Francais | English

• home page
• sofrecom
• areas of expertise
• offers & services
• news
• publications
• careers & jobs
• partners
• contact

• RSS

10 key points for an efficient internal audit and risk management

1. Strong commitment of the C.E.O. towards “good governance”

Creating or professionalizing an audit division requires a clear commitment of the management and especially of the C.E.O.. It also implies reconsidering some habits.

2. Explicit audit charter for a wide internal diffusion of the audit culture

The audit charter details the scope and means of the internal audit. Therefore it must be explicit and widely communicated among all hierarchical levels, including operational levels. The charter must also ensure the respect of audited entities and individuals.

3. Audit guidebook containing all the tools required by international standards

The toolbox is vital because it determines the course of audit missions. It must fully comply with all business requirements and procedures: exhaustive thematic questionnaires, approach guidelines, launch letters, check-lists, storage methods, etc.

4. Reporting to the highest hierarchical level

An audit division has to assess the good governance in complete independency, beyond pressure and change resistance. Reporting to the highest level only can grant the audit division the necessary weight and credibility.

5. Competent and independent auditor teams

Recruitments and training are key: the technical skills of the auditors (knowledge of the audited context and processes) are of the same weight as their professional code of ethics.

6. Yearly risk assessment

In compliance with standards, a company’s risk map must be yearly updated according to the result of the various audits and analyses carried out.

7. Ambitious audit and risk management programme

This audit programme must tackle the main company’s risks, identified during the yearly assessment, in order to improve their control.

8. Materialisation by the audit division regarding the control of recommendations

Audit reports must be used to implement action plans. Audit teams must be attentive to the roll-out of their recommendations, in compliance with standards, and must regularly see that risks are under control.

9. Appropriate storage and use of audit reports, in compliance with international standards

Audit reports must be « auditable », transparent and easy to access. Credibility of the internal audit amongst statutory auditors, shareholders, financial analysts, possible investors… is at stake.

10. External certification of internal audit

Recognized certification is a key element for gaining credibility. External entity officially crowning the strict observance of the audit standards is a strongpoint for improving investors confidence and rating.

download the pdf version

publications

• dialogue
• crossed viewpoints
• success stories

dialogue

• key to success for telecom operators
• 10 key points for an efficient internal audit and risk management
• sales performance
• what are the strategic solutions to create value?
• segment to boost loyalty
• mobile operators what growth for tomorrow ?
• indirect distribution in Subsaharian Africa
• Increase customer knowledge through better data use