Internal Audit: Meaning, Advantages and Disadvantages of Internal Audit25/07/2020
The words “internal audit” often conjure a sense of fear, frustration, and time consumption. Even in the best circumstances, most would find having someone review their activities unsettling or intimidating. Having an understanding of the role of an internal audit, knowing what to expect during an internal audit, and knowing potential pitfalls to avoid will help put you at ease and make a much more pleasant and valuable experience.
Internal Audit is a department or an organization of people within a company that is tasked with providing unbiased, independent reviews of systems, business organizations, and processes. The role of Internal Audit is to provide senior leaders and governing bodies of an organization an objective source of information regarding the organization’s risks, control environment, operational effectiveness, and compliance with applicable laws and regulations.
As Internal Audit reports to senior leadership, it is only appropriate that its activities are directed by CEO or Board of Directors through its Audit Committee. Members of Internal Audit must be independent of internal politics and unbiased to provide leadership with objective source of information. Under the direction of Audit Committee, Internal Audit works with management to systematically review control activities over critical systems and processes.
The reviews performed by Internal Audit are often called internal audits. An internal audit may be used to assess an organization’s performance or the execution of a process against a number of standards, policies, metrics, or regulations. These audits may include examining a business’s internal controls around corporate governance, accounting, financial reporting, and IT general controls. Internal audits may also entail evaluating the effectiveness/efficiency of critical business operations such as supply chain management. Those individuals working in Internal Audit are called internal auditors. Internal auditors may cover all areas of an organization or specialize based on their skill-sets.
The aim of internal audits is to identify weaknesses within the organization’s processes and control environment internally so that they can be fixed as quickly as possible to prevent harm to the organization or its stakeholders. Accordingly, the internal audit plan for an organization should be driven by risk basis or, in other words, be designed to examine those areas that present the greatest risk to the company. The internal audit plan should also include a component of the strategic needs of an organization.
Advantages of Internal Audit
To Discover Errors and Frauds
Internal audit helps to discover accounting errors and frauds so that they can be rectified before the final audit.
To Maintain Proper Accounting
It helps to maintain proper accounting system in the organization. It ensures accuracy and authenticity of accounting records.
Provides Base for Final Audit
Internal audit examines and verifies entire books of accounts and locate mistakes and frauds. So, conduction of final audit becomes easier.
Increase Employees Efficiency
Internal audit alerts the staffs by checking their performance regularly. It helps to increase their efficiency and also helps to minimize errors.
Proper Utilization of Resources
Internal audit ensures proper utilization of resources by detecting their misuse. It helps to increase operational efficiency and productivity.
It gives suggestions and instructions regarding the financial and operational activities of the organization. So it helps to maintain better management, proper supervision and effective control.
Disadvantages/Demerits of Internal Audit
Not Suitable for Small Firms
Internal audit is not suitable for small business organizations with less financial and operational activities.
It is conducted for internal purpose only. It is not accepted by shareholders and other external users.
Chance of Errors
There may be a chance of errors because of the poor knowledge of the audit staff.
It takes a long time to perform internal auditing. It may disturb regular office work.
Types of Internal Audits
While a significant portion of internal audit covers internal controls over financial reporting within the organization as they pertain to generally accepted accounting procedures (GAAP) impacting their financial statements. Many organizations also recognize the need for other types of assessments or audits outside of accounting or finance. Some of these key areas include compliance (i.e., regulatory), environmental, information technology, operational and performance audits.
Compliance Audits evaluate compliance with applicable laws, regulations, policies and procedures. Some of these regulations may have a significant impact on the company’s financial well-being. Failure to comply with some laws, such as the Foreign Corrupt Practices Act (FCPA) or General Data Protection Regulation (GDPR), may result in millions of dollars in fines or preclude a company from doing business in certain jurisdictions. Here is a link to a beginners guide to GDPR.
Environmental Audits assess the impact of a company’s operations on the environment. They may also assess the company’s compliance with environmental laws and regulations.
Audits may evaluate information systems and the underlying infrastructure to ensure the accuracy of their processing, the security and confidential customer information or intellectual property. They will typically include the assessment of general IT controls related logical access, change management, system operations, and backup and recovery.
Audits assess the organization’s control mechanisms for their overall efficiency and reliability.
Performance Audits evaluate whether the organization is meeting the metrics set by management in order to achieve the goals and objectives set forth by the Board of Directors.
Internal Audit Procedure / Process
An internal audit should have four general phases of activities—Planning, Fieldwork, Reporting, and Follow-up. The following provides a brief synopsis of each phase.
During the planning process, the internal audit team will define the scope and objectives, review guidance relevant to audit (e.g., laws, regulations, industry standards, company policies and procedures, etc.), review the results from previous audits, set a timeline and budget for the audit, create an audit plan to be executed, identify the process owners to involve, and schedule a kick-off meeting to commence the audit.
Fieldwork is the actual act of auditing. Throughout this phase, the audit team will execute the audit plan. This usually includes interviewing key personnel to confirm an understanding of the process and controls, reviewing relevant documents and artifacts for an example execution of the controls, testing the controls for a sample over a period of time, documenting the work performed, and identifying exceptions and recommendations.
As you might guess, internal audit will draft the audit report during the reporting phase. The report should be written clearly and succinctly to avoid misinterpretation and to encourage the intended audience to actually read and understand the report. Findings should be accompanied by recommendations that are actionable and lead directly to process improvements. The process of issuing an internal audit report should include drafting the report, review the draft with management to ensure the accuracy of findings, and issuance and distribution of the final report.
The final stage is an important one that is often overlooked and neglected. Following up is critical to ensure that the recommendations have been implemented to address the findings identified. This process should include appropriate follow-up with process owners needing to implement the recommendations as well as Board oversight of the company’s overall status in addressing findings identified by internal audit. If an organization fails to follow-up on the implementation of recommendations, it is unlikely that the changes will be made.