By: Ayman Abdelrahim, MQM, CIA, CCSA, CFE

internal audit value

Have you ever found it difficult to answer these questions: What is the added value provided by the internal audit? Can you convince the senior management of that the internal audit adds a value to the organization you are working for? Is the added value understandable, clear and identified as per the internal audit standards? If you can’t answer these questions, you are certainly one of the many auditors who are not able to reply to the senior management or audit committee when they ask about the added value provided by the internal audit.

Ambiguity of the Value Adding Concept

Auditors often use the term “Value Adding” which is circulated at conferences and workshops held on the internal audit profession.  The internal audit definition is influential in the use of such term because it clearly refers to the internal audit. It means “An Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes”.

The Value Adding term may sound ambiguous to the senior management because they have the belief that the immeasurable is unachievable. This ambiguity has been exacerbated by defining such term among the terms set out in the internal audit standards. Value Adding means “The internal audit activity adds value to the organization (and its stakeholders) when it provides objective and relevant assurance, and contributes to the effectiveness and efficiency of governance, risk management, and control processes.”. This definition is very general and it is confined to the objective assurance and effective contribution, which are an integral part of the characteristics of the professional internal auditor.

Delivering on the Promise

In November 2015, the international Institute of Internal Auditors (IIA) issued a report among the publications of the Common Body of Knowledge (CBOK) entitled “Delivering on the Promise – Measuring Internal Audit Value and Performance”. The report addresses the concept of value adding which started by identifying internal audit value proposition in 2010, which consists of three key elements as follows:

Assurance: Providing assurance on the organization’s governance, risk management, and control processes.

Objectivity: The Internal Audit is committed to the integrity and accountability through which a value shall be provided to the senior management in an objective and independent manner for guidance and advice.

Insight: Internal audit is a catalyst for improving an organization’s effectiveness and efficiency by providing insight and recommendations based on analyses and assessments of data and business process.




The Internal Audit Value Proposition graphic approved by the IIA.

The Value-Adding Activities

The outcomes of “Delivering on the Promise” Report identify the activities that add value to the organization according to CAEs, based on the outcomes of a questionnaire conducted in 2015. The CAEs identified (9) out of (14) activities included in the questionnaire as they are adding value to the organization. These activities are:


IA value 2

Outcomes Indicating a shift in the Internal Audit Profession

It is worth mentioning that the outcomes of the questionnaire set out in the “Delivering on the Promise” Report indicate that the “Recommending business improvement” activity ranked second in terms of value adding after the “Assuring the adequacy and effectiveness of the internal control system” activity. This is an indication that the internal audit had exceeded providing assurance in many organizations.

Moreover, one third of the answers were that the activity of “Identifying emerging risks” adds value to the organization; suggesting that the internal audit plays a role in determining the emerging risks, and this is in contrary to what is known in terms of non-audit responsibility for identifying internal risks as they are the responsibility of the management. However, the activity of “Informing and advising the audit committee” came in last among the value-adding activities.



Steps Helping in Recognizing the Value that may be Added

The summary of the “Delivering on the Promise” Report addresses the realization that the added value, form the prospective of the stakeholders, is different from that realization from the prospective of internal audit. There must be a consensus between the two parties and determination of the method of measurement in order to measure the internal audit efficiency in the organization. In addition, there are some steps that must be followed when determining the value that the internal audit can add, as well as the need to align the same with the performance. The steps to be followed are as follows:

  1. Learning the stakeholders’ expectations through holding meetings and interviews with them to know what the added value means to them.
  2. Surveying and identifying stakeholders’ expectations and presenting the same for such stakeholders for confirmation and approval.
  3. Developing performance indicators in line with expectations to achieve them. For example, setting performance index for each item of the agreed upon added value.
  4. Conducing periodic monitoring of the achievement of performance indicators and identifying the causes of any obstacles to the achievement of indicators.
  5. Reporting to the stakeholders on the extent of fulfilling the performance indicators.
  6. Repeating the previous steps periodically and at least annually.

Planning for Value Adding

The value adding is not limited to providing of assurance only as pointed out in “Delivering on the Promise” Report. Rather, it seems that the internal audit is in need of developing a new method for the preparation of the internal audit plan. Such method must be better than the current one which depends on risk based audit plan in order to focus on the activities that bring most value to the organization. Moreover, it is difficult to participate in identifying emerging risks and recommending business improvement through traditional audit. This must be taken into consideration when rethinking the method of developing the internal audit plan. Having an insightful vision by the auditor is also required for the sustainability and continuity of the business of the organization he/she is working for.



Finally, the concept of value adding is still not clear enough to facilitate the realization of the role of internal audit for the stakeholders, and to put an end to the growing responsibilities that fall on the shoulders of internal audit, which is expected to do lot of things that go beyond providing assurance on grounds that they are part of the value adding that must be provided.




Delivering on the Promise: Measuring Internal Audit Value and Performance