My position is that checklists as commonly conceived are useful but could be more so if conceived differently. I recommend a checklist consisting of a model of what the organisation is seeking to achieve and so needs to do and employ. The current state of the organisation can then be checked against the model.

Internal auditors are the obvious candidates to assure the quality of the model and to compare the organisation’s current state with the model. Such a role would enhance the status, efficacy and employability of internal auditors.

What is a checklist?

A checklist is simply ‘a list of items required, things to be done, or points to be considered, used as a reminder’ (Oxford Dictionaries). On this definition, standards are checklists.

What does an internal audit checklist look like?

The prime example is the Chartered Institute of Internal Auditors (CIIA)’s International Professional Practices Framework of principles and standards[1]. There’s also an ISO 9001 version of an internal audit checklist[2] and a free version by John F Smith[3].

Advantages of checklists

  • everyone forgets things and makes mistakes. Checklists help us to remember what we need to do
  • you can follow a checklist serially, which helps you complete what needs to be done
  • you can adapt the list to your own circumstances and psychology
  • a checklist helps you to be specific
  • checklists make it easy to delegate tasks.

Disadvantages of checklists

  • checklists are produced by people or maybe only one person and so are likely to be incomplete
  • some people find long checklists demotivating or distracting
  • a checklist can lull you into a false sense of security, and prevent you seeing the big picture, asking why, or thinking about the causes of problems
  • checklists have headings but otherwise do not specify the dependencies between the items on the list, so failing to define the order in which the items need to be carried out and risking things being done out of order
  • checklists are a prime target for artificial intelligence, so reliance on them exposes you to the risk of redundancy
  • checklists don't tell you whether the organisation will achieve its goals.

The value of internal audit

The CIIA article What is internal audit?[4] offers the following definition of internal audit’s value to the organisation: ‘Internal auditors deal with issues that are fundamentally important to the survival and prosperity of any organisation. Unlike external auditors, they look beyond financial risks and statements to consider wider issues such as the organisation's reputation, growth, its impact on the environment and the way it treats its employees.’

Will a checklist or standards deliver this value?

Checking a list of actions or following standards will not deliver the strategic value of internal audit. Even if all the standards are being followed and all the recommended actions are being carried out, the organisation won’t know whether it is likely to survive and prosper.

To determine whether the organisation will survive and prosper, the internal auditor needs a model which defines the relationships between its intended outcomes, how they should be measured, what risks will prevent their delivery, and what activities and resources are required to deliver them. Knowing the relationships between these data is essential to knowing whether the organisation will deliver its outcomes because broken or unknown relationships will prevent delivery. The model will enable the internal auditor to audit the current state of the organisation against the model in a way that isn’t possible with generic standards and checklists.

Information technology

Prose is an ineffective way of linking information because it can’t analyse relationships and communicate them clearly and concisely. Greater assurance would be provided through a cause- and outcome-driven system instead of the current prosaic approach. Information technology is the only way of recording and communicating relationships and linkages.

There are so many relationships – between outcomes, risks, performance measures, activities, facilities, finance, customers, producers, society at large and the environment – that information technology is needed to manage them.

Governance, reporting and audit platform

In IT terminology, a platform is a generic unprescriptive system applicable to any sort of organisation.

A governance, reporting and audit platform collects and connects every outcome, activity and resource required to realise an organisation’s outcomes, encouraging collaboration across disciplinary and organisational boundaries. It lets anyone contribute to the outcomes the organisation needs, increasing participation and diversity. It encourages ethical behaviour and facilitates audit by showing what everyone’s doing and what's likely to happen. It motivates people to challenge current deliverables, ways of working and resourcing, stimulating innovation and reducing cost.

Benefits of the platform

By linking and integrating all the causes of success, a governance, reporting and audit platform automatically and objectively determines whether a risk or KPI is relevant, whether a fact or circumstance would affect the ability of the entity to generate or preserve value in the long term, and the relative importance of the matter to the entity’s development, performance, position or future prospects and the impact of its activity. The platform sets performance measures which measure the outcomes the organisation is seeking to achieve rather selecting them from a checklist. It explicitly links remuneration to the delivery of outcomes, and integrates non-financial with financial information.

Remaining useful

In time, standards and checklists will probably be replaced by artificial intelligence. Therefore I agree that it is worth considering what internal auditors can do to avoid being replaced by artificial intelligence. I suggest that internal auditors should adopt artificial intelligence before it adopts them.

Tim Leech wrote a two part article for this Bulletin entitled Is internal audit the next BlackBerry? which provides reasons why it is time to reinvent the profession.[5]

A governance, reporting and audit platform would replace checklists and standards. It would reinvent internal audit. It would give internal auditors artificial intelligence and a means of remaining useful. It would enhance their status and increase their effectiveness and productivity. By providing an integrated, transparent and predictive business model, it:

  • predicts delivery; allocates accountability; mitigates risk; encourages responsible behaviour; regains trust; and creates sustainable business
  • makes reporting automatic; immediate; continuous; complete; concise; clear; balanced; open; objective; and proactive.

As stated earlier, internal auditors are the obvious candidates to assure the quality of the model on the platform, to audit the organisation’s current state against the model, and to draw the board’s attention to any discrepancies which have been overlooked.

Getting from checklists to artificial intelligence

A change as fundamental as this will take years – all the more reason to start now and get ahead of the game.

I will gladly demonstrate an example of a governance, reporting and audit platform to anyone who asks me to do so at

Peter Bebb, Director, Perendie





[5] Tim Leech article part 1 and Tim Leech article part 2