News & Events

    Category Archives: Blog Home page

    Items with this category will appear as highlights on the home page – NO MORE THAN 3 ITEMS MUST HAVE THIS CATEGORY AT ANY ONE TIME

    Lean & Agile Internal Audit Methodology toolkit for purchase

    Lean & Agile Internal Audit Methodology toolkit for purchase

    I have worked with many clients to develop a lean and agile audit methodology and up-date their audit manual.

    In response to requests, I have summarised the key good practices into one manual, aligned to the IIA IPPF 2017 framework.

    Key lean/agile principles are outlined:

    The lean and agile internal audit methodology toolkit is written for immediate use by any internal audit team covering:

    • Assignment planning
    • Assignment execution
    • Assignment reporting
    • Follow-up and feedback

    The document comprises 80+ slides explaining good practice in a granular/modular way:

    The methodology toolkit also contains templates, advise on ratings, dealing with sensitive issues and how to manage advisory assignments.

    It can either be used to benchmark an existing audit methodology for lean/agile ways of working or it can be used as the starting point for a new audit team that needs to write an audit manual.

    The toolkit costs £500+VAT but will save those who use it many days of effort. For more information contact


    Webinar: Ethics in the Real World

    Webinar: Ethics in the Real World

    Since 2017 the IIA has had a requirement for members to take a 2-hour CPE course each year on the subject of Ethics.

    This area is especially highlighted because of its key role in helping internal audit to be independent and objective.

    To date, there has been a lot of training on “the basics” of ethics. However, “Ethics in the Real world” moves beyond the straight-forward aspects of ethics and considers the real-world challenges that might face auditors and how they might decide what to do. It also looks at the “real world” challenges and pressures that managers face and will help auditors to look at these issues in an insightful and value-adding way.

    Internal audit challenges

    Assignment planning:
    “It’s a bad time for you to audit this area right now, can you come back later”?
    “Rather than audit us, can you do some advisory work instead”?

    Assignment reporting
    “This is a really sensitive issue, do you really have to write it down? Or can you write it differently”?
    “Can we have a less harsh audit rating, otherwise the rating will cause a lot of issues”.
    “Can you give us more time to fix that issue, we are really busy at the moment”. Continue Reading

    Coaching Packages

    Coaching Packages

    Career Coaching Packages

    1. CAREER TURNING POINTS 4-Weeks Coaching (Skype or Zoom)
    CAREER TURNING-POINTS is designed for those who need a burst of motivation to achieve clearly defined career goals, such as getting that new job, internal promotions, job interviews, improving self-confidence or succeeding in a new role.
    Over the course of 2 months, you will receive 4 x 90-minute sessions of private coaching by Skype or Zoom.

    2. CAREER STRATEGIES – 4-Months Coaching
 (Skype or Zoom)
    CAREER STRATEGIES is designed for those who want to explore and plan for their career, with the opportunity to focus on 2-3 key goals. Over the course of 4 months, you will receive 8 x 90-minute sessions of private coaching by Skype or Zoom.

    Leadership Coaching Packages

    1. BUILD A NEW DIRECTION – 4-Months Coaching 
(Skype or Zoom)
    BUILD A NEW DIRECTION is designed for those who want to enhance their ability to lead, with the opportunity to reflect on their current strengths and areas for improvement and focus on 2-3 key goals. Over the course of 4 months, you will receive 8 x 90-minute sessions of private coaching by Skype or Zoom.

    2. GAIN MOMENTUM – 8-Months Fortnightly Coaching 
(Skype, telephone or face-to-face)
    GAIN MOMENTUM is designed for people who want to achieve personal, professional or business goals, with the opportunity to focus on several key areas. Over the course of 8-months, you will receive 16 fortnightly 90-minute sessions of private coaching by Skype or Zoom.

    3. SHARPEN YOUR SAW– 12-Months Monthly Coaching 
(Skype, telephone or face-to-face)
    Designed for people who want to SHARPEN THEIR SAW via regular monthly coaching sessions and for best practice reflections and managing challenges and enhancing their current practice. Over the course of 12-months, you will receive 12 monthly 90-minute sessions of private coaching by Skype or Zoom.

    Short-term “Hot Topic” Coaching Packages

    3-Hours – FOCUS CLEARLY: 1 x 3-Hour Breakthrough Session (Skype or face-to-face)
    Designed to explore and FOCUS CLEARLY on a major challenge or goal. This comprises 2 x 90-minute discussions is 100% tailored to you to make a practical break-through.

    1-Day – BEST PRACTICES & TAKING STOCK: 2 3-hour sessions, plus a follow-up
    Escape from day-to-day pressures to take stock, reflect on best practices and empower yourself. Designed to explore, clarify technical best practice issues and plan for a specific goal, aspiration or challenge.

    4 x 90-minute coaching sessions (remote or face to face, depending on location), tailored to you (usually within 2-4 weeks), followed by a 90-minute telephone call one week later. (5 in total).

    Package Prices

    Prices are charged for 90-minute slots
    5% discount available for purchasing > 5 sessions at a time.
    10% discount available for purchasing >10 sessions at a time.

    For up-to-date prices and more information contact:

    Guidance on Auditing Culture and behaviour

    Guidance on Auditing Culture and behaviour

    An extract from James Paterson’s latest CPD technical article on the ACCA website. 

    It’s time that GRC professionals, regulators and Internal Audit recognised the importance of auditing culture and behaviour – the “soft stuff” 

    For the past six years I have been running the IIA UK training on auditing culture, I also helped write the IIA UK guidance on auditing culture. My background is worth explaining: I’m a finance professional, but did a masters’ degree in management (focusing on organisational behavior). I then left finance to work in HR (in leadership development and managing culture change). Then I became a Head of Internal Audit for AstraZeneca for seven years, and since 2010, I have been combining my passion for people and the soft stuff with my love of Internal Audit, doing training and webinars across Europe and further afield.

    I am really happy that GRC professionals, regulators and Internal Audit have started to recognise the importance of the soft stuff when it comes to the effective management of risk and maintaining ethical conduct. This was caused – in a large part – by the recognition that many aspects of the financial crisis of 2007-2008 were caused by short-comings in the “bonus culture”, and underestimation of the latent risks building up. In addition, there were mis-selling scandals highlighting poor conduct in sales, which did not put the customer first.

    In the UK, the importance of culture and conduct in relation to Internal Audit was formally recognised in a code of practice for Internal Audit in financial services, published in 2013, which said that Internal Audit should consider, when making audit plans: “the risk and control culture” and “the setting of, and adherence to, risk appetite” amongst other areas. In January 2020, the same points have been included in the IIA UK Code of practice for Internal Audit, applying to all sectors and not just financial services.

    You can read the rest of this article on the ACCA website

    Guidance on auditing planning for Internal Audit

    Guidance on auditing planning for Internal Audit

    A good audit planning process should also act as a platform to showcase what audit can do and build closer relationships with key stakeholders, writes James C Paterson on the ACCA blog. 

    For the past 10 years I have been running a course on audit planning. It’s two days long and we often start with heads of audit and audit managers explaining their planning process. Common planning steps include consulting managers and the audit committee, up-dating the audit universe and considering areas of concern for Internal Audit and/or a regulator. After that, differences start to emerge, from:

    • “Cross-checking against the key risk register” to “We can’t rely on the risk register”
    • “Co-ordinating with other functions and external audit” to “We do our most of our plan independent of others”
    • “Calculating priority based on number of years since the last audit” to “We have a blend of factors we use to calculate priorities, and we adjust these if we don’t think the plan is right”.

    Then greater differences emerge when we discuss the length of any audit cycle, or what items are in/out of the scope of the audit universe, and what the weighting factors are for the audit universe risk ranking.

    It then dawns on many that their audit planning process is effectively a hotchpotch of historical steps, overlaid with specific priorities, where specific factors and weightings cannot be justified other than by explaining that:

    1. They were used in the past
    2. They seem to give a reasonable result that stakeholders are happy with
    3. They weren’t challenged in the last EQA.

    The net result of this is that some audit functions are auditing “the risks that matter”: i.e. strategic risks, major projects and programmes and key third-party dependencies, whereas others are auditing mostly basic compliance, control and other standard processes.

    We then discuss key finding areas from recent IIA External Quality Assessments and learn that many audit functions fall down against the IIA standard for planning and IIA requirements around co-ordination with others. The requirements include:

    • Audit plans should be aligned with the strategies, objectives and risks of the organisation etc. and adjusted at intervals, (IIA IPPF 2010), and
    • There should be co-ordination with other assurance functions, and reliance on others where appropriate, (with a clear process for the basis of reliance on others) (IIA IPPF 2050).

    Thus the reason there are short-comings in audit plans is because they are mostly based on stakeholder opinions and an audit universe, which is then retrospectively tied back to key risks etc. Most decent EQAs nowadays can tell this is how the plan was prepared, and may have concerns about why some items are in/not in the audit plan.

    Remember: You can’t get a good plan by pressing entering data into a model and pressing a compute button, and you don’t have a good audit plan just because everyone is happy with it!

    You can read the rest of this article on the ACCA website

    Join our mailing list

    We will keep you updated with news and events.


    Contact and appointments:

    Risk & Assurance Insights
    T: +44 (0)7802 868914

    Please also use our contact form