Internal auditing is an independent, objective assurance and consulting activity that is designed to add value and improve an organization’s operations. Also, it helps a business to accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
An internal audit is designed to review what a company is doing in order to identify potential threats to the organization’s health and profitability, and to make suggestions for mitigating the risk associated with those threats in order to minimize costs.
A typical internal audit assignment involves the following steps:
- Establish and communicate the scope and objectives for the audit to appropriate management.
- Develop an understanding of the business area under review. This includes objectives, measurements, and key transaction types. This involves review of documents and interviews. Flowcharts and narratives may be created if necessary.
- Describe the key risks facing the business activities within the scope of the audit.
- Identify management practices in the five components of control used to ensure each key risk is properly controlled and monitored. Internal Audit Checklist can be a helpful tool to identify common risks and desired controls in the specific process or industry being audited.
- Develop and execute a risk-based sampling and testing approach to determine whether the most important management controls are operating as intended.
- Report issues and challenges identified and negotiate action plans with management to address the problems.
- Follow-up on reported findings at appropriate intervals. Internal audit departments maintain a follow-up database for this purpose.
Audit assignment length varies based on the complexity of the activity being audited and Internal Audit resources available. Many of the above steps are iterative and may not all occur in the sequence indicated.
Internal auditors deal with issues that are fundamentally important to the survival and prosperity of any organization. Unlike external auditors, they look beyond financial risks and statements to consider wider issues such as the organization’s reputation, growth, its impact on the environment and the way it treats its employees.
In sum, internal auditors help organizations to succeed through a combination of assurance and consulting. The assurance part of their work involves telling managers and governors how well the systems and processes designed to keep the organization on track are working. Then, they offer consulting help to improve those systems and processes where necessary.
The difference between external and internal audit:
| External audit | Internal audit | |
| Reports to | Shareholders or members who are outside the organizations governance structure. | The board and senior management who are within the organizations governance structure. |
| Objectives | Add credibility and reliability to financial reports from the organization to its stakeholders by giving opinion on the report | Evaluate and improve the effectiveness of governance, risk management and control processes. This provides members of the boards and senior management with assurance that helps them fulfill their duties to the organization and its stakeholders. |
| Coverage | Financial reports, financial reporting risks. | All categories of risk, their management, including reporting on them. |
| Responsibility for improvement | None, however there is a duty to report problems. | Improvement is fundamental to the purpose of internal auditing. But it is done by advising, coaching and facilitating in order to not undermine the responsibility of management. |
For more information and/or advice, please contact us via email at info@finexpertiza.cy