Role of Internal Audit

What do Internal Auditors do?

The internal auditor is often described as the organisations’ critical friend – the independent advisor who can challenge current practice, champion best practice and be a catalyst for improvement, with the objective of ensuring  that the organisation as a  whole can achieve its strategic objectives.


Internal Auditors are responsible for the following:

  • Evaluating controls and advising managers at all levels
  • The Internal Auditor’s work includes assessing the tone and risk management culture of the organisation as well as evaluating and reporting on the effectiveness and efficiency of the implementation of management policies.

  • Evaluating risks
  • Internal Auditors identify key activities and relevant risk factors and assess their significance. Changing trends and business/economic conditions impact the way the internal auditor assesses risk. The techniques of internal auditing have changed from a reactive and control based form to a more proactive and risk based approach. This enables the internal auditor to anticipate possible future concerns and opportunities as well as identifying current issues.

  • Analysing operations and confirming information
  • Internal Auditors work closely with line managers to review operations then report their findings. The internal auditor must be well versed in the strategic objectives of the organisation, so that they have a clear understanding of how the operations of any given part of the organisation fit into the bigger picture.

  • Reviewing compliance
  • Compliance review ensures that the organisation is adhering to rules, regulations, laws, codes of practice, guidelines and principles as they apply individually and collectively to all parts of their organisation.


Differences between Internal Auditors (IAs) and External Auditors (EAs)

Mandate:

Although Internal Audit does have a degree of focus on the financial aspects of the organisation, it is essentially not a financial discipline - unlike its counterpart External Audit. Its multidimensional nature mandates a much broader scope in the organisation than that of External Audit.

  • EAs have a statutory obligation to shareholders and the public on the accuracy of the annual report and the financial statements
  • IAs have a duty to senior management and the board via the audit committee on the state of governance, risk management and control within the organisation.

Areas of Focus:
  • EAs focus on finance and accounting
  • IAs focus on the whole organisation, all departments,  functions and operations

Independence:
  • EAs are independent external assurance providers to the organisation  and have a statutory obligation
  • IAs are part of the organization but independent of management, they provide internal audit assurance and report to the audit committee.

Risk and Control:
  • EAs identify risks and assess controls over financial reporting and place reliance on controls to the extent practicable. Emphasis is on gaining sufficient audit evidence to conclude that the financial statements present a true and fair view.
  • IAs provide an independent view on the organisation’s governance,  risk management and control processes. They review, the adequacy of control design to ensure that risks are effectively managed, and then test operation of key controls to ensure they are operating as intended and therefore are effective in managing the organisation’s risk.

Driving Results:
  • EAs make recommendations to improve the financial control environment
  • IAs make recommendations to improve the overall internal control environment and to improve the operational performance of the organisation as a whole.