Internal Audit Overview

Written By Kara Griffiths

What surprises me?

I have been an Auditor for 20 years now and a consultant to companies requiring Internal Audit or Risk Management support for the past 4 years. What surprises me is the number of large organisations who have not yet entertained the benefits of Internal Audit for their organisations. Many of my friends do not really understand what I do either, so as a profession we must work harder to explain.

Why do we have so many organisations in the UK not have an Internal Audit Function?

I think one of the common occurrences would be that companies do not understand the benefits of Internal Audit. In addition to not understanding the benefits, having an Internal Audit function increases the overheads of a business and ultimately impacts the bottom line. The other is the confusion between the work of External Audit and Internal Audit.

What are the differences between Internal and External Audit?

External Audit is a service provided by a 3rd party accountancy organisation. External audit is engaged by the Board to provide an independent assessment of the financial statements to ensure they are a “true and fair” account of past financial performance and current financial position.

Internal Audit’s role, as defined by the Chartered Institute of Internal Auditors, is to provide independent assurance that an organisation’s risk management, governance and internal control processes are operating effectively.

What are the benefits of Internal Audit?

Internal Audit sits in a unique position in an organisation, it reports to the Audit Committee, which is made up of Non-Executive Directors, this enables the function to provide independent, unbiased and objective advice to the Board and senior executive.

Internal Audit is typically the only function which can see across a whole organisation and has the ability to provide assurance to the Board that the risks which face the organisations objective, vision and mission, are being managed effectively with the use of controls, processes and procedures.

The helicopter that Internal Audit has, enables the function to identify gaps in process between departments, gaps in roles and responsibilities and where the mission, tone or culture, which has been set by the Board, is not cascading effectively.

Audits are typically aligned to the organisations risks and will assess the effectiveness of the mitigation plans of those risks, be it controls, processes, systems or improvement projects. If the controls are not effective in mitigating the risk, Internal Audit will provide recommendations on what can be done to in order to improve.

Further reading

There is some useful literature on the IIA’s website aimed at Audit Committees and Directors which can be accessed using the links below.

Internal Audit - Director Briefing

Internal Audit - What every director should know

Kara Griffiths
Previous

Risk Management, Just a Tick Box Exercise?