Denis Lefort, CPA, expert-conseil en gouvernance, audit et contrôle, porte à ma connaissance un rapport de recherche de l’IIA qui concerne « les indicateurs de mesure de la performance des fonctions d’audit interne ».
Encore aujourd’hui, les indicateurs utilisés sont souvent centrés sur la performance en interne de la fonction et non sur son réel impact sur l’organisation.
Par exemple, peu de services d’audit interne évaluent leur performance par la réduction des cas de fraude dans l’entreprise, par une meilleure gestion des risques, etc.
On utilise plutôt les indicateurs habituels comme le taux de recommandations implantées, la réalisation du plan d’audit, etc.
Voici, ci-dessous, l’introduction au document de l’IIA. Pour consulter le rapport détaillé, cliquez sur le titre du document.
Bonne lecture. Vos commentaires sont les bienvenus
Measuring Internal Audit Value and Performance
In 2010, The IIA recognized a need to capture a simple, memorable, and straightforward way to help internal auditors convey the value of their efforts to important stakeholders, such as boards of directors, audit committees, management, and clients. To that end, the association introduced the Value Proposition for Internal Auditing, which characterizes internal audit’s value as an amalgam of three elements: assurance, insight, and objectivity.
But identifying the conceptual elements of value is only part of what needs to be done. How does that construct look in the workplace? What activities does internal audit undertake that deliver the most value? What should be measured to determine that the organization’s expectations of value are being met? How does internal audit organize and structure the information that populates the metrics? And, most critically, do the answers to all these questions align; that is, does internal audit’s perception of its value, as measured and tracked, correlate with what the organization wants and needs from the internal audit function? (Exhibit 1)
The Internal Audit Value Proposition
1. ASSURANCE = Governance, Risk, Control
Internal audit provides assurance on the organization’s governance, risk management, and control processes to help the organization achieve its strategic, operational, financial, and compliance objectives.
2. INSIGHT = Catalyst, Analyses, Assessments
Internal audit is a catalyst for improving an organization’s effectiveness and efficiency by providing insight and recommendations based on analyses and assessments of data and business process.
3. OBJECTIVITY = Integrity, Accountability, Independence
With commitment to integrity and accountability, internal audit provides value to governing bodies and senior management as an objective source of independent advice.
These are the kinds of questions the CBOK 2015 global practitioner survey posed to chief audit executives (CAEs) from around the world. The activities these CAEs believe bring value to the organization are consistent with the three elements of The IIA’s value proposition. In fact, the nine activities identified by CAEs as adding the most value can be mapped directly to the three elements, as shown in exibit 2
However, in looking at the performance measures and tools used by the organization and the internal audit function, a gap appears to form between value-adding activities and the ways performance is measured. This report explores that gap in greater detail and clarifies the respondents’ view of value-adding activities, preferred performance measures, and the methodologies and tools most commonly used to support internal audit’s quality and performance processes. Where appropriate, responses tabulated by geographic regions and organization types are examined.
Finally, based on the findings, the final chapter of the report provides a series of practical steps that practitioners at all levels can implement to help their internal audit department deliver on its value proposition of assurance, insight, and objectivity.
The Internal Audit Value Proposition (mapped to response options from the CBOK Survey)
- Assuring the adequacy and effectiveness of the internal control system
- Assuring the organization’s risk management processes
- Assuring regulatory compliance
- Assuring the organization’s governance processes
- Recommending business improvement
- Identifying emerging risks
OBJECTIVE ADVICE ACTIVITIES
- Informing and advising management
- Investigating or deterring fraud
- Informing and advising the audit committee