Internal Audit

Internal auditing is a consulting activity designed to add value to and improve an organization’s operations. It provides insight and recommendations based on analyses and assessments of data and business processes and provides value to governing bodies and senior management as an objective source of independent advice.

Internal auditors advise management and the Board of Directors (or similar bodies) regarding how to better execute their responsibilities.

Role in internal control

The internal auditing activity is directed at evaluating internal control and is designed in achieving the following objectives:

  • Effectiveness and efficiency of operations
  • Reliability of financial and management reporting
  • Compliance with laws and regulations
  • Safeguarding of assets

Role in corporate governance

A primary focus area of internal auditing is helping the Audit Committee or the Board of Directors (or equivalent) perform its responsibilities effectively by:

  • reporting critical management control issues
  • suggesting questions/topics for the Audit Committee’s meeting agendas
  • coordinating with the external auditor and management to ensure the Committee receives effective information.

Internal audit execution

A typical Internal Audit Assignment involves the following steps:

  • Establishing and communicating the scope and objectives of the Audit to appropriate members of management.
  • Developing and understanding of the business area under review – this includes objectives, measurements and key transaction types.
    This step involves interviews and a review of documents and processes.
  • Describing the key risks facing the business activities within the scope of the Audit.
  • Identifying management practices in the five components of control used to ensure that each key risk is properly controlled and monitored.
  • Developing and executing a risk-based sampling and testing approach to determine whether the most important management controls are operating as intended.
  • Reporting issues and challenges identified and negotiating action plans with the management to address these problems.
  • Following-up on reported findings at appropriate intervals.

Add value

The end goal of any Internal Audit assignment is to add value to the organization.

While identifying these defects and noncompliance remains key to the audit function, auditors add value also by identifying all risks to which the client is exposed, as well as ways the client can operate more efficiently and effectively in pursuing its objectives.

Areas to focus on

  • Build relationships before the audit

It’s important to let audit clients know what they can expect during an audit.

  • Learn the business

It’s imperative to build a knowledge base before you meet with a process owner by:

  • simple online search
  • understanding an organization begins with understanding the industry in which it operates.


  • Communicate & act courteously during fieldwork
  •  When possible, internal audit should let the client know why his or her area was included in the audit plan.
  • Keep in mind that a functional area may have a different understanding of the concepts of risk and control.
  • The audit team may identify additional, material risks or controls, while the operating unit may know of back-end controls the audit team is unaware of.


  • Use judgement & discretion

Use discretion when deciding what to include, and how to cover it.

Auditor can first check his or her understanding of the issue and ask about mitigating circumstances that may have been overlooked.

Discussing the findings and proposed recommendations with the persons involved will ensure that nothing has been overlooked.

 Internal audit reports

Internal auditors’ reports, at the end of each audit, will include:

  • Summary of their findings
  • recommendations
  • any responses or action plan necessary by management.


Presented by Marion Caruana

Date: 7th October 2019

This entry was posted in Publications. Bookmark the permalink.

Comments are closed.