written 2.6 years ago by |
What is Internal Audit?
- Internal auditing is an independent, objective assurance and consulting activity designed to add value to and improve organization's operations.
Internal audits evaluate a company's internal controls, including its corporate governance and accounting processes.
The role of internal audit is to provide independent assurance that an organization's risk management, governance and internal control processes are operating effectively.
- Internal audits provide management and board of directors with a value-added service where flaws in a process may be caught and corrected prior to external, audits.
Internal Audit answers the following questions:
- Are we making progress towards our companies objectives?
- Whether various risks are being managed effectively?
- Are policies and procedures being applied correctly?
- What all activities and processes can be improved?
What are Internal Auditors responsible for?
- Routine internal audits ensures that the company has the ability to survive in a competitive business environment, and continue to prosper.
To be effective, the internal audit activity must have qualified, skilled and experienced people who can work in accordance with the Code of Ethics and the International Standards.
Auditors do this by:
- Monitoring, analyzing and assessing the risks and controls of the organization.
- Reviewing the organization's compliance with policies and laws.
- Making reassurances and recommendations to the company's owners.
How are Internal and External Audits different?
Internal audits and external audits are quite different, both in terms of their objectives and procedures. The main difference is that internal audits are not regulated and can, therefore, be applied more flexibly.
These are some of the differences which demonstrate how an internal audit can be more effective than external audit:
Objective:
IA: To educate management and employees about how they can improve business operations and its efficiency.
EA: To give reliability and credibility to the financial reports that go to shareholders.
Purpose:
IA: Review of financial reporting, operations, processes, internal control systems risk management, corporate governance, and fraud detection.
EA: Review of financial statements or other compliance matter.
Focus:
IA: Continuous improvement and meeting strategic goals.
EA: Fair reporting of financials or other compliance matter.
In summary, internal audit helps to improve companies from the inside, while external audit ensures that what they present to the outside world reflects what really happened. Both types of audit keep the engine of our economy running efficiently and accurately.
What are the types of Internal Audits?
There are 5 types of internal audits:
1.Compliance Audits evaluate compliance with applicable laws, regulations, policies and procedures. Some of these regulations may have a significant impact on the company's financial well-being.
2.Operational Audits assess the organization's control mechanisms for their overall efficiency and reliability.
3.Performance Audits evaluate whether the organization is meeting the metrics set by management in order to achieve the goals and objectives set forth by the Board of Directors.
4.Information Technology Audits may evaluate information systems and the underlying security infrastructure.
They will typically include the assessment of general IT controls related logical access, change management, system operations, and backup and recovery.
5.Environmental Audits assess the impact of a company's operations on the environment. They may also assess the company's compliance with environmental laws and regulations.
WHAT IS THE INTERNAL AUDIT PROCESS?
An internal audit should have four general phases of activities:
Planning
Fieldwork
Reporting
Follow-up
- Planning
The auditor notifies the client of the audit, discusses the scope and objectives of the examination in a formal meeting with organization management, gathers information on important processes, evaluates existing controls, and plans the remaining audit steps.
- Fieldwork
In this, the audit team will execute the audit plan. This usually includes interviewing key personnel to confirm an understanding of the process and Ocontrols, reviewing relevant documents, testing the controls for a sample over a period of time, documenting the work performed, and identifying exceptions and recommendations.
- Reporting:
The process of issuing an internal audit report includes drafting of the report, review the draft with management to ensure the accuracy of findings, and issuance and distribution of the final report.
- Follow-up:
This process includes appropriate follow-up with process owners needing to implement the recommendations as well as Board oversight of the company's overall status in addressing findings identified by internal audit.