Internal auditing is a consulting activity designed to add value to and improve an organization’s operations. It provides insight and recommendations based on analyses and assessments of data and business processes and provides value to governing bodies and senior management as an objective source of independent advice.
Internal auditors advise management and the Board of Directors (or similar bodies) regarding how to better execute their responsibilities.
Role in internal control
The internal auditing activity is directed at evaluating internal control and is designed in achieving the following objectives:
- Effectiveness and efficiency of operations
- Reliability of financial and management reporting
- Compliance with laws and regulations
- Safeguarding of assets
Role in corporate governance
A primary focus area of internal auditing is helping the Audit Committee or the Board of Directors (or equivalent) perform its responsibilities effectively by:
- reporting critical management control issues
- suggesting questions/topics for the Audit Committee’s meeting agendas
- coordinating with the external auditor and management to ensure the Committee receives effective information.
Internal audit execution
A typical Internal Audit Assignment involves the following steps:
- Establishing and communicating the scope and objectives of the Audit to appropriate members of management.
- Developing and understanding of the business area under review – this includes objectives, measurements and key transaction types.
This step involves interviews and a review of documents and processes.
- Describing the key risks facing the business activities within the scope of the Audit.
- Identifying management practices in the five components of control used to ensure that each key risk is properly controlled and monitored.
- Developing and executing a risk-based sampling and testing approach to determine whether the most important management controls are operating as intended.
- Reporting issues and challenges identified and negotiating action plans with the management to address these problems.
- Following-up on reported findings at appropriate intervals.
The end goal of any Internal Audit assignment is to add value to the organization.
While identifying these defects and noncompliance remains key to the audit function, auditors add value also by identifying all risks to which the client is exposed, as well as ways the client can operate more efficiently and effectively in pursuing its objectives.
Areas to focus on
- Build relationships before the audit
It’s important to let audit clients know what they can expect during an audit.
- Learn the business
It’s imperative to build a knowledge base before you meet with a process owner by:
- simple online search
- understanding an organization begins with understanding the industry in which it operates.
- Communicate & act courteously during fieldwork
- When possible, internal audit should let the client know why his or her area was included in the audit plan.
- Keep in mind that a functional area may have a different understanding of the concepts of risk and control.
- The audit team may identify additional, material risks or controls, while the operating unit may know of back-end controls the audit team is unaware of.
- Use judgement & discretion
Use discretion when deciding what to include, and how to cover it.
Auditor can first check his or her understanding of the issue and ask about mitigating circumstances that may have been overlooked.
Discussing the findings and proposed recommendations with the persons involved will ensure that nothing has been overlooked.
Internal audit reports
Internal auditors’ reports, at the end of each audit, will include:
- Summary of their findings
- any responses or action plan necessary by management.
Presented by Marion Caruana
Date: 7th October 2019