It was originally intended that I would be the CAE at AstraZeneca for three or four years, but the work we did on lean auditing and the impact it was having encouraged me to stay longer (for seven years in all). Increasingly, I became interested in sharing the lean auditing ideas and practices that we had developed with other CAEs. In addition, I could see an opportunity to do more work in the field of leadership development and culture change (which I had done for two years prior to becoming CAE at AstraZeneca). As a result, at the beginning of 2010, I set up my own business specializing in lean auditing, Risk Assurance, CAE coaching and internal audit effectiveness (www.RiskAI.co.uk).
Whilst I have seen significant differences in the contexts and cultures that audit functions have to operate within, it is noteworthy that many of the challenges and dilemmas faced by audit functions across the globe are similar (albeit each with its own very specific flavour). Some common challenges and dilemmas facing the internal audit functions that I work with are:
The root causes for these areas of difficulty are various and may be linked to problems with communication and underlying systems. However, a number of the problems that arise are due to poor process disciplines in audit and, from my experience, questions about the role of audit, as well as the mindset of some managers and auditors.
As we will see during the course of this book, lean ways of working can help audit to navigate through many of these challenges and dilemmas, helping the internal audit function become more impactful, as well as providing a range of other benefits at an organizational level.
As I mentioned in the introduction to this book, my experience developing lean auditing techniques as the CAE of AstraZeneca provided a solid foundation to work with clients and workshop participants. However, other CAEs I have worked with have faced other areas of difficulty, which we addressed through new lean auditing approaches. In addition, other CAEs I know have developed their own good practices that further “raise the bar” on what value adding and efficient auditing can be like.
As a result, this book contains many internal audit best practices developed by, and with, other CAEs, alongside those developed during my time as the CAE of AstraZeneca.
The key benefits of adopting a lean audit approach to internal audit are:
In addition, I will outline in this book how progressive, lean ways of working can act as a catalyst for driving improvements across a range of broader Governance, Risk, Compliance (GRC) and assurance activities.
At this point it is appropriate to offer several reflections on the terms “audit”, “auditing”, “internal auditing”, “lean auditing”, and “progressive auditing” that will be used during the course of the book. To start: many internal auditors use the term audit when referring to an internal audit. In addition, lean ways of working are often applicable to other types of auditing (e.g. quality auditing, efficiency auditing, health and safety auditing), not just internal auditing. As a result the terms audit and auditing will normally refer to internal audit and internal auditing, but may also relate to other types of audit functions and other types of auditing, depending on the context.
In relation to the term “lean auditing,” I am referring to the practice of internal auditing as informed and enhanced by lean principles, tools and techniques. However, a number of progressive audit practices referred to in this book also focus on the themes of adding value and efficiency, which are central to lean ways of working. As a result, I will sometimes use the terms “lean auditing” or “lean progressive auditing” to refer to a “family” of audit practices that are judged to represent good audit practice in the eyes of leading audit practitioners, typically with a focus on delivering value and improving productivity.
My use of “progressive auditing” also reflects the fact that I am not overly concerned whether the term “lean auditing” gains strong currency within the internal audit profession. My prime interest is to stimulate some interest and offer practical insights in relation to the way the internal audit can push forward on a value adding agenda, and become recognized as an essential ingredient for organizational success. More than anything, I want to avoid the scenario in 10 years’ time where internal audit has been consigned to an eternal prison of primarily working on regulatory compliance and control issues, with key operational and strategic risks largely regarded as “off limits.”