We regularly write blog posts about the internal auditing process and what you need to do to prepare, but we recently realized we haven’t laid out the process from your internal auditor’s perspective. We thought this might be a good time to demystify this point person’s role and needs to better serve you in the process.
Meet Your Auditor
What does an internal auditor do? What An internal auditor is a professional who holds the expertise and authorization to review and verify the accuracy of business records and to ensure information security and regulatory compliance. Internal auditors are engaged by government entities and private organizations. They investigate suspected mismanagement of funds, develop solutions to eliminate fraud and waste, and provide assurance regarding risk management, internal controls and governance. Perhaps most importantly, objectively conducted internal audits by experienced auditors are designed to improve and mature an organization’s business practices.
Your internal auditor will work with you to assess the condition of your business, related to the nature of the audit. This candid and insightful information lets you know whether you and your team are on the right path toward optimal compliance, or if your operations could use some work to avoid unnecessary risk, penalties and any other adverse consequences.
What Services Are Internal Auditors Responsible for?
Routine internal audit services ensure the company has the ability to survive in a competitive business environment, and continue to prosper. Auditors do this by:
- Monitoring, analyzing and assessing the risks and controls of the organization
- Reviewing the organization’s compliance with state and federal policies and laws
- Making reassurances and recommendations to the organization or company’s owners or governing boards
Essentially, they gather information on how an organization or company is operating and uses it to show where it is doing well and where it can improve.
Objective outsourced or co-sourced audits, performed by professionals who have no personal connection to the organization, are an excellent business investment. Internal audits done often make sure the company is in compliance and that every department is working as efficiently, effectively, and securely as possible.
Top 5 Benefits of Working with an Auditor
- Security – The primary responsibility of your internal auditor is to consult and evaluate your company’s control environment. Internal audit services examine your internal controls, which include actions, systems, and processes, as well as monitoring, to ensure that they are well designed and implemented and that they are functioning properly—regardless of who serves in which role. This function is important to protect the company from internal threats, potential hazards, and other pitfalls. Internal audits aim to improve your company’s control environment to reduce business risks.
- Efficiency. Internal audits identify redundancies in your business practices and procedures, as well as your governance processes, and make recommendations on how to streamline to save time and money.
- Compliance – Internal audits examine the laws, regulations, and industry standards to which your organization is required to adhere and determine whether or not you are in fact in compliance. Where you fall short, auditors will advise you on how to fix the problem.
- Awareness – A comprehensive internal audit program can help your organization improve its effectiveness by making sure that all employees understand and support key policies and procedures. In this way, an internal audit consulting can help reinforce ethical behavior within your organization.
- Assurance – Internal audits give you an independent review of your operational processes. With clear visibility into how well you are performing risk management procedures, you have the knowledge that will allow you to feel confident about your day-to-day operations. You can then be sure that everything is being done according to best practices, industry standards, policies and procedures.
Related article: How do Internal Audits Work?
What Do Internal Auditors Do?
An internal auditor’s primary objective is to monitor and assure that all of your business assets—whether financial, technological or otherwise—have been appropriately secured and safeguarded from threats. He or she also verifies that your business processes align with your planned and documented policies and procedures.
Offer Objective Insight.
The very reason that you, as a business leader, cannot perform your own audit is that it would be a conflict of interest. Your internal auditing team must not have any operational affiliation or any responsibility to your organization in achieving an object insight into the issue at hand.
Measure Operations & Policies Against Best Practices.
You, your company’s CEOs and CFOs, and your IT team probably regularly meet to discuss idea procedures that you intend to follow — and instruct your staff to follow — to ensure that your technological goals for security and efficiency align with your set procedures. A professional auditor’s review of your organization’s policies and procedures quickly points out the strong and weak points which is the first step of risk mitigation.
Assess Controls.
The insights you gain from an internal auditor’s consultation can help you improve your organization’s control environment to help mitigate risks and achieve other important goals.
Evaluate Risks and Protect Valuable Organizational Assets.
Every internal audit program focuses on assisting an organization’s management and stakeholders to protect their control environment by identifying risks via a systematic risk assessment. Your internal auditor can help you identify any dangerous gaps in your control environment, providing you the opportunity to pursue a remediation plan.
Check Compliance with Relevant Regulations.
Depending on your industry, you may have anywhere from zero to several regulations or laws with which you must comply. Your internal auditor stays up to speed on all the latest updates on any regulations and laws that apply to your business.
Stay Up-to-Date on Compliance Requirements.
Whether federal, state, local — or all at levels — all businesses must comply with certain regulations and statutes. Since enforcement agencies have no obligation to inform business owners about any laws or regulations, it is up to organizations to stay one step ahead. The statutes that are relevant to your business can change with no notification. An internal audit helps you keep up with these critical legal concerns, understand how they impact your activities, and make sure you stay in compliance going forward.
Mediate Whistleblowing Cases.
It’s at these times when the true value of an internal audit team is realized. In many ways, an internal audit team is the ideal, third-party arm of a company to deal with whistleblowing issues given its intimate knowledge of:
- Company policies and procedures,
- Organizational controls,
- Industry standards and oversight initiatives.
An internal auditing team is familiar with organizational framework and capable of accessing information during the investigation of potential internal infractions. Because they are outside of the organization, whistleblowers have less the fear of coming forward and sharing potentially damaging information.
How Can We Choose the Best Internal Auditor?
- Establish a Decision-Making Group – Begin the selection process by identifying the Selection Team and Decision Making Group. Given the independence and board-level accountability of internal audit activities, staff the Selection Team with at least one audit committee member as well as the CFO and necessary support staff.
- Prepare a Preliminary Scope of Work – this ****should include a business overview, internal audit task list, risk management review, and the engagement’s expected duration.
- Make a Checklist for Internal Audit Firm Candidates – Use the scope to draft a comprehensive checklist for candidate firms. The checklist should identify certification requirements (such as AICPA, Institute of Internal Auditors, and registration with the Public Company Accounting Oversight Board) and specific needs such as start date, industry experience and past relevant engagements.
- Select Candidate Firms – Begin by drawing up a list of candidate firms based on referrals from board members, partners, and local chapters of the Institute of Internal Auditors. Then, vet each candidate against the checklist and with a round of initial screening calls. Next, a summary of the Preliminary Scope of Work should be shared and follow-up calls made to determine if the candidate meets the general criteria and has the resources to carry out the engagement. Invite the remaining firms to make a formal presentation and preliminary proposal.
- Final Proposals – After evaluating the presentations, cut the final list of candidates to two or more firms. Provide the finalists with any revisions to the scope and ask them to provide a written proposal with a detailed plan, schedules, fees, time lines, and staffing. Be available to answer any questions about the scope so that the finalists can make accurate estimates.
- Final Evaluation – While price is important, greater weight should be placed on the candidate firm’s qualifications. If the low-bidder is rated as marginally qualified to execute the scope of work, it’s likely their results will be equally marginal. Choose the firm that’s got the strongest leadership, the deepest relevant experience, and a detailed, practical execution plan. Finalize the selection by undertaking in-depth reference checks with previous clients.
- Final Presentation – Once the decision-making team makes its recommendation, schedule the chosen firm for a final presentation to the relevant internal departments. A successful presentation proves the finalist can clearly and effectively communicate with its client and starts the relationship on a high note.
Ask About Our Internal Auditing Services
I.S. Partners, LLC has built its internal audit consulting services around business insight, experience, and trust. Ask us how we can strengthen your organization.
Editor’s note: This post was originally published in April 2016 and has been updated for accuracy and comprehensiveness.