A Business-Centric Approach to Auditing: Applying the New IPPF Principles

Abstract

Auditing is about adding business value and improving enterprise operations. In order to raise findings beyond tick-the-box and written reports that never get management and the board’s attention, auditors need to do more than checklist auditing. They need to understand the business environment, align their audits with strategic, performance and risk objectives of the entity under review, be risk-based, and communicate insights and foresights effectively. Audit findings should be expressed in business terms that relate to organizational crown jewels that are at the hearts of top management and the board of directors.

By applying the 10 principles of internal auditing and understanding the business environment, auditors are able to express auditing findings in business language that communicates to key stakeholders, thereby adding value and improving organization operations.

Additional information

Notes on contributors

Tichaona Zororo

Tichaona Zororo, CIA, CISA, CISM, CRMA, CRISC, CGEIT, COBIT 5 Certified Assessor is an IT advisory executive with EGIT|Enterprise Governance of IT (Pty) Ltd, an IT Advisory firm based in South Africa focusing on advising the Board, Senior Business Executives and Management, IT Auditing, IT Governance Advisory, and Enterprise Risk Management. He has vast years of in-depth experience in mainstream IT, IT auditing, IT Governance, and IT Risk across private and public sectors in Africa, Europe, and Asia. He is an advisor to a number of boards and executives across the globe on Emerging Technologies, Governance and Management of Enterprise IT, IT Risk, IT Security, and IT Auditing. He has been involved in the development of numerous ISACA white papers and COBIT 5. A renowned COBIT 5 expert, advisor, and trainer; Tichaona is credited for being the first COBIT 5 Certified Assessor in Southern Africa and the 40th worldwide. He can be contacted at [email protected].