Fundamentals of Internal Auditing

What is Internal Auditing?

Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Internal auditing is a catalyst for improving an organization’s governance, risk management and management controls by providing insight and recommendations based on analyses and assessments of data and business processes. With commitment to integrity and accountability, internal auditing provides value to governing bodies and senior management as an objective source of independent advice.

The Institute of Internal Auditors has defined internal auditing as follows: “Internal auditing is the independent appraisal activity within an organization for the review of the accounting, financial and other operation as a basis for protective and constructive service to the management. It is a type of control, which functions by measuring and evaluating the effectiveness of other types of control. It deals primarily with accounting and financial matters but it may also properly deal with matters of an operating nature.”

Here are various definitions of Internal Auditing prevailing, which can be stated as follows:

  1. Internal Audit is a management tool, performed by employees of the organization to ensure correctness in accounting data and to detect fraud by way of periodical review of organizational system and procedures.
  2. Internal Auditing is a continuous and systematic process of examining and reporting the operations and records of a concern by its employees or external agencies specially assigned for this purpose. It is, in essence, auditing for the management and its scope may vary depending upon the nature and size of the concern.
  3. It is a control system concerned with examination and appraisal of other control mechanisms.
  4. Internal Audit is an extension of and as such is complimentary to Statutory audit.

In short Internal Auditing means appraisal of control techniques employed by a firm and its performance.

Internal Auditing

Internal audit is an audit conducted by an internal auditor appointed by the management of the enterprises with a view to highlighting the weak areas of the organizations. It includes examination and evaluation of various organizational activities and to produce the helping hand to the management complete their responsibilities efficiently and effectively. The internal auditors function as partners of the other organizational parts and work as experts in different teams (especially development teams) if they do not endanger their independence. The internal auditor audits the accounts and other relevant records daily, regularly or on periodical basis to accomplish the following requirements:

  1. Internal audit may be conducted to ascertain whether all rules, regulations, policies, procedures and principles have been followed by the company or not.
  2. To check whether the existing internal control system is adequate and effective and according to the size of the organization.
  3. To ensure that all the assets of organization are properly safeguarded, if not, he reports the management about the drawback with suggestions.
  4. To highlight the weak areas of the organization and give suggestion to strengthen them.
  5. To check whether working of the organization is smooth, effective, efficient and economical.

Necessity of Internal Audit to Management

The internal auditing supports effective and efficient discharging of the guiding and monitoring duties of the organization’s management by producing assurance services for its internal customers relating to governance, control and risk management processes. The internal auditing brings added value and promotes achievement of the set goals by giving improvement recommendations, producing objective and independent information and by training supervisors and employees in understanding and application of monitoring processes and self-assessment of business and other activities within the organization. The internal auditing sets its own objectives and performs its duties so that the values of the organization are included in them and that these values also guide the work of the auditors.

Internal auditing has become an important management tool for the following reasons :

  • Internal Auditing is a specialized service to look into the standards of efficiency of business operation.
  • Internal Auditing can evaluate various problems independently in terms of overall management control and suggest improvement.
  • Internal Audit’s independent appraisal and review can ensure the reliability and promptness of MIS and the management reporting on the basis of which the top management can take firm decisions.
  • Internal Audit system makes sure the internal control system including accounting control system in an organization is effective.
  • Internal Audit ensures the adequacy, reliability and accuracy of financial and operational data by conducting appraisal and review from an independent angle.
  • Internal Audit can break through the power ego and personality factors and possible conflicts of interest within the organization.
  • It ensures compliance of accounting procedures and accounting policies.
  • Internal Auditor can be of valuable assistance to management in acquiring new business, in promoting new products and in launching new projects for expansion or diversification of business.

Scope of Internal Auditing

The Institute of Internal Auditors defines scope of internal auditing as “The examination and evaluation of the adequacy and effectiveness of organisation’s system of internal control and the quality of actual performance.”

Therefore, internal auditing is concerned with an evaluation of both internal control as well as the quality of actual performance.

The internal auditing is one of the management’s control tools who through its operations assist the entire organization by examining and evaluating the adequacy and efficiency of internal control, risk management, quality of operations and governance processes. The internal audit furnishes the organization with analyses, appraisals, recommendations, counsel and information. The purpose is to ascertain that the internal control system, by taking into account also the information produced by the external auditors, functions so that the management can be reasonably sure that the set objectives and goals will be achieved, the operations are effective, reporting is reliable and safeguarding of assets and compliance with the laws and regulations is done.

According to The Institute of Internal Auditors, internal audit involves five areas of operations, which can be discussed as follows :

  1. Reliability and Integrity of Financial and Operating Information: Internal Auditors should review the reliability and integrity of financial and operating information and the means used to identify, measure, classify and report such information.
  2. Economical and Efficient Use of Resources: Internal Auditor should ensure the economic and efficient use of resources available.
  3. Compliance with Laws, Policies, Plans, Procedures, Regulations: Internal Auditor should review the systems established to ensure compliance with those policies, plans and procedures, law and regulations which could have a significant impact on operations and should determine whether the organization is in compliance thereof.
  4. Accomplishment of Established Goals for Operations: Internal Auditor should review operations, programmes to ascertain whether results are consistent with established objectives and goals and whether the operations or programmes are being carried out as planned.
  5. Safeguarding of Assets: Internal Auditor should verify the existence of assets and should review means of safeguarding assets. The business transactions of an organization may be broadly divided into phases.

Principles of Internal Auditing

The basic principles of establishing internal audit in a business concern are:

  1. Independence: The internal audit department should have an independent status in the organization. The internal auditor must have sufficiently high status in the organization. He may be required to report directly to the board of directors.
  2. Objectives: The objectives of the internal audit function should be made very clear and unambiguous. The objective should be properly communicated so that internal audit is not viewed as “over the shoulder check” by other departments.
  3. Clarity In Scope: The scope of internal audit department must be specified in a comprehensive manner. The department must at all times, have authority to investigate from the financial angle, every phase of organizational activity under any circumstance.
  4. Definition Of Duties: The internal audit department’s duty is to review operations as part of the internal control system. It should not be involved in performance of executive actions.
  5. Internal Audit Department: The size and qualification of staff of the internal audit department should be commensurate with the size of the business. The cost of internal audit department should not exceed the benefits expected to be derived from it.
  6. Reporting: The programme of internal audit should be time-bound. There should be provisions for periodic reporting on various operational and other aspects.
  7. Follow-up and Review: There should be sufficient scope for the follow-up action on the various points raised in internal audit report. Top management should take active part in ensuring compliance with action points raised in the report.
  8. Relationship with Statutory Auditor: The copy of the internal audit report should be made available to the statutory auditor, who can deal with the same in the manner as he deems fit.

Internal Auditing Types

  1. System Based Audit: It refers to an in-depth evaluation of the internal control system with the objective to assess to extent to which the controls are functioning effectively. It is designed to assess the accuracy and completeness of financial statements, the legality and regularity of underlying transactions and the economy, efficiency and effectiveness of operations. A systems based audit should be followed-up through substantive testing of a number of transactions, account balances, etc. to determine whether the financial statements of the auditee are accurate and complete, the underlying transactions legal and regular and/or the criteria for economy, efficiency and effectiveness have been achieved.
  2. Performance Audit or Operational Audit: It assesses whether the activity, programme or body has been managed economically and/or efficiently and/or effectively. A particular performance audit will not necessarily seek to reach conclusions about all three aspects above: it should be clear from the audit objectives, which need to be examined. When carrying out audits of economy or efficiency, however, the auditor does need to make a general consideration of the effectiveness of the audited entity: it may be better that the entity does the right thing badly rather than doing the wrong thing well.
  3. Financial or Accounting Audit: It evaluates the accuracy of the accounting and related procedures and practices. It assesses the accuracy and completeness of the financial statements of the activity, programme or body being audited; and/or evaluates whether the transactions underlying the financial statements are legal and regular. However, according to the definition of internal auditing, internal auditors are mainly evaluating the system of internal control. Therefore internal auditors primary interest is not the accounting as such, but rather the controls which ensures the quality of accounting information and financial reporting.
  4. Compliance Audit: It evaluates the how well the organization conforms and adherences with relevant policies, plans, procedures, laws, regulations, and contracts. Usually all audits include the compliance element, because the auditor uses the laws, policies and regulations as a yardstick to measure the performance of the organization. Therefore these guidelines do not contain separate section for compliance audit, but the aspect is included in all audit instructions later in these guidelines.

Bookmark the permalink.