized by being directly dependent on reviewing the design of operations and ensuring the adequacy and effectiveness of controls, while the audit plan at this stage is characterized by being simple and dependent on the volume of operations and includes comprehensive coverage of operations. The company’s impact internal audit is limited to operations only.

The advanced audit stage – Risk-based Audit:

The audit practices at this stage are characterized by providing assurance on the effectiveness of risk management, as the plan is characterized by reliance on risk factors that affect the extent to which audit tasks are selected and prioritized, and at this stage the ability of internal audit to influence the company Much larger than the previous stage, but it is limited to the vision of internal audit only.

The advanced audit stage – Value-based Audit:

The audit practices at this stage “Value-based Audit” are characterized by a forward-looking and insightful approach, which is demanded by the new internal audit principles, so that the company’s success factors are relied upon to prepare the plan, provided that it also takes into account the risk assessment and does not rely on it only to be Prioritizing based on importance to the company and importance to internal audit. At this stage, the internal audit ability has a very large impact on the company, which can become trustworthy as a trusted advisor.

Risk-based audit plan

If you ask any professional internal auditor about the best ways to prepare an internal audit plan, the first thing that comes to his mind to answer your question is a risk-based plan, and although there is no unified way to build the plan, rather different practices that are similar only in the name, there is no The right way and the wrong way, but each method depends on jurisprudence and sometimes meeting the requirements of internal audit and stakeholders.

Perhaps the most influential in adopting the risk-based planning approach is the internal audit standards, as they were clearly defined within Standard No. 2010 related to planning that a risk-based audit plan must be developed, and I believe that Standard No. 2010 may not be compatible with the previous Standard No. 2000 related to the management of internal audit activity Which stipulates the effectiveness of internal audit to ensure value addition, so how can value be added if the audit plan is based on risks without taking into account the internal audit objective, which is to add value?!!….

Value-added audit plan

The internal audit plan is the cornerstone that determines the effectiveness of internal auditing or not. Choosing influential auditing tasks that serve the company and achieve the requirements of internal audit is one of the most difficult decisions that are taken by the executive director of internal audit.

The plan of Value-based Audit must take into account the activities related to value creation that encourage positive results as well as activities related to protecting and preserving value that limit negative events. Inspection, quality control, risk management, and compliance are examples of activities that protect value. In order to reach a comprehensive plan, it is necessary to balance within the audit plan between the activities that add value to the company and the activities that protect it. It is not necessary that the most dangerous activities are the most important to the company, as they are important for internal audits only. Here are the basic steps for preparing an audit plan based on value addition:

  1. Reviewing the company’s value-added strategy and considering it as one of the inputs to preparing the plan.
  2. Taking stakeholder opinion regarding identifying activities that add value to the company and activities that protect value.
  3. Defining the audit world and classifying it into value-adding and value-protecting activities.
  4. Dividing the audit world according to the type of assessment field (risk management, control, governance).
  5. Determine the factors on which audit priorities will be evaluated (the factors must take into account the importance of the company and the importance of the audit).
  6. Determining evaluation criteria for the factors that were relied upon in setting priorities.
  7. Taking the opinion of stakeholders regarding the method of preparing the plan and the factors that will be relied upon.
  8. Assessing the audit world, prioritizing audits, selecting audit assignments, and approving the plan.


In the end, I am convinced that a risk-based plan is necessary to identify audit priorities, but it is time to consider changing the traditional way of preparing the internal audit plan, which lasted for two decades, and moving a step forward towards achieving the main objective of internal audit, which is “adding value to the company and improving its operations – Value-based Audit” Moving to a new level of maturity may open the way for internal audit to be more influential.

Amazing Limited-time OFFER .. 6 Diplomas .. Only $115 ... ✅ SAVE 90% ✅
This is default text for notification bar