“What if the IPPF was a tender and the Standards were requirements?” is the title of the paper I wrote at the end of first edition of the “Master Class Internal Audit Essentials“, organised by the IIA-Belgium. I presented the paper at the end of the class.
Every tender or RFQ/RFP centres around the same topic
Over the years I have answered dozens of RFPs/RFQs related to audit software. The long list of questions (e.g. Can the software do this? Could a user do that?) was unique every time. However, in essence they were all centred around the same key question: Can this software support our audit department?
The IIA’s international standards
The Institute of International Auditors (IIA) has set forth the International Professional Practice Framework (IPPF) that contains 52 Standards that the internal audit activity should conform to. So, instead of answering questions in an RFQ, why not approach this from another angle? Let us consider how the software can support the Chief Audit Executive (CAE) and the audit department meet those 52 Standards in the IPPF.
Software of choice
Sepia Solutions specialises in expert GRC software since I started the company in 2010. Consequently, I have implemented Arbutus Analyzer and/or Pentana Audit in dozens of organisations of various sizes, in different industries. I gained extensive knowledge in those tools. Therefore, I used these tools as basis for the evaluation. That is, to what extent can those software products contribute to the audit department meeting the IPPF Standards.
Approach
IPPF to reusable framework
My first action was to convert the 52 IPPF standards into a framework in the Pentana library. This allows me to retrieve and use that framework within an “audit” to then score all the “tests”. These tests are based on the implementation guidance (i.e. “Considerations for demonstrating conformance”). The full paper explains this process in more detail.
Scoring levels of contribution
After evaluating the software’s features in relation to the standard, the score reflects the level of contribution the software can make to meeting this standard.
The potential scores, or levels of contribution, were defined as illustrated.
I also include more details as to “how” this contribution can be made for each of the individual tests/standards. In fact, this approach is very similar to answering an RFQ/RFP. Hence the paper’s title: “What if the IPPF was a tender and the standards were requirements?”
Summarising test results
The IPPF standards have no documented hierarchical structure. Each standard seemingly has the same weight or importance. Nevertheless, it does seem that each series of 100 centres around a specific topic. So, for sake of brevity, I summarise the test results in “observations” or “findings” for each series. A large portion of the paper is based on that level of detail.
Reporting on the results
During implementations of the Pentana Audit software, it is a standard step for me to automate audit reports, or other types of report based on information in the database. This skill served me well in designing a report that extracts the individual test results (contributions) and the findings (summary) into a very structured format. Chapter 2 (“Contributions to IPPF standards”) in the paper is exactly that report.
Results
Even before starting working on the paper, I was convinced that the software of choice (i.e. Arbutus Analyzer for data analysis and Pentana Audit for audit management) would make significant contributions to the audit activity. This, of course based on my experience implementing these software packages since 2010. However, even I was surprised to see how much contributions could be achieved not only in the 33 “Performance standards”, but also in the 19 “Attribute standards”.
Conclusions
What if the IPPF was a tender and the Standards were requirements? Well, I can confidently state that the combination of aforementioned software can make significant to major contributions to over 60% of the IPPF standards. Or even 75% when only considering the performance standards.
Specialised audit software can make significant contributions to over 60% of the IPPF standards.
Alain Rousseau
Disparities
If audit management software like Pentana Audit and data analysis software like Arbutus Analyzer can be of such benefit to the audit profession, then why are so many audit departments still not using such specialised software? The paper shares a few thoughts on that too.
A challenge to the audit professional
I challenge any audit professional to do the same test as I did: to score the tools used within the audit team in terms of how those tools make contributions to conforming with the IIA’s standards. Especially, consider how much of the features offered by those tools are specifically designed to support the audit activity.
A challenge to the CAE
I challenge any audit professional to do the same test as I did: to score the tools used within the audit team in terms of how those tools make contributions to conforming with the IIA’s standards. Especially, consider how much of the features offered by those tools are specifically designed to support the audit activity.Trivia
Finally, the paper ends on a lighter note with some thought-provoking statistics and quizes. Some examples:
- What is the longest word encountered in the standards?
- How often is CAATs mentioned in the standards?
- How often is “professional judgement” mentioned in the standards?
Request your copy of this paper
If you are interested in discovering what expert audit software has to offer and how it may increase the level of professionalism and efficiency of the audit department and may support meeting the standards, this paper may be a good start.
Were you already considering the implementation of data analytics or audit management software? Then the results of this study may not only support that decision but also point you to areas (i.e. standards) which you hadn’t expected to be affected by that project.