Imagine a woman twists her ankle while crossing the street. With no insurance, she decides to take care of her ankle with home remedies but eventually has to see an orthopedic surgeon because it's not healing. The doctor tells her she has arthritis in the ankle, which could be helped with minor surgery. Again, with no insurance she decides to forgo surgery. Years later, when her condition has worsened and spread to other joints, she is forced to undergo surgery. Without the surgery, the woman's spine eventually would have been affected, causing her to lose the ability to walk. Luckily, she had the surgery before it was too late.
Similar scenarios are true for many of us in the business world. We avoid accepting professional help until it is too late and find ourselves going through painful and expensive procedures to get back to business as usual. Yet some organizations avoid major problems and easily convert risks into opportunities. They often are well-prepared simply by using a disciplined and proactive approach of regular check-ups, healthy habits, and incorporating risk strategies. Like these organizations, Hewlett-Packard (HP) has internal auditors who champion this approach by helping identify risks and making recommendations that could thwart events from devastating the organization.
At HP, a global organization with many different businesses and functions, issues sometimes would surface in unlikely areas not covered by the audit. In recent years, internal audit has developed a comprehensive list of all areas within the company and shared it with business units to get a better understanding of the risks and determine whether there are any additional areas not covered. Then all the areas are ranked based on different quantitative and qualitative criteria, giving consideration to the business' input. From the continuous risk-ranking assessment, internal audit decides for each area the audit frequency, testing strategy, resources, and expertise required to perform the audit.
HP Internal Audit has taken a more proactive approach to mitigating risks by engaging in collaborative practices with the business units. This type of relationship has allowed both internal audit and the business units to better understand the objectives, processes, and results while increasing mutual respect and reducing costs.
SPECIALIZATION AND KNOWLEDGE MANAGEMENT
Just as HP has auditors who specialize in complex areas such as revenue recognition, tax, and treasury,...
This is a preview. Get the full text through your school or public library.