What is Internal Audit?
An internal audit is an independent and objective assurance activity to evaluate a company’s internal controls. This includes the company’s corporate governance and accounting processes. The internal audit aims to improve the operations of a company or an organization.
The internal audit evaluates the effectiveness of risk management, control, and governance processes intending to bring a systematic discipline in the activities of the firm. The performance of the firm is measured against several standards. Internal audit provides independent reviews of systems, business organizations, and processes.
Apart from financial risks and statements, internal auditors evaluate the reputation of the organization, its growth and impact on the environment, and the way it treats its employees. Internal audits find the imperfections in the process and are corrected before the external audits.
Internal audit is required, as the Sarbanes Oxley Act, 2002 made the officials of publicly traded companies legally responsible for the correctness of their financial statements. The act also made the documentation and review of the company’s internal controls compulsory.
The internal audit ensures that the company is complying with the required laws and regulations. It provides suggestions and recommendations for better operation. It covers the aspects of risk management and safeguards against potential fraud, waste, or abuse.
Internal audits are performed by the internal auditors appointed by the organization. The international standard body for the internal audit profession is the Institute of Internal Auditors (IIA). The institution provides Certified Internal Auditor designation through written examination.
Internal auditors work for government organizations in the federal, state, and local sectors and non-profit companies. Internal audits are guided by the Chief Audit Executive (CAE). He reports to the audit committee of the board of directors with administrative reporting to the chief executive officer.
The major goals of internal auditors are should be
- Analyzing risk management and management controls.
- Measure the efficiency or effectiveness of operations like safeguarding of assets.
- Check the reliability of financial and management reporting.
- Ensure compliance with laws and regulations.
- Conducting fraud audits to recognize potentially fraudulent acts.
- Participating in fraud investigations under fraud investigation professionals.
- Conducting post investigation fraud audits.
- Identifying control breakdowns.
Types of Internal Audits
Compliance audits judge the compliances with the existing laws, regulations, policies, and procedures. It evaluates whether the firm is sticking to the federal, state, and university rules. Compliance audits are essential as they have potential impacts on a firm’s financial welfare. Failing to comply with the rules may cause a huge financial loss in the form of fines and penalties.
Environmental audits measure the effect of a firm’s activities on the environment. Compliance with environmental laws and regulations are also evaluated.
Information Technology Audit
These audits involve the evaluation of the performance of information systems and infrastructures. The objective is to ensure the correctness of processing, security, and confidential customer information. Cybersecurity is becoming important to protect confidential information from external attacks.
Operational audits investigate the utilization of the firm’s resources to ensure that they are used in the most systematic way to realize the goals of the firm. It measures the overall efficiency and reliability of the firm.
Performance audit the performance of the firms against the metrics set by the management to achieve the required targets
Financial or control Audit
This evaluates the financial transactions involving accounting, recording, and reporting.
These are carried out to ensure that the construction activities are operating implicitly and effectively. Compliance with the contract terms is evaluated by the team.
These are carried out to find the internal theft, misuse of the firm’s assets, violation of laws and regulations, etc. under appropriate situations.
There will be a record of all the information gathered and the suggestions generated from all the audits. Follow-up audits are conducted to evaluate the actions taken to improve the performances.
What is the process of Internal Audit?
- Notification: The first step of an internal audit is notification. According to this the auditor or chief auditor issues an audit notification to the higher authorities of the organization. The notification consists of various information about the audit such as the name of the module under audit, tentative audit time, the period of audit, name of the auditor, and the resources to be provided by the organization.
- Resource planning: The second step of the internal audit is resource planning. This is conducted by the chief auditor to estimate the resources required for the audit. This consists of the number of audit staff, support staff required, technical aids including a computer, hardware, etc.
- Opening meeting: The purpose of the opening meeting is to understand the nature of the business and the role of the module to be audited. The opening meeting is scheduled with the management of the organization. The process owner is invited to provide a presentation regarding all the aspects of the module.
- Understanding the policies and procedures: The fourth step is to understand the policies and procedures of the module under the audit. After understanding these, the compliance of the policies and procedures are also evaluated. The risks associated with the module is also assessed.
- Execution of the internal audit: After understanding the policies and procedures of the module the internal audit is executed. A questionnaire is created regarding general information, internal controls, etc. It is then circulated among the officials to get their feedback. The internal controls are assessed.
- Closing meeting: A closing meeting is conducted with the management of the organization. Process owners and other officials are invited to the meeting. The objective of this meeting is to present the findings of the audit.
- In house internal audit review: The chief internal auditor reviews the internal audit. The audit file is created by him.
- Internal audit reporting: The internal audit report is prepared with a high degree of accuracy
What is the procedure for Internal Audit?
- Obtain the consent letter or engagement letter.
- Call board meeting.
- Pass the resolution.
- Send intimation to the appointed internal auditor.
What if you violate the law?
- A company contravenes the provisions of section 139 to 146 (attendance in the general meeting) will be liable to a punishment with a fine not less than Rs.25000 which may extend to 5 lakhs.
- An officer of the company who violates the provisions under section 139 to 146 (attendance in the general meeting) will be liable to a punishment of imprisonment for a term which may extend to one year or with a fine, not less than Rs.10,000 which may extend to 1 lakh or with both.
- An auditor who contravenes the provisions of section 145 (signing of auditor report) without intention, will be liable to a punishment with a fine not less than Rs.25000 which may extend to 5 lakhs.
- An auditor who contravenes the provisions of section 145 (signing of auditor report) willfully intending to deceive the company will be liable to a punishment of imprisonment for a term which may extend to one year or with a fine,, not less than 1 lakh which may extend to 25 lakh.
The internal audit aims to improve the operations of a company or an organization. It evaluates the effectiveness of risk management, control, and governance processes intending to bring a systematic discipline in the activities of the firm. The process of internal audit is to be performed as per the required rules and regulations. Failing to comply with these may lead to punishable offenses under the law.