Companies have an internal audit to evaluate their internal controls, like corporate governance and accounting processes.
The main purpose of internal audit is to provide the company with independent assurance that their risk management, corporate governance and internal control processes are operating effectively.
The internal audit ensures that rules, regulations and laws are being followed to maintain prompt financial reporting and collection of data for analysis.
It also helps the company find out what’s wrong and improve their efficiency and find out what is wrong before it is discovered in the external audit. This also provides the management and the board time to correct mistakes before the external audit.
Advantages of Internal
- The biggest advantage of Internal Audit is, as mentioned above; it helps identify errors before the external audit. So by the time an external audit happens, hopefully, the management would have rectified those errors. This also helps reduce the chances of fraud, as the management can’t go over everything so auditors, who are professionals, can easily identify any wrongdoings.
- Internal audit introduces a proper accounting system that has steps and procedures in order to maintain ease of checking and maintain financial records. This makes it easier to achieve goals and results that are desirable.
- Internal audit also helps the management in making decisions and keeps the management in check. The objectives of the business can be achieved if there is proper internal control, internal check, and internal audit. Management also uses the audit reports of the previous year to see how the organization is doing and progressing and then they make effective decisions using this way of comparison. The managers also use the internal audit to make necessary changes for a better functioning company.
- Asset protection is possible with internal audit. The company managers can misuse assets for their private purpose and not for generating income for the business. The internal audit makes sure that the cash, stock or inventory and other assets are being put to proper use and aren’t involved in anything other than business income generation.
- Internal audit can help with fixing the division of labour and responsibilities. During an internal audit, the activities of every employee including the managers are being looked over and where necessary, the auditors can point out the need for separate labour required for a particular task. Hence the division of labour happens. This also helps assign responsibilities to idle employees or people not doing their tasks properly can be assigned a standard or benchmark they have to meet in order to stay employed. Any action can then be taken if found suitable to make individuals accountable.
- Internal audit helps external audits too. The work done by an internal auditor can help the external auditor as it makes it easier for them to conduct an external audit. The processes for both the audits are similar and external auditors do choose to go through the internal audit reports. However, it isn’t appropriate for them to completely rely upon the internal audit reports.
- Previous year’s audit reports can be the basis for making the budgeting decisions for the current year by preparing the income statement and balance sheet. This helps the company improve the performance of their business.
- Like protection of assets, internal audit also makes sure the resources are being used properly or not. Misuse of resources means wastage of resources, which ultimately leads to increased costs for the organization. The company can figure out the optimum usage of resources using the controlled cost of output and internal audit helps with putting the resources to the best use and in the best interest of the business.
- Lastly, internal audits help investigate various aspects of the business properly. Wherever there are doubts arising, the internal auditor can use facts and figures to find out what’s not being done right. The company’s management makes these requests and they ask the auditors to investigate different areas in the organization.
Limitations of Internal Audits:
We’ve talked about many benefits of internal audits but like everything, internal audits have limitations too.
- There is a shortage of qualified staff a company can hire for its auditing committee that conducts internal audits. A qualified and professional staff is required to conduct the process properly and efficiently. Lack of such staff can restrict the company from realizing the benefits of a good internal audit.
- There is a significant time lag that exists between the recording of financial records and the audit. Audit commences when the accounting process ends so the checking of the entries is done when some time has passed since they were made. This may result in some discrepancies.
- The staff conducting the internal audit misses out on some errors, depending on their expertise. Much more experienced and competent staff means fewer chances of errors going undetected. But otherwise, there is no guarantee that all accounts would be error-free. This can be damaging for the company if such errors are identified during the external audit, but that depends on the nature of the error and how damaging it is for the company.
- Even if errors are found, some managers are not very responsive to the correction of errors. They may choose to not make the audit reports public and can easily ignore the errors and not take necessary actions required.
- Since people who are like outsiders to the company do an internal audit, they have no interest in the betterment of the company. So they can choose to ignore some red flags. They do their work for the money rather than the company they are working for.
- Internal audit is like an extra cost that companies bear. This is because the internal audit is done for the company and the shareholders do not accept it. So an external audit is always required, hence an extra cost that companies for their sake only.
To conclude, where internal audit proceeds to bring in improved performance for a company and is a systematic approach for the company to bring about required change in the organization, it can also prove to be an unnecessary process that the company has to go through and may not reap any benefits if not done right.
There are two main services that internal auditor could offer to the organization. Once is the assurance services, and second is the consultant service.
In assurance service, internal auditor review over the number of areas including an entity, operation, function, process, system, or other subject matters.
The opinion or conclusion will be provided once auditors completed their review and assessment.
Before performing their works, the auditor should agree on the nature and scope of engagement with relevance parties such as process owners, users of assessment reports or result, and auditors themselves.
The nature and scope of an assurance engagement are determined by the internal auditor before performing their job.
This could help both auditor and process owner minimize the conflict and understand the auditing purpose.
It could also assist the auditor to prepare the right audit report and identify who are the users of the report.
Generally, three parties are participants in assurance services:
(1) The person or group directly involved with the entity, operation, function, process, system, or another subject-matter — the process owner,
(2) The person or group making the assessment — the internal auditor, and
(3) The person or group using the assessment — the user.
Assurance engagement is different from the consulting service (engagement) since assurance services provide an independent assessment and then make the conclusion or opinion based on the objective evidence that examines by the internal auditor.
For example, if the auditor is engaged to review the effectiveness and efficiency of the purchasing process, then the auditor should prepare the engagement letter.
The letter should clearly state the scope, nature, process owner, as well as users of auditor (audit committee or board of director).
As a result of their objective examination, the auditor will conclude in their report about the effectiveness and efficiency of the purchasing process.
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness risks management, control and governance processes.
The above is the definition of internal audit and this definition should be included in the internal audit charter that required board, audit committee or entity’s managements that have a similar responsibility to acknowledge the definition of internal audit at least annually.
Working and reporting independently and objectively is the key that could help the auditor to play their role effectively and really added the value to the entity.
If internal audit activities are not performed independently and objectively, then not only their jobs are not added value to the organization, but their activities will subsequently discredit by others function and departments. Organization reputation may then subsequently adversely affected.
1100 – Independence and Objectivity, independence must be managed at the individual auditor, engagement, functional, and organizational level.
Functional reporting is a very important factor that determines the independence of internal audit activities.
For functional reporting, internal audit leader should report to the board, audit committee or equivalent level.
The key functional reporting that internal auditors should report to the board or audit committee are:
- Approving the internal audit charter.
- Approving the risk-based internal audit plan.
- Approving the internal audit budget and resource plan.
- Receiving communications from the chief audit executive on the internal audit activity’s performance relative to its plan and other matters.
- Approving decisions regarding the appointment and removal of the chief audit executive.
- Approving the remuneration of the chief audit executive.
- Making appropriate inquiries of management and the chief audit executive to determine whether there are inappropriate scope or resource limitations.
Confidentiality is one of the most important of internal audit’s code of ethics that required the internal auditors to keep information that they obtain from clients during their audit confidential. In other words, the information should not hand to people that are not authorized to access it.
Normally, the internal auditors could have the right to access most of the information of their client. Some of that information is not sensitive yet some are very sensitive.
For example, commercial information like the new produce lunch next week could be very sensitive. Business plan, budget, and employees’ salaries are also important.
If the internal auditor makes the information leak to outside or especially a competitor. There will be adversely affected to company.
Internal audit confidentiality also prevents the auditor to use the client’s confidential interest to gain personal benefit.
For example, an internal audit might access to client’s insider share information and by assessing, that information auditor might sell the share and purchase directly or indirectly.
The internal auditor is the entity’s staff that work independently and objectively. This role normally reports directly to the audit committee and board of directors of an entity.
However, there are certain things that internal audit should report to senior management of the entity like CEO and CFO. For example, the internal audit might report about staff KIP as well as a performance evaluation for staff annual increment.
There are many reasons why internal auditors should not have a direct report to CFO and CEO of the entity. Here is the reason:
- To maintain the independence of works: The internal audit main objective is to added value to the entity and helps them to meet their objective. This is required independence to assess whether current risk management that possesses by senior management is well identifying and manage. They control and well as strategy are normally held by CFO, CEO, as well as other senior management. To have a good assessment, internal audit should not report directly to these people.
- To maintain objectivity:
- To avoid conflict of interest:
- To ensure the high discipline approach are maintain:
- Required by law:
- Required by shareholders and board of directors:
Internal audit performs independence and objectives activities from the organization while its main objective is to play an important role in helping the organization to meet its main goal. In other words, to meet the organization’s vision and mission.
The important approach that internal audit uses to ensure that its activities are added value to the organization is a systematic and disciplined approach.
This approach required internal audit to work very hard to ensure that all relevant internal auditing standard, internal policies as well as the requirement from regulator and audit committee. The effectiveness and efficiency of its own activities also need to review and assess.
However, all of these things are not enough to help internal audits in an organization meet the above objective.
Besides operational roles like managing the internal audit team, execute audit plan, and reporting the result to the board of directors as well as the audit committee, the chief of audit executive need to possess and play many strategic roles.
In this article, we will discuss the strategic role that internal audit leaders include chief audit executive, head of internal audit, as well as audit manager, should play in order to make sure that internal audit functions in the organization could really add value to the organization.
Key Strategic Role of Internal Audit:
1) Be the Changing Leader:
Change is very important in the organization. In most cases, during the transition period, conflict might always happen.
And, to ensure that the change will succeed, changing management needs to run properly. The chief audit executive could play an important role in changing management. Or can be the changing model.
2) Build Strong Communication
Internal audit needs to have a good relationship with both senior management, board subcommittee as well as the board of directors in the organization.
3) Review and Respond to the Ethical Climate of Board and Management
4) Educate Board and Management on Corporate Governance, Risks Management, Control, and Compliance
5) Set and Communicate Internal Audit KPI to Board and Senior Management
6) Be a Key Point of Contact with External Audit and Others Regulatory