Internal audit facts for kids
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. Internal auditing might achieve this goal by providing insight and recommendations based on analyses and assessments of data and business processes. With commitment to integrity and accountability, internal auditing provides value to governing bodies and senior management as an objective source of independent advice. Professionals called internal auditors are employed by organizations to perform the internal auditing activity.
The scope of internal auditing within an organization may be broad and may involve topics such as an organization's governance, risk management and management controls over: efficiency/effectiveness of operations (including safeguarding of assets), the reliability of financial and management reporting, and compliance with laws and regulations. Internal auditing may also involve conducting proactive fraud audits to identify potentially fraudulent acts; participating in fraud investigations under the direction of fraud investigation professionals, and conducting post investigation fraud audits to identify control breakdowns and establish financial loss.
Internal auditors are not responsible for the execution of company activities; they advise management and the board of directors (or similar oversight body) regarding how to better execute their responsibilities. As a result of their broad scope of involvement, internal auditors may have a variety of higher educational and professional backgrounds.
The Institute of Internal Auditors (IIA) is the recognized international standard setting body for the internal audit profession and awards the Certified Internal Auditor designation internationally through rigorous written examination. Other designations are available in certain countries. In the United States the professional standards of the Institute of Internal Auditors have been codified in several states' statutes pertaining to the practice of internal auditing in government (New York State, Texas, and Florida being three examples). There are also a number of other international standard setting bodies.
Internal auditors work for government agencies (federal, state and local); for publicly traded companies; and for non-profit companies across all industries. Internal auditing departments are led by a chief audit executive (CAE) who generally reports to the audit committee of the board of directors, with administrative reporting to the chief executive officer (In the United States this reporting relationship is required by law for publicly traded companies).
Role in risk management
Internal auditing professional standards require the function to evaluate the effectiveness of the organization's Risk management activities. Risk management is the process by which an organization identifies, analyses, responds, gathers information about, and monitors strategic risks that could actually or potentially impact the organization's ability to achieve its mission and objectives.
The internal audit function may help the organization address its risk of fraud via a fraud risk assessment, using principles of fraud deterrence. Internal auditors may help companies establish and maintain Enterprise Risk Management processes. This process is highly valued by many businesses for establishing and implementing effective management systems and ensuring quality is maintained . professional standards are met Internal auditors also play an important role in helping companies execute a SOX 404 top-down risk assessment. In these latter two areas, internal auditors typically are part of the risk assessment team in an advisory role.
Role in corporate governance
Internal auditing activity as it relates to corporate governance has in the past been generally informal, accomplished primarily through participation in meetings and discussions with members of the board of directors. According to COSO's ERM framework, governance is the policies, processes and structures used by the organization's leadership to direct activities, achieve objectives, and protect the interests of diverse stakeholder groups in a manner consistent with ethical standards. The internal auditor is often considered one of the "four pillars" of corporate governance, the other pillars being the board of directors, management, and the external auditor.
A primary focus area of internal auditing as it relates to corporate governance is helping the audit committee of the board of directors (or equivalent) perform its responsibilities effectively. This may include reporting critical management control issues, suggesting questions or topics for the audit committee's meeting agendas, and coordinating with the external auditor and management to ensure the committee receives effective information. In recent years, the IIA has advocated more formal evaluation of corporate governance, particularly in the areas of board oversight of enterprise risk, corporate ethics, and fraud. See also Internal audit § Notes below.
See also
- Certified Information Systems Auditor
- Chartered Institute of Internal Auditors
- Committee of Sponsoring Organizations of the Treadway Commission (COSO)
- Fraud deterrence
- Institute of Internal Auditors
- International Auditing and Assurance Standards Board
- International Register of Certificated Auditors
- IS audit
- Operational auditing
- Risk-based internal audit