We regularly write blog posts about the internal auditing process and what you need to do to prepare, but we recently realized we haven’t laid out the process from your internal auditor’s perspective. We thought this might be a good time to demystify this point person’s role and needs to better serve you in the process.
An internal auditor is a professional who holds the expertise and authorization to review and verify the accuracy of business records and to ensure information security and regulatory compliance. Internal auditors are engaged by government entities and private organizations. They investigate suspected mismanagement of funds, develop solutions to eliminate fraud and waste, and provide assurance regarding risk management, internal controls and governance. Perhaps most importantly, objectively conducted internal audits by experienced auditors are designed to improve and mature an organization’s business practices.
Your internal auditor will work with you to assess the condition of your business, related to the nature of the audit. This candid and insightful information lets you know whether you and your team are on the right path toward optimal compliance, or if your operations could use some work to avoid unnecessary risk, penalties and any other adverse consequences.
What Are Internal Auditors Responsible for?
Routine internal audits ensure the company has the ability to survive in a competitive business environment, and continue to prosper. Auditors do this by:
- Monitoring, analyzing and assessing the risks and controls of the organization
- Reviewing the organization’s compliance with state and federal policies and laws
- Making reassurances and recommendations to the organization or company’s owners or governing boards
Essentially, they gather information on how an organization or company is operating and uses it to show where it is doing well and where it can improve.
Objective outsourced or co-sourced audits, performed by professionals who have no personal connection to the organization, are an excellent business investment. Internal audits done often make sure the company is in compliance and that every department is working as efficiently, effectively, and securely as possible.
What Do Internal Auditors Do?
An internal auditor’s primary objective is to monitor and assure that all of your business assets—whether financial, technological or otherwise—have been appropriately secured and safeguarded from threats. He or she also verifies that your business processes align with your planned and documented policies and procedures.
A few additional key things internal auditors typically do include:
Offer Objective Insight.
The very reason that you, as a business leader, cannot perform your own audit is that it would be a conflict of interest. Your internal auditing team must not have any operational affiliation or any responsibility to your organization in achieving an object insight into the issue at hand.
Measure Operations & Policies Against Best Practices.
You, your company’s CEOs and CFOs, and your IT team probably regularly meet to discuss idea procedures that you intend to follow — and instruct your staff to follow — to ensure that your technological goals for security and efficiency align with your set procedures. A professional auditor’s review of your organization’s policies and procedures quickly points out the strong and weak points which is the first step of risk mitigation.
The insights you gain from an internal auditor’s review can help you improve your organization’s control environment to help mitigate risks and achieve other important goals.
Evaluate Risks and Protect Valuable Organizational Assets.
Every internal audit program focuses on assisting an organization’s management and stakeholders to protect their control environment by identifying risks via a systematic risk assessment. Your internal auditor can help you identify any dangerous gaps in your control environment, providing you the opportunity to pursue a remediation plan.
Check Compliance with Relevant Regulations.
Depending on your industry, you may have anywhere from zero to several regulations or laws with which you must comply. Your internal auditor stays up to speed on all the latest updates on any regulations and laws that apply to your business.
Stay Up-to-Date on Compliance Requirements.
Whether federal, state, local — or all at levels — all businesses must comply with certain regulations and statutes. Since enforcement agencies have no obligation to inform business owners about any laws or regulations, it is up to organizations to stay one step ahead. The statutes that are relevant to your business can change with no notification. An internal audit helps you keep up with these critical legal concerns, understand how they impact your activities, and make sure you stay in compliance going forward.
Mediate Whistleblowing Cases.
It’s at these times when the true value of an internal audit team is realized. In many ways, an internal audit team is the ideal, third-party arm of a company to deal with whistleblowing issues given its intimate knowledge of:
- Company policies and procedures,
- Organizational controls,
- Industry standards and oversight initiatives.
An internal auditing team is familiar with organizational framework and capable of accessing information during the investigation of potential internal infractions. Because they are outside of the organization, whistleblowers have less the fear of coming forward and sharing potentially damaging information.
How Can We Choose the Best Internal Auditor?
- Establish a Decision-Making Group – Begin the selection process by identifying the Selection Team and Decision Making Group. Given the independence and board-level accountability of internal audit activities, staff the Selection Team with at least one audit committee member as well as the CFO and necessary support staff.
- Prepare a Preliminary Scope of Work – this ****should include a business overview, internal audit task list, risk management review, and the engagement’s expected duration.
- Make a Checklist for Internal Audit Firm Candidates – Use the scope to draft a comprehensive checklist for candidate firms. The checklist should identify certification requirements (such as AICPA, Institute of Internal Auditors, and registration with the Public Company Accounting Oversight Board) and specific needs such as start date, industry experience and past relevant engagements.
- Select Candidate Firms – Begin by drawing up a list of candidate firms based on referrals from board members, partners, and local chapters of the Institute of Internal Auditors. Then, vet each candidate against the checklist and with a round of initial screening calls. Next, a summary of the Preliminary Scope of Work should be shared and follow-up calls made to determine if the candidate meets the general criteria and has the resources to carry out the engagement. Invite the remaining firms to make a formal presentation and preliminary proposal.
- Final Proposals – After evaluating the presentations, cut the final list of candidates to two or more firms. Provide the finalists with any revisions to the scope and ask them to provide a written proposal with a detailed plan, schedules, fees, time lines, and staffing. Be available to answer any questions about the scope so that the finalists can make accurate estimates.
- Final Evaluation – While price is important, greater weight should be placed on the candidate firm’s qualifications. If the low-bidder is rated as marginally qualified to execute the scope of work, it’s likely their results will be equally marginal. Choose the firm that’s got the strongest leadership, the deepest relevant experience, and a detailed, practical execution plan. Finalize the selection by undertaking in-depth reference checks with previous clients.
- Final Presentation – Once the decision-making team makes its recommendation, schedule the chosen firm for a final presentation to the relevant internal departments. A successful presentation proves the finalist can clearly and effectively communicate with its client and starts the relationship on a high note.
Ask About Our Internal Auditing Service
I.S. Partners, LLC has built its internal audit practice on business insight, experience, and trust. Ask us how we can strengthen your organization.
Editor’s note: This post was originally published in April 2016 and has been updated for accuracy and comprehensiveness.