Introducing internal audit

What is internal audit? I could bore you with the official definition from the Institute of Internal Auditors:

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

…but what does that mean?

Internal auditors assess risk

What that means is, we assess the risks facing an organisation, evaluate the likelihood and impact of those risks and determine whether the organisation has sufficient controls to mitigate those risks to an acceptable level.  In short we:

  • Help keep bad things from happening
  • Help assure good things can happen
  • Help management understand what risks there are and whether they’re under control

Evaluate controls

We evaluate existing controls to determine that they work as intended, are more needed, or are they too stringent.  Underpinning all this is the consideration of cost effectiveness.

Key tasks for internal audit

  1. Determine whether controls are adequate and operating effectively
  2. Make recommendations to improve efficiency and effectiveness
  3. Determine whether policies and procedures are being followed
  4. Determine whether laws and regulations are being followed
  5. Help prevent and detect fraud

Who needs internal auditinternal audit for credit unions, public sector

These types of organisation MUST have internal audit:

  • Public sector bodies and state agencies (under the Code of Practice for the Governance of State Bodies (2009))
  • Companies listed on a stock exchange
  • Credit Unions (under Credit Union and Co-operation with Overseas Regulators Act, 2012)

Every organisation should have some type of internal control system.  This can be a simple, informal arrangement in the smallest of businesses to more complex and documented systems in larger organisations.

Businesses in the growth stage are particularly exposed to control risks.  Why? Quite simply business owners are too busy “doing the work” to put the necessary controls in place when passing authority and responsibility to employees. Trust isn’t enough here.


Leave A Response

* Denotes Required Field