FAQ

Internal auditing-min

One of the challenges of scaling up a business is to establish a governance framework that evolves with the business and ensures both integrity and growth.

1. What is internal audit?

The Chartered Institute of Internal Auditors defines internal audit as “An independent, objective assurance and consulting activity designed to add value and improve an organization’s operations”.

In addition, an effective internal audit helps organisations accomplish their objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. The assurance component involves monitoring and reporting on how well the systems and processes designed to keep the organisation on track are effective. The complementary consulting component that drives organisational value involves providing valuable insights to improve an organisational governance, risk management and internal control processes.

2. What is the difference between internal and external audit?

External audits are carried out by independent accountants and are mandated by the audit committee to review a company’s financial statements in order to certify them for reporting purposes. External auditors generally conduct financial reviews with the aim of providing an opinion on their veracity and fairness, which is taken into account by investors and shareholders when they review the previous year’s accounts.

Internal audit, on the other hand, is a function mandated by a company’s Board of Directors (delegated to the audit committee) to evaluate and improve the effectiveness of governance, risk management and control processes. In order to be effective in doing this, internal auditors report directly to the board or audit committee.

The profession of internal audit is fundamentally concerned with evaluating an organisation’s internal controls and management of risk, such as strategic, operational or financial risks. The key to an organisation’s success is to manage those risks effectively – better than competitors and as efficiently as stakeholders demand.

3. Is it mandatory to have an internal audit function?

Internal audits are a highly-recommended component of a sound corporate governance structure. In most countries, however, having an internal auditor is a legal requirement for public companies and public-interest entities (PIEs). Internal auditors are also required to be impartial and independent of the operations they are monitoring, hence the practice of them reporting to the board.

4. Is internal audit responsible to manage risks?

Internal audit helps identify and monitor risks. However, responsibility for addressing, managing and mitigating risks ultimately rests with the board and the management.

5. What are the skills and qualifications required for an internal auditor?

Internal auditors must demonstrate integrity, objectivity, independence and confidentiality.

The major skills required for internal auditors are critical thinking, professional scepticism and communication. All of these skills will help them function in any organisation, but internal auditors must also add strong business acumen, solid understanding of operations and of the underlying processes and structures to this. The ability to critically evaluate those for compliance and optimisation is also key.

A certification in internal audit by the Institute of Internal Audit (IIA) is also an asset, as is a functional understanding of the International Professional Practices Framework (IPPF) that serves as the basis for guidance they issue to internal auditors worldwide.