A Short Guide To Internal Auditing

A Short Guide To Internal Auditing

An internal audit is an objective and independent evaluation of the internal controls of your organization.  This is done to effectively manage risk within the business.  Internal audits will monitor identified weaknesses and ensure that they are addressed.  It is important that you know how to complete an internal audit.

The Principles And Approach

Independence

Internal auditors need to have the freedom to fulfil their responsibilities as they deem fit.  They should be allowed to determine what they will audit and when this will be done.  They will also be responsible for determining which issues to raise and the rating provided.

Managers and directors can have some influence, but they should not be able to overrule the auditor.  This cannot be done by direct or indirect pressure.  The head of the internal audit should have access to the chief executive and board of the organization when needed.

If the independence of the internal audit department has been compromised or is deemed to have been compromised, the audit committee will need to be notified.  The committee can then either ask for the audit to be managed differently or accept the risk this poses.  

Objectivity

The opinion and conclusions should be the same if any professional internal auditor where to read the evidence file.  The objectivity of the auditor should not be compromised.  It should also not have the possibility of a challenge due to business or personal relationships.  

If the auditor’s objectivity has been or has been deemed to be compromised, their manager will need to be notified.  The manager will then be able to determine the appropriate course of action.  This could be the removal of the auditor, an increase in oversight or having the incident raised with the HoIA for risk acceptance.  Here are some things to think about according to Barclay Simpson.

There are a lot of definitions for internal controls.  If you wish to know more, it is recommended that you visit the Institute of Internal Audit or Committee of Sponsoring Organizations websites.  These definitions will be the safeguards and activities that ensure objectives are reached.  They also help to ensure that bad things are avoided and their impact is minimized.

There are also many definitions of risk for organizations.  The common definition will be something that has a negative outcome.  This will often be expressed in a business as its likelihood multiplied by its impact.  The total risk in an organization could be expressed as the cost of expected losses.  In terms of financial services, this could be the funding needed to cover any unforeseen losses.

Risk appetite is the highest level of risk that a company is willing to expose itself to.  This could be set out in terms of unexpected and expected losses, limits or key risk indicators.  All organizations will have to take risks, but you need to control them.  

Internal audit assessments will help with risk appetite, but they will often not challenge this unless there are extreme circumstances.  The only way that an internal audit will achieve all of its objectives is when the weakness is found and addressed.

  • Business Name
  • Business Category
  • Business Location