As the saying goes, if you’re not getting better, someone else is. This rings particularly true in the current economy, with continuing fierce competition for each customer dollar.
Internal audits, when implemented effectively, provide the valuable information businesses need to continually “get better.” Strategic planning and constant application characterize a strong internal audit. And it’s carried out with an unwavering goal to improve the organization.
This standard may seem rigorous. But anything less misses the intrinsic value that a well-built internal audit function provides.
Planning comes first. Diving into procedures without a plan is a sure way to waste time and resources.
Strategic planning involves thoughtful discussion about organizational risks and input from the board, management and operating personnel. As an organization identifies risks, it can develop an audit plan that directly addresses and mitigates these risks.
Audit procedures will often be simple, but they must be customized. For example, if the board is concerned about related-party transactions, an auditor may review recent contracts to ensure they are “arm’s-length” agreements, free of pressure from either party.
Once an organization decides upon an audit plan, it must systematically apply the plan. An effective internal auditor will be consistent, objective and responsive to all members of the organization.
Procedures should be performed while keeping in mind that the final goal is to make the organization better. A successful internal auditor will connect with people, work to prevent tension and keep everyone working toward this goal.
If the process is strategically planned and systematically applied, adding value to the organization will come naturally. Over time, best practices will be seeded and nurtured, and poor processes will be weeded out.
Many clients ask about the relationship between an internal and an external audit. This is a valid question, and sometimes the line between these functions appears to blur.
It’s important to remember that they are distinct processes that may or may not overlap. AU-C Section 610, The Auditor’s Consideration of the Internal Audit Function in an Audit of Financial Statements,
provides specific guidance on the extent to which an external auditor may use and rely upon the work of an internal auditor.
Having an internal auditor perform work for the external auditor has several advantages for an organization:
- The external auditor will have intimate knowledge of emerging accounting practices and can pass this information along to the interal auditor.
- The external auditor may be able to expand procedures or reduce the man-hours involved in an engagement.
While utilization in this manner requires prior coordination, when successfully accomplished, there are positive effects for all parties.
As with any aspect of business, the internal audit function faces some common pitfalls. The most common of these is a scope that is too narrow. An internal audit function is not optimal if it only ensures compliance, only reviews a specific transaction class or is solely dedicated to working with the external auditor.
While each of these items may be important at one time or another, when taken on individually, they miss the underlying value of a cohesive internal audit function. When effectively executed, the internal audit function allows an organization to strive for constant improvement in all areas.
Internal audits can and should address a diverse cross-section of issues in which nothing is off-limits. Common focus areas include quality control, compliance risks and procurement procedures. Hiring practices, independence, ethics and information technology are also good areas to consider.
When determining where to focus internal audit resources, it’s wise to step back and take an overall look at your organization. A holistic approach will ensure both efficient use of resources and tangible results.