Internal Audit is an independent, objective assurance and consulting activity intended to add value and develop an organization’s operations. It helps an organization achieve its objectives by bringing a methodical, meticulous and disciplined approach to assess and enhance the effectiveness of risk management, control, and governance processes.
Internal Auditors’ roles include supervising, evaluating, investigating and analyzing organizational risk and controls; and reviewing and confirming information and compliance with policies, procedures, and laws. Working together with management, the internal auditors provide assurance that as far as possible risks are significantly reduced and that the organization’s corporate governance is forceful and capable. In addition, Internal auditors make recommendations for And, when there is room for improvement, internal auditors make recommendations for augmenting processes, policies, and procedures.”
The scope of internal auditing is broad and wide. It may involve subjects like organization’s governance, risk management and management controls. The efficiency and effectiveness of operations (including safeguarding of assets), the reliability of financial and management reporting and compliance with laws and regulations are also part of internal audit scope. Internal auditing may also involve conducting proactive fraud audits to identify potentially fraudulent acts; participating in fraud investigations under the direction of fraud investigation professionals, and conducting post investigation fraud audits to identify control breakdowns and establish financial loss.
The Internal Auditing profession evolved steadily with the progress of management science. It is similar in many ways to financial auditing by public accounting firms, quality assurance and banking compliance activities. Some of the audit technique underlying internal auditing is derived from management consulting and public accounting professions.
Internal auditors are not independent of the companies that employ them, but at the same time independence, integrity and objectivity are pre-requisites. Professional internal auditors are to be independent of the business activities they audit. Although internal auditors are part of company management and paid by the company, the primary customer of internal audit activity is the entity charged with oversight of management’s activities.
This independence and objectivity are achieved through the organizational placement and reporting lines of the internal audit department. Internal auditors are required to report functionally to the top management or to the board of directors.
Internal auditing activity also relates to corporate governance which is accomplished primarily through participation in meetings and discussions with members of the Board of Directors. Governance is the policies, processes and structures used by the organization’s leadership to direct activities, achieve objectives, and protect the interests of diverse stakeholder groups in a manner consistent with ethical standards. The internal auditor is often considered one of the “four pillars” of corporate governance, the other pillars being the Board of Directors, management, and the external auditor.
Internal auditors typically issue reports at the end of each audit that summarize their findings, recommendations, and any responses or action plans from management. An audit report may have an executive summary; a body that includes the specific issues or findings identified and related recommendations or action plans; and appendix information such as detailed graphs and charts or process information.