This checklist provides an overview of how to prepare and execute an internal audit review.
An internal audit review is the systematic process of analyzing a firm’s business and includes planning (also called a survey or preliminary review), fieldwork, an audit report and a follow-up review. The internal audit review is conducted to assess the firm’s compliance with laws and regulations, efficiency of operations (process, procedures), and progress toward key goals (including preserving and enhancing assets). The main aims of the internal audit review are to assess business operations, review progress toward business objectives, determine the reliability of financial and other operations, ensure that legal and regulatory requirements are met, identify the effectiveness of risk management activities, and deter fraud.
An internal audit review is a legal requirement for many firms, especially those which are publicly traded. Regulations such as Sarbanes–Oxley have increased the demand for internal auditors. The review is undertaken annually by appointed internal auditors. In general, an internal audit review committee is established which reports to the board of directors and the CEO. Internal auditors are hired. Currently, the internal audit profession is unregulated; however, the Institute of Internal Auditors (IIA) publishes standards and has more than 150,000 members in 165 countries.
Each firm has a unique auditing process. Auditors usually begin the planning process by gaining a detailed understanding of the firm and the objectives of the audit. Audit objectives can include: an assessment of management; verification of internal control procedures; assessment of the ability to respond to urgent market needs and events; improving risk management in the company; and assessing the skills of employees of the company and its training program.
At the fieldwork stage internal auditors examine all divisions of the firm, and across finance management, risk management, internal compliance control, and procedures and operations.
Following the fieldwork, the internal auditors prepare an initial report summarizing their findings. The draft is read by the firm’s leadership (e.g. CEO, board of directors) and is then finalized.
The final step, often one year after the audit report is completed, is a follow-up review. This review involves assessing the extent to which recommendations have been implemented.
An internal audit helps a firm to assess the state of its business.
Internal audit reports can lead to solid suggestions for business improvement.
Internal auditing helps to assess risk management policies and deter fraud.
Internal auditing can be an expensive process, beginning with recruiting talented internal auditors with high levels of professional experience and qualifications. A third party may provide an interim internal audit.
Recruit the right individuals as internal auditors. Obtain as much information from as many sources as you can before appointing these individuals. Consider the use of a third party for an interim internal audit.
Communicate your business plans and aims to auditors.
Allow the auditors transparency in examining documents and speaking with key staff.
Implement the suggestions made in the auditing report.
Dos and Don’ts
Invest in internal audit technology to improve the quality of the audit process.
Establish good communication between management and internal auditors. This helps both with the audit process and with the implementation of recommendations. · Even if an internal audit review is not a requirement for your firm, consider undertaking the process to assess and improve the business.
Don’t underestimate the need for proper training of directors and employees in order to help them to fulfill their duties.
As directors, do not ignore the recommendations made in the final internal audit report as doing so could adversely impact your firm.