An Internal Audit of a company is a complicated venture for the uninitiated. An internal audit helps a business understand its internal operations, specific product/ project financials and help prevent financial fraud or mismanagement. In this article, we’ll look at the Internal audit plan, its structure and critical elements.
Internal Audit: Structure
Internal Audit performs company audits and provides independent, objective, reasonable, and professional financial consultation. In a company, the Internal Audit Unit is below the CEO/ Director and required to report to them directly. The CEO/ Director appoints the head of the Internal Audit Unit. When executing its daily duties and responsibilities, the Internal Audit Unit works according to guidance and supervisory of the Audit Committee.
In performing the audit, the Internal Audit Unit assesses and evaluates the operational and financial activities of the business as well as the subsidiaries by referring to the prevailing legislation.
While internal auditors are hired directly by the company, they can gain more independence through who they report to in the company. Independence and objectivity are cornerstones of IIA standards. The IIA requires experienced internal auditors to be independent of the business activities they are auditing.
Components of an Internal Audit
An internal audit assignment has the following components:
- Establish the objectives of the audit to the senior management.
- Study the business process under review
- Describe key risks on business activities
- Create an internal audit checklist
- Develop a risk-based sampling and testing approach for the audit
- Report issues and challenges identified and negotiating action plans with the management to address these problems.
- Follow-up on reported findings at appropriate intervals In addition to assessing business processes, information technology (IT) auditors review IT procedures.
Internal Audit Reports
Internal auditors issue reports at the end of each audit to summarise their findings, recommendations, and action plans from the senior management. An audit report also has an executive summary which includes specific issues or results. Each audit finding contains five elements, also called the "5 C's of an audit":
- Condition: What is the issue?
- Criteria: What is the standard not met?
- Cause: Why did the problem occur?
- Consequence: What are the risks because of the findings?
- Corrective Action: What should the senior management do about the problems? What have they agreed on and the deadline?
The recommendations in an internal audit report help the organisation achieve efficient governance, risk and control processes associated with operational objectives, financial, management reporting goals and legal/regulatory compliances.
Audit findings and recommendations also relate to assertions about transactions, such as whether the transactions audited were valid or authorised, wholly processed, accurately valued, processed in the correct time, and adequately disclosed in financial or operational reporting.
The most crucial component of the Audit Process is the writing of a balanced report that provides company executives and the board with the opportunity to evaluate and weigh issues in the proper context and perspective.
Internal Audit Report: Quality
- Objectivity – Comments expressed in the report are objective and unbiased to any party.
- Clarity – The language used should be simple and to the point.
- Accuracy – Information in the report should be accurate.
- Brevity – The comments have to be concise and relevant.
- Timeliness – The report is to be released promptly after the audit is concluded or within 30 days.
Internal Audit Strategies
Internal audit functions develop functional strategies described in multi-year strategic plans. The Institute of Internal Auditors issued practical and professional guidance on building an Internal Audit strategic plan in July 2012 via the Developing the Internal Audit Strategic Plan. A key aspect of developing an Internal Audit strategy is understanding the expectations of stakeholders, such as the audit committee and top management. It helps guide the Internal Audit to help a business address its financial risks.
Specific topics in an Internal Audit strategic plan includes:
- Scope and Emphasis: An Internal Audit function addresses risks related to financial reporting, operations, legal and regulatory compliance, and business strategy.
- Portfolio of services: An Internal Audit provides traditional audit assurance across the risk spectrum and consulting project support in project management, data analysis, and monitoring of major company initiatives.
- Competency development: Stakeholder expectations around scope and service portfolio determine what competencies the function needs, which drives decisions regarding the hiring of specific skill sets and training programmes. The internal audit is often used as a training ground to provide employees with a more in-depth knowledge of the company's operations before appointing them to a management position.
- Technology: An Internal Audit uses a variety of technology tools/software to its workflow and statistical analysis, and data collection.
Building the Internal Audit strategy involves a variety of strategic management concepts and frameworks, such as strategic planning, strategic thinking, and SWOT analysis.
If you are looking to conduct an Internal Audit of your company in UAE, then you can have a look at the auditing services provided by JAXA Chartered Accountants. For more information about the services provided by JAXA, feel free to Contact Us. We will be happy to answer your queries.