Hi,
While some companies have an in-house team of professionals who conduct the internal audit for the company, many other companies believe in outsourcing internal audit function. Thereby maintaining the independence of the auditors & also reducing the possibility of any biases or influence by or over internal audit function. Internal audit has grown over the years to not only be seen as a function to ensure fulfillment of regulatory compliances and/or accuracy of financial records but to a more strategic function to evaluate the performance of the business & manage risks.
 |
| www.pexels.com |
Over the years, often I have come across people who ask me, “How should they perform an internal audit- to add value to the business by enhancing performance and/ or managing risks”. And I have always told them that it is difficult to generalize steps in internal audit function as it depends on several factors like scope of work, industry type, how big is the organization, periodicity of audit, what all internal controls have been defined, what all documents are made available during audit etc. Having said that, following are some of the key steps involved in internal audit-
1. Initial briefing Meeting
This is the preliminary step of any internal audit, where the company and management lay down the broad scope of work and expectations from internal audit function. The scope does not need to be limited to providing the management with assurance over the controls implemented by management and can head towards a ‘consultancy’ role, providing strategic support to the management and company.
2. Planning an internal audit
Any internal audit function which aims to add value to the organization shall commence the internal audit by preparing a proper strategy, considering controls deployed by the management and the risk environment of the organization. Audit plan so prepared should be flexible enough to identify any new emerging risk. If any internal audit function wants to be a strategic advisor to the management, then it should be aware of the risk appetite, capacity & tolerance and same shall be covered in the internal audit plan.
3. Conducting Fieldwork
While commencing any internal audit review, the internal audit function should be aware of “How a Process to be reviewed Works” and “What all controls have been deployed by the Management”. Post answering such questions, an internal audit program should be developed stating what all checks will be reviewed by the auditor. While conducting an on-site review, the auditor can use techniques like an interview for gaining information and/or evidence to form an opinion. There are several sub-steps involved in this step, some of which are highlighted below-
• Audit Program Preparation
• Scheduling Audit Testing
• Analytical Reviews
• Document Handling
• Interviewing Personnel
The internal audit function must analyze and assess the facts drawn from the internal audit evidence, obtained during the review, to decide upon the efficiency and effectiveness of structures, processes, and controls. The internal audit function should also consider the efficacy of the structures, processes, and controls that are in place.
4. Document Findings and Evidence
As the name suggests, in this step one shall document the findings noted during their review exercise and shall highlight any policy violation or financial misrepresentation. This shall also include any scope of process improvement or lack of control in any of the process or activity.
5. Preparation of Audit Report
If you ask me, this is the most crucial step of any internal audit assignment as the report is the document basis which is decided whether an audit was conducted properly, and did it cover all major risks as identified by the management and the audit committee. A good report should very clearly state the following-
• Title Page
• Index (Recommendatory)
• Report Distribution List
• Background
• Executive Summary
• Scope of Work
• Audit Limitations
• Audit Methodology (Recommendatory)
• Detailed Audit Findings
An internal audit report writing is the skill that needs to be discussed in a more detailed manner and I will be doing this in my future posts. So Please keep following this space as I will be explaining the content of each & every bullet point as stated above.
6. Closure Meeting
Internal audit report which was prepared & presented to the Management & the concerned stakeholders is discussed in this meeting to assess whether findings, as highlighted in the report, are correct and if they are then future action plan is defined. Basically, how the organization will implement the recommendations made by the auditor in his report is decided and a timeline within which action will be taken is decided.
Auditor while doing any follow-up audit will have to check the implementation of Future Action Plan.
Ultimately, any organization can be successful only if it is able to deliver the product or services to its clients in a smooth, seamless manner. Internal SOPs & management directives are how an organization tries to establish a uniform practice across processes and domain to ensure smooth delivery of quality product or service. Internal audit is one such tool that organizations should use to ensure their business achieves its ultimate objective by identifying all risks and recommending measures to mitigate such risks.
Very helpful
ReplyDeleteThanks.
Delete