What is Internal Audit?
Internal audit provides independent assurance that an organization’s risk management, governance and internal control processes are functioning effectively. This role is unique because the internal auditor is an agent who monitors the actions of other managers, who are employees of the same organization.
The Institute of Internal Auditors (IIA) has developed the following globally accepted definition of internal audit:
Internal audit is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations.
It helps an organization meet its objectives by providing a systematic and disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.
Objectives of Internal Audit
The objective of the internal audit is to support the members of the organization in the performance of their activities, generating benefits that allow to determine if the systems and procedures established are effective and to make recommendations for the improvement of the policies, procedures, systems, norms, philosophy among others.
The audit work includes:
- Prepare reliable and integrated reports for internal and external use.
- Ensure compliance with policies, plans, procedures, rules and regulations within the organization.
- Economic and efficient use of resources.
- Follow-up and control of the administrative management of the business.
- Increase the possibilities of achieving the company’s objectives.
- Ensure the veracity of the financial data provided by the entity.
- Identify any type of error, as well as possible scams and frauds.
- Protect and secure the assets.
The internal audit serves as a control tool when the business expands, the greater the growth, the greater the complexity, requiring greater controls and monitoring in all aspects.
Independence and objectivity of Internal Audit
Independence and objectivity are two fundamental components of an effective internal audit activity. In this sense, the internal audit activity must be objective and independent, of verification and consultation, designed specifically to increase the positive results of a given management.
Independence is established by the structure of the organization and the lines of reporting. Objectivity is achieved through an appropriate mental attitude. The objectivity, skills and knowledge of competent internal auditors can significantly add value to the internal control, risk management and governance processes of the organization. Similarly, it can provide assurance to other stakeholders, such as regulatory bodies, employees, financial providers and shareholders.
Steps to perform Internal Audits
When performing an internal audit, evaluation systems must be established for the continuous improvement of operations in any organization. It is important to make a general analysis of the organization to be audited. That way, the audit team can have a better understanding of how the processes work and what the objectives of the entity are.
- Elaboration of Audit Programs
- Audit Plan
- Review of documentation and development of checklists
- Execution of the Audit
- Presentation of the Audit Report
- Monitoring of improvement actions
In this way, the internal audit continuously verifies the effectiveness of the controls established by an organization, systematizing its own management model through the collection of information that allows it to study and improve the management, control and risk plans.
The internal audit activity evaluates the exposure to risk of the government, operations and computer systems of the organization. They also evaluate other aspects, such as ethics and values within the organization, performance management, communication of information regarding risks and controls within the organization in order to facilitate a good governance process.
How is an internal audit different from an external audit?
The main difference is that:
- The Internal Audit is part of the organization and performs a diagnosis, intended for the company; and its procedures are based on the permanent evaluation of the information systems of the economic units and the internal control of transactions and operations, whose purpose is to issue reports, aimed at making suggestions for improvement. The scope of work of the internal auditors is integral.
- In the case of the External Audit, they are independent of the organization, providing an independent opinion on the annual financial statements of the organization, on the reasonableness, integrity and authenticity of those financial statements, generally intended for third parties, outside the company. The external audit is carried out when it is intended to publish the financial statements examined, accompanied by the independent auditor’s statement in order to provide public faith in the authenticity of the statements that will enable users of such information to make decisions.