Continuing great job on the discussions. Keep up the good work. You raised most of the important points but let me summarize my view.
Q1: Have you ever been involved with an internal audit or audit of your process / project?
Thanks for all the good examples shared – they remind me of the many audits I performed or was involved with (often as the subject of the audit).
In today’s world, there are audits of may kinds and someday I expect everyone will have some experience an and auditee or auditor. I note a lot oa consistency regardless of the subject of the audit: It starts with a defined procedure or expectation of how the process of activity should occur, there’s a methodical way to review how activities occur in the real world to measure vs. that expectation with a defined way to capture the alignment and gaps and address the gaps that are found.
Q2:How is independence maintained when working for the company as an internal auditor?
In my experience independence is taken very seriously. You noted common components: Defined Code of Ethics, organizational separation, Defined audit procedure with lots of documentation – there are even audits of audits. A very important but harder to measure component is the mindset of the auditors and those being audited – we’ll talk more about that in Week 14.
Q3:When is the cost of implementing a compliance control higher then the benefit obtained? What should an organization do to ensure efficiency and profitability?
Organizations don’t exists just to perform business process controls, audits, etc. They have a responsibility to address their missions (be that making profit or some other defined goal). There can be discussion where the control implementation costs are higher than the benefit. It all starts as many of you noted by doing a good risk assessment (part of you Final Exercise). With this information available management can make better decisions and strike the correct balance of control vs. cost.