case study for auditing

For Vendors

277 audit case studies from 262 enterprises by 2024.

• 277 use cases in 26 industries
• 14 business processes in 9 business functions
• Implementations in 262 companies in 29 countries
• Growth over 10 years
• 19 vendors which created these case studies

Which industries leverage audit?

The most common use case of audit is Financial services which is mentioned in 17% of case studies.

The most common industries using audit are:

• Financial services
• Manufacturing
• Food / Beverages

Which business functions leverage audit?

The most common business function of audit is Technology which is mentioned in 29 case studies.

Most common business functions using audit are:

Which processes leverage audit?

The top process reported in audit case studies is Change management.

Most common business processes using audit are:

• Change management
• Financial risk management
• Operational risk management
• Contract management
• Sales operations
• Sales performance management
• Incident management
• Financial planning & analysis
• Cash management
• Earnings Call Preparation
• Customer onboarding
• Absence management
• IT service management
• Credit appraisal

What is the geographical distribution of audit case studies?

Click on the countries with links to explore how that country’s audit market is structured including top vendors, case studies etc.

Countries that use audit most commonly are listed below.

• United States of America
• United Kingdom

What are audit’s use cases?

The most common use case of audit is compliance which is mentioned in 36% of case studies.

What are audit’s benefits?

The most common benefit of audit is time saving which is mentioned in 31% of case studies.

How are audit case studies growing?

Growth by vendor.

Leading vendors in terms of case study contributions to audit are:

Growth over time

Years in which the;

• The first case study in our DB was published: 2011
• Most audit case studies have been published: 2020
• The highest increase in the number of case studies was reported vs the previous year: 2020
• The largest decrease in the number of case studies was reported vs the previous year: 2021

Comprehensive list of audit case studies

AIMultiple identified 277 case studies in audit covering 5 benefits and 277 use cases. You can learn more about these case studies in table below:

Our research on audit software

If you want to learn more about audit software, you can also check our related research articles that can assist you in your decision:

Accounting and Business Consultants, LLC | 800-930-2923

Case Studies

Case study #1, sox compliance – auditing expertise and resources provided to a pharmaceutical company.

An SEC-registered pharmaceutical public company and large accelerated filer with revenue increases from approximately $150 million to $600 million in 3 years required additional internal auditing expertise and resources to meet new and changing compliance and internal control requirements. READ FULL STUDY >>

Case Study #2

Merger and sap implementation – accounting expertise, resources and an interim controller required by an electronic material manufacturer in the electronics industry.

A manufacturing company with significant revenue growth over several years and approximately $500 million in revenue was implementing an SAP system and required additional accounting resources and an interim controller during the implementation project and after.  READ FULL STUDY >>

Case Study #3

Sap implementation – accounting resource and project management leadership for a medical imaging products manufacturer .

A privately held US manufacturing company of medical imaging products with approximately $1 billion in revenue with offices in Delaware, Europe, Australia and Japan was implementing SAP and required an interim management resource to assist with the FI module configuration and testing and with project management of the implementation and training efforts in Sydney, Australia.  READ FULL STUDY >>

Case Study #4

Internal controls expertise, training and project planning for an oil company.

An African oil company with approximately $12 billion in revenue and multiple subsidiaries wanted to provide in-house training to approximately 50 key accounting and audit executives and managers. The Company also required assistance developing a Company-wide internal control project implementation plan.  READ FULL STUDY >>

Case Study #5

Outsourced sox compliance and internal audit expertise for a real estate management company.

An SEC-registered real estate public company with approximately $15 million in revenue required outsourced internal auditing expertise to handle all compliance and internal control requirements. The company had limited accounting personnel and required best practices in implementing COSO and control monitoring solutions.  READ FULL STUDY >>

Case Study #6

Implementation of it policies, procedures, and controls for a pharmaceutical manufacturing company.

A public company in the pharmaceutical industry experienced significant growth over several years and required enhanced IT policies and procedures and adoption of a security and availability controls framework.  READ FULL STUDY >>

Case Study #7

Soc 2 audit for an it managed services provider.

A large customer of an IT service organization providing outsourced managed services required an SOC 2 audit. READ FULL STUDY >>

Case Study #8

It sox controls documentation for european pharmaceutical company.

A large privately owned European pharmaceutical company with over $3 billion in revenue and limited experience with SOX compliance in the USA required audit expertise to document IT controls relative to IT operations for a division being purchased by a US company. READ FULL STUDY

Case Study #9

Reconciliation project leadership, expertise and resources provided to a nationwide bank.

A large public company financial institution with over $11 billion in assets and approximately $800 million in revenue had a breakdown in reconciliation procedures for automated processing of transactions by an outsourced processor. The Bank required expertise and resources to resolve control weaknesses and investigate unreconciled prior year processing errors and irregularities.  READ FULL STUDY

Case Study #10

Sox and internal control project management leadership and resources provided to an energy company.

A large public energy company with $6 billion in revenue and multiple subsidiaries was required to document and implement internal controls throughout the company and at various locations for Sarbanes Oxley (SOX) requirements.  READ FULL STUDY

Case Study #11

Audit expertise and resource for a regional water company.

A local public water company, with $77 million in revenue and $431 million in assets, acquired property and certain equipment pursuant to an acquisition agreement with a local municipality. Management required an independent auditor to perform steps to ensure certain aspects of the agreement were adhered to and reports provided were reliable.  READ FULL STUDY

Case Study #12

Compliance assistance and resource provided to a world wide bank operating in delaware.

A worldwide bank with operations in Delaware required assistance with strategic planning and research efforts relating to compliance with the Community Reinvestment Act (CRA). The Delaware bank has assets approximating $28 billion and interest and other revenue of $2.8 million.  READ FULL STUDY

Case Study #13

Outsourced sox services provided to an sec public company.

An SEC-registered public company on the verge of bankruptcy required outsourced internal auditing expertise to handle all compliance and internal control requirements. The company had limited resources and accounting personnel and required an efficient approach to ongoing Sarbanes Oxley (SOX) Compliance efforts.  READ FULL STUDY

Case Study #14

Document procedures, risks and controls for a manufacturing division of a large public company. assist with accounting for carve out transaction.

A large public company helicopter manufacturing division with limited accounting and compliance personnel was required by its corporate headquarters to document procedures for business processes and to identify financial reporting risks and controls in those processes. At the same time, management required assistance in carving out a line of business for a sale transaction.  READ FULL STUDY

Case Study #15

Special projects and reconciliation specialist for a nationwide bank.

A large public company financial institution required an audit and reconciliation specialist to lead various special projects and reconciliation efforts throughout the bank.  READ FULL STUDY

Case Study #16

Provided internal controls expertise, leadership, and resources to a full solution security services company.

A public company and nationwide provider of full solution security services and revenue approximating $140 million required expertise, leadership and resources to implement the May 2013 COSO Framework, assist the company in documenting its risk assessment, enhance business process documentation and controls, including IT and entity level controls, and to assist in developing ongoing monitoring plans and separate evaluations. READ FULL STUDY

Contact Us Now

Send a message through our website and we'll be in touch soon.

Contact Us »

SEND US A FILE

Use our secure file sharing system to safely send us your files

Send File »

CLIENT CASE STUDIES

We've helped many businesses just like yours with controls and compliance.

Learn More »

Case Studies

Login to favorite

A collaborative effort of the Anti-Fraud Collaboration, these case studies are educational tools for all members of the financial reporting supply chain, as well as students. Participants in case study teachings start with a hypothetical scenario about a fictional company dealing with a fraud. Guided by an instructor, they then discuss what could have been done to address the situation.

Browse Resources

Comment Letter

Meeting Highlights

Publications

More Collections

Access to audit personnel grant program, audit committee, audit committee insights, audit committees, audit quality, audit quality indicators, auditor reporting.

Auditors & ESG Information

Audits of Brokers and Dealers

Caq symposium, classroom and training resources, collective action in the fight against fraud, connecting auditors and academics, cybersecurity, diversity and inclusion.

Effective Disclosure

Emerging Technologies

Ensuring reliability, quality, and independence in public company audits, fair value accounting, future talent, independent standard setting, international practices task force inflation discussion documents, international practices task force meeting highlights, mandatory firm rotation, policymakers, public policy & technical alert, research advisory board grant program, risk assessment panel discussion, role of the auditor, sarbanes-oxley, sec regulations committee highlights, snapshot alert, the caq at aaa, the future of corporate reporting, the value of auditor independence, transparency of audits, video vignettes.

The CAQ, in connection with the Auditing Section of the AAA, established a program designed to facilitate accounting and auditing academics’ ability to obtain access to audit firm personnel to participate in their research projects.

EXPLORE MORE

Publications 04.05.21

Fraud and Emerging Tech: Artificial Intelligence and Machine Learning

Comment Letter 02.01.21

IAASB: Discussion Paper, Fraud and Going Concern in an Audit of Financial Statements

Publications 01.12.21

Mitigating the Risk of Common Fraud Schemes

Policymakers across the globe increasingly recognize the vital role of audit committees and their importance to audit quality. In close collaboration with partner organizations, the CAQ is actively engaged in policy developments related to audit committees.

Newsletter 03.24.23

Audit Committee Insights | March 2023

Publications 03.22.23

Audit Quality Reports Analysis: A Year in Review

Video 02.28.23

Audit Committee Effectiveness: A Webinar Series

Audit Committee members are an essential component to the health of our financial reporting ecosystem and capital markets. While our economy is constantly evolving, so is the role of audit committee members. Policymakers, investors, and other leaders across the globe increasingly recognize the vital role of audit committees and their importance to audit quality. In close collaboration with partner organizations, the CAQ is actively engaged in developments that impact audit committees and provides valuable resources, current policy information, and tools to support audit committees with their responsibilities.

Auditors are highly skilled at adapting and problem solving, without sacrificing the audit quality on which our capital markets and investors depend. It is no surprise that under unprecedented circumstances, long-term investments in training and technology enabled the profession to quickly transition to remote work. Many factors lead to a quality audit, but a combination of auditor expertise and independence coupled with constant innovation and technology bolsters the level of trust and confidence in company financial statements and forms the basis of audit quality—and, therefore, value to capital markets.

2021 Audit Committee Transparency Barometer

Auditor Independence: A Cornerstone of Audit Quality

How Audits Support Capital Markets

The CAQ has been at the forefront of the movement to develop quantitative and qualitative metrics regarding the audit—commonly referred to as audit quality indicators (AQIs)—that could be used to better inform audit committees about key matters that may contribute to the quality of an audit.

Publications 11.30.22

2022 Audit Committee Transparency Barometer

Engaging constructively with policymakers and key stakeholders, the CAQ and its members have made substantial and practical contributions to ongoing efforts to enhance information presented in the auditor’s report to investors and other users.

Newsletter 01.07.21

Public Policy and Technical Alert, December 2020

Alert 12.07.20

Public Policy and Technical Alert, November 2020

Auditors play a key role as independent gatekeepers in the financial reporting ecosystem that underpins confidence in capital markets. Auditors build trust and confidence in information through the assurance services they provide. The auditing profession has steadily developed, systemized, and strengthened this trust and confidence-building role in providing assurance related to company financial statements and internal control over financial reporting. While auditors will continue the essential work of auditing historical financial statements, they can also bring their ability to enhance trust and confidence in other types of data and information issued by companies.

The Role of Auditors in Company-Prepared ESG Information: A Deeper Dive on Assurance

The Role of Auditors in Company-Prepared Cybersecurity Information: Present and Future

The Role of Auditors in Non-GAAP Financial Measures and Key Performance Indicators: Present and Future

Lending trust and credibility to ESG information.

Comment Letter 06.17.22

SEC Proposed Rule: The Enhancement and Standardization of Climate-Related Disclosures for Investors

Video 03.07.22

ESG Reporting 101: What is ESG assurance and why does it matter?

CAQ Commentary on SEC Climate-Related Disclosure Proposal

Alert 12.07.21

Audit Planning Alert for Auditors of Brokers and Dealers

Alert 08.27.19

CAQ ALERT #2019-01 – PCAOB REPORT ON 2018 INSPECTIONS OF BROKERS AND DEALERS

Alert 08.22.18

CAQ Alert #2018-04 – Broker’s and Dealer’s Use of a Service Organization

The Annual CAQ Symposium brings together practice leaders and audit research scholars for a discussion of important issues and an exploration of how research can inform those issues. On the pages for each event, find videos, summaries, and panel participants.

CAQ Symposium 2022

Video 10.28.21

What’s happening in ESG reporting & assurance today? Top 5 Takeaways from CAQ Symposium 2021

CAQ Symposium 2021

The CAQ creates educational videos that can be used in the classroom or as training resources. Available videos include a “Video Vignettes” series that provides a view into the types of conversations that take place during an audit. Videos also include classroom-ready excerpts derived from an expert panel at a CAQ event.

Publications 01.17.23

2023 Profession Outlook

Publications 03.07.22

Demonstrating the Value of Public Company Auditors

Statement 11.03.21

Statement of Support for the International Sustainability Standards Board (ISSB)

Strong fraud deterrence and detection requires all participants in the financial reporting ecosystem to exercise extreme vigilance. In a heightened risk environment regulators, internal and external auditors, audit committees, and public company management must work together to effectively detect and deter fraud.

Since its inception, the CAQ has sought to improve audit quality by increasing engagement between auditors and the academic community by fostering independent research related to the public company auditing profession.

Audit firms, standard-setters, regulators and the CAQ are developing a growing number of resources to help auditors, investors, management and audit committees understand the impact of the COVID-19 pandemic on financial reporting and oversight, and the CAQ is working to curate and distill that information for you.

COVID-19 11.09.20

Anti-Fraud Resources

COVID-19 10.06.20

Auditing Profession Resources

COVID-19 06.19.20

Audit Committee Resources

Cybersecurity threats are complex and an evolving issue with serious implications for public companies, their boards, investors, and other stakeholders, making it critical that the public company auditing profession does their part to support companies, boards, and others in addressing such threats.

Publications 06.27.22

Audit Partner Pulse Survey, Q2 2022

Comment Letter 05.09.22

SEC: Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure

Bold Ambition

Accounting+

Video 10.19.21

Profession in Focus: Diversity in Focus with Elena Richards

The CAQ is a prominent voice in the discussion about effective financial disclosures. Convening key investor and financial groups, the CAQ has developed concrete recommendations on ways to facilitate investors’ access to meaningful information.

Comment Letter 11.25.19

SEC: Update of Statistical Disclosures for Bank and Savings and Loan Registrants

Comment Letter 07.29.19

SEC: Amendments to Financial Disclosures about Acquired and Disposed Businesses

Video 11.20.18

Audit Committee Reporting – Leslie Murphy

Emerging technologies are altering the financial reporting environment substantially, and this change is accelerating. For auditors and others in financial reporting, the CAQ provides insights on the benefits and risks of technology developments.

Publications 05.16.19

Emerging Technologies, Risk, and the Auditor’s Focus: A Resource for Auditors, Audit Committees, and Management

Publications 01.12.20

Fraud and Emerging Tech: Robotic Process Automation

Video 04.09.19

Evolution in Auditing

The CAQ is dedicated to enhancing investor confidence by supporting the public company auditing profession every day to improve audit quality and enhance auditor independence, creating a solid foundation of financial reporting that benefits investors in the United States.

2020 Audit Committee Transparency Barometer

Audit In Action

The CAQ has engaged on the issue of fair value (or mark-to-market) accounting, regarding both its usage broadly in the markets and in the context of auditing fair value measurements.

Alert 03.02.18

Public Policy and Technical Alert, February 2018

Publications 03.12.09

CAQ Testimony: “Mark-to-Market Accounting: Practices and Implications”

Meeting Highlights 06.12.97

June 1997 IPTF Joint Meeting Highlights

Are you purpose-driven? Are you a natural problem solver with an unquenchable curiosity? Are you fascinated by the inner workings of companies and financial markets? Then a career in audit may be right for you.

Video 10.05.20

Profession in Focus: A Conversation with EY’s Ken Bouyer on Inclusiveness Recruiting

Making It Balance

Robust internal control over financial reporting (ICFR) is a keystone of investor confidence. The CAQ has advanced the discussion around ICFR and produced a range of resources on the issue.

Perspectives on Management Review Controls: Challenges and Solutions

Alert 05.01.20

Public Policy and Technical Alert, April 2020

Alert 02.07.20

PUBLIC POLICY AND TECHNICAL ALERT, JANUARY 2020

In an increasingly interconnected global economy, market participants are considering whether it is possible or desirable to move toward a more uniform global “language” for financial reporting. As the discussion has taken place around International Financial Reporting Standards (IFRS), the CAQ has been an active voice.

The CAQ has been outspoken against policy provisions that would interfere with the independence of the accounting and auditing standard-setting processes.

The CAQ works to increase investor trust in the capital markets by promoting and developing high-quality performance from the public company auditing profession. A cornerstone of our strong U.S. capital markets is the trust investors place on audited financial statements when making critical decisions. Our resources provide information for investors on developments in the auditing profession, oversight and governance of public companies, and leading practices in the field of audit.

Publications 12.08.21

Value of the Audit

The CAQ has been a leading voice on the issue of mandatory audit firm rotation, which has significant implications for investors, audit committees, public company auditors, and the markets.

Comment Letter 12.14.11

PCAOB: Concept Release on Auditor Independence and Audit Firm Rotation

Comment Letter 02.14.14

ISS: Consultation Document on Auditor Ratification

Keeping CAQ members and stakeholders informed on significant public policy and accounting matters.

The CAQ and the public company auditing profession are dedicated to supporting valuable independent academic research that can have important, real-world impact on audit quality and the future of auditing.

The panel discussion videos are short excerpts from a CAQ event where practitioners and a leading academic provide perspectives on various issues related to the auditors’ risk assessment of a company. Included are the panelist bios and free short descriptions of each video excerpt.

Video 01.09.18

How Auditors Approach Risk Assessments

Video 01.08.18

How Materiality Impacts the Auditor’s Risk Assessment

Video 01.07.18

Consideration of Risks in Multilocation Audits

The CAQ has been at the forefront of the discussion around the role of the public company auditor and whether it should evolve to meet the changing information needs of investors.

Publications 03.09.23

The Role of the Auditor in Climate-Related Information

Publications 11.16.22

Audit Partner Pulse Survey, Fall 2022

The enactment of the Sarbanes-Oxley Act (SOX) of 2002, a law aimed at fostering more reliable financial reporting and enhancing audit quality, was a watershed moment for investors, public company auditors, and the markets. The CAQ has worked to create understanding of the impact of this important law. It has opposed efforts to weaken SOX section 404(b), which provides investors with important assurance by the independent auditor regarding management’s representations about the effectiveness of their company’s internal control over financial reporting (ICFR).

Video 08.01.19

Profession in Focus: Accelerated Filers, ICFR Audits, and Investor Protection

SEC: Amendments to the Accelerated Filer and Large Accelerated Filer Definitions

Publications 05.09.19

Guide to Internal Control Over Financial Reporting

Stay updated on the latest CAQ news.

Since 2008, the CAQ has organized and participated in panel discussions at the Annual Meeting of the American Accounting Association (AAA).

Video 10.09.20

CAQ at the AAA – August 2020

CAQ Panel at the 2020 AAA Auditing Section Midyear Meeting: Leveraging New and Old Media to Promote Degrees in Accounting

Video 08.12.19

CAQ Panel at The 2019 AAA Annual Meeting: Sustaining a Strong System of Quality Control to Enhance Audit Quality

The Sarbanes-Oxley Act of 2002 (SOX) was a watershed moment for investors, public company auditors, and capital markets. It established more reliable corporate reporting and auditor independence rules that enable stakeholders to trust the information provided by public companies. Two decades later, the U.S. is now widely recognized as the gold standard for auditor independence and thousands of high-quality audits are completed each year.

Video 08.08.22

Pop-Up Conversation with Rep. Brad Sherman (D-Calif.) and Mark Baer of Crowe

Video 07.27.22

SOX: The Evolution of Corporate Reporting

Our capital markets are an important engine for driving and maintaining our economic and societal well-being. These markets operate on information, and audited financial statements have long been a critical element of this information dynamic for their accuracy, transparency, and reliability. As investors make decisions, they depend on the information they receive from public company management. As a result, investors need—and in fact have long sought—an independent third party to provide assurance on the information provided by company management. Independence underpins the very credibility of the audit and, ultimately, its value to capital markets. It is also one reason why audit quality in the US has never been higher.

Publications 10.20.22

Auditor Independence

How Do Auditors Maintain Independence?

Audit in Action: The Role of the Audit Committee

The CAQ has engaged on the issue of effectively enhancing transparency in the audit, endeavoring to facilitate access to meaningful information for financial statement users and other constituencies.

Video 02.05.19

Critical Audit Matters: Audit Committee Perspectives

Video 02.13.18

Key Updates on Audit Committee Transparency and Investor Confidence

Alert 10.11.17

CAQ Alert #2017-04 – Select Auditing Considerations for the 2017 Audit Cycle

The vignettes provide insights into the types of conversations that occur between audit team members, as well as between auditors and preparers. The discussions captured in the videos can also be used in other teaching situations, as they highlight communications and interviewing techniques, professional skepticism, and how to navigate conversations on difficult and sensitive issues.

Video 04.13.17

Vignette 3: Auditing Is a People Business

Video 02.17.17

Vignette 2: Evaluating Root Cause and Severity of a Control Deficiency

Video 08.16.16

Vignette 1: Evaluating Management Review Controls over a Goodwill Impairment Estimate

The latest news and resources from the CAQ.

Stay Connected.

Famous Audit Case Studies: Lessons Learned from Noteworthy Audit Failures and Successes

Audit case studies provide valuable insights into the world of auditing, offering lessons that can shape the profession and help auditors navigate complex challenges. In this blog, we delve into some famous audit case studies that have impacted the auditing profession. These case studies demonstrate the importance of thoroughness, professional scepticism, and adherence to auditing standards.

1. The Lehman Brothers Collapse

The collapse of Lehman Brothers in 2008 is a prominent example of an audit failure that had far-reaching consequences. The case highlighted the need for auditors to exercise professional scepticism and thoroughly evaluate companies’ financial statements and disclosures. The failure to identify the risks and irregularities ultimately led to the global financial crisis.

2. The Satyam Scandal

The Satyam scandal in 2009 shook the Indian corporate world. Auditors failed to detect a massive accounting fraud that involved inflating revenues, creating fictitious assets, and manipulating financial statements. This case emphasised the importance of auditors’ independence, scepticism, and the need for robust internal controls within organisations.

3. The WorldCom Fraud

The WorldCom scandal in 2002 revealed one of the largest accounting frauds in history. Auditors failed to identify the manipulation of  financial statements  through improper accounting practices. This case highlighted the significance of auditors’ responsibility to assess and verify financial information and exercise professional judgment diligently.

4. The Olympus Corporation Scandal

The Olympus Corporation scandal in 2011 involved a massive cover-up of losses through fraudulent accounting practices. This case underscored the importance of auditors conducting thorough assessments of an organization’s financial controls, risk management processes, and corporate governance structures.

5. The Waste Management, Inc. Case

In the 1990s, Waste Management, Inc. was involved in a significant accounting scandal. The case brought attention to the manipulation of financial statements and the role auditors play in ensuring accurate financial reporting. It highlighted the need for auditors to challenge management when faced with questionable practices.

Famous audit case studies serve as cautionary tales, illustrating the impact of audit failures and the importance of maintaining the highest professional standards in auditing. These cases remind auditors of the significance of independence, skepticism, and diligence in their work. By learning from these case studies, auditors can enhance their skills, sharpen their professional judgement, and contribute to the integrity and reliability of financial reporting. Continuous education, adherence to auditing standards, and a commitment to ethical conduct are essential for auditors to navigate complex audit environments and safeguard stakeholders’ interests.

Book your free demo with us for a better understanding.

You can see how this popup was set up in our step-by-step guide: https://wppopupmaker.com/guides/auto-opening-announcement-popups/

Register and Pay (Accunting)

" * " indicates required fields

[honeypot honeypot-226]

[honeypot honeypot-583]

[honeypot honeypot-836]

Corporate Training for Software + Auditing

Corporate training for auditing, corporate training for software, register and pay.

Insight-driven internal auditing

• Call for Change
• When Tech Meets Human Ingenuity
• A Valuable Difference
• Meet the Team
• Related Capabilities

Call for change

For many businesses, the Internal Audit function is essential to assessing risk, identifying fraud and improving processes. As a global organization serving clients in more than 120 countries, Accenture faces a complex challenge in carrying out this function due to the large scope of oversight and finite resources.

To enhance audit execution, our Internal Audit function has cultivated a leading analytics practice that uses more than 200 rules-based analytics solutions. A software platform that had reached its end of life and the use of niche, non-enterprise-class software (common to many internal audit functions) prevented the full integration of analytics across the entire audit process. These factors drove the need to develop a new technology capability to enable a proactive, insight-driven way of working.

View Transcript

When tech meets human ingenuity

The Internal Audit function looked to the CIO Applied Intelligence team within the global IT organization to collaborate on developing an innovative, intelligent solution. CIO Applied Intelligence’s aim is to bring greater insights to Accenture’s services using the enterprise-class analytics platform and data lake it developed for the company.

CIO Applied Intelligence and Internal Audit already had a long-running collaboration, including gaining an understanding of the analytics platform and the benefits it could offer. The analytics skill sets within Internal Audit allowed it to closely collaborate on the technical aspects of the project.

To begin, a CIO Applied Intelligence and Internal Audit team assessed the technology landscape established years ago and the respective constraints. Internal Audit lacked the ability to process very large data sets, limiting insights. Risk models were point in time, one dimensional and inflexible, making it challenging to include analytics in the planning phases of an audit. Full population data discovery and transactional-level analysis was not possible, often resulting in random sample testing. Finally, the technology was unable to support predictive analytics, a major area of opportunity.

The solution involved transitioning existing analytical assets to the already developed CIO Applied Intelligence analytics platform. The move allowed Internal Audit to join other Accenture functions in using a suite of leading analytical tools drawing on a common data lake aligned to Accenture’s data governance structure. These tools allow Internal Audit to prepare, transform and analyze data in ways it couldn’t do before. Additionally, the analytics platform significantly reduces complexity in developing analytics.

Transformation highlights include:

Audit selection

Dynamic audit plans, reassessed throughout the year versus an annual and static exercise

Audit scoping

Customized, data-driven audit scopes versus execution of checklist-based procedures

Full population testing and risk-based coverage versus random sampling and manual tests

Collaboration between audit and the business to implement optimized solutions versus issuance of a finding with eventual follow-up

People and culture Teams from Accenture’s global IT organization and Internal Audit began collaborating with each other more than two years ago to understand the analytics platform and the benefits it could offer. The project team also included CIO Applied Intelligence leadership and business architects, along with the CIO Applied Intelligence Accenture Technology Center China solution delivery team. The project offered opportunities for the Internal Audit team to learn best practices and techniques on the CIO Applied Intelligence-developed technology, and for the delivery team to understand new business processes, risk scoring methodology and collaborate across Accenture to deliver analytic capabilities.

A valuable difference

The Internal Audit group is significantly changing the way audits are conducted. Audit plans are now dynamic rather than an annual exercise. Internal Audit can work in a data-driven way, generating new insights and managing risk across Accenture with new approaches.

Internal Audit’s existing inventory of analytics can now be consumed in a self-service manner through several interactive business intelligence models. These models feature historical risk modeling projecting risk across multiple dimensions of Accenture’s business, and can be processed within seconds compared to 48-plus-hour run times previously. The models allow self-discovery on full population data and risk analysis at the transaction level, driving more risk-based audit selections. These features all allow analytic consideration to occur in the early planning phases of an audit, driving more strategic scope.

In addition, the use of a single, shared platform allows Internal Audit to better collaborate with the business as advisory partners in sharing knowledge capital. This advantage will allow the team to significantly expand its advisory services and to drive value across both corporate Finance and the entire company, going beyond a traditional “exception-based “mentality. This upscaling in capabilities positions Internal Audit to be strong value partners of the business.

Looking ahead, the global IT organization has started pursuing robotic process automation and natural language processing further using the new platform’s capabilities. Emerging concepts, such as predictive analytics, are now being developed and integrated into the audit cycle. The application of predictive analytics on top of existing capabilities is uncommon to the audit profession, which has historically focused on rules-based analytics.

“With technology disrupting the status quo in many professions, Internal Audit must adapt to meet evolving expectations. This new, enterprise-class platform will allow full integration of analytics into all phases of the audit process, optimizing our overall value-add back to the organization.” — Joe Gonski , Senior Manager – Internal Audit, Advanced Analytics, Accenture

Meet the team

Zameer Shaikh

Kristin Kirby

Related capabilities

How accenture does it.

Auditing Case Studies

• April 17, 2020

At QualityHub, we have experience in FDA auditing for several types of companies and situations. Here are three examples of auditing case studies to give you some background on that experience.

Warning Letter

Auditing case study.

For a major medical device manufacturer under a warning letter, QualityHub provided over 20 before-and-after quality system audits of the client’s manufacturing sites in the U.S. and Europe. These audits allowed the company to gauge whether their quality system rebuild and remediation activities were successful. The project also involved a third visit to each of the sites to prepare them for FDA inspections.

Several Warning Letters

QualityHub visited approximately 20 sites in the U.S., Mexico, Canada and Europe for a major medical device company under several warning letters. While most of the audits were against 21 CFR 820 (the medical device quality system regulation), some of the sites were also audited to the Drug GMP 21 CFR210/211 regulations .

Corporate Internal Audits

QualityHub performed corporate internal audits for several of the more difficult sites for a major international medical device company. For these successful audits, QualityHub provided veteran auditors with experience handling complex and difficult situations. We continue to provide support to this and several other companies in order to assist in the execution of their complex internal audit programs.1.

Need Assistance with Auditing?

• Quality System Auditing

Back to the Hub

• 976 Lake Baldwin Lane Suite 204 Orlando, FL 32814 USA
• (407) 896-3386
• Staff Augmentation
• EU MDR Regulatory Compliance
• Quality System Training
• FDA Regulatory Compliance Consulting
• FDA Premarket Planning & Product Development
• Risk Management
• Quality Management Systems Consulting

Stay Connected | Now it’s even easier to stay connected to the leader in FDA quality system compliance. Sign up to be part of the QualityHub community.

• Enter Email

Yearend Internal Auditing: Case Study Example

Audit case study: introduction.

Auditing is the process of examining the financial statements of an organization, correcting errors, and eliminating possible cases of fraud. The auditing process is a core activity that enables a company to control its internal activities in an efficient manner. Through auditing, most companies are able to achieve their business goals and objectives (Wang & Tuttle 2009).

Several critics have risen concerning the auditing process. While some businesspersons find it worthwhile to invest in the auditing exercise, some find the auditing exercise unworthy.

In this case, we have the XYZ Ltd Company; a pharmaceutical manufacturing company that was formed because of the splitting of the parent company, ABC Ltd. XYZ Ltd is the smaller of the two newly formed companies and the previous sales manager of the parent company is the Managing Director.

The managing director does not find it worthwhile for the small company to carry out yearend audits. According to him, yearend auditing is an unnecessary exercise that will only increase the expenses of the company without necessarily adding value to the business.

This paper will give a stringent analysis of the newly formed XYZ Company and determine if indeed there is a need to carry out yearend auditing. The paper will also give a detailed discussion of the pros and cons of appointing the same auditors of the parent company to audit XYZ Ltd.

Lastly the paper will give an overview of the audit rotation exercise, its advantages and disadvantages. From the discussions, the paper will give decisive conclusions and recommendations that would enable the XYZ Company’s managers to make a worthwhile decision concerning the auditing process.

Overview of the newly formed XYZ Company

As indicated, XYZ Ltd Company formulated because of the splitting of the parent company. According to the previous descriptions, XYZ Ltd Company is a private limited company that is not legally obliged to have an audit (Hodgdon et al. 2009).

This is because the company Act only obliges state owned companies and public limited companies to have audited financial records, whereas, the smaller companies voluntarily choose to have auditors examining their financial statements. However, although having an audit is not a mandatory requirement for XYZ Ltd, the auditing exercise would add some tangible value to the company.

Value of auditing to XYZ Ltd

Detection and prevention of fraud.

Fraud is a practice that can make businesses to undergo some massive losses. It is noteworthy that a small company like XYZ has a small operating capital that could diminish drastically if not well managed. Fraud cases such as skimmed payments from customers, cash theft, improper handling of petty cash and misuse of the company’s credit cards are some of the practices that can lead to total failure of a company.

It is quite expensive for a small business like XYZ Ltd to create an internal audit department, however, the company can create a system that checks and controls the financial operations and the company employees. An informal internal audit process would somewhat reduce fraud cases resulting from personal interests (Chi & Huang 2011). It is noteworthy that the parent company would have split due to extreme cases of fraud.

Prevention of fraud through an informal audit exercise would enable the small XYZ Company to prosper and grow into a big multinational company and even surpass the projected turnover of £2.8 million in the first year of trading.

It is important for the company to create a program that would help in monitoring employees and enforce strict rules regarding any employee who is found guilty of committing fraud cases. The establishment of an internal audit would facilitate the above-mentioned practices though a persistent analysis of the company’s operations.

Testing and monitoring of internal controls

An Informal internal audit calls for recurrent analysis of the operations within a company. The habitual analysis enables the company’s operations to occur smoothly, where, the employees are kept on toes to offer the best of services. A small company like XYZ Ltd can employ auditors who would design, modify, and control the internal activities of the company.

Though auditing, the company is able to streamline its activities in a manner that would enable it to achieve its goals and objectives (Holm & Zaman 2012). Essentially, XYZ Ltd is a profit making company that would aim at generating the maximum profits possible.

The auditing exercise would enable the company to keep track of its revenue and expenditure and the gross profits made during a particular financial year. Any form of misappropriation of resources is tracked, where; all the involved stakeholders are made answerable of their actions.

Monitoring the company’s compliance with the company policies

All companies have policies that guide then in their daily operations. In addition to the informal internal exercise, XYZ Ltd Company can employ a formal internal audit policy that works towards ensuring the company eliminates all actions that would expose it to massive losses. A company may have a policy that extends credit to its customers to prevent losses.

An auditing exercise will determine if indeed the company adheres to the policy. Moreover, the auditors will be able to carry out a cost benefit analysis of the credit policy and determine if it is a worthwhile practice. The reports from the auditors will help the decision makers to determine new policies that would work if enforced and identify the old policies to eliminate from the company practices (Deis & Giroux 2006).

An operational audit would examine the financial statements of a business to ensure the business complies with the policies of obtaining maximum efficiency from all business operations.

Monitoring the company’s compliance with the government regulations

The worst thing that can happen to a small business like XYZ Ltd is facing the adverse consequences of failing to adhere to government regulations. An operational audit exercise plays a great role in advising the business managers of all the applicable government regulations (Bon Kim & Yi 2009).

It is though an auditing process that a business would know the legal procedures of tax avoidance. Moreover, the government has strict employment laws that companies ought to follow.

The auditing exercise would advise the management team accordingly on when it should recruit new employees, when to promote or when to fire an incompetent employee. The auditors would advise the management team of the actions that attract fines as well as the procedures to obtain and comply with government regulations.

The exercise of appointing an auditor

The exercise of appointing an auditor may seem very simple, but it is associated with a lot of dilemma. The XYZ Company formed because of the splitting of the parent company.

There is no clear reason as to why the parent company decided to separate the pharmaceutical and optical divisions; however, it would be due to mismanagement reasons. Whatsoever the reason, appointing the same auditors as those of the parent company to audit XYZ Ltd Company is associated with several advantages and disadvantages.

Advantages of appointing the same auditors

Massive experience and expertise.

As indicated, the auditors have audited the financial records for the parent company for the past ten years. This is a clear indication that the auditors did some marvelous work that sustained the growth and expansion of the parent company (Jackson, Moldrich & Roebuck 2010). There is a high probability that the parent company had grown too big such that the managers decided to split it for easy management.

The success of the parent company is attributed to the massive experience and the excellent work of the auditors. Similarly, XYZ Ltd Company can appoint the same experienced auditors to audit their financial records.

Appointing the same auditors would be an assurance that the newly formed company would grow and last for the next 10 years or more. XYZ Ltd Company will greatly benefit from the quality services from the expertise of the auditors.

Affordability and efficiency of the auditing services

It is evident that a small business like XYZ Ltd will find it very expensive to obtain new auditors to audit their financial books (Kaplan & Mauldin 2010). The auditors of the parent company may have some compassion with the small company and charge the company some affordable rates for the auditing exercise.

Moreover, the auditors who are already familiar with the financial records of the parent company will give an effective allocation of the amount set aside for the auditing expense to ensure that the company does not run at a loss.

Smooth flow of activities

Bringing in a new set of auditors would somewhat bring in disruptions. If XYZ Ltd Company appoints the same auditors as the parent company, the auditors will put up with the small company easily.

In fact, maintaining the same auditors would enhance their morale to improve their quality of services in the subsequent audits (David & Thomas 2013). The relationship between the auditors and the company would strengthen, and this would make the auditors to work hard to ensure their auditing work brings in some mutual benefit to all the company stakeholders.

Disadvantages of appointing the same auditors

Possibility of recurring previous mistakes.

From a business point of view, an esteemed company cannot decide to separate its operations for any good reasons. There is a very high probability that the company decided to do so because it began experiencing some massive losses because of vague auditing processes.

If truly this is the reason behind the splitting of the company, it means that the auditors played a critical role in bringing down the parent company. Therefore appointing the same auditors will pose the way to recurring the previous mistakes. In the end, the XYZ Ltd Company would also face the same problem and it may end up collapsing.

Lack of the point of comparison and evaluation

It is always advisable for companies to evaluate and compare the services offered by a particular company stakeholder. If XYZ Ltd Company uses the same auditors as the parent company, it may not be able to evaluate the efficiency of the services. While the auditors may appear to offer quality services, it would be worthwhile to have a change that would formulate a point of comparison.

Probably, the new auditors would reveal fraud cases that the usual auditors would not depict. In essence, appointing the same auditors as those of the parent company will blindfold the XYZ Company and it may not be able to gauge the quality of the auditing services (Kramer et al. 2011).

Audit rotation

The exercise of changing auditors has often raised eyebrows amongst businesspeople. While some businesspersons regard audit rotation as a worthwhile practice, some of them regard the exercise as unworthy as it only encourages businesses to doubt the competence of auditors. Despite the different perceptions, audit rotation is associated with various advantages and disadvantages.

Advantages of audit rotation

Increased perfection.

It is evident that there is no perfect human being; therefore, a different set of eyes on a company’s financial record would detect an error that the preceding auditors could not detect. In fact, for publicly held companies, audit rotation is done every five years, and private limited companies can employ the same practice to obtain quality audit services.

The exercise helps in identifying and eliminating intentional and non-intentional errors (Daniels & Booker 2011). Companies that embrace audit rotation will be at a safe position, as they would provide clear records of their financial statements to the bank and to the funders.

Decreased fraud and increased impartiality

Some auditors within a given audit firm may collaborate with the financial managers of a given company to “steal” from the company. Audit rotation plays a significant role in ending such cases because not all auditors would comply with such evil deals.

The shortened period of auditing will not allow audit firms to create close relationships with the management, an action that may have a negative impact on the performance of the auditors.

Audit rotation enhances the provision of impartial services by audit firms as they are obligated to rotate the auditors within the firm (Chi et al. 2009). In essence, the audit rotation exercise plays a critical role in increasing impartiality for all the stakeholders of the company.

Disadvantages of audit rotation

Disruption of the company’s activities.

It is evident that audit rotation, especially if it involves changing the auditing firm would have adverse consequences on the company’s activities. Different audit firms will come up with different advisories to the management team and the company’s activities may be disrupted from one time to another (Bates et al. 2012).

Moreover, audit rotation does not allow the development of a long-term relationship between the company and the auditors, which is very important for the delivery of efficient services.

Destroyed reputation of the company

Some companies have had a tendency of frequently changing the auditing firms. The practice of changing audit firms too often would depict a negative picture of the firm. Investors would shy away from such firms, as they would perceive them as incompetent because they only do “auditor shopping” and expect better results instead of working of their performance.

In essence, audit rotation would bring out misconceptions about a profit making organization like XYZ Ltd Company.

Increased risk of audit failure

It is evident that every time a new audit firm is appointed to carry out the auditing exercise, the firm requires some time to comprehend the company’s books of accounts. The audit firm fully understands the rules of the game of how to audit the firms accounting books when its term is almost over.

The administrative will have to invest time to evaluate the subsequent audit firm and the whole exercise is not only expensive, but it also increases the chances of failure of the auditing exercise by the new audit firm (Daugherty et al. 2013).

Audit Case Study: Conclusion

From the discussions, it is evident that auditing is a very essential exercise in any organization. Auditing enables companies to have a clear outlay of the company’s activities. Though auditing, a company can easily depict fraud cases and address them accordingly. From the discussions, it is evident that the decision on whether to maintain auditors or to employ an audit rotation depends on their performance.

If, for example, the auditors of the parent company, ABC Ltd Company, were not competent, the newly formed XYZ Ltd Company may need to appoint a new auditor to audit the financial books. Secondly, if the new set of auditors do not display their competence after a couple of years, an audit rotation will be essential (Peecher, Schwartz & Solomon 2011).

In essence, every decision made is associated with advantages and disadvantages. The company managers are obliged to make decisive decisions about the auditing process. There should be strong reasons behind any form of changes in the auditing process.

Both the internal and external auditors have a great role in maintaining efficient and reliable financial reports. The auditors should be in a position to give a detailed explanation of every figure that appears in the financial records.

The directing managers should only take the role of the overseers who should only come in whenever there are suspicions of fraud cases. All scandals relating to the books of accounts are handled in a professional manner without downsizing the involved stakeholders.

Bates, HL, Waldrup, BE, Jaeger, DG & Shea, V 2012, ‘Issues with mandatory audit firm rotation’, Journal of Business and Accounting, vol. 5, no. 1, pp. 70-75.

Bon Kim, J, & Yi, CH 2009, ‘Does auditor designation by the regulatory authority improve audit quality? Evidence from Korea’, Journal of Accounting and Public Policy , vol. 28, no. 3, pp. 207-230.

Chi, W & Huang, H 2011, ‘Discretionary accruals, audit-firm tenure and audit-partner tenure: empirical evidence from Taiwan’, Journal of Contemporary Accounting & Economics , vol. 1, no. 1, pp. 65-92.

Chi, W, Huang, H, Liao, Y, & Xie, H 2009, ‘Mandatory audit partner rotation, audit quality, and market perception: evidence from Taiwan’, Contemporary Accounting Research, vol. 26, no. 2, pp. 359-391.

Daniels, W & Booker, Q 2011, ‘The effects of audit firm rotation on perceived auditor independence and audit quality’, Research in Accounting Regulation , vol. 23, no. 1, pp. 78-82.

Daugherty, B, Dickins, D, Hatfield, R, & Higgs, J 2013, ‘Mandatory audit partner rotation: perceptions of audit quality consequences’, Current Issues in Auditing , vol.7, no.1, pp. 30-35.

David SJ &Thomas, EV 2013, ‘Audit firm rotation and audit quality: evidence from academic research’, Accounting Research Journal , vol. 26, no.1, pp.75-84.

Deis, DR, & Giroux, G 2006, ‘The effect of auditor changes on audit fees, audit hours, and audit quality’, Journal of Accounting and Public Policy , vol. 15, no. 1, pp. 55-76.

Hodgdon, C, Tondkar, RH, Adhikari, A & Harless DW 2009, ‘Compliance with international financial reporting standards and auditor choice: new evidence on the importance of the statutory audit’, The International Journal of Accounting , vol. 44, no.1, pp. 33-55.

Holm, C & Zaman M 2012, ‘Regulating audit quality: restoring trust and legitimacy’, Accounting Forum , vol. 36, no. 1, pp. 51-61.

Jackson, AB, Moldrich, M & Roebuck, P 2010, ‘Mandatory audit firm rotation and audit quality’, Managerial Auditing Journal, vol. 23, no. 5, pp. 420-437.

Kaplan, SE & Mauldin EG 2010, ‘Auditor rotation and the appearance of independence: evidence from non-professional investors’, Journal of Accounting and Public Policy , vol. 27, no. 2, pp. 177–192.

Kramer, ST, Georgakopoulos, G, Sotiropoulos, N & Vasileiou, KZ 2011, ‘Audit firm rotation, audit firm tenure and earnings conservatism’, International Journal of Business and Management, vol. 6, no. 8, pp. 44-57.

Peecher, ME, Schwartz, R & Solomon, R 2011, ‘It is all about audit quality: perspectives on strategic-systems auditing’, Accounting, Organizations and Society , vol. 32, no. 5, pp. 463-485.

Wang, KJ & Tuttle, BM 2009, ‘The impact of auditor rotation on auditor-client negotiation’, Accounting, Organizations and Society , vol. 34, no. 2, pp. 222–243.

• Chicago (A-D)
• Chicago (N-B)

IvyPanda. (2023, February 18). Yearend Internal Auditing: Case Study Example. https://ivypanda.com/essays/auditing-case-study-report/

"Yearend Internal Auditing: Case Study Example." IvyPanda , 18 Feb. 2023, ivypanda.com/essays/auditing-case-study-report/.

IvyPanda . (2023) 'Yearend Internal Auditing: Case Study Example'. 18 February.

IvyPanda . 2023. "Yearend Internal Auditing: Case Study Example." February 18, 2023. https://ivypanda.com/essays/auditing-case-study-report/.

1. IvyPanda . "Yearend Internal Auditing: Case Study Example." February 18, 2023. https://ivypanda.com/essays/auditing-case-study-report/.

Bibliography

IvyPanda . "Yearend Internal Auditing: Case Study Example." February 18, 2023. https://ivypanda.com/essays/auditing-case-study-report/.

• Best Buy Co., INC. Company Analysis
• Strategic Lens and Prioritization
• Analysis of Reward Policy in the Digital Age
• Government Accounting Purpose and Implementation
• On Owning a Business Producing Price-Elastic Goods
• Financial Position of AT&T Through Downsizing
• National Bank and Trust Company: Human Resource Needs
• XYZ Company
• The History of Auditing in the United States and the Industrial Revolution
• The XYZ Family
• Ameribank and Online Banking
• Financial Meltdown of 2008
• An Investigation of the Sustainable Benefits of Agency Banking in Kenya
• Starting a Painting Business
• Policies in Canada to Enhance Economics

This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our  privacy policy  to learn more.

Auditing Classroom Materials

Auditing is an important part of the accounting curriculum. The skills students learn in your classroom will not only prepare them for more advanced courses, but to one day succeed in a career.  The below are supplemental curriculum resources that the AICPA Academics team has reviewed and can be used in the classroom.

Award-Winning Curricula

The Academics team is proud to offer award-winning curricula designed to encourage faculty and expand the knowledge of accounting students. The curricula below is from the  Accounting Professors Curriculum Resource tool  and has been recognized for excellence with the  Bea Sanders/AICPA Innovation and Teaching Award , the  George Krull/Grant Thornton AAA Innovation in Junior and Senior-Level Teaching Award,  or the  Mark Chain/FSA Innovation in Graduate Teaching Award . 

• Engaging Students in Accounting and Auditing Aspects Related to the Dixon Illinois 53 Million Dollar Fraud  This resource highlights a case adaptable to auditing, fraud and governmental accounting courses. Classroom materials include legal documents, financial reports, budgets, and news articles that are free of charge and relevant to several courses.
• Jurassic Accounting and Stellar Steel This resource outlines a project where students prepare a presentation proposing audit services to a fictitious client. Accounting professionals visit the class twice during the semester once to present concepts behind proposing audit services to a client and the second includes a debriefing of the students regarding their proposal.
• Simulating an Audit in a Graduate Auditing Class   This project outlines the integration of an audit simulation game, a simulated audit, statistical sampling procedures and tests using generalized audit software in a graduate auditing class.
• Student Engagement in Auditing Class - Audit Skits and Humor   This project entails student groups in an auditing class creating skits or 'mini-movies' about auditing concepts and/or situations. This document discusses strategies for using this project in any accounting class, displays excerpts of some of the skits and provides rubrics.
• Use Technology to Enhance Auditing Classes   This resource addresses several technologies to incorporate into auditing classes that can aid students' comprehension of concepts and equip students with skills they will use repeatedly after graduation

Related AICPA Resources

Below are the related resources related to auditing.

Center for Audit Quality   – Established to serve its members and to enhance investor confidence, the CAQ engages in a wide range of activities in the United States and across the globe. Represented below are several of the resources available to faculty and students.

• Center for Audit Quality (CAQ)
• CAQ Classroom Resources on Public Company Auditing Topics: A Guide for Academics
• CAQ Videos: Classroom and Training Resources
• Anti-Fraud Collaboration Case Studies
• Discover Audit resources that house an abundance of items for all types of audiences

We are the American Institute of CPAs, the world’s largest member association representing the accounting profession. Our history of serving the public interest stretches back to 1887. Today, you'll find our 431,000+ members in 130 countries and territories, representing many areas of practice, including business and industry, public practice, government, education and consulting.

About AICPA

• Mission and History
• Annual Reports
• AICPA Media Center
• AICPA Research
• Jobs at AICPA
• Order questions
• Forgot Password
• Store policies

Association of International Certified Professional Accountants. All rights reserved.

• Terms & Conditions

The global body for professional accountants

• Search jobs
• Find an accountant
• Technical activities
• Help & support

Can't find your location/region listed? Please visit our global website instead

• Middle East
• Cayman Islands
• Trinidad & Tobago
• Virgin Islands (British)
• United Kingdom
• Czech Republic
• United Arab Emirates
• Saudi Arabia
• State of Palestine
• Syrian Arab Republic
• South Africa
• Africa (other)
• Hong Kong SAR of China
• New Zealand
• Apply to become an ACCA student
• Why choose to study ACCA?
• ACCA accountancy qualifications
• Getting started with ACCA
• ACCA Learning
• Register your interest in ACCA
• Learn why you should hire ACCA members
• Why train your staff with ACCA?
• Recruit finance staff
• Train and develop finance talent
• Approved Employer programme
• Employer support
• Resources to help your organisation stay one step ahead
• Support for Approved Learning Partners
• Becoming an ACCA Approved Learning Partner
• Tutor support
• Computer-Based Exam (CBE) centres
• Content providers
• Registered Learning Partner
• Exemption accreditation
• University partnerships
• Find tuition
• Virtual classroom support for learning partners
• It’s renewal time for your students!
• Find CPD resources
• Your membership
• Member networks
• AB magazine
• Sectors and industries
• Regulation and standards
• Advocacy and mentoring
• Council, elections and AGM
• Tuition and study options
• Study support resources
• Practical experience
• Our ethics modules
• Student Accountant
• Regulation and standards for students
• Your 2024 subscription
• Completing your EPSM
• Completing your PER
• Apply for membership
• Skills webinars
• Finding a great supervisor
• Choosing the right objectives for you
• Regularly recording your PER
• The next phase of your journey
• Your future once qualified
• Mentoring and networks
• Advance e-magazine
• An introduction to professional insights
• Meet the team
• Global economics
• Professional accountants - the future
• Supporting the global profession
• Download the insights app

Can't find your location listed? Please visit our global website instead

CPD technical article

23 December 2021

Auditing culture - a case study by Barclays Bank

Multiple-choice-questions

Alison Smith

Understanding what culture is and why it is important gives you a view as to why there is a need to audit culture as an element. learn some practical tips from this barclays case study., reading this article and answering the related questions can count towards your verifiable cpd if you are following the unit route to cpd and the content is relevant to your learning and development needs. one hour of learning equates to one unit of cpd. we suggest you use this as a guide when allocating yourself cpd units..

At a series of focus group meetings with ACCA members working in internal audit in 2016, ACCA found that culture is seen as a challenging and subjective topic but an area of interest for all members. In response to this feedback, ACCA UK’s Internal Audit Network invited Barclays Bank to present a webinar on how to audit culture. 

Alison Smith - a Director in Barclays Internal Audit - presented the webinar in February 2017 and this CPD article covers some of the highlights of the content.

Understanding what culture is and why it is important gives you a view as to why there is a need to audit culture as an element. There are different approaches to auditing culture within the financial services sector, before you even consider approaches used in other industries. However having a view of the Barclays approach may help readers to develop some ideas on what they can do in their own organisations. Any approach will need to evolve over time but it can be difficult to know where to start.

What is culture?

There are many definitions of organisational culture but McKinsey coined arguably the most well-known over 50 years ago - ‘culture is the way that we do things around here’. That culture is driven predominantly by the attitudes and beliefs of the people that work within the organisation and are usually set at a high level within the organisation - the ‘tone from the top’.

Structurally, the espoused organisational culture and values tend to come down through organisational policy and standards. Barclays is not alone in having such values written down and communicated regularly both internally and externally. However an organisational culture is much more than that – it means actually living those values (and the behaviours that are driven from those values) on a day to day basis.

The organisational culture determines the approach to risk management – the risk culture being the values, beliefs, knowledge and understanding about risk, shared by a group of people with a common intended purpose, in particular the leadership and employees of an organisation (Institute of Risk Management). For Alison, the risk culture is both a product of the organisational culture but also a determinant of overall organisational culture.

Fundamentally the culture is about doing the right thing – not because it is written down in those policies and procedures but because it is the right thing to do.

Why is culture important?

Culture is important because the regulators say so, the IIA and ACCA say so, but most importantly, because poor organisational culture has been identified as one of the root causes of poor behaviour in corporates and has caused harm to both customers and reputation. Alison’s view is that managing culture is a vital issue for boards to ensure that not only are they setting the right tone at the top but that all employees are acting in accordance with their organisation’s ethics and values.

Within the financial services industry, stakeholders including regulators are keenly focused on culture within their observations and much has been written and researched by industry commentators, rule setters and implementers. The Group of 30 report Banking Conduct and Culture: A Call for Sustained and Comprehensive Reform and the Financial Reporting Council’s report Corporate Culture and the Role of Boards are good examples. Investors have now taken a keen interest – just as they took an interest in CSR and organisations contributing to the community, investors are taking in interest in the cultural elements of an organisation.

In these reports there is considerable reference to the importance of having a strong three lines of defence within an organisation and the role of internal audit in assessing the culture, challenging it, and highlighting to management where there may be cultural failings.

Barclays approach

The failings of culture within the financial services industry have been well documented. Barclays took a stand very early on in 2012 to look at a transformational programme. Part of that programme was around culture and values within the organisation and setting up a common purpose of ‘helping people to achieve their ambitions - in the right way’. The purpose is supported by five values – Respect, Integrity, Service, Excellence and Stewardship.

The transformation programme was about ensuring that these values were lived on a daily basis and not just espoused. The first activity that Barclays undertook to embed those values throughout the organisation was to have all 140,000 colleagues to spend half a day talking about what those values meant – not from a theoretical perspective but what they meant to individuals. This allowed colleagues to engage with those values, consider whether they were values that they had personally as individuals, identifying which ones were challenging to fulfil on a day to day basis in their roles, and highlighting the ones they felt were particularly important for their role and area of the organisation.

The tone from the top was critical to its success - the chief executive and executive team provided time for all of the 140,000 colleagues to attend these courses so they could start to engage with those values. After that, Barclays built their values into all elements of the employee lifecycle from recruitment to performance management. Recruitment was not just based on what candidates could do but also the values that they held. Once the right people were recruited, their induction into the organisation reinforced the values that were important to Barclays.

Existing employees were helped to engage with the values through a change in the performance management process - objectives were set not just on what people would deliver but also how they would deliver, with a real focus on values. That involved educating employees and their managers, but it meant that employees were rewarded and incentivised on the basis of the values of the organisation.

Alison’s early thinking around culture started with a paper that was produced by the Financial Stability Board ( Guidance on Supervisory Interaction with Financial Institutions on Risk Culture - A Framework for Assessing Risk Culture ) that highlighted four critical elements required to achieve cultural change and drive culture throughout an organisation. Open communication channels were critical, as was the tone from the top, so that people felt they were empowered to challenge and escalate. Accountability through clear roles and responsibilities, and incentives that reinforce the maintenance of desired risk management behaviour were the other two critical elements highlighted as necessary for a sound risk culture.

It was recognised that colleagues would need support for difficult decisions where there was potential for conflicts of interest. As well as training on the values, colleagues were also trained in ‘the Barclays Lens’ – a decision making tool for assessing the impact of decisions on all stakeholders.

Why do we audit culture?

Alison provided real life examples of how the culture of an organisation can overcome controls = illustrating why it is so important to audit culture. One example was the accident that happened on the Smiler ride at Alton Towers in 2015 - engineers failed to notice a carriage that had stopped mid-way around the ride. They assumed that there was a problem with the computer and over-rode the stop mechanism setting another train in motion and into the empty carriage with tragic consequences. The culture overcame the controls in that example - a culture that did not give sufficient weight to warning signs to the point where it was felt that they could be ignored.

Who should do a culture audit?

A culture audit is a different beast to auditing processes and controls, so there is a need to consider the skillsets that the internal audit function need to be able to deliver those audits. With culture audits, observation on the behaviour of people is core. You can understand the culture either through surveys, through speaking with people, or through observation - some of the techniques used for assessing controls.

With that in mind, it may not take much additional training for internal auditors to be able to look at culture within an organisation. More important is having the right mind set - being open to thinking about what is happening within your organisation, why things work the way they do, and being able to challenge that. You could consider whether those skillsets already exist within the organisation – not just necessarily within internal audit - and whether it is possible to up-skill people, or work in multi-disciplinary teams.

How do we audit culture?

There are different ways to tackle audit of culture. Some organisations have gone down the route of bringing in specialist skills into internal audit – such as organisational psychologists that may be able to help with understanding behaviours and the culture within an organisation. Another consideration under ‘how’ is whether there are certain areas that you might want to deep dive into to understand the subcultures within the firm, or at the other extreme, looking at it more globally in terms of what messages are coming from very senior colleagues.

Barclays internal audit approach

During the transformation process, Alison was working in multi-disciplinary teams -principally risk, HR and compliance - on how they were going to start to think about culture and how they were going to measure the impact of the cultural change programme that was happening within the firm. An argument had to be made for why it was necessary to measure the impact - which was to know that the culture was changing in the way they wanted it to and that the values were really being lived on a day to day basis inside the business. That was the genesis of three-pronged Barclays internal approach as illustrated by the diagram below.

The first element was initially to audit the way that the business was thinking about how it would measure the cultural change. Now that there is a cultural measurement framework in place, it is about auditing that framework. Alison’s team has recently conducted the first review of auditing the measurement framework and that will be reported to the board. That audit was at a group level - over the next 12-18 months, her team will start to look at not just the measurement but also how that framework is being used and how the metrics provided by the framework are used.

The second element is around the drivers and enablers of cultural change – all the aspects around the employee life cycle mentioned earlier. It is possible to audit recruitment processes, the way that employees are inducted into the firm and the objectives that are set for people (is there anything within those objectives that may be contrary to the culture we are trying to establish). Disciplinary and grievance processes can be audited and assessed for any indicators about organisational culture. Attrition levels within the organisation can also be assessed for any cultural reasons driving those attrition levels.

The final element is termed ‘audit everywhere’. For any standard business audit, a management control approach is conducted – so as well as giving an assessment for the control environment, the area is also assessed for its management control approach. This looks at risk culture and how effective management is in unearthing issues and then fixing them. It looks at their approach to risk management – to controls – and how they ensure that people within their part of the organisation really understand what their responsibilities are in relation to operating control and also escalating where controls are not working as they should do.

Regular reporting of the audit results to the audit committee ensure this is reviewed by the board.

Exploring behavioural observation tools

Alison and her team are considering different ways to evolve their approach to auditing culture. With every approach, their aim is to ensure that they act as a true third line of defence rather than doing anything that would be expected of the first or second line. As part of evolving their approach, they are starting to explore techniques that can be used to better equip their auditors to observe behaviour -including the use of ethnography* as promoted by the Banking Standards Board as a different way to observe culture. This is not necessarily another element but it is a possible means of improving assessment around their management control approach.

Access the webinar and Q&A session .

ACCA culture-governance tool

The ACCA culture-governance tool seeks to support organisations with their culture goals. ACCA developed this tool on the basis of research conducted since 2012 under a global initiative called  Culture and channelling corporate behaviour . Under this initiative ACCA held a series of international roundtables in London, New York, Dubai and Bengaluru alongside a survey of ACCA’s global membership, to which close to 2,000 members responded. A number of reports were produced.

Subsequent research inspired by the findings called  Effective speak-up arrangements for whistle-blowers  also informed the development of the tool.

The ACCA culture-governance tool aids organisations review culture and determine the course of change.

*Ethnography is the systematic study of people and cultures. It is designed to explore cultural phenomena where the researcher observes society from the point of view of the subject of the study. The resulting field study or case report reflects the knowledge and the system of meanings in the lives of a cultural group.

Related topics.

• Internal audit
• Audit and assurance
• Governance and control
• ACCA Careers
• ACCA Career Navigator
• ACCA Learning Community
• Your Future
• ACCA-X online courses

Useful links

• Make a payment
• ACCA Rulebook
• Work for us
• Supporting Ukraine

Using this site

• Accessibility
• Legal & copyright
• Advertising

Send us a message

Planned system updates

View our maintenance windows

• Publishing Policies
• For Organizers/Editors
• For Authors
• For Peer Reviewers

Agile Internal Auditing – The Case Back To Normal

In a world of disruption and fast-paced changes, today’s internal auditing (IA) needs to be highly adaptive to changing risks. Agile work processes have speeded up product and software development processes and are rapidly spreading to other disciplines, very recently also to IA. This development has received little research focus so far, which leaves IA practitioners unguided in their attempts to become more adaptive. The present research project attempts to make knowledge explicit about context factors which influence how agile IA work processes are implemented and abolished. Specifically, it uses an explanatory grounded case-study approach to analyse the single case of a small IA function which has implemented Scrum for all of its IA work processes in 2015 and has returned to a regular approach in 2018. A within-case analysis identifies context variables which impact agile IA change processes decisively, namely the setup of the change process, the choice of the agile method and agile planning process, and the organization of teamwork and related communication processes. The study finds out that in an already fast-paced and innovative audit team, the implementation of Scrum is fostered by a collaborative involvement of the whole IA team and strengthens knowledge sharing and agility in return. In contrast, the implementation of a lean approach deteriorates the collaborative and communicative practices established by Scrum while the agile mindset of team members and the innovative drive of the team remain constant. These findings call for more agile IA case-studies to generate hypotheses based on cross-case analyses. Keywords: Internal auditing agile frameworks scrum case-study end of scrum agile certification

Introduction

In today’s VUCA world ( Bennet & Lemoine, 2014 ), where variability, uncertainty, complexity, and ambiguity reign, organizational risk management, control and governance processes must keep pace with our disruptive environment. Internal auditing (IA) is the independent, objective assurance and consulting activity designed to add organizational value by improving these processes (The IIA, 2017b). It must keep pace with or, better, anticipate rapid changes in order to fulfil its mission.

Research on how IA can cope with these challenges is scarce. The professional bodies of internal auditors (The IIA, 2019) and external service providers (PwC, 2019) describe what is happening at large scale in the IA profession by conducting surveys with descriptive statistics. The results indicate changes to IA processes. However, surveys with descriptive statistics are of little theoretical and practical value as far as the rich complexity of change processes is concerned and when IA professionals seek guidance on how to lead change and adapt to change in the best possible way.

This explanatory research study adds empirical evidence and case-grounded hypotheses to our common knowledge base of IA in times of disruption. Specifically, it analyses how and under which conditions an IA department has pioneered the implementation of agile frameworks for its audit work processes in 2015 and how it has returned to a more regular work approach in 2018.

Problem Statement

Rapid adaptation depends on conditions which can be called dynamics, fitness for change, or agility. The following literature review outlines the meaning of agility for IA and traces how the most audit relevant agile frameworks have developed and how they have impacted the work processes of IA functions. This leads towards the problem statement in the end of this section and to the research question in section 3 .

While agility is often described as a personal mindset, its organizational manifestation can be defined as the organizational capability to rapidly and pro-actively adapt to a VUCA world and changing customer needs (Schmitz, 2018).

This adaptive power is very core to IA. All ten Core Principles for the Professional Practice of Internal Auditing (The IIA, 2017a), which define IA effectiveness, require agility (Wilhelm, 2019a). Agile auditing is a set of practices that helps IA functions in meeting their objectives in a more wholesome manner, it is a mindset adopted by an IA team to focus on stakeholder needs, drive timely insights, accelerate audit cycles, generate less documentation and reduce wasted effort ( Foo & Bhattacharya, 2017b ).

According to practitioners, agility in IA processes has explicit manifestations (Wilhelm, 2019b), which are summarized in Table 01 . The table shows: agility in IA is not just a new buzzword but affects the core of IA work processes.

While these manifestations of agility in IA have been described by practitioners ( Coleman & Kasahara, 2019 ; Herbert, 2019; Pundmann et al., 2018 ; Wilhelm, 2019a; Wilhelm, 2019b), the academic research into agile IA practices is very thin. To date, there is only one academic case-study to this topic ( Foo & Bhattacharya, 2017a ), which shows the need for studies like the present one.

The following sections analyse agile frameworks which are most relevant for IA work processes.

Kaizen and Kanban

The most widespread agile framework in IA work processes today is Kaizen (Japanese for: change to the better). Its basic ideas were conceived as the Plan-Do-Study-Act-Cycle by US professor Walter Andrew Shewhart, and his student and later professor William Edwards Deming ( Moen & Norman, 2010 ). Their ideas spread rapidly in Japan, where industrial companies like Toyota agilized standardized mass production in the 1950s.

The basic idea of Kaizen is to establish and live a culture of continuous improvement, especially by reducing the three main inefficiencies of a process to make it “lean”: overcharging a process or a system beyond its capacity (“muri”), inconsistency in performance (“mura”), and wastes within the process (“muda”). Kaizen is translated into different schools of thought, such as Lean & Total Quality Management, Six Sigma or ultimately also the industrial norms of the ISO 9000 family of standards.

Kaizen is very often combined with Kanban (Japanese for: visual signal), a visual pull-system for just-in-time production which was first introduced by Toyota in the 1940s. In Kanban, workflows are visualized on boards with cards in columns, where each column represents a workflow step and cards represent tasks with a focus on the flow of work. According to the “muri”-principle, the maximum number of items in each workflow step are limited, the so-called work in progress (WIP) limit (Baig, 2019).

In IA, the Kaizen ideas of continuous improvement and waste elimination are well established. The IIA’s International Professional Practices Framework requires a quality assurance and improvement process (QAIP) for all IA functions (The IIA, 2017c). IA practitioners have long applied “muda” principles to their own work processes (see Table 02 ).

The first book on lean internal auditing was published in 2014 ( Paterson, 2014 ), while research on the application of different schools of thought of Kaizen in IA has been published already before. The role of IA in the implementation of total quality management systems, including an empirical survey on how audit work processes apply TQM principles, was a research topic already in 1998 ( Wilhelm, 1998 ). The topic how the work processes of IA can be compatible to certification according to the family of norms ISO 9000 was explored in 2011 ( Wilhelm & Wasmer, 2011 ).

The most recent and most fundamental agile framework that has been applied to IA work processes is Scrum. The expression Scrum and the underlying approach was invented by the two Japanese professors Hirotaka Takeuchi and Ikujiro Nonaka when they conducted a research study of new product development processes. They found out that successful companies in their study no longer use a sequential approach but employ a holistic method with a built-in instability, self-organizing project teams, overlapping development phases, multilearning, subtle control, and organizational transfer of learning ( Takeuchi & Nonaka, 1986 ). This approach was first applied to software development in 1990 ( DeGrace & Hulet, 1990 ) and became very popular after 1995, when the two US software developers Jeff Sutherland and Ken Schwaber codified Scrum as agile framework for software development and marketed it all over the world ( Rigby et al., 2016 ).

Scrum is, in short, a set of rules which organizes work processes in loops of improving trials and errors (so-called Sprints), running in largely self-organized teams with daily transparent progress updates (Daily Scrum). It allows to deal with complex, adaptive problems and fosters continuous learning and naturally adjusting to changing conditions (Wilhelm, 2019a). Scrum incorporates aspects of Kaizen because its rules demand a regular inspection of the work done (Sprint Review) and a regular brainstorming on what went well and what needs to be improved (Sprint Retrospective). It implies aspects of Kanban as it works with a task board, on which the overall list of tasks to-do (Product Backlog), the list of tasks to-do during the next sprint (Sprint Backlog), as well as tasks in progress (Doing) and finished tasks (Done) are visually tracked. In contrast to Kanban, Scrum has specific roles, namely a keeper of the rules (Scrum Master), a person who is responsible for the emerging product, prioritizes the Product Backlog and links to the customer (Product Owner), as well as a self-organized project team which does the work (Scrum Team). Scrum does not know an explicit limit for work-in-progress as Kanban does but has its Scrum Team, jointly with the Product Owner, estimate its capacity and the amount of work to be done in the next sprint. Scrum has more elaborate rules, which is why Kanban is easier and faster to implement and can be applied more widely. Scrum has more disruptive power and can unleash more agile potential (Wilhelm, 2019b).

The first research endeavour to mention Scrum in relation to auditing was published in 2014 ( Wright, 2014 ). The book is written as an overview for auditors and agile teams over agile governance and audit. It bridges the knowledge gap between agile software development teams and auditors (internal and external) because back then auditors and agile teams knew little about each other’s work practices, goals and concerns. While its foreword mentions a number of (external?) audit teams looking at agile techniques and tools to plan and undertake their own audit work, the book focuses on the governance and audit of agile software development processes and does not deal with how agile frameworks can be applied to IA work processes.

The first documented application of Scrum in IA work processes happened at the IA department of the Swiss Accident Insurance Trust Suva in March 2015, the start of a full-fledged implementation of Scrum to all IA work processes (Wilhelm, 2017a, 2017b). Since then, the number of IA functions that “went agile” has proliferated. Practitioners have recently picked up the topic, with the first practical guide on how to do lean and agile auditing published this year ( Coleman & Kasahara, 2019 ). Also, external service providers (Pundmann et al., 2018) and software companies (Herbert, 2019) have started to position themselves in anticipation of the rapidly growing market of agile IA transformations.

Standard academic books of IA are already mentioning the term “agile”, which appears nine times in the IIA Research Foundation’s standard book Sawyer’s Internal Auditing ( Clayton, 2019 ). However, the advice there is that internal auditors should follow their agile organizations and build up knowledge of agile frameworks in order to be able to audit them. The books do not yet mention or advise on the implementation of agile IA work processes. The first research study on Scrum in IA is a case-study on the IA function of DBS Bank in Singapore ( Foo & Bhattacharya, 2017a ). In the case-study, DBS IA implements Scrum in pilot audit projects. A Sprint Team comprised the usual Scrum roles Scrum Master and Product Owner and only one auditor plus members from all stakeholder teams, namely also process improvement executives, user representatives, and project managers from line management ( Foo & Bhattacharya, 2017a ).

According to that case-study, DBS IA has adopted their agile approach to avoid the disruptive effects of a full-scale agile adoption. Speaking in the classification of agile IA approaches summarized in Table 03 , the DBS case-study exemplifies an IA Project Scrum, where the agile approach is limited to single audit projects and is not comprising all IA activities.

The application of agile frameworks, especially Scrum, in IA work processes is a relatively new phenomenon which has not yet been adequately covered by academic research. Specifically, there is up to date no research study which has analysed an IA function that lives a full-fledged agile approach, an IA Function Scrum, for all its IA work processes. This appears to be the more urgent, the more agile IA work processes get adopted throughout the world of IA, as it is currently the case.

Research Questions

Given the large number of IA functions in transition from traditional to agile work approaches, the specific research question for this study is:

How can the change of an IA function related to agile IA work processes be influenced?

Purpose of the study.

The goal of business administration as applied science is not only to generate new knowledge but also to support practitioners in the field, in this case active internal auditors and chief audit executives (CAE).

Research Methods

The choice of a ‘how’ research question indicates an explanatory research approach which tries to build theory by answering the research question.

Ontological, epistemological, and methodological position

This research project assumes a post positivistic ontological position, in other words it takes it for granted that reality exists in a complex nature that cannot be fully understood by the limited human mind. As a consequence, the best way to understand reality is to critically examine claims about it. As epistemological position, which concerns the nature of the relationship between researchers and their knowledge about reality, this project accepts the existence of dependence between researcher and research object but upholds objectivity of the researcher as ideal that must be controlled by means of critical questioning or peer review. This is especially important as the author is also an IA practitioner with a large experience and personal convictions about the IA profession and the present case. Methodologically, the study applies modified experimental and manipulative methodologies which are supported by triangulation of perspectives and are based on empirically grounded data derived from natural, situational settings. Research projects with a post positivistic position see theory construction as scientifically equal to theory testing, consider empirically grounded contextual variables and focus also on human behaviour and its aspects, thus trying to bridge the gap between individual cases and generalizations ( Guba & Lincoln, 1994 ).

Single case-study research design

This study chooses a single case-study research design in its attempt to answer the research question of a case with an unusual outcome, which underlines the suitability of this design ( Ragin, 2000 ). Such a case-study research design starts with data collection, namely writing a case-study on an IA function that has pioneered the implementation of IA Function Scrum in its IA work processes. It aims at developing explanations by finding general patterns in the case observations, which are considered in their context and are obtained and described with the help of interviewed respondents who provide also clues about the meaning of behaviour.

Grounded case-study approach for within-case analysis

Within-case analysis of the data was done following the methodological procedures of the grounded case-study approach by Wilhelm ( Wilhelm, 2005 ), adapted for the single case-study approach of this study. It starts with data collection in semi-structured, problem-centered interviews, which are methods of data collection that are suitable for case-specific complexity.

The case of an IA department going agile and returning back to regular work processes was selected because of its obvious fit to the research question. Table 04 summarizes key criteria for the initial selection.

Data collection is based on two interviews of 90 and 76 minutes length, covering the IA Scrum roles Scrum Master and Team Member. The interviews were recorded and transcribed, entered into a case-study database and are turned into a grounded case summary with the help of summarizing content analysis.

In the data of the case-study of FICO’s IA, the empirical data can be structured into categories which have emerged as influences on the implementation of agile work processes. They are summarized in the following sections.

Background and change process

Before going agile, FICO’s IA employed a classical audit approach where an annual plan was established, decided for each year, then worked off in individual black-box audit projects. The way how agile work process were implemented played an important role. Mental speed has already been IA’s key success factor and has allowed it to successfully overcome organizational hostility during the past seven years. The CAE and his team had already implemented several innovations such as dedicated consulting and data analytics teams or a database of findings and recommendations replacing traditional audit reports. After years of trying out in vain audit work process software solutions to find satisfactory IA work processes, the CAE brought forward his agile idea. His five-person team’s reaction reached from change fatigue to deep interest in a new potential solution. What followed was a time of intensive reading by those interested. The CAE communicated his wish to give the idea a try and gave every member of his audit team the chance to veto against it – which nobody did. In March 2015, they decided to go agile. They organized a training workshop for agile methodologies and their implementation in IA to get the knowledge about agile work. The workshop was given by a Tunisian agile coach experienced with software development. It introduced agile frameworks and Scrum, had practical exercises to strengthen the knowledge, and placed its focus on finding a solution on how to adapt agile to IA. Having a professional coach saved a lot of time because of his idea of agile opportunities. He helped to structure the discussions and represented ideas visually. As the coach knew only agile software development, he did not speak the language of internal auditors and therefore the IA team autonomously transferred his ideas into the IA world. At the end of this two-day workshop, every IA team member became certified as Certified ScrumMaster. Whereas several team members were initially rather sceptical, the course sparked their enthusiasm and willingness to try living Scrum. The IA team had decided to use Scrum for all IA processes because also support processes and links to other processes like planning, education or data analytics are relevant for the core audit processes. They felt that the more pervasive Scrum was applied, the better will be the prioritization of tasks. What follows was a period until June 2016 in which the IA team used trial and error and cut its annual plan into pieces until manageable tasks were found as items on the Product Backlog.

In this initial phase, Scrum met much resistance within the IA team. People were used to know in the beginning of a year what audits they will perform. The idea to meet every day and every two weeks to plan anew how little chunks of work can be done took away planning security for the individual auditor. Astonishingly, people with a very structured accounting profile who appeared to be rather inflexible coped with the change process very well whereas other team members had severe concerns and, at one time, tried even to work out an alternative work model which followed a waterfall project method. In intensive team discussions and with the strong dedication of the CAE, the IA team tried to find “their Scrum” and the right aggregation of tasks. Very quickly, working with Scrum became the normality for FICO’s IA team. The agile method lost its initial attraction and became routine. The IA team started to feel well with this new way to work. In this phase, instead of individual motivation the strong structures of Scrum carried the system forward: the sequence of institutionalized exchanges in daily and bi-weekly meetings and the included continuous improvement process. When the CAE left the company, a new CAE was appointed out of the IA team, who happened to be a proponent of the waterfall project and lean management methods. The new CAE aimed at making the Scrum work process leaner, which is why – after a transition phase of one year – he eventually changed the IA Scrum work processes back to a regular IA approach with a Kanban board in 2018.

Agile method, audit planning, and innovation

In the Scrum approach, especially the definition of work packages proofed to be difficult. A too fine-grained planning of Scrum tasks consumes a lot of preparation time and is felt by some auditors as pressure. Due to the interdependencies outside of IA’s control, it often turns out to be in vain. Agile audit gets more transparent but often not much quicker when the auditee and data access do not work in an agile way.

One and a half years after FICO’s IA had fully implemented Scrum, the new CAE abolished the regular team meetings, the role of a Scrum Master and self-organization of the audit team. Instead, there were biweekly regular team meetings without an agile rule setup. A conventional Kanban board as a general to-do list, a special to-do-list for the next two weeks as well as columns with “doing” and “done” were retained. The process became leaner but also less agile as fast changes were no longer done and team members did no longer bring in new requests in an agile way. During the Scrum approach, IA had still kept the traditional annual planning process where the AC decides on a yearly plan. This was a trade-off made to develop IA Scrum in an incubator mode without AC involvement. The new CAE arranged with the AC to introduce a half-yearly planning. As a consequence, the audit plan was executed closer to its initial risk assessment. Also, according to the regular audit approach, internal auditors were no longer multi-tasking in several audits but worked at one audit at a time. Audit planning became more rigid as the audits had to be finished punctually twice a year instead of once a year. Given the fixed end dates and less flexibility of a one-auditor-one-audit approach, agility inside individual time-boxed audit projects became more difficult because many auditees were rather inflexible and favoured a planned inflexible audit approach whereas agile auditing would have required quick access and quickly scheduled interviews during the time-boxed audits.

Regardless of the audit approach, where an audit is broken down into tasks there is the risk to intellectualize the audit work – it is already difficult to formulate a good task but it takes an enormous planning effort and has doubtful chances for success to plan the ideal backlog first and then implement it as it is.

FICO’s IA team had always spent a lot of time for innovation. The introduction of Scrum has supported this innovative spirit because in an IA Function Scrum innovation was treated as a normal task and there was no difference between innovative tasks and regular work tasks. Both types of tasks were included in the normal work process, which was very helpful. The team managed to develop an agile mindset which led to more discussions and innovation debates compared to before the introduction of Scrum. This mindset stayed also after the restitution of a regular work process and was nourished by a constant inner urge to be agile and to stay innovative, no matter if agile was lived or not in the work process.

Organization of teamwork

In the Scrum and the conventional Kanban approach, the decision what the end result must be is taken top-down. The CAE is the place, irrespective of the approach, where the full responsibility remains.

Before FICO’s IA changed to Scrum, the individual auditors had limited contact with each other. Once the annual audit plan was decided, the projects were distributed by the CAE and if no urgent question or resistance came up, the auditor could execute the whole allocated audit project without any contact to the team or the CAE. This was satisfying for individual experts and granted them a lot of freedom. Teamwork, transparency and sharing knowledge were limited.

When FICO’s IA changed to Scrum, a self-organized team gained the freedom of implementation and could freely decide who does what task and how. The individual auditors had their specializations which played a large role on the choice of tasks each one made. Each auditor worked together with other auditors and according to the circumstances there were mixed and changing teams within a single audit. Auditors were multi-tasking in several audits and tasks of other IA processes such as education, management or quality improvement. Most audit projects were completely unique green field approaches, derived solely out of the IA team’s risk assessment. Every second week, the IA team critically discussed its active projects and decided if action should be taken and if the initial goals were still justified.

When FICO’s IA changed back to a conventional Kanban work process, the auditors could pronounce their work preferences in a meeting but the CAE decided over the distribution of labour. With a lean approach in mind, the new CAE strived for a strong standardization of the audit process. Templates with process and content checklists were introduced that had to be closely followed in each audit, with any deviation to be explained in detail. One team member was appointed as quality controller to make sure the templates were filled in and the individual steps were all kept in every audit project. It stayed in the discretion of the individual auditor to add additional content, however due to the time-boxed setup working off the checklists had the priority. Fulfilling the audit plan became the priority whereas reaching unique value added used to be the priority before. The Scrum Master’s usual role is to take away impediments so that the development team can concentrate on their work. Most impediments in IA stem from sources external to the IA function, which is why the possibilities of a Scrum Master as regular IA team member are limited. If the team members are not content with the work approach, the Scrum Master frequently receives negative feedback and is in a double role in between the CAE and the team. After the FICO’s IA changed back to a conventional Kanban work process, the Scrum Master role was abolished.

Communication and customer focus

For FICO’s IA team, the customer focus remained constant irrespective of the work approach because it is linked to the proactiveness of every individual auditor. The relation to auditees was coined by interviews and feedback questions, no matter if the audit approach was agile or not. With Scrum, the communication became more structured and daily communication routines were formalized. The team members knew that they will see each other in and around the next daily Scrum meeting so they tended to use the formal time to exchange instead of spontaneous office visits. Inside the audit team, discussions were very intensive, before, during and after Scrum. The intensive exchanges in formal Scrum meetings made especially sense when every team member felt as real part of the project. In the IA Function Scrum, the team often talked every day about very different topics. In such a situation, the limited mutual influence of team members on each other turns the exchange less vital. In contrast, in an environment where one task influences the other and where there is real collaboration, feedback from colleagues is more interesting and the formal meetings allow to share topical knowledge and not only to gain insight into the work of the team in terms of organizational information about where a colleague is and what he does. Before Scrum, FICO’s IA had already replaced their formal IA report with a database of findings and recommendation and kept formal presentations to a minimum, therefore Scrum did not have a large impact on reporting. However, the IA team had decided to balance the speed of quick reports with the need to wait until interrelated findings can be linked, which may appear during different phases of the audit. In addition, having too frequent reports carries the risk of confusion and a loss of time due to avoidable discussions with auditees.

This case-study is the first research project to examine the introduction of an IA Function Scrum in an IA function. In addition, it is the first case-study about an IA function which has returned back to a regular work approach after having implemented an agile framework. The data is highly contextual and specific to the individual case of an IA team that used to be already fast-paced and innovative before implementing agile frameworks. It indicates how sets of context variables influenced the agile change of FICO’s IA function. Thanks to the rich contextual descriptions, a comparison of context variables will allow to infer general conclusions for IA change processes in other environments.

The within-case analysis has identified the setup of the change process, the choice of the agile method and agile planning process, and the organization of teamwork and related communication processes as relevant influencers of agile change. It shows that the collaborative involvement of the whole IA team has facilitated the implementation of Scrum. The implementation process was supported by the motivating dedication of the CAE as well as by an agile workshop led by an external coach and the included certification of the whole IA team. After the initial enthusiasm became less, the new work processes were backed by the strong routines of the Scrum approach. FICO’s IA team has repeatedly adapted these routines to their specific needs and has thereby applied the principle of trial and error to the implementation process. Scrum has increased the transparency over IA work processes and it has strengthened knowledge sharing and agility in the IA team. It turned out challenging in terms of finding the right task size and striking a balance between fast reporting and considering interdependencies of findings. The strong structure of Scrum has created its own inefficiencies, thereby paving the way to its abolition in favour of a leaner approach. FICO’s leaner approach was successfully rolled out in a strictly top-down manner and has replaced Scrum. It has deteriorated the collaborative and communicative practices established by Scrum. However, it has consistently preserved the agile mindset of team members and the team’s innovative drive.

The most decisive factor for the implementation of Scrum and for its replacement by a leaner approach were individual preferences of the CAEs and their ability to overcome resistance in the team. The collaborative implementation of Scrum was well aligned to its collaborative nature and allowed to spark enthusiasm and commitment in the IA team. Over time, this drive ceded to a more bureaucratic application of the strong structural processes of Scrum. Agile work processes tended to become tedious and time consuming routines. The top-down implementation of a leaner approach counteracted a collaborative spirit and did not cause open resistance but tended to create emotional withdrawal and a work-to-rule spirit. After the restitution of less-agile work processes, a strengthened agile mindset and innovative drive remained unchanged. This shows that agility is more than a question of designing work processes but affects organizations primarily as a mindset shared by individuals and teams. FICO’s agile audit case calls for more research into how different agile audit work processes succeed in different organizational settings. Specifically, it will be interesting to see how IA can keep up the momentum of agile work processes without getting stuck in agile structures and bureaucracy. Based on a variety of empirically grounded cases, multi-case analysis will allow a cross-case analysis emancipated from individual preferences. This will ultimately lead to the discovery of options for practitioners who plan to change their IA teams towards more agile work processes.

• Baig, M. S. (2019, November 28). A (Very) Short History of Kanban. https://www. researchgate.net/publication/332571187_kanban
• Bennet, N., & Lemoine, G. J. (2014). What VUCA Really Means for You. Harvard Business Review, 92. https://hbr.org/2014/01/what-vuca-really-means-for-you
• Clayton, D. (2019). Sawyer’s Internal Auditing: Enhancing and Protecting Organizational value. Altamonte Springs: Internal Audit Foundation.
• Coleman, P., & Kasahara, S. (2019). Active Auditing – A Practical Guide to Lean & Agile Auditing. Amazon Kindle: Coleman.
• DeGrace, P., & Hulet, S. L. (1990). Wicked Problems, Righteous Solutions: A Catalogue of Modern Engineering Paradigms. Upper Saddle River: Prentice Hall International.
• Foo, S. L., & Bhattacharya, L. (2017a). Agile Auditing at DBS: Embracing the Future. Case-Study. Boston: Harvard Business Press.
• Foo, S. L., & Bhattacharya, L. (2017b). Agile Auditing at DBS: Embracing the Future. Case-Study Teaching Note. Boston: Harvard Business Press.
• Guba, E., & Lincoln, Y. S. (1994). Competing paradigms in qualitative research. Handbook of qualitative research, 105-117.
• Herbert, G. (2019, May 31). Dynamic Auditing. Presentation at the SOPAC 2019. http://iia.org.au/sf_docs/default-source/sopac-2019/delegate-copy-presentation-session-8d-dynamic-auditing-keeping-pace-in-the-now-environment.pdf?sfvrsn=2
• Moen, R., & Norman, C. (2010). Circling Back – Clearing up myths about the Deming cycle and seeing how it keeps evolving. Quality Progress, 22-28.
• Paterson, J. C. (2014). Lean Auditing: Driving Added Value and Efficiency in Internal Audit. Wiley.
• Pundmann, S., Adams, S., & Narayanan, R. (2018, February 2). How Agile Internal Audit Can Add Value. https://deloitte.wsj.com/cfo/2018/02/02/how-agile-internal-audit-can-add-value/
• PwC. (2019, November 6). 2019 Global State of the Internal Audit Profession Study. https://www.iianz.org.nz/Site/news/all-news/2019-state-of-internal-audit-profession.aspx
• Ragin, C. (2000). Fuzzy-Set Social Science. University Press.
• Rigby, D., Sutherland, J., & Takeuchi, H. (2016, April 20). The Secret History of Agile Innovation. Harvard Business Review. https://s3.amazonaws.com/media.loft.io/attachments/ The_Secret_History_of_Agile_Innovation.pdf
• Schmitz, A. (2018, November 15). Agiles Arbeiten – Worüber reden wir hier überhaupt? Präsentation an der BGM-Fachtagung der ZWW, Universität Bielefeld. [Agile work – what are we talking about? Presentation at the ZWW conference, University of Bielefeld]. https://www.bgm-bielefeld.de/downloads/ws181115bgm31415.pdf
• Takeuchi, H., & Nonaka, I. (1986). The New New Product Development Game. Harvard Business Review, 37-146.
• The IIA. (2017a, November 5). Core Principles for the Professional Practice of Internal Auditing. https://na.theiia.org/standards-guidance/mandatory-guidance/Pages/Core-Principles-for-the-Professional-Practice-of-Internal-Auditing.aspx
• The IIA. (2017b, November 5). Definition of Internal Auditing. https://na.theiia.org/standards-guidance/mandatory-guidance/Pages/Definition-of-Internal-Auditing.aspx
• The IIA. (2017c, November 5). International Standards for the Professional Practice of Internal Auditing (Standards), 7-9. Retrieved from https://na.theiia.org/standards-guidance/mandatory-guidance/Pages/Standards.aspx
• The IIA. (2019, November 6). Pulse of Internal Audit Reports. The Audit Executive Center. https://www.theiia.org/centers/aec/Pages/pulse-of-internal-audit.aspx
• Wilhelm, P. (1998). Die Rolle der Internen Revision bei der Umsetzung einer TQM-Strategie (Diplomarbeit). [The Role of Internal Auditing during the implementation of a TQM strategy]. (Master Thesis). University of St. Gallen.
• Wilhelm, P. (2005). Power in Change Management (Doctoral dissertation). Antonym.
• Wilhelm, P., & Wasmer, S. (2011). Qualitätssicherungsprozess bei der Suva – IIA-Qualitätsprogramm und ISO 9001:2008. [Quality Assurance Process at Suva – IIA-Quality Programme and ISO 9001:2008]. Der Schweizer Treuhänder 9, 732-737.
• Wilhelm, P. (2017a, September 21). Agile Audit Planning. Presentation at the ECIIA Conference Basel, Switzerland.
• Wilhelm, P. (2017b, November 10). Agile Audit Planning. Presentation at the IIA Baltic Conference 2017, Riga, Latvia.
• Wilhelm, P. (2019a, July 9). Agile Internal Audit Processes. Presentation at the International Global Conference 2019 of The Institute of Internal Auditors, Anaheim, California.
• Wilhelm, P. (2019b, September 26). Agilität und ihre Anwendung in der Internen Revision. [Agility and its Application in Internal Auditing]. Presentation at the 38th Annual Conference of the IIA Austria, Schloss Schönbrunn, Vienna.
• Wright, C. (2014). Agile Governance and Audit – An overview for auditors and agile teams. IT Governance Publishing.

Copyright information

About this article

Publication date.

13 February 2021

Article Doi

https://doi.org/10.15405/epsbs.2021.02.16

978-1-80296-100-3

European Publisher

Print ISBN (optional)

Edition number.

1st Edition

National interest, national identity, national security, national consciousness, social relations, public relation, public organizations, linguocultural identity, linguistics

Cite this article as:

Wilhelm, P. (2021). Agile Internal Auditing – The Case Back To Normal. In C. Zehir, A. Kutlu, & T. Karaboğa (Eds.), Leadership, Innovation, Media and Communication, vol 101. European Proceedings of Social and Behavioural Sciences (pp. 173-185). European Publisher. https://doi.org/10.15405/epsbs.2021.02.16

We care about your privacy

We use cookies or similar technologies to access personal data, including page visits and your IP address. We use this information about you, your devices and your online interactions with us to provide, analyse and improve our services. This may include personalising content or advertising for you. You can find out more in our privacy policy and cookie policy and manage the choices available to you at any time by going to ‘Privacy settings’ at the bottom of any page.

Manage My Preferences

You have control over your personal data. For more detailed information about your personal data, please see our Privacy Policy and Cookie Policy .

These cookies are essential in order to enable you to move around the site and use its features, such as accessing secure areas of the site. Without these cookies, services you have asked for cannot be provided.

Third-party advertising and social media cookies are used to (1) deliver advertisements more relevant to you and your interests; (2) limit the number of times you see an advertisement; (3) help measure the effectiveness of the advertising campaign; and (4) understand people’s behavior after they view an advertisement. They remember that you have visited a site and quite often they will be linked to site functionality provided by the other organization. This may impact the content and messages you see on other websites you visit.

• Browse All Articles
• Newsletter Sign-Up

AccountingAudits →

No results found in working knowledge.

• Were any results found in one of the other content buckets on the left?
• Try removing some search filters.
• Use different search filters.

• Global (EN)
• Albania (en)
• Algeria (fr)
• Argentina (es)
• Armenia (en)
• Australia (en)
• Austria (de)
• Austria (en)
• Azerbaijan (en)
• Bahamas (en)
• Bahrain (en)
• Bangladesh (en)
• Barbados (en)
• Belgium (en)
• Belgium (nl)
• Bermuda (en)
• Bosnia and Herzegovina (en)
• Brasil (pt)
• Brazil (en)
• British Virgin Islands (en)
• Bulgaria (en)
• Cambodia (en)
• Cameroon (fr)
• Canada (en)
• Canada (fr)
• Cayman Islands (en)
• Channel Islands (en)
• Colombia (es)
• Costa Rica (es)
• Croatia (en)
• Cyprus (en)
• Czech Republic (cs)
• Czech Republic (en)
• DR Congo (fr)
• Denmark (da)
• Denmark (en)
• Ecuador (es)
• Estonia (en)
• Estonia (et)
• Finland (fi)
• France (fr)
• Georgia (en)
• Germany (de)
• Germany (en)
• Gibraltar (en)
• Greece (el)
• Greece (en)
• Hong Kong SAR (en)
• Hungary (en)
• Hungary (hu)
• Iceland (is)
• Indonesia (en)
• Ireland (en)
• Isle of Man (en)
• Israel (en)
• Ivory Coast (fr)
• Jamaica (en)
• Jordan (en)
• Kazakhstan (en)
• Kazakhstan (kk)
• Kazakhstan (ru)
• Kuwait (en)
• Latvia (en)
• Latvia (lv)
• Lebanon (en)
• Lithuania (en)
• Lithuania (lt)
• Luxembourg (en)
• Macau SAR (en)
• Malaysia (en)
• Mauritius (en)
• Mexico (es)
• Moldova (en)
• Monaco (en)
• Monaco (fr)
• Mongolia (en)
• Montenegro (en)
• Mozambique (en)
• Myanmar (en)
• Namibia (en)
• Netherlands (en)
• Netherlands (nl)
• New Zealand (en)
• Nigeria (en)
• North Macedonia (en)
• Norway (nb)
• Pakistan (en)
• Panama (es)
• Philippines (en)
• Poland (en)
• Poland (pl)
• Portugal (en)
• Portugal (pt)
• Romania (en)
• Romania (ro)
• Saudi Arabia (en)
• Serbia (en)
• Singapore (en)
• Slovakia (en)
• Slovakia (sk)
• Slovenia (en)
• South Africa (en)
• Sri Lanka (en)
• Sweden (sv)
• Switzerland (de)
• Switzerland (en)
• Switzerland (fr)
• Taiwan (en)
• Taiwan (zh)
• Thailand (en)
• Trinidad and Tobago (en)
• Tunisia (en)
• Tunisia (fr)
• Turkey (en)
• Turkey (tr)
• Ukraine (en)
• Ukraine (ru)
• Ukraine (uk)
• United Arab Emirates (en)
• United Kingdom (en)
• United States (en)
• Uruguay (es)
• Uzbekistan (en)
• Uzbekistan (ru)
• Venezuela (es)
• Vietnam (en)
• Vietnam (vi)
• Zambia (en)
• Zimbabwe (en)
• Financial Reporting View
• Women's Leadership
• Corporate Finance
• Board Leadership
• Executive Education

Fresh thinking and actionable insights that address critical issues your organization faces.

• Insights by Industry
• Insights by Topic

KPMG's multi-disciplinary approach and deep, practical industry knowledge help clients meet challenges and respond to opportunities.

• Advisory Services
• Audit Services
• Tax Services

Services to meet your business goals

Technology Alliances

KPMG has market-leading alliances with many of the world's leading software and services vendors.

Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

• Our Industries

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

• What sets us apart

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Relevant Results

Sorry, there are no results matching your search., case studies.

See how KPMG has helped organizations transform themselves to compete more effectively.

• Innovation insights
• Enterprise-wide Innovation

Explore client stories

Redefining what’s possible in the pursuit of health equity

Helping Morehouse School of Medicine globalize its impact and modernize its capabilities

An innovative workshop session plants the seeds for change and growth

KPMG Ignition helps the Crop Science division of Bayer make the changes that matter for finance transformation

Uber rethinks the rules of the road. Again.

KPMG’s flexible, listen-to-design approach extends a legacy of tax technology innovation.

More stories

Read about how we help clients enhance their customer experience, improve business performance, and drive new revenue streams—then let us do the same for you. ​

Meet our team

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement .

Job seekers

Visit our careers section or search our jobs database.

Use the RFP submission form to detail the services KPMG can help assist you with.

Office locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.

Damon Hacker, Vestige President, is presenting to the SAME Mt. Tacoma Post & engineering students at the University of Washington-Tacoma on April 9.

I.T. Auditing : Sample Cases – Representative Matters

• Case Studies
• I.T. Auditing : Sample Cases -…

The following audit case studies highlight several matters for which Vestige was retained that involve I.T. Auditing Services. Each of these cases are real matters that we have worked, but for privacy and confidentiality purposes, any identifying information has been sanitized from our auditing samples. Learn how Vestige LTD has provided assistance in various I.T. auditing cases below.

Publicly Listed Professional Services Firm

Our client, a public company, subject to SEC regulation, had both a robust Internal Audit Department as well as its outside audit firm (one of the Big 4). While the Internal Audit Department had financial auditors on staff and had a handful of individuals that dabbled in I.T. Reviews, it became evident that the level of expertise needed for such a complex environment exceeded their internal resources. Over the years the organization has had to deal with a number of regulatory requirements, including: Sarbanes-Oxley (SOX) compliance, HIPAA, PCI, and FINRA, to point out a few. Vestige became involved as an extension of this organization’s Internal Audit Department, providing a wide range of I.T. audits and assessments for a number of the organization’s divisions and separate business entities. Reporting through the Internal Audit Department, we were able to closely coordinate our efforts with the financial auditors to provide the organization with an even better overall assessment of the organization’s risks. Beyond that, we provided our client confidence with moving forward on its external audits, knowing that issues were identified and addressed internally in ample time to remediate the controls and show that they had been in-place and working over a period of time. It was even reported to us that the external auditor was able to rely upon much of our work product due to its completeness, accuracy and quality of findings, thereby saving our client substantial fees in having to undergo additional scrutiny and testing by the external audit firm.

Institute of Higher Education

Vestige has complemented the Internal Audit Department of a four year college that caters to more than 30,000 students and has several campuses. The Internal Audit Department is on the smaller side (2-4 auditors) and has no one that specializes in I.T. Auditing. While it is void of this important function within its internal resources, it does have one of the financial auditors who has shown an interest. As a result, not only has Vestige partnered with the University to conduct the I.T. component of its audits, but we have provided some additional ancillary services to assist with the training of this individual. For example, as part of our engagement we have created the audit programs for some of the areas of concentration, as determined by the organization’s risk assessment. Vestige initially conducted an audit of one of these areas, completed our documentation and also created add-on audit programs, custom-tailored to the University, and provided these along with training to the internal resource for them to conduct on-their-own. In this manner, the University is not only gaining Vestige’s expertise as it relates to the identification of risks and the conducting of the I.T. audits, they are also gaining important knowledge and resources to build up their own internal expertise.

Large Conglomerate

For more than 12 years, Vestige has provided outsourced I.T. Auditing to a large ($1B+ revenue) conglomerate. Throughout the years, this organization has maintained its own Internal Audit Department of 8-10 financial auditors. They had previously attempted to recruit, hire and retain IT Auditors, but were never successful at keeping these individuals long enough to gain any of the efficiencies and insight that someone gains by being in the environment an extended period of time. Frustrated with this approach, the conglomerate originally sought our services out to augment the internal I.T. auditor’s experience, to act as a reviewer and to mentor the individuals on the I.T. Auditing side since the balance of the Internal Audit Department was financially-focused. Eventually it became evident that the organization was in a vicious cycle of recruiting, hiring, training and then losing these individuals and turned to Vestige as an outsourced solution providing full I.T. Auditing services as part of its Internal Audit Department and its 20+ individual portfolio companies.

Outside Accounting Firm

As a Public Accounting firm, our client provides external audit functions to thousands of clients. Like so many other regional and local accounting firms, our client has financial auditing expertise, but does not have the internal resources from an I.T. Auditing focus. Since the introduction of the AICPA’s Statement of Audit Standards 94 (SAS.94) in May 2001, reliance upon auditing “around” the technology involved in a financial system is no longer acceptable and auditing firms have had to rely upon and develop expertise in being able to audit the actual technology. As most auditors are financially-focused, there is a wide dearth of expertise as it relates to the I.T. Auditing component. Vestige has complemented these firms’ needs by partnering with them to jointly provide comprehensive audits that focus on the financial and the I.T. components. This has included routine financial audits, but has also included specialized I.T. audits such as SAS70s (deprecated) and SSAE16/SOC-type compliancy reports.

CONTACT US today to discuss how Vestige can assist your Internal Auditing Department with I.T. Auditing .

CONTACT US  

Related Articles

• All Related Articles

Recovering from a breach

Understanding the I.T. Assessment Process

How to Remediate your gaps in preparation for CMMC

What Happens if You’re Late to the Game? Part 2

Related white papers.

• View All White Papers

So You Need to Comply with NIST 800-171 & CMMC

Related case studies.

• View All Case Studies

HQ: Cleveland, OH

• 330.721.1205
• 800.314.4357
• 330.721.1206

Columbus, OH

• 614.846.8660
• 303-872-9231

Pittsburgh, PA

• 412.315.7277

New York, NY

• 332.204.1001

This site uses cookies, for more information, review our privacy policy .

• Verify Documents, Clients & Products
• Offices & Labs
• Our Services
• Our Company
• Sustainability
• Insights & Resources

What are you looking for?

Some topics you might be interested in, haier air conditioning achieves iso 14067 verification certificate for greenhouse gases carbon footprint of products.

SGS has presented an ISO 14067 greenhouse gases carbon footprint of products verification certificate to Haier Air Conditioning for two of its P-series split air conditioners that utilize the environmentally friendly, low-carbon refrigerant R290.

Verification against the ISO 14067 standard demonstrates that Haier Air Conditioning has successfully completed SGS's comprehensive analysis and audit for greenhouse gas emissions throughout the life cycle of the two products.

Keith Hutchinson, Deputy Director C&P Global Certification, SGS, presented the certificate to Dr Lao Chunfeng, R&D Technical Director of Haier Air Conditioning, at the 43rd MCE international tradeshow – a major platform for organizations from around the globe to showcase new, innovative and sustainable products and technologies in heating, ventilation and cooling industry – on March 12, 2024.

This award marks a significant step forward in a growing relationship between SGS and Haier Air Conditioning as the two companies cooperate in the field of eco-design of home appliance products. Through global quality standards and verification, both parties will progress the sustainable development of products to future-proof against new international regulations and build stakeholder trust.

Keith Hutchinson, SGS Deputy Director C&P Global Certification, said: “Congratulations to Haier Air Conditioning for achieving this standard which aligns to UN Sustainable Development Goals.

“We are witnessing a welcomed and increasing focus from manufacturers and brands on addressing global environmental concerns. For Haier Air Conditioning, the low-carbon transformation of the home appliance manufacturing industry is an absolute megatrend, and we look forward to supporting them every step of the way on their journey towards greener and cleaner products.”

SGS product certification services

SGS product certification, verification and approval mark services enable you to demonstrate compliance of your consumer products with the widest range of schemes for your market. There is a whole range of product certification, verification and approval schemes that enable manufacturers, retailers and brands to meet country regulatory requirements, and highlight the specific qualities of a product, thereby giving them a competitive edge and enabling consumers to differentiate between the products available.

Learn more about SGS’s product certification services .

For further information, please contact:

Keith Hutchinson Deputy Director. C&P Global Certification Connectivity and Products t: +44 (0)7889 939 812

We are SGS – the world’s leading testing, inspection and certification company. We are recognized as the global benchmark for sustainability, quality and integrity. Our 99,600 employees operate a network of 2,600 offices and laboratories around the world.

© SGS Société Générale de Surveillance SA.

Related Services

Get insights on international developments, new regulations, case studies and updates on sgs activities..

Related Articles

Yazara’s Software Becomes First to Achieve PCI MPoC Isolated SDK Approval

Wayzim, China’s Leading Logistics Equipment Manufacturer, Gains CE Certification

Certification and Accreditation Administration adjusts testing methods for China RoHS

SGS Joins Forces with Jaguar Land Rover to Deliver Electromagnetic Compatibility EMC Testing

News & insights.

• SGS North America Inc.

+1 201 508 3000

+1 201 508 3183

201 Route 17 North,

7th and 8th Floors,

Rutherford, New Jersey, 07070,

United States