The Internal Audit: Quality Assurance for Business Processes

Internal operations in larger companies that are for the most part active internationally are often very complex. Lots of processes for various departments, and possibly different locations, must be brought together in order to achieve the desired goal. The fact is that this can also result in problems – for instance, through misunderstandings or conflicting goals. Processes are not as efficient as they should be in most cases. They can also be risky – not least by unknowingly violating legal regulations. This is where the internal audit comes in. It serves the purpose of both uncovering inefficient processes and risks, and of making recommendations for solutions.

What is an Internal Audit?

An internal audit is part of a system for analysing and optimizing processes that are executed within an organization. Within the company it is usually overseen directly by management and audits internal procedures, provides their results, and, if needed, makes recommendations. This serves the purpose of helping the organization in question work as efficiently and low risk as possible. The internal audit is also a monitoring tool for management within the tiers of governance, risk management and compliance.

The internal audit is – as the name states – an internal matter for the organization in question. It is carried out by members of this organization. This distinguishes it from the external audit, which involves inspectors who aren’t employed by the company. The internal inspectors are process independent. Their work is detached from day-to-day operations, so they are not actively involved in the processes they are investigating. The body (i.e. the relevant individuals and/or divisions) that carries out the audit is referred to as the internal audit department. Ideally, the internal auditor is only entrusted with this task. However, in smaller companies especially, internal auditing is often undertaken with the help of employees in accounting or controlling.

Note

If employees from accounting or controlling also take on the task of internal auditing, this can be problematic. Among other reasons, in this case there isn’t the required independence from the process, which results in conflicts (for example, if there exists a need for optimization precisely in accounting).

Role within the Company

Establishing an internal audit is in the well-understood interest of the organization. The underlying concept does however have a standard, such the iia’s guidelines, which outlines the ideal manner of internal audit practice.

Tasks and Procedures Involved in an Internal Audit

The tasks assigned to internal auditing sometimes makes it difficult to differentiate it from controlling. The latter is understood as a tool for corporate planning and management, though in practice the borders are often fluid. The difference lies in the fact that controlling refers to on-going or planned procedures, while the internal audit in principle examines past, concluded processes. It contrasts how the actual execution differs from the original planning (target-actual comparison) and attempts to map out potential existing flaws and their causes. Based on this examination, recommendations for action and more efficient measures for future processes can then be derived.

Specifically, an internal audit is made up of the following tasks:

  • Management Audit: Auditing the performance of management personnel (executive level being the exception) – with attention given to the specified company objectives and efficiency and convenience
  • Operational Audit: Audit of a company or organization’s activities in all areas and departments; most notably this involves examining the efficiency of communication, hierarchy and cooperation.
  • Financial Audit: Audit of all accounting procedures – bookkeeping especially – with respect to the organized implementation of regulations defined in commercial and tax law
  • Credit Audit: Systematic assessment of risks that relate to individual credit borrowers – independent of their credit approval in normal business practice
  • Compliance Audit: Identification of the environmental and security requirements for the organization as well as auditing compliance with these.
  • Audit of the Internal Control System: Auditing the technical and organizational control measures to ensure that business processes are operated in accordance with business regulations, and to ensure that damage through negligence or manipulation is prevented
  • Prevention: Investigating when there is suspicion of criminal activity in order to expose illegal activity (e.g. corruption prevention)

Auditing can investigate the above-mentioned areas both in individual audits (that is to say, cross-department auditing of specific issues) and during a general system audit (the inspection of all projects aspects including relevant backgrounds and legal regulations). In doing so, you can choose from the following criteria:

  • Compliance: Auditing whether processes are executed in a way that is both compliant and consistent with regulations
  • Security: Audit of security-related parameters
  • Economic Efficiency: Audit of cost-efficiency and profitability

Internal auditing should orient itself around these three principles in the course of its activity:

  • Economic Efficiency: Frequency and scope of an audit must correspond to the expected benefit (e.g. in the form of potential savings, loss aversion, or risk mitigation).
  • Materiality/Urgency: Prioritization of audit tasks which are of great interest to future decisions by management
  • Diligence: Thorough implementing auditing steps and an objective assessment of results that takes company objectives into account

Standards for Internal Audits

As well as the standards mentioned above, there are also international standards that the IIA set out. These are part of the International Professional Practices Framework, and are worth looking into.

Please note the legal disclaimer relating to this article.

Was this article helpful?
Page top