Internal audit is independence and objectivity consulting service, which is design to add value to the business and improve the entity’s operation.
It provides a systematic and disciplined approach to evaluating and assessing risk management, internal control, and corporate governance.
Internal audit activities are generally focused on three principles areas including, but not limited to, Internal Control Over Financial Reporting, Time Value of Money, and Compliance Review.
These areas arise from the risk management assessments of an entity.
Normally, this department is not an operational department or its activities are independently perform and out of the control of executive management.
That means it is not involved directly in operation like setting up internal control and prepare financial statements. The objective is not to make sure that there is no conflict of interest between internal auditors.
This department normally reports directly to the audit committee or board of directors. However, for administrative purposes, this department also reports to the CEO or other executives.
Purpose of Internal Audit:
As said by standard, the purpose of the Internal Audit is to provide independent and objective of assurance and consultant service to an organization.
It adds value to the business and helping to achieve its objectives. To meet this objective, internal audit activities must be designed in a systematic and disciplined way.
Right now, most of the business owners start to realize the importance of Internal Audit. They mostly ask the auditor to oversee operational internal control and internal control over financial reporting.
It is assessing the risk of errors and fraud in the business also the most important part of its mission.
This department, in some jurisdiction, is required by law that the company needs to set up. In most cases, the companies that operate in the banking sector, large corporations, and listed Companies.
Here is a common purpose:
- Improve the reliability over financial statements, and internal control of financial reporting
- Improve internal operational control
- Three Es audit: Efficiency, Effectiveness, and Economy
- Review compliant: Both Internal policies and External Policies ( Law and Regulation)
- Detect Fraud and Errors
- Manage risks
Authority of Internal Audit:
In general, the authority of the internal audit is defined in its Internal Audit Charter, and it normally has the right to access all information of the entity that related to its activities.
Internal Audit charter lists down the importance of information related to Internal Audit. For example, Scope, Right and Obligation, Reporting Line, and Authority.
In general, the Internal Audit should have the right to appoint an expert who has skill in specific areas for help. Mostly related to the operation, the auditor might not have those skills to assess and evaluate things under investigation.
If auditors could not have the right or authority to appoint, auditors should seek such authority by the Board of Directors.
All information related to the company, Board Resolution Internal Regulation should be accessible.
Financial and Non Financial Information should also be able to access. If auditors are not able to access that information and documentation, audit works will not meet its objective,
Responsibility of the Internal Auditor:
This is also defined in the Internal Audit Charter. The main responsibilities are to conduct Internal Audit Activities base on their risk assessments.
The risks assessment should be rank from strategy risks to the reliability of financial information. The Company assets are secured, and Internal Control of the company is effectively and efficiently.
Internal Audit is also responsible to ensure all kinds of risks are inform and communicate to the management of the company and its BOD.
Mostly, the communication between internal audit and BOD is done through the internal audit committee.
The internal audit committee summarizes the significant points that concern and faced during the period or engagement time to BOD for their attention and invention.
Here are the main responsibilities:
- Perform risks assessments for all significant areas in the entity
- Prepare annual planning base on risks assessed
- Make sure all of those risks are address to the audit committee and board of directors
- Manage audit resources to ensure that the audit plan get done with both quality and quantity
- Perform internal audit activities
- Communicate audit findings to executive and making they are settled
- Report a significant issue to the committee or board of directors.
Internal Audit Plan:
Normally, the internal auditor is required to prepare annual internal audit planning and submit to the audit committee and BOD for review and approval.
Annual Internal audit planning is prepared based on the result of their risk assessment.
Auditors required to have a good understanding of the nature of the business, significant process and areas to might affect the entity.
For example, the payroll function and cash correction process. This planning also includes the timeline that the internal auditor visits those areas and the required resources.
So internal audit is basically established as part of risk mitigation covering internal control, compliant, and operational performance. These activities are done independently, professionally and systematically.