Internal audit is an independent and objective consulting service, which is designed to add value to the business and improve the entity’s operation.
It provides a systematic and disciplined approach to evaluating and assessing risk management, internal control, and corporate governance.
Internal audit activities are generally focused on three principles areas including, but not limited to, Internal Control Over Financial Reporting, Time Value of Money, and Compliance Review.
These areas arise from the risk management assessments of an entity.
Normally, this department is not an operational department or its activities are independently performed and out of the control of executive management.
That means it is not involved directly in operations like setting up internal control and preparing financial statements. The objective is not to make sure that there is no conflict of interest between internal auditors.
This department normally reports directly to the audit committee or board of directors. However, for administrative purposes, this department also reports to the CEO or other executives.
Purpose of Internal Audit:
As said by standard, the purpose of the Internal Audit is to provide independent and objective assurance and consultant service to an organization.
It adds value to the business and helps to achieve its objectives. To meet this objective, internal audit activities must be designed in a systematic and disciplined way.
Right now, most business owners start to realize the importance of Internal audits. They mostly ask the auditor to oversee operational internal control and internal control over financial reporting.
It is assessing the risk of errors and fraud in the business also the most important part of its mission.
This department, in some jurisdictions, is required by law that the company needs to set up. In most cases, the companies that operate in the banking sector, are large corporations and listed companies.
Here is a common purpose:
- Improve the reliability over financial statements, and internal control of financial reporting
- Improve internal operational control
- Three Es audit: Efficiency, Effectiveness, and Economy
- Review compliant: Both Internal policies and External Policies ( Law and Regulation)
- Detect Fraud and Errors
- Manage risks
Authority of Internal Audit:
In general, the authority of the internal audit is defined in its Internal Audit Charter, and it normally has the right to access all information of the entity that is related to its activities.
Internal Audit charter lists down the importance of information related to Internal Audit. For example, Scope, Right and Obligation, Reporting Line, and Authority.
In general, the Internal Audit should have the right to appoint an expert who has skill in specific areas for help. Mostly related to the operation, the auditor might not have the skills to assess and evaluate things under investigation.
If auditors could not have the right or authority to appoint, auditors should seek such authority by the Board of Directors.
All information related to the company, Board Resolution Internal Regulation should be accessible.
Financial and Non Financial Information should also be able to access. If auditors are not able to access that information and documentation, audit works will not meet their objective,
Responsibility of the Internal Auditor:
This is also defined in the Internal Audit Charter. The main responsibilities are to conduct Internal Audit Activities based on their risk assessments.
The risks assessment should be ranked from strategy risks to the reliability of financial information. The Company assets are secured, and Internal Control of the company is effective and efficient.
Internal Audit is also responsible to ensure all kinds of risks are informed and communicated to the management of the company and its BOD.
Mostly, the communication between internal audit and BOD is done through the internal audit committee.
The internal audit committee summarizes the significant points that concern and faced during the period or engagement time to BOD for their attention and invention.
Here are the main responsibilities:
- Perform risks assessments for all significant areas in the entity
- Prepare annual planning base on risks assessed
- Make sure all of those risks are address to the audit committee and board of directors
- Manage audit resources to ensure that the audit plan get done with both quality and quantity
- Perform internal audit activities
- Communicate audit findings to executive and making they are settled
- Report a significant issue to the committee or board of directors.
Internal Audit Plan:
Normally, the internal auditor is required to prepare annual internal audit planning and submit it to the audit committee and BOD for review and approval.
Annual Internal audit planning is prepared based on the result of their risk assessment.
Auditors are required to have a good understanding of the nature of the business, significant processes and areas to might affect the entity.
For example, the payroll function and cash correction process. This planning also includes the timeline that the internal auditor visits those areas and the required resources.
So internal audit is basically established as part of risk mitigation covering internal control, compliance, and operational performance. These activities are done independently, professionally, and systematically.