What is an Internal Audit
Internal audits evaluate a company’s internal controls, including its corporate governance and accounting processes. They ensure compliance with laws and regulations and accurate and timely financial reporting and data collection, as well as helping to maintain operational efficiency by identifying problems and correcting lapses before they are discovered in an external audit.
BREAKING DOWN Internal Audit
Internal audits play a critical role in a company’s operations and corporate governance, now that the Sarbanes-Oxley Act of 2002 has made managers legally responsible for the accuracy of its financial statements. Besides making sure that a company is complying with laws and regulations, internal audits monitor operating results and verify the accuracy of its accounting and audit trails. They also safeguard against potential fraud, waste or abuse, and seek to identify breakdowns in internal controls. Internal audits provide management and the board of directors with value-added advice, suggesting improvements to current processes and practices which may include information technology systems as well as supply-chain management if they are not functioning as intended. For more on internal auditing, read An Inside Look At Internal Auditors.
Internal Audit Procedures
Internal audits may take place on a daily, weekly, monthly or annual basis. Some departments may be audited more frequently than others. For example, a manufacturing process may be audited on a daily basis for quality control, while the human resources department might only be audited once a year. Audits may be scheduled, to give managers time to prepare the required documents and information, or they may be a surprise, if unethical or illegal activity is suspected.
Assessment techniques ensure an internal auditor completely understands internal control procedures, and whether employees are complying with internal control directives. To avoid disrupting the daily workflow, auditors begin with indirect assessment techniques, such as reviewing flowcharts, manuals, departmental control policies or other existing documentation, or they may trace specific audit trails from start to finish. They may also conduct interviews with staff, if document reviews or audit trails do not fully answer their questions.
Auditing procedures include transaction matching, physical inventory count, audit trail calculations and account reconciliation as is required by law. Analysis techniques may test random data or target specific data, if an auditor believes an internal control process needs to be improved.
Internal audit reporting always includes a formal report and may include a preliminary or memo-style interim report. An interim report typically includes sensitive or significant results the auditor thinks the board of directors needs to know right away. The final report includes a summary of the procedures and techniques used for completing the audit, a description of audit findings and suggestions for improvements to internal controls and control procedures.