Whilst many accountants become internal auditors, the opposite is however not true. A common mistake often made is to assume auditing of the quality management systems is the same as internal auditing of corporate and public sector entities.
Internal auditing a specialist profession that requires certain competencies and attributes. It takes years of discipline, years of training and exposure to different environments to become an internal auditor. The Institute of Internal Auditors defined internal auditing as follows:
“Internal Audit is an independent and objective assurance and consulting activity that is designed to add value and improve the operations of the organisation. It assists in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of governance, risk management and control processes”.
Internal audit is a key pillar to good governance. It provides the board of directors, the audit committee, the chief executive officer, senior executives and stakeholders with an independent view on whether the organisation has an appropriate risk and control environment, whilst also acting as a catalyst for a strong risk and compliance culture within an organisation. Internal audits are conducted in accordance with detailed audit plans which are based on a risk-based assessment of internal audit needs for the organisation. Risk based audit plans are subject to regular revision to be able to align with the strategic objectives and latest information from the risk management process. Due emphasis is given to compliance with policies and procedures and the efficiency and effectiveness of controls. Internal audit work is risk–based and encompasses both financial and non–financial operations of the organisation. A common pitfall in implementing an internal audit function is to begin with tactical implementation without a strategic framework. Failure to establish clear value expectations and a disciplined approach, may result in unnecessary delays, cost and disappointment.
To create an effective internal audit function, the expectations of the primary stakeholders must determine how the function will deliver the desired value.
Common internal audit value drivers (stakeholder expectations) identified include the following:
- Risk management and control assurance
- Assessment of internal control effectiveness and efficiency
- Creating awareness of risk and control
- Regulatory and corporate compliance assurance
- Ability to respond to urgent events
- Return on value from the internal audit investment
- Consultative partnering to address complex issues (co-sourcing/outsourcing)
- Effective management of internal audit
Identifying the critical success factors helps internal audit to understand the limited number of elements that are critical for the accomplishment of the vision and mission. It also provides internal audit with the essential elements against which all initiatives should be vetted and helps to focus available resources.
Internal audit follows dynamic processes that enable them to meet business and stakeholder needs and expectations.