CPR in the context of auditing, specifically for internal auditors, stands for Conformance/Compliance, Process Approach, and Risk-Based Thinking.
This acronym serves as a helpful reminder of key concepts that internal auditors should consider to conduct more effective audits. Let's break down each element:
-
Conformance/Compliance: This refers to verifying whether activities, processes, and systems adhere to established standards, regulations, policies, and procedures. The audit should assess if the organization is 'conforming' to these requirements and is 'compliant' with relevant laws.
-
Process Approach: This involves viewing the organization as a collection of interconnected processes. Auditors should understand how these processes interact to achieve objectives. This approach helps identify inefficiencies, bottlenecks, and potential control weaknesses within and between processes.
-
Risk-Based Thinking: This emphasizes identifying, assessing, and prioritizing risks that could impact the achievement of organizational objectives. Audits should focus on areas where risks are highest, and the assessment of controls should be proportional to the level of risk.
In summary, remembering "CPR" assists internal auditors in covering these critical areas during their audits, leading to more thorough and impactful results, as noted in the reference: "CPR for internal auditors is an acronym designed to help internal auditors remember concepts for conducting better audits. The acronym represents conformance/compliance; process approach; and risk-based thinking."
