Internal Audit is a dynamic profession involved in helping organisations achieve their objectives. It is concerned with evaluating and improving the effectiveness of risk management, control and governance processes in an organisation
Internal audits evaluate a company’s internal controls including its corporate governance and accounting processes. They ensure compliance with laws and regulations and accurate and timely financial reporting and data collection, as well as helping to maintain operational efficiency by identifying problems and correcting lapses before they are discovered in an external audit.
The following audits tools would be required to perform an internal audit:
Audit checklist (recommended)
Performing Internal in 6 steps
- Know what and when to audit
- Create an audit schedule
- Pre-planning the scheduled audit
- Conducting the Audit
- Record the findings
- Report the findings
Step #1: Know what and when to audit
Before conducting the internal audit, you should identify what processes are going to be audited. Understanding the scope and objectives of the audit process will help you create an audit schedule. As mentioned earlier, internal audit should be conducted based on the risks of the processes. The higher the risk in a specific area of the business the more frequent you would want to audit that business area. It is also essential to understand the nature of the business process you are planning audit so that you can decide the right time to audit the system.
Step #2: Create an audit schedule
Creating an audit schedule provides the departments with an advanced notice of the upcoming audit. The program will help them have the necessary documentation and records available for review and audit. The internal schedule will also the business of planning for resources required to conduct the internal audit. A surprise audit is not recommended as it may create a disengaged situation and stakeholders will feel threatened by the auditor. It is recommended you share the audit schedule and obtain approval and confirmation.
Step #3: Pre-Planning the scheduled Audit
Being prepared before a scheduled audit is essential as it will simplify and make the whole audit process effective. During the pre-planning phase, auditors need to send an audit plan to department providing information about the audit scope, objective, criteria and possible documentation evidence needed for the audit.
It is necessary that the auditor is prepared before the audit with a clear understanding of the policies and procedure that will be reviewed. For example; Before auditing a purchasing process, the auditor needs to understand the policies and procedures related to purchasing and also know what kind of evidence that he/she may review. This will significantly improve the efficiency of the audit process will also reduce the downtime
Step #4: Conducting the audit
Internal audit can be conducted by different methods such as documentation review, interviewing and observation. Based on the scope and objective of the auditor, the audit shall choose any methodology or combination of all to carry the internal audit. The internal auditor shall sight and examine sufficient hard-copy or electronic records to verify; evidence of compliance with the management system procedures; and effective implementation of process and internal control. You need to ensure the audit is conducted in a fair and unbiased manner.
Step #5: Record the findings
Recording the findings is vital in the audit process, and auditor needs to list all evidence sighted by record number or record data. The aim of documenting audit findings is to identify gaps in compliance and look at opportunities to fix the deficit and improve the process. Records may also include observation and notes from the interview process. It is recommended that the auditor provide a quick snapshot of the findings quickly at the end of the internal audit to ensure the auditee is aware and also has a chance to clear any questions.
Step #6: Report findings
All findings should be reported in an easy to read audit report. Audit reports serve evidence that an internal audit was conducted. These reports should be reviewed and approved by the department manager / top management. The report can also include an improvement / corrective action plan that should need to develop and implemented in the areas where gaps were identified. ISO recommends you use PDCA (Plan, Do, Check, Act) Management tool to facilitate and carry improvement process within the business.
To be successful, it is crucial that business meet the needs of their customer and can deliver products and service accurately without any error. All internal controls established by the organisation needs to be maintained and effectively followed to support quality products and services. An internal audit is a management tool that organisations use to ensure that process meets requirements.