Internal Audit

Internal Audit is an independent function established within an organization to assess and evaluate its operations as a service to the organization. It serves as an objective assurance and consulting activity aimed at enhancing the organization’s value and performance. By employing a systematic and disciplined approach, it helps organizations achieve their objectives by evaluating and improving the effectiveness of risk management, control, and governance processes.

1. Scope and Objectives of Internal Audit

The Internal Control System encompasses all policies and procedures implemented by management to assist in achieving its goals. This includes ensuring orderly business conduct, the accuracy and completeness of accounting records, timely financial reporting, asset protection, and the prompt detection of fraud and errors. Internal audit is a distinct element of internal control aimed at assessing the design and evaluation of other internal controls.

The scope and objectives of internal audit vary significantly based on the size and structure of the organization, as well as management’s needs. Internal audit typically operates in one or more of the following areas:

(a) Review of Accounting Systems and Internal Controls: While management is responsible for establishing effective accounting systems and related controls, regular reviews are essential to ensure their efficacy and recommend improvements.

(b) Examination of Financial and Operational Information: This includes assessing how information is identified, measured, classified, and reported, along with specific inquiries into individual items and transaction tests.

(c) Evaluation of Operational Economy, Efficiency, and Effectiveness: This assessment supports external auditors by ensuring the reliability of financial records.

(d) Physical Examination and Verification: This involves verifying the physical existence and condition of the organization’s tangible assets.

The objectives of internal audit can be summarized as follows: (a) Verification of the accuracy and authenticity of financial, accounting, and statistical records. (b) Ensuring compliance with accepted accounting policies and practices in financial reporting. (c) Confirming proper authorization for asset purchases or disposals, and restricting access to authorized personnel. (d) Verifying that liabilities arise from legitimate organizational activities. (e) Ensuring the internal checks system is robust and cost-effective. (f) Preventing and detecting fraud and errors. (g) Reviewing the overall internal control system and promptly communicating any deviations or weaknesses to the appropriate authorities to facilitate corrective action.

2. Internal Audit Framework

The internal audit function should adhere to the following framework:

  • Formal Charter: The internal audit function must have a formal charter, including approved terms of reference by the board.

  • Documented Reporting Structure: A clear and formally documented reporting structure is essential. The head of internal audit should hold a senior position and have discretion over the content of audit reports. This individual should report directly to the board audit committee and have access to the chairman of the board.

  • Detailed Testing: Internal audit should conduct detailed testing in all areas covered by its charter to ensure compliance and report findings to the board audit committee.

  • Competency: The internal audit team must possess the necessary skills, including the ability to address non-financial aspects.

  • Collaboration with External Auditors: Regular communication between internal and external auditors should be encouraged to maximize cooperation, as their work can often complement each other.

  • Audit Committee and External Auditors: The board audit committee should inform external auditors of corporate governance issues and consult periodically regarding the internal audit function.

  • Compliance Reviews: The internal audit function should periodically review compliance with procurement and disposal procedures, reporting findings to the board audit committee.

3. Relationship Between Internal and External Audit

When relying on the work of internal auditors, external auditors should evaluate the internal audit function to inform their own audit procedures. While the internal auditor’s scope is defined by management, the external auditor operates under statutory requirements. Despite these differences, their objectives often overlap, making the internal auditor’s work valuable for the external auditor in determining the nature and extent of their procedures. However, the external auditor remains solely responsible for their report, even when relying on internal audit findings.

Making Internal Audit Effective

When external auditors decide to rely on internal audit work, they should coordinate efforts, discussing plans, areas of reliance, coverage extent, testing methods, and documentation review.

External auditors should also have access to internal audit reports and be kept informed of significant issues that arise. Conversely, internal auditors should be informed of matters that could impact their work.

Factors to consider when relying on the internal audit include:

(a) Adequacy of audit programs in relation to the audit report’s scope. (b) Planning, supervision, and documentation review of audit work. (c) Availability of sufficient, appropriate audit evidence. (d) Appropriateness of conclusions reached and reported. (e) Any unusual matters disclosed by internal auditors.

4. Evaluating the Internal Audit Function

Key considerations for external auditors when evaluating the internal audit function include:

(a) Organizational Status: Consider any management-imposed constraints on internal auditor reporting. (b) Scope of Function: Assess the nature and depth of audit coverage and whether management implements internal audit recommendations. (c) Technical Competence: Evaluate the professional competence of internal auditors. (d) Due Professional Experience: Determine if internal audit work is well-planned, supervised, reviewed, and documented.

To facilitate thorough reviews of internal controls, auditors may utilize several techniques:

(a) Narrative Record: A comprehensive description of the system, developed through testing and observation, suitable for small businesses without formal control systems.

(b) Check List: A series of questions or instructions for auditing staff to follow, ensuring all necessary areas are addressed.

(c) Internal Control Questionnaire: A series of questions about internal controls, designed for straightforward responses, commonly used in large audits to save time.

(d) Flow Chart: A graphical representation of the internal control system, providing a concise overview for auditors.

All these techniques require a solid understanding of the client’s business to be effective.

Why Choose Our Internal Audit Services?

Our expert auditors employ a risk-based approach tailored to our clients’ objectives and constraints.

Our services ensure consistent execution of internal audit practices worldwide.

We aim to deliver tangible value beyond traditional methods.

We focus on enhancing internal audit as a productive tool within today’s corporate governance environment.

Our expertise extends to specialized areas, including fraud investigations, project monitoring, systems implementation, revenue assurance, and IT.

We serve clients across diverse industries, such as manufacturing, financial services, telecommunications, IT, healthcare, media and entertainment, and consumer business.

Our internal audit services offer comprehensive, disciplined approaches that deliver practical solutions rather than just reports.

Our specialists prioritize value creation, providing foresight and insight across the enterprise to address future challenges.

Scroll to Top