Internal Audit Quality E-Book

CONTENTS

Cover

Title Page

Copyright

Dedication

Preface

Acknowledgments

Part I: Internal Audit and Quality

Chapter 1: The Various Faces of Internal Audit

History

The Institute of Internal Auditors

Types of Internal Audit Functions

Internal Auditing in Different Sectors and Organizations

Internal Audit Standards

Conclusion

References

Chapter 2: Quality, Performance, and Value

Understanding Quality, Performance, and Value

Quality Management Systems: Deming, Juran, and TQM

Models for Measuring Performance

Conclusion

References

Part II: Developing the Quality Assurance and Improvement Program

Chapter 3: Developing a Quality Framework

The Link between Quality, Performance, and Value

Drivers of Quality

A Structured Approach to Quality

Developing Performance Measures for Internal Audit

Responsibility for Internal Audit Quality

Creating a Quality Assurance and Improvement Program

Reporting on Quality

Questions about the Quality Framework

Conclusion

References

Chapter 4: Internally Assessing Quality

Ongoing Internal Monitoring and Maturity Models

Processes for Embedding Quality

Periodic Internal Assessments: Health Checks

Client Satisfaction

Benchmarking the Internal Audit Function

Questions about Internal Assessments

Conclusion

References

Chapter 5: Externally Assessing Quality

What Is an External Assessment?

Why Have an External Assessment?

Types of Assessments

Questions about External Assessments

Conclusion

References

Part III: Internal Audit Governance Structures

Chapter 6: Internal Audit Strategy and Planning

Strategic Planning as a Key Input of the Internal Audit Function

Vision

Internal Audit's Value Proposition

Planning to Deliver Value

Assessing Risks Associated with the Internal Audit Function

Resource Planning

Business Continuity Planning

Questions about the Internal Audit Function's Strategy and Planning Processes

Conclusion

References

Chapter 7: Areas of Responsibility and Nature of Work

Types of Engagements

Assurance

Consulting

Nature of Work

Audit Support Activities

Questions about the Internal Audit Function's Areas of Responsibility and Nature of Work

Conclusion

References

Chapter 8: Internal Audit Charter

Internal Audit Mandate and Purpose

Strategic Context

Structure and Position

Independence

Authority

Internal Audit Charter

Questions about the Quality of the Internal Audit Charter

Conclusion

References

Part IV: Internal Audit Staffing

Chapter 9: Internal Audit Staffing

Overview of the Staffing Element

Capability Planning for the Internal Audit Workforce

Flexible Work Practices

Recruitment and Retention

Service Delivery Models

Role of the Chief Audit Executive

Questions about the Quality of Internal Audit Staffing Practices

Conclusion

References

Chapter 10: Managing and Measuring Staff Performance

Professional Attributes

Performance Management Processes

Team Development

Individual Professional Development

Professional Membership and Involvement

Questions about the Quality of Internal Audit Staff Development Processes

Conclusion

References

Part V: Internal Audit Professional Practices

Chapter 11: Internal Audit Professional Practice

Elements of Internal Audit Professional Practice

Stages in the Internal Audit Process

Internal Audit Policies and Procedures

Questions about Internal Audit Policies and Procedures

Conclusion

References

Chapter 12: Annual Audit Planning

Value-Added Planning

Applying an Objectives-Based Approach to Audit Planning

Understanding the Organization's Business

Applying a Risk-Based Approach to Audit Planning

Auditable Areas and the Audit Universe

Assurance Mapping

Resource Allocation

Annual Audit Plan Formats

Communication and Approval

Questions about Annual Audit Planning

Conclusion

References

Chapter 13: Planning the Engagement

Purpose of Engagement Planning

Client Engagement

Objectives, Criteria, and Scope

Environmental Scanning

Aligning Engagements to Key Risks

Methodology

Resourcing and Milestones

Assessing Risks to the Audit Engagement

Approval of the Engagement Plan

Questions about Planning the Engagement

Conclusion

References

Chapter 14: Performing the Engagement

Audit Evidence

Interviews

Analyzing Information Collected

Engagement Findings

Efficient Fieldwork

Management and Supervision

Working Papers

Questions about Performing the Engagement

Conclusion

References

Chapter 15: Communication and Influence

Understanding Stakeholder Needs

Communication versus Influence

Engagement Communications

Follow-Up

Communicating the Acceptance of Risk

Questions about Communication and Influence

Conclusion

References

Chapter 16: Knowledge Management and Marketing

Knowledge Management

Marketing

Questions about Knowledge Management and Marketing

Conclusion

References

Chapter 17: Quality and the Small Audit Shop

What Is a Small Audit Shop?

Delivering Value in a Small Audit Shop

Quality Challenges for Small Audit Shops Related to Governance Structures

Quality Challenges for Small Audit Shops Related to Staffing

Quality Challenges for Small Audit Shops Related to Professional Practices

Conclusion

References

Appendix A: International Standards for the Professional Practice of Internal Auditing

Appendix B: List of Quality Questions

Appendix C: List of Key Performance Indicators

Glossary

About the Author

Index

End User License Agreement

List of Tables

Table 1.1

Table 3.1

Table 4.1

Table 5.1

Table 6.1

Table 6.2

Table 6.3

Table 6.4

Table 7.1

Table 7.2

Table 8.1

Table 9.1

Table 9.2

Table 9.3

Table 10.1

Table 11.1

Table 12.1

Table 12.2

Table 12.3

Table 12.4

Table 13.1

Table 13.2

Table 14.1

Table 15.1

Table 16.1

Table 16.2

List of Illustrations

Figure 2.1

Figure 2.2

Figure 2.3

Figure 2.4

Figure 2.5

Figure 3.1

Figure 3.2

Figure 3.3

Figure 3.4

Figure 3.5

Figure 3.6

Figure 3.7

Figure 3.8

Figure 3.9

Figure 3.10

Figure 4.1

Figure 4.2

Figure 4.3

Figure 4.4

Figure 5.1

Figure 5.2

Figure 6.1

Figure 6.2

Figure 7.1

Figure 7.2

Figure 8.1

Figure 8.2

Figure 9.1

Figure 9.2

Figure 9.3

Figure 9.4

Figure 10.1

Figure 11.1

Figure 11.2

Figure 11.3

Figure 11.4

Figure 12.1

Figure 12.2

Figure 12.3

Figure 12.4

Figure 14.1

Figure 15.1

Guide

Cover

Table of Contents

Begin Reading

Part 1

Chapter 1

Pages

iii

iv

v

xiii

xiv

xv

xvi

xvii

xviii

xix

xx

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

369

370

371

372

373

374

375

376

Internal Audit Quality

Developing a Quality Assurance and Improvement Program

Cover image: top: © istock.com / enjoynz; bottom: © istock.com / Studio-Pro Cover design: Wiley

Copyright © 2014 by John Wiley & Sons, Inc. All rights reserved.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey.

Published simultaneously in Canada.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600, or on the Web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.

Library of Congress Cataloging-in-Publication Data:

Pitt, Sally-Anne.

Internal audit quality : developing a quality assurance and improvement program / Sally-Anne Pitt.

pages cm

Includes index.

ISBN 978-1-118-71551-2 (hardback); ISBN 978-1-118-71550-5 (ePDF); ISBN 978-1-118-71549-9 (ePub); ISBN 978-1-118-77721-3 (oBook)

1. Auditing, Internal. 2. Quality control. I. Title.

HF5668.25.P58 2014

657′.458—dc23

2014018631

Dedication

This book is dedicated to my amazing family—Michael, Steph, and Ethan—because without them, why bother?

Preface

This book will assist chief audit executives and internal auditors to develop a quality assurance and improvement program and embed processes that enhance the quality of their internal audit function. The book looks at what constitutes quality, and how a greater understanding of quality drivers can lead to more valuable internal audit practices.

Most internal auditors understand quality and performance. Good internal audit practice benchmarks organizational areas and activities against commonly accepted criteria. This book provides similar criteria for internal audit functions to benchmark themselves against.

Chapter Elements

Each chapter includes a number of elements:

Figures

illustrate specific models or practices and support the narrative associated with these examples.

Extracts

from the Institute of Internal Auditors'

International Standards for the Professional Practice of Internal Auditing

are included where relevant to a specific element of internal auditing.

CAE Quotes

provide practical advice, tips, and warnings from senior and experienced internal audit professionals from 11 different countries.

Examples

of better practices allow internal auditors to benchmark themselves against other internal audit functions.

Common Quality Issues

allow internal auditors to learn from the errors of others and to ensure they are not repeating these same mistakes.

QAIP Hints

provide examples of key process areas that could be used in a maturity model, and key performance indicators that could be used in a balanced scorecard or other performance measurement tool. These will assist chief audit executives and internal auditors to build a quality assurance and improvement program and embed quality in daily activities.

Quality Questions

provide hints for chief audit executives and internal auditors undertaking internal assessments or quality reviewers undertaking external quality assessments.

Chapter 1: The Various Faces of Internal Audit

Chapter 1 focuses on the history of internal audit and the development of the profession. It places modern internal auditing into its historical context and considers how internal audit has evolved to cater to the specific assurance requirements between jurisdictions, sectors, and organizations.

This chapter highlights the centrality of the Institute of Internal Auditors (IIA) to the professionalization of internal auditing. It discusses the importance of professional standards to ensuring the integrity of internal audit and overviews the development of the International Standards for the Professional Practice of Internal Auditing.

Chapter 2: Quality, Performance, and Value

Chapter 2 discusses the interrelationship between quality, performance, and value. It provides an oversight of the emergence of quality models and quality management systems since the 1950s.

This chapter also examines processes for measuring performance, focusing particularly on logic models, maturity models, and balanced scorecards.

Chapter 3: Developing a Quality Framework

Chapter 3 argues the need for chief audit executives to embed a structured approach to internal audit quality. Typically this is in the form of a quality assurance and improvement program, incorporating both internal and external assessments.

Chief audit executives should have a good understanding of the inputs required to deliver a quality audit outcome. This allows the internal audit function to focus on the key drivers of quality and develop performance processes and metrics that target critical areas. The chapter discusses logic models, which can assist chief audit executives in identifying the key drivers of quality. It looks at the way in which performance measures can also be used to embed quality and provides guidance for developing appropriate measures that could be incorporated into a balanced scorecard or other performance framework.

The chapter overviews responsibilities for internal audit quality and acknowledges that primary responsibility resides with the chief audit executive.

Chapter 4: Internally Assessing Quality

Chapter 4 discusses processes for internally assessing audit quality. These assessments are critical to delivering, and continuously improving, value to the organization. The chapter provides guidance to chief audit executives and internal auditors undertaking ongoing or periodic assessments. It presents ways of linking internal assessments to maturity and logic models, which can then form a key part of quality assurance and improvement programs.

The chapter provides guidance on the key elements of periodic internal assessments, sometimes referred to as health checks. It also looks at processes for measuring and responding to levels of client satisfaction, and the use of benchmarking to determine how the internal audit function compares to those in other organizations.

Chapter 5: Externally Assessing Quality

Chapter 5 discusses processes for externally assessing audit quality. These assessments provide assurance that the internal audit function is delivering value to the organization and operating in a professional manner.

The chapter recognizes external assessments as a key element of the quality assurance and improvement program and introduces the three common types of assessments: full external assessments, self-assessments with independent validation, and peer reviews. It presents arguments for undertaking external assessments and the value to be gained from these.

The chapter also provides specific advice on selecting a quality reviewer and considerations when choosing the self-assessment approach.

Chapter 6: Internal Audit Strategy and Planning

Chapter 6 argues the importance of developing an audit strategy that addresses the needs and expectations of internal stakeholders. It identifies the key inputs to the strategy as the internal audit vision and value proposition, risk management and resource planning, articulation of key responsibilities and types of work to be undertaken, and the internal audit charter.

The chapter provides advice to chief audit executives and internal auditors about understanding the needs and expectations of different stakeholders, and linking these to internal audit's value proposition. This understanding is important to ensuring the quality assurance and improvement program is targeted toward areas that are most critical to achieving the value proposition.

The chapter includes specific guidance for ensuring internal audit's value to the audit committee and undertaking adequate planning to maximize the potential for internal audit's success.

Chapter 7: Areas of Responsibility and Nature of Work

Chapter 7 discusses the different areas within an organization for which internal audit is responsible for providing assurance and the types of engagements that may be undertaken by internal audit. It looks at the differences between assurance and consulting activities and provides advice to internal auditors on balancing the benefits to be obtained from each.

The chapter looks at engagements that may add significant value to an organization and provides suggestions for increasing the value and quality of individual engagements. It provides a number of specific examples for different types of engagements, including governance audits, performance/operational audits, and risk management audits.

Chapter 8: Internal Audit Charter

Chapter 8 discusses the need for a charter to define the mandate and purpose of internal audit functions. It provides advice regarding the key elements that should be included in a charter and suggestions for ensuring that the internal audit function has appropriate authority to undertake work that will deliver value.

Chapter 9: Internal Audit Staffing

Chapter 9 highlights the importance of staffing to internal audit quality. It provides guidance for chief audit executives considering different staffing models for their internal audit function and looks at the benefits associated with in-house teams, outsourcing, and co-sourcing.

The chapter includes specific advice to chief audit executives outsourcing internal audit engagements; outlining a potential process for undertaking procurement activities and identifying the risks that should be considered in each stage of the process.

The quality of an internal audit function is directly affected by the staffing resources available to it. The chapter discusses the competencies and capabilities needed to build effective audit teams and assists chief audit executives looking to undertake capability planning. It recommends ways to design jobs that support quality outcomes including the use of flexible work practices.

The chapter also includes strategies for recruiting, inducting, and retaining the right staff to optimize the mix of skills, experience, and personalities within an internal audit function.

Chapter 10: Managing and Measuring Staff Performance

Chapter 10 provides advice to chief audit executives and internal auditors about managing and measuring staff performance to maximize internal audit quality. It discusses performance management, provides examples of processes that can be used with internal auditors, and includes a framework for managing underperformance.

The chapter provides guidance for chief audit executives to implement effective team development processes, and discusses the value of mentoring and team meetings. It also argues the importance of individual professional development, and the need for internal auditors to cultivate both technical and interpersonal skills.

Chapter 11: Internal Audit Professional Practice

Chapter 11 provides guidance for chief audit executives and internal auditors on embedding quality into professional practices. Doing so maximizes the potential for the internal audit function to deliver a quality product and add value to an organization. It looks at ways to build a quality practice from scratch, or to reinvent an existing internal audit team.

The chapter discusses the role of policies and procedures in guiding internal auditors to operate consistently and professionally. It recommends the types of policies and procedures that may be required for an effective internal audit function and provides an outline of a typical internal audit manual.

Chapter 12: Annual Audit Planning

Chapter 12 discusses the need for chief audit executives to undertake audit planning to ensure that the internal audit function maximizes its value to the organization. It provides advice for planning in a way that addresses organizational objectives and the risks that relate to these objectives, and includes different models for identifying and rating these risks.

The chapter provides guidance for developing an audit universe as a precursor to the annual plan. It also discusses the value of assurance mapping during annual audit planning and recognizes that the budget allocated to internal audit will significantly influence its ability to undertake comprehensive, quality work. The chapter includes models for an audit universe, assurance map, internal audit budget, and annual plan.

Chapter 13: Planning the Engagement

Chapter 13 emphasizes the importance of an engagement plan to a quality audit outcome. The chapter provides guidance to internal auditors on the key elements of an engagement plan and includes specific recommendations and examples for increasing the quality of each of these elements.

The chapter incorporates an extended discussion of analytical procedures and data analysis, recognizing that some internal auditors may be less familiar with these approaches, which when incorporated into an engagement plan, have the potential to significantly enhance the quality of audit evidence.

The chapter identifies the risks related to performing engagements and recommends these be considered during the planning phase.

Chapter 14: Performing the Engagement

Chapter 14 discusses the fieldwork, or conduct, stage of an internal audit engagement and associated processes the chief audit executive can implement to ensure audit quality.

During fieldwork, internal auditors should collect sufficient and appropriate evidence to support the engagement findings. The chapter describes the nature of relevant and reliable evidence and includes examples of appropriate evidence.

The chapter incorporates an extended discussion around interviewing techniques, recognizing that interpersonal skills are critical to an effective audit engagement. It argues the need for internal auditors to understand the true significance of audit findings to determine the causal factors in adverse events, and includes a model for identifying root causes. It also discusses what constitutes a quality engagement finding and ways for sharing these findings with engagement clients.

Chapter 15: Communication and Influence

Chapter 15 identifies effective communication as a critical element of modern internal auditing. It recognizes the importance of written, verbal, and nonverbal communication and discusses their respective roles in influencing positive outcomes within an organization.

The chapter examines ways for chief audit executives and internal auditors to identify their key stakeholders and to understand stakeholder needs. It recognizes that the nature of internal auditing means that conflict is always a possibility, and includes specific tools to manage conflict.

The chapter includes a structure for an engagement report, highlighting the key elements that should be included in each section, as well as a range of better practices. It discusses the value of report ratings and includes a number of different models for these.

Internal auditors regularly use influence to achieve their goals, meet the requirements of their engagements, and implement their plans and strategies. Effective chief audit executives can influence the audit committee, senior management, audit clients, other assurance providers, and internal audit staff. The chapter provides tools and techniques for using influence.

Chapter 16: Knowledge Management and Marketing

Chapter 16 advises chief audit executives and internal auditors about how to leverage knowledge management and marketing processes to enhance internal audit quality. It provides a range of knowledge management tools that could be incorporated into internal audit policies and procedures, as well as examples of marketing activities.

Chapter 17: Quality and the Small Audit Shop

Chapter 17 identifies the specific quality challenges associated with small audit shops and recommends a range of options for addressing these challenges.

Appendix A: International Standards for the Professional Practice of Internal Auditing

Appendix A includes an extract of the International Standards for the Professional Practice of Internal Auditing produced by the Institute of Internal Auditors.

Appendix B: List of Quality Questions

Appendix B summarizes the quality questions that are included at the end of many of the chapters. These questions can be used by chief audit executives and internal auditors to develop a quality assurance and improvement program as they highlight areas within an internal audit function that influence, or are impacted by, internal audit quality. They also provide a useful reference for reviewers undertaking external quality assessments of internal audit activities.

Appendix C: List of Key Performance Indicators

Appendix C summarizes the key performance indicators that are included in the chapters. This summary allows chief audit executives and internal auditors to select those most relevant to their own circumstances.

Glossary

The Glossary defines a number of commonly used internal audit and quality terms.

Acknowledgments

Very special thanks to my Pitt Group colleagues, and in particular Michael Pitt, John Campbell, and Brooke Pitt. Without them, I would not have had the time or inspiration to complete this book.

Thanks also to Chris McRostie for first indulging me in my quality endeavors, and to the people of quality—Judy, Max, Tak, and Archie.

The following people generously shared their time and expertise in either interviews or through the sharing of better practices for this book. Their commitment to internal auditing is reflective of the many thousands of internal auditors working tirelessly to improve organizations: Carmen Abela, Brad Ames, Gibby Armstrong, Dr. Sarah Blackburn, Jørgen Bock, Goh Boon Hwa, Jackie Cain, Karen Chia, Angie Chin, Dr. Len Gainsford, Allan Gaukroger, Judy Grobler, Max Häge, Allison Hill, Greg Hollyman, Ana Figueiredo, Rune Johannessen, Vanessa Johnson, J. Graham Joscelyne, Mike Lynn, Cesar L. Martinez, Bob McDonald, Bill Middleton, Takuya Morita, Constance Ng-Yip Chew Ngoh, Chin Ooi, Tan Peck Leng, Takeshi Shimizu, Trygve Sørlie, Teis Stokka, Shannon Sumner, Eileen Tay, Goh Thong, Archie R. Thomas, Matt Tolley, and Bruce Turner.

Part IInternal Audit and Quality

Chapter 1The Various Faces of Internal Audit

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

—Institute of Internal Auditors, Definition of Internal Auditing (2013)

Internal auditing is an internationally recognized profession guided by a common commitment to enhancing governance, risk management, and control processes. Although the nature of internal auditing may vary between countries, jurisdictions, and organizations, central to its purpose is a desire to support management to improve operational, and ultimately organizational, outcomes.

There is no single correct approach to internal auditing. Internal auditing should look and feel different for each organization. The best internal audit functions will reflect the priorities and values of each organization. Senior managers and audit committees across organizations will each have their own expectations of the internal audit function. The challenge for chief audit executives is to understand and, wherever possible, reflect these expectations in their operations.

History

Internal auditing can be traced back to the Persian Empire. Murray (1976) attributes the start of internal auditing to Darius the Great, “who ruled his people from 521 to 425 B.C.” Darius exercised his rule at different times of the year from four scattered capitals in different parts of the country—Persepolis, Ecbatana, Susa, and Ctesiphon. His empire was divided into 20 provinces, each administered by a satrap who paid taxes to the empire according to the wealth of the province. In order that the honesty of the rule of the satrap could be established, Darius sent representatives out to all parts of his empire. They became known as “the eyes and ears of the king”—possibly the first internal auditors.

Despite the early beginnings of internal auditing, the profession did not experience considerable growth until the nineteenth century, when the Industrial Revolution resulted in the large-scale systemization of processes, and an enhanced focus on quality and consistency of outputs. Its growth continued into the twentieth century with the development of management theory and practice and the emergence of the “manager” as a distinct role in corporate operations.

The Institute of Internal Auditors

The first major book on internal auditing was authored by Victor Brink in 1941. Around the same time, a small group of professionals were looking to establish a professional association for internal auditors.

The Institute of Internal Auditors (IIA) was established in the United States in 1941 with 24 members. The IIA developed a Statement of Responsibilities of Internal Auditing in 1947. According to Flesher (1996), the statement intended “that internal auditing dealt primarily with accounting and financial matters, but may also properly deal with matters of an operating nature. In other words, the emphasis was on accounting and financial matters, but other activities were also fair game for the internal auditor.”

The role of the internal auditor was to evolve quickly, however, and as early as 1948, Byrne recognized the potential for internal audit to add value to organizations. He stated, “Management has broadened the internal auditor's horizons and it is the auditor's responsibility to take advantage of the opportunities presented in order to realize the true value to be obtained from a dynamic internal audit program” (Byrne 1948).

Flesher (1996) found the emphasis on accounting and finance matters in the IIA's 1947 statement had significantly changed by the release of a revised statement in 1957, which allowed the internal auditor to provide services to management, including:

Reviewing and appraising the soundness, adequacy, and application of accounting, financial, and operating controls.

Ascertaining the extent of compliance with established policies, plans, and procedures.

Ascertaining the extent to which company assets are accounted for, and safeguarded from, losses of all kinds.

Ascertaining the reliability of accounting and other data developed within the organization.

Appraising the quality of performance in carrying out assigned responsibilities.

In 1978, the IIA released the Standards for the Professional Practice of Internal Auditing. The IIA established its first international chapters in 1948, and by 2012, membership had grown to over 180,000 across 190 countries.

According to its website, the mission of the IIA is to provide dynamic leadership for the global profession of internal auditing. The IIA has identified activities that support this mission:

Advocating and promoting the value that internal audit professionals add to their organizations.

Providing comprehensive professional educational and development opportunities, standards and other professional practice guidance, and certification programs.

Researching, disseminating, and promoting knowledge concerning internal auditing and its appropriate role in control, risk management, and governance to practitioners and stakeholders.

Educating practitioners and other relevant audiences on best practices in internal auditing.

Bringing together internal auditors from all countries to share information and experiences.

The IIA is governed by a board of directors elected at an annual meeting of the membership. Under the board of directors sit a number of committees comprised primarily of volunteer members. Operationally, the IIA is supported through an office in the United States, which has a dual role of providing services directly to North American chapter members, as well as supporting a network of global institutes. Internationally, individual country institutes are often supported by their own office.

Types of Internal Audit Functions

Internationally, internal auditing is recognized as a profession with a number of common elements—most importantly, a set of recognized professional standards. However, the nature of internal auditing varies considerably between organizations.

Although most internal audit functions share a number of features, the nature of internal auditing will differ between public-sector organizations focused on the efficient and effective expenditure of public money and corporate entities focused on delivering profit to shareholders.

Internal auditing may also vary between countries and even states and regions within countries. Differences can be created or exacerbated by legislation, governance structures, cultures, language, and education systems.

Internal auditing takes on a different style and approach, depending on the nature of the audit work undertaken. In less-mature organizations, where there may be limited ability to rely on management to operate in accordance with agreed processes, the internal audit function may be focused on providing financial and control assurance. However, as organizations mature, and greater reliance can be placed on management, the internal audit function might operate more as a source of strategic advice and less as a compliance enforcer. These different types of roles and areas of responsibility are discussed further in Chapter 7.

Internal Auditing in Different Sectors and Organizations

Although internal auditing is an international profession, different countries, and jurisdictions within countries, have their own regulatory environments and cultures that affect the nature and operation of internal audit.

Likewise, the composition of the public sector, also referred to as public service or civil service, varies between, and even within, countries. Understandably then, the models for public-sector governance also vary. This has a direct impact on internal audit, and the configuration, roles, and responsibilities of internal audit functions. Some jurisdictions include mandatory requirements for internal audit and audit committees, while others operate on a voluntary basis.

Examples 1.1 to 1.6 illustrate differing jurisdictional approaches to internal audit.

Example 1.1 The Impact of the Sarbanes–Oxley Act on Internal Auditing in the United States

The Sarbanes–Oxley Act (SOX) (2002) has had a major influence on the role and nature of internal auditing in listed companies in the United States.

Section 404 of the act requires management's development and monitoring of procedures and controls for making its required assertion about the adequacy of internal controls over financial reporting, as well as confirmation by an external auditor. Section 302 requires management's quarterly certification of not only financial reporting controls but also disclosure controls and procedures.

Internal audit's roles in SOX-compliant organizations can range from advice regarding initial project design to project oversight, ongoing monitoring, and documentation and testing of key controls.

Example 1.2 Internal Auditing and the Japanese Kansayaku

Japanese corporate law prescribes the role of the kansayaku, or statutory auditor, for listed companies (kabushiku gaisha). Statutory auditors are appointed by the chief executive officer and board and endorsed by shareholders. Their role is to audit the directors' execution of their overall duties, including those related to accounting.

Some Japanese corporations will have both kansayaku and internal audit functions, although these are in the minority. However, in these cases, it is the responsibility of the kansayaku, rather than the internal auditors, to assess the performance of the board and chief executive officer.

Example 1.3 Internal Auditing in Portuguese-Listed Companies

Portugal operates similarly to the United States–based SOX regime. Its requirements for listed companies include the development of an internal control and risk management framework and an annual assessment of its effectiveness. In addition, companies are required to establish an audit committee or supervisory body and an internal audit function. However, unlike the United States, there are no criminal penalties for breaches of these requirements.

Similar to a number of other jurisdictions, regulations are stricter for the financial services industry. In this case, there is a requirement for separated internal audit and risk management activities.

Example 1.4 Public Sector Internal Auditing in the United Kingdom of Great Britain and Northern Ireland

The United Kingdom operates primarily (although not exclusively) as a three-tier government model, with a central government and often two tiers of local government. Some aspects of government are assigned to the Scottish and Welsh governments and Northern Ireland executives.

The UK government comprises ministerial and nonministerial departments and a large number of agencies and other public bodies. Departments are directed through Treasury guidance to establish an audit and risk assurance committee and an internal audit function operating to UK Public Sector Internal Audit Standards. The requirements for audit committees within agencies and other public bodies vary.

Local authorities—county, district, and borough councils—constitute the second and third tiers of government. There is no requirement in England for local authorities to have an audit committee, although guidance from the Chartered Institute of Public Finance and Accountancy (CIPFA) strongly recommends audit committees. Other parts of the United Kingdom have differing expectations regarding audit committees.

The Public Sector Internal Audit Standards came into effect in the United Kingdom on April 1, 2013, covering the whole of the public sector. The standards are based on the Institute of Internal Auditors' International Standards, Definition of Internal Auditing, and Code of Ethics.

Example 1.5 Internal Auditing in the Australian Government

There are three tiers of government within Australia: the federal/Commonwealth/Australian government, state/territory government (for each of the six states and two territories), and local government (for multiple municipalities or councils within each state or territory).

Commonwealth departments at the federal level operate under the Financial Management and Accountability Act (1997) and associated regulations, which require the following:

Chief executives must establish and maintain an audit committee.

Audit committees must have, wherever practicable, at least one external member.

Audit committees must advise the chief executive about the internal audit plans of the entity.

Audit committees must advise the chief executive about the standards used by internal audit.

State and local governments have different requirements for internal audits, depending on state legislation.

Example 1.6 Internal Auditing in the Canadian Government

Similar to other Commonwealth countries such as Australia and the United Kingdom, Canada operates three tiers of government at the federal, provincial, and regional levels.

The Federal Accountability Act (2006) designated deputy ministers (chief executives) as accounting officers, accountable before the appropriate committee of Parliament, and required agencies to establish appropriate internal audit capacity and audit committees.

In addition to the Federal Accountability Act, the Treasury Board of Canada has developed a Policy on Internal Audit and Internal Auditing Standards for the Government of Canada based on the IIA's Standards.

The Policy on Internal Audit requires departments and agencies to:

Establish an internal audit function that is appropriately resourced and that operates in accordance with the policy and professional internal auditing standards.

Establish an independent departmental audit committee that includes a majority of external members who are not currently in the federal public service.

Approve a departmental internal audit plan that addresses all areas of higher risk and significance and that is designed to support an annual opinion from the chief audit executive on departmental risk management, control, and governance processes.

Ensure that management action plans are prepared that adequately address the recommendations and findings arising from internal audits, and that the action plans have been effectively implemented.

Ensure that completed audit reports are issued in a timely manner and made accessible to the public with minimal formality.

Internal Audit Standards

The International Standards for the Professional Practice of Internal Auditing (Standards) produced by the IIA are the only set of internationally recognized standards for internal audit. Although a number of countries have developed their own internal audit standards, these are based in large part on the IIA's Standards.

International Professional Practices Framework

The International Professional Practices Framework (IPPF) is the IIA's authoritative guidance to the professional practice of internal auditing. It incorporates both mandatory and strongly recommended guidance.

The mandatory guidance consists of the definition of internal auditing, the Standards, and the Code of Ethics. The strongly recommended guidance comprises position papers, practice advisories, and practice guides.

International Standards for the Professional Practice of Internal Auditing

According to the IPPF (2013), the Standards are principle-focused and provide a framework for performing and promoting internal auditing. The Standards are mandatory requirements consisting of the following:

Statements of basic requirements for the professional practice of internal auditing and for evaluating the effectiveness of performance. The requirements are internationally applicable at the organizational and individual levels.

Interpretations, which clarify terms or concepts within the statements.

The Standards are divided between Attribute and Performance standards. The Attribute Standards encompass the attributes of organizations and individuals undertaking internal auditing, whereas the Performance Standards describe the nature of internal auditing and quality criteria against which performance can be measured. Table 1.1 identifies the different series within the Standards.

Table 1.1 IIA Standards

Standard Series

Standard Number

Attribute Standards

Purpose, Authority, and Responsibility

1000

Independence and Objectivity

1100

Proficiency and Due Professional Care

1200

Quality Assurance and Improvement Program

1300

Performance Standards

Managing the Internal Audit Activity

2000

Nature of Work

2100

Engagement Planning

2200

Performing the Engagement

2300

Communicating Results

2400

Monitoring Progress

2500

Communicating the Acceptance of Risks

2600

Source:

IIA (2013).

Further detail regarding the Standards is provided in Appendix A.

Code of Ethics

The IIA (2013) identifies the purpose of its Code of Ethics as being to promote an ethical culture in the profession of internal auditing. The Code of Ethics incorporates the principles that internal auditors are expected to apply and uphold and the rules of conduct for internal auditing.

The principles and rules of conduct are subdivided into four categories: integrity, objectivity, confidentiality, and competency.

Integrity

Internal auditors:

Shall perform their work with honesty, diligence, and responsibility.

Shall observe the law and make disclosures expected by the law and the profession.

Shall not knowingly be a party to any illegal activity or engage in acts that are discreditable to the profession of internal auditing or to the organization.

Shall respect and contribute to the legitimate and ethical objectives of the organization.

Objectivity

Internal auditors:

Shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those activities or relationships that may be in conflict with the interests of the organization.

Shall not accept anything that may impair or be presumed to impair their professional judgment.

Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review.

Confidentiality

Internal auditors:

Shall be prudent in the use and protection of information acquired in the course of their duties.

Shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization.

Competency

Internal auditors:

Shall engage only in those services for which they have the necessary knowledge, skills, and experience.

Shall perform internal audit services in accordance with the

International Standards for the Professional Practice of Internal Auditing.

Shall continuously improve their proficiency and the effectiveness and quality of their services.

The Need for Standards

Standards establish a professional framework for undertaking internal audit engagements. They provide assurance that internal auditors operate in a responsible, ethical manner using commonly accepted practices. Applying standards assures management, as well as other key stakeholders like the audit committee, that the internal audit function is operating in a professional manner.

Using standards automatically builds excellence into internal audit engagements and results in quality practices being embedded within daily activities. Perhaps even more important, conforming with recognized standards sets an example for the organization that internal audit is operating in accordance with professional norms and sets a benchmark for the rest of the organization.

Some internal auditors are mandated to use standards. Usually, this is due to (1) professional membership requirements, (2) legal or regulatory requirements, or (3) procurement and contractual requirements. As an IIA member, individuals are required to conform with those standards identified as being applicable to individuals. However, chief audit executives who are members of the IIA are obligated to conform with all of the IIA Standards.

Why Use the IIA's Standards?

The IIA's Standards are the only set of internationally recognized standards specific to internal auditing. The IIA Standards are principles based and designed to guide the way internal auditors operate. Being principles based, the Standards are neither prescriptive nor inappropriately restrictive. They do not prevent internal auditors from being creative or innovative but provide criteria for internal auditors to operate against. They establish a framework that allows internal auditors to benchmark themselves against other professionals and can guide internal auditors in the way they perform their work.

Conclusion

The establishment of the Institute of Internal Auditors has been a major contributor to the professionalization of internal auditing. Through the application of a set of internationally recognized standards, internal auditors can demonstrate their professionalism and provide assurance to management and the audit committee that they are operating in an ethical, transparent, and impartial manner.

References

Byrne, J. T. S. (1948, August). Current trends in internal audit programs.

New York Certified Public Accountant,

597.

Canadian

Federal Accountability Act

. (2006).

http://laws-lois.justice.gc.ca/eng/acts/F-5.5/page-1.html

.

Commonwealth of Australia. (2007).

Financial Management and Accountability Act

.

Flesher, D. L. (1996). Internal Auditing Standards and Practices: A One-Semester Course. Altamonte Springs, FL: The Institute of Internal Auditors.

HM Treasury. (2013).

Public Sector Internal Audit Standards: Applying the IIA International Standards to the UK Public Sector.

http://www.gov.uk/government/uploads/system/uploads/attachment_data/file/213372/Public-Sector-Internal-Audit-Standards-December-2012-plus-DH-Info.pdf

.

The Institute of Internal Auditors. (2013).

International Professional Practices Framework

. Altamonte Springs, FL: The Institute of Internal Auditors.

The Institute of Internal Auditors. (2004).

Internal Auditing's Role in Section 302 and 404 of the U.S. Sarbanes-Oxley Act of 2002

. Altamonte Springs, FL: The Institute of Internal Auditors.

Murray, A. (1976, January). History of internal audit.

Journal of Accountancy

, 98.

Treasury Board of Canada Secretariat. (2012).

Internal Auditing Standards for the Government of Canada.

Treasury Board of Canada Secretariat. (2012).

Policy on Internal Audit.

http://tbs-sct.gc.ca/pol/doc-eng.aspx?id=16484&section=text

.

United States of America.

Sarbanes–Oxley Act

, 2002. Pub. L. 107–204, 116 Stat. 745, enacted July 30, 2002.

Chapter 2Quality, Performance, and Value

Quality means doing it right when no one is looking.

—Henry Ford

Successful organizations have a clear understanding of what value looks like to their customers and stakeholders. They strive to meet quality expectations by measuring performance, and they look for opportunities to continuously improve processes and products.

The quality management movement of the mid-twentieth century was pivotal in today's understanding of the interdependence of quality, organizational success, and customer satisfaction. What is now considered standard management practice was first described by revolutionary practitioners like J. Edward Deming, Joseph Juran, and Kauru Ishikawa.

Internal auditors are perfectly positioned to embrace quality processes to improve their own internal audit function. They should have a clear understanding of the organization's strategic priorities, providing them with insight into the areas where they could add maximum value to the organization as a whole. Internal auditors should strive to meet stakeholder expectations by embedding performance measurement processes focused on the most efficient and effective use of limited resources.

Understanding Quality, Performance, and Value

Quality, performance, and value are interrelated concepts. Quality processes can enhance performance and increase value, and performance improvements can drive quality. All three elements are important for ensuring operational success.

Quality

Quality is both relative and unique. As a relative concept, the existence of quality can only be determined by comparing two products or assessing a product against an accepted set of standards. However, there is also a level of subjectivity associated with quality—what constitutes quality for one individual might not be shared by another. Perceptions of quality are intrinsically linked to perceptions of value.

Aghapour and colleagues (2011) describe a triangulation relation between organizational success, customer satisfaction, and quality. This is illustrated in Figure 2.1.

Figure 2.1 Quality Triangle

Delivering quality products, or outcomes, can enhance customer satisfaction, and ultimately support organizational success. Internal auditors should consider quality from two perspectives. First, internal auditors should look to enhance the quality of their own products and services. This will increase satisfaction of their own customers—management and the audit committee—and ensure demand for their services. Second, internal auditors should focus on areas that will improve overall quality for the organization. This requires consideration of key organizational strategies and objectives.

Performance

Performance is both the manner in which organizations achieve results (i.e., the way they behave and operate to effect actions) as well as the outputs and outcomes of these actions (i.e., the results they achieve). Performance measurement should consider both the ongoing activities of the organization as well as the ultimate results.

Examining operational performance is a key activity for internal auditors. Likewise, internal auditors should routinely measure their own performance to ensure that they are delivering quality products and services and satisfying their own customers.

Value

Warren Buffett (2014) quoted investment guru Ben Graham when he wrote, “Price is what you pay—value is what you get.” Like quality, value is an abstract and subjective concept. It will vary from individual to individual and organization to organization. However, an understanding of value will be central to every organization's success. It will also be pivotal to internal audit success.

Quality Management Systems: Deming, Juran, and TQM

A number of models have emerged since the 1950s focusing on the management and assurance of quality. Many of these quality management systems and processes concentrate on continuous improvement and the involvement of staff across an organization in delivering quality.

J. Edward Deming

Deming was a pioneer of the quality management movement, focusing on the need for continuous improvement of organizational processes. His theory of quality was premised on the belief that all processes are vulnerable to loss of quality through variation—if the levels of variation are managed, they can be decreased, and the overall quality rises.

His quality philosophy incorporates the following 14 elements (Deming 1986):

Create constancy of purpose toward improved products and services.

Adopt the “new philosophy”—appreciate the new economic age.

Cease dependence on mass inspection.

End “lowest tender” contracts.

Constantly improve systems.

Institute on-the-job training.

Institute leadership.

Drive out fear—encourage effective two-way communication.

Break down barriers between departments.

Eliminate slogans and targets calling for zero defects and implement leadership.

Permit pride of workmanship by workers.

Permit pride of workmanship by management.

Encourage education and self-improvement.

Put everyone in the company to work to accomplish transformation.

The Deming approach was summarized in the continuous improvement (or Deming) cycle (see Figure 2.2).

Figure 2.2 Deming Cycle

Deming stressed that organizations should move away from quality control–focused inspection and rigid managerial control to embrace continuous improvement and participative processes. His work with Japanese organizations following World War II led to the development of the Japanese philosophy known as kaizen.

Kaizen

The Japanese quality approach of kaizen (literally, change for good or improvement) focuses on the improvement of quality, cost, and delivery (QCD) and the philosophy that solutions often exist at the ground level, on the factory floor and among workers.

The kaizen concept stresses the need for a supportive and leadership role for management to encourage people to improve everything they do in their work environment. For it to work effectively, kaizen must be emphasized from the top of the organization, and it must be supported by total employee participation through an attitude of openness and controlled change.

Joseph Juran

Like Deming, Juran worked in Japan from the 1950s to the 1980s. In 1951, his Quality Control Handbook was released; by the fifth edition, it was known as Juran's Quality Handbook. It introduced the quality trilogy incorporating quality planning, quality control, and quality improvement.

Quality planning focused on the identification of customers and their needs. Quality control was the process of meeting quality goals during operations with minimal inspection. Quality improvement was the creation of beneficial change to achieve “unprecedented levels of performance.” There are 10 steps in quality improvement (Edmund and Juran 2008):

Build awareness of the need and opportunity for improvement.

Set goals for improvement.

Organize to reach the goals.

Provide training throughout the organization.

Carry out projects to solve problems.

Report progress.

Give recognition.

Communicate results.

Keep score.

Maintain momentum by making annual improvement part of the regular systems and processes of the company.

Quality Control to Quality Assurance

Unlike Deming, who discouraged excessive quality control–based inspection activities, Juran believed that quality control formed part of the quality trilogy. However, similarly to Deming, he saw that significant improvement in quality would not be achieved through inspections-based practices, but through dramatic quality improvements. To a large extent, these improvements were the forerunner to quality assurance activities.

Quality assurance focuses on determining whether a product or service meets the customer's expectations. Quality assurance generally involves a suite of preventative activities that help achieve a particular outcome (i.e., a quality product or service). In contrast, quality control is generally more limited in focus and determines whether a product or service is of substandard quality.

Quality assurance activities should be structured and systematic. Although quality assurance originated in the manufacturing sector, its principles can be readily applied to other fields, including internal audit. In general, quality assurance activities are preventative rather than retrospective.

Total Quality Management (TQM)

Total quality management (TQM) emerged as a concept in the 1940s and 1950s, spearheaded by both Deming and Juran. TQM is essentially a collection of organizational strategies focused on the improvement of quality. It relies on all members of an organization working together to meet the changing needs and expectations of both internal and external customers by getting it right the first time. It is based on these principles:

Focus on customers and stakeholders.

Engage everyone in the organization in participation and teamwork.

Support a process focus with continuous improvement and learning.

Although approaches to TQM can vary, its implementation principally involves the following steps:

Training

Improving

Measuring achievement

Implementing project management

Creating organizational structures

Stace (1994) refers to TQM as “a process of continually improving one's ability to satisfy customers through a systematic company-wide effort.” TQM gained prominence in the United States and Europe in the 1970s and 1980s, although to some extent it now competes with other quality approaches such as reengineering and Six Sigma.

Quality Circles

Dr. Kauru Ishikawa, famous for the Ishikawa (fishbone cause-and-effect) diagram, was a key driver of the Japanese quality control movement of the 1950s and 1960s, along with Deming and Juran. He created the notion of quality circles, with these goals:

Contribute to the improvement or development of the function or enterprise.

Promote human relations, contentment, and job satisfaction within the workshop.

Maximize the utilization and development of the available human capabilities.

A typical quality circle has between 5 and 10 volunteers from an organizational area, who aim to introduce and implement their own quality improvements. Quality circles are often integrated with TQM and other quality programs and form an important link between staff and management.

Six Sigma

In the 1980s, Motorola developed Six Sigma as a quality and process improvement tool. The name reflects a statistical standard requiring that errors be extremely rare. It was subsequently adopted by a range of companies, including General Electric, Siemens, Nokia, American Express, Boeing, and Sony.

The Six Sigma approach is essentially a business problem-solving methodology that supports process improvements through an understanding of customer needs, identification of causes of quality variations, and disciplined use of data and statistical analysis. These are referred to as the define, measure, analyze, improve, and control (DMAIC) approach.

Effective implementation of Six Sigma, like many quality models, relies on a number of critical success factors:

Management commitment

Project selection and leadership

Project metrics and a measurement assurance system

Application of the right tool mix (which can include histograms, Pareto charts, simulations, etc.)

Linkage to customers and suppliers

Training of staff and use of cross-functional teams

Cultural change including promotion of problem solving

ISO 9000

The International Organization for Standardization (ISO) first published its ISO 9000 series of quality standards in 1987 as a model for quality assurance standards in design, development, production, installation, and service. The system provides a universal framework for quality assurance and quality management.

ISO 9000 requires that organizations do the following:

Document operations and activities according to ISO 9000 standards.

Work according to these documents.

Keep records to show the quality system is working.

The ISO Standards were significantly updated in 2000 by incorporating a greater focus on process management, as well as TQM principles and procedures.

The ISO 9000 family incorporates auditing requirements that, in some organizations, are aligned with internal audit. Although there is no formal requirement for these activities to be aligned, at a minimum, internal audit should be aware of any ISO 9000 activities and ensure that these are incorporated in the organization's assurance map.

Models for Measuring Performance

There are many models for measuring both quality and performance. Some of these are embedded within broader quality management systems (such as TQM and ISO 9000) while others complement or support broader systemic approaches. The following three models all complement, rather than replace, quality management systems.

Balanced Scorecard

Robert Kaplan and David Norton first proposed their balanced scorecard approach in 1992. The scorecard focused on translating strategy into actions, and promoted a move away from traditional financial measures. Instead, organizations were encouraged to develop a broad range of financial and nonfinancial lead and lag measures that provided insight into overall operating performance.

The balanced scorecard measures were categorized into four perspectives: financial, customer, internal processes, and learning and growth. The structure of a typical scorecard is described in Figure 2.3 (Kaplan and Norton 2007).

Figure 2.3 Balanced Scorecard

Venkatraman and Gering (2000) identify four essential elements to the successful implementation of a balanced scorecard:

Make the strategy explicit.

The organization's strategy must be made explicit and made to form the basis for the scorecard.

Choose the measures.