I often think of an internal audit as a helpful check-up – it's a great time to find areas that may be problematic before they become a big problem. Having had some very favorable internal audits and a couple of very bad ones, I’ve experienced a lot of different scenarios.
An internal audit of third party risk management is very important. I've seen organizations where the audit schedule does not include a review of third party risk management and I believe that’s an unfortunate oversight. While there’s certainly the need to focus on large operational areas and compliance with various laws and consumer protection regulations, there’s also a need to put some attention on third party risk management.
Why Do You Need to Perform an Internal Audit?
Undergoing an internal audit sounds like extra work. Here are a couple reasons why you need to do it though:
- Third party risk management and cybersecurity are getting a lot of attention, putting even more focus on these areas during exams.
- There’s an obligation to protect the organization and your customers and an audit is an opportunity to identify issues proactively.
8 Keys to Success During an Internal Audit
Here are 8 keys to help you with an internal audit:
- Make sure you understand the scope and purpose of the internal audit. If there are items you’re unsure of, be sure to clarify things prior to the opening meeting.
- Make sure prior audit recommendations and findings have been addressed. It can be very painful if you discover repeat issues.
- Communicate frequently with the audit team. Encourage the same open-door policy with members of your team in order to stay informed and abreast of any issues.
- Clarify any misunderstandings or areas where items may be open to interpretation. Sometimes auditors are looking for a strict interpretation.
- Be prompt and courteous. It can be a very difficult balance to manage running your daily business along with an ongoing audit but do your absolute best to treat the auditors as you want to be treated and set realistic expectations around response times.
- Be responsive to questions and issues as they arise.
- Insist on regular meetings and updates. It shouldn’t be just opening and closing meetings, but instead interim updates on a regular basis throughout.
- Finally, remember you're all on the same team and have the same goals in mind such as following the policy and guidance, protecting and improving the organization and its processes and delivering compliant products and services to your customers.
Audits, like an annual medical check-up, can be scary, but they are very necessary and can ultimately help address small issues before they become big problems.
If you do the above well, you’re putting your best foot forward come audit time. To help you through the process, download our helpful checklist now.