Internal audit.[check] This checklist is designed to help managers tackle the process of an internal audit within their organisation or department. Internal audit is an essential part of business life, but not all organisations are large enough to have a designated internal audit function. This checklist is aimed primarily at those who are either undertaking an internal audit themselves or are responsible for selecting and managing a member of staff who has this responsibility. It applies equally to organisations in the public and private sectors.
In the wake of a number of recent spectacular cases of fraud, the 1998 Combined Code (on corporate governance Corporate Governance
The relationship between all the stakeholders in a company. This includes the shareholders, directors, and management of a company, as defined by the corporate charter, bylaws, formal policy, and rule of law. ) and the 1999 Turnbull Turnbull is a surname, arising from the Turnbull clan, a Scottish Border clan, and may refer to:
There is a clear distinction between internal and external audit. Internal auditing is defined by the Institute of Internal Auditors “IIA” redirects here. For IIA in decision theory, see Independence of irrelevant alternatives.
Established in 1941, The Institute of Internal Auditors (IIA) is an international professional association of more than 128,000 members with global headquarters in as an independent appraisal function established within an organisation to examine and evaluate its activities, the objective being to assist staff in the effective discharge of their responsibilities. To this end internal auditing furnishes staff with analyses, appraisals and recommendations concerning those activities. Internal auditing is usually carried out by staff from within the organisation.
Advantages of internal audit
Internal audit should be a continuous process, from which many advantages can be discerned. These may include:
* management's attention will be directed to the key business issues - it gives an analysis of weaknesses in the system of control, from which practical recommendations for improvement can be made
* it leads to positive assurance when controls are operating satisfactorily
* it identifies opportunities for improved efficiency and effectiveness
* it gives early notice of potential problems. Management can then take action as necessary
* Disadvantages of internal audit can be time-consuming time-con·sum·ing
Taking up much time.
taking up a great deal of time
Adj. 1. and takes managers away from their day-to-day day-to-day
1. Occurring on a routine or daily basis: the day-to-day movements of the stock market.
If handled insensitively in·sen·si·tive
1. Not physically sensitive; numb.
a. Lacking in sensitivity to the feelings or circumstances of others; unfeeling.
b. , it can be threatening to staff who may feel that they are being scrutinised with the intention of finding fault.
1. Select internal audit objectives relevant to the assignment
Internal audits primarily look at key controls:
financial--how is money handled within the organisation? Who authorises payment, and what are the checks and balances to stop unauthorised spending and fraud?
* administrative controls--are these conducive con·du·cive
Tending to cause or bring about; contributive: working conditions not conducive to productivity. See Synonyms at favorable. to meeting strategic objectives?
* systems--which ones are there in a department and across the organisation--and how do they fit together?
as well as:
* value for money--is this being achieved through the systems in place, or do the systems fail to measure this?
The first step is to make sure your broad audit objectives reflect whichever of these are your priorities.
2. Prepare a detailed brief
An internal audit looks at a variety of aspects of the way an organisation works focussing not only on financial issues. Write an audit brief or strategy to set detailed priorities in accordance Accordance is Bible Study Software for Macintosh developed by OakTree Software, Inc.
As well as a standalone program, it is the base software packaged by Zondervan in their Bible Study suites for Macintosh. with the main issues, and give some indication of the proportion of time you expect to be accorded to highlighted aspects.
3. Choose your auditor auditor n. an accountant who conducts an audit to verify the accuracy of the financial records and accounting practices of a business or government. A proper audit will point out deficiencies in accounting and other financial operations.
It is usual to appoint another individual from within the organisation as internal auditor Internal auditor
An employee of a company who analyzes the company's accounting records to that the company is following and complying with all regulations. . Dependent on the issues to be examined, a formal qualification, for example, in accountancy, may be appropriate.
The growing use of external certification systems for issues such as quality control (ISO (1) See ISO speed.
(2) (International Organization for Standardization, Geneva, Switzerland, www.iso.ch) An organization that sets international standards, founded in 1946. The U.S. member body is ANSI. 9000), environmental control (ISO14000) and staff development (IIP IIP Investors In People
IIP International Information Programs (US State Department)
IIP Index of Industrial Production
IIP Iraqi Islamic Party
IIP International Ice Patrol (US Coast Guard) ) may require other members of staff to have responsibility for the continuous review of those systems.
4. Brief your auditor
You need to make sure that you have all the background information you need before you brief your auditor. This would include your organisation's:
* strategic or business plans
* standing orders
* articles and memoranda of association
* internal procedure manuals
* lists of key personnel
* structure chart.
Arrange a meeting to ensure you have provided the auditor with sufficient information; in particular, even if he or she is an employee of the organisation do not make assumptions about his or her level of knowledge.
At the meeting the aim is to agree the objectives of the audit. Find out how the auditor will meet these objectives, agree a timetable and a plan of action and find out if further information is needed.
5. Identify the key controls to meet audit objectives
The next stage is to start to look at detail. The auditor needs to look at the organisation's existing procedures for controlling the key areas to be examined.
6. Evaluate the controls
Next, evaluate how effective the controls are. Could they be improved? Are there any omissions? Questions worth thinking about are:
* if someone wanted to commit a fraud, where and how would they do it?
* if I had bought this item personally, would I be happy with the price paid and the level of service offered?
7. Test the system
Now, test the controls in action. Choose a number of activities or transactions at random and trace back all the steps that took place. Ask:
* are there any procedures or rules in place?
* did people follow the procedures?
This will show how far the existing rules and procedures are complied with.
8. Select areas needing in-depth in-depth
Detailed; thorough: an in-depth study.
detailed or thorough: an in-depth analysis
From random tests the auditor may find areas of concern which need further investigation. The audit should now investigate these areas in depth--for example every transaction will be examined over a number of months to see if the random sample was an exception or a real problem.
9. Consider whether value for money is being achieved
Whatever the overall audit objectives, it is always an internal auditor's job to test whether value for money is being achieved. The kind of things to look for are:
* has the market been tested by getting quotes and tenders for goods and services In economics, economic output is divided into physical goods and intangible services. Consumption of goods and services is assumed to produce utility (unless the "good" is a "bad"). It is often used when referring to a Goods and Services Tax. ?
* are the systems working in the most efficient way?
10. Prepare a draft report
Make a report of all findings with a set of recommendations. This should be in draft format and should be discussed with everyone who took part in the audit--to ensure that the auditor hasn't has·n't
Contraction of has not.
hasn't has not
hasn't have misinterpreted any information.
11. Produce the final report
The final report should include an action plan to tackle the areas requiring strengthening. It should have a timetable and an agreed time to meet again to monitor what has happened. Use the knowledge of the auditor as a guide towards best practice. Make sure the recommendations in the report are of a practical nature.
12. Take action
Act on the findings to put things right and monitor how effective the actions taken are. This may well involve changing written instructions, manuals or procedures, alerting staff to the changes and ensuring adequate training is given to staff in those areas.
Keep everyone throughout the organisation fully informed of the programme, and what changes have been, or are being, made to tighten up Verb 1. tighten up - restrict; "Tighten the rules"; "stiffen the regulations"
constrain, stiffen, tighten
confine, limit, throttle, trammel, restrain, restrict, bound - place limits on (extent or access); "restrict the use of this parking lot"; "limit the procedures. Make sure that the wording of any announcements do not point the finger of blame at any individuals, but emphasise that the procedures themselves are being strengthened.
Dos and don'ts for internal audits
* Brief staff on the benefits of internal audit.
* Keep staff informed of the findings of the audit and any positive action that has been taken as a result of it.
* Concentrate on the high risk elements identified.
* Set an action plan that is realistic.
* Monitor progress towards meeting the action plan.
1. Contraction of do not.
2. Nonstandard Contraction of does not.
A statement of what should not be done: a list of the dos and don'ts.
* Rely on internal audit as a day-to-day management control mechanism.
* Expect internal audit to pick up all the potential weak links in your systems.
The combined code on corporate governance, Financial Reporting Council The Financial Reporting Council (FRC) is a unified, independent regulator with a mission of promoting confidence in corporate reporting and governance in the United Kingdom. London London, city, Canada
London, city (1991 pop. 303,165), SE Ont., Canada, on the Thames River. The site was chosen in 1792 by Governor Simcoe to be the capital of Upper Canada, but York was made capital instead. London was settled in 1826. : 2003
Internal audit: a partnership with management, Marian Mar·i·an 1
1. Of or relating to the Virgin Mary, her cult, or her theology.
2. Of or relating to Mary I of England or Mary Queen of Scots.
Adj. 1. Lower London: Financial Times Pitman, 1998
Chartered Institute of Management Accountants The Chartered Institute of Management Accountants (CIMA) is a UK based professional body offering training and qualification in management accountancy and related subjects, focused on accounting for business; together with ongoing support for members. , 26 Chapter Street, London, SW1P 4NP
Tel: 020 8849 2251 www.cimaglobal.com
Institute of Internal Auditors--UK and Ireland, 13 Abbeville Mews, 88 Clapham Park Clapham Park is an area in the Borough of Lambeth in London, to the south of central Clapham and west of Brixton.
The original Clapham Park estate was a speculative development by Thomas Cubitt, who bought 229 acres of Bleak Hall Farm in 1825, and marked out plots for Road, London, SW4 7BX
Tel: 020 7498 0101 www.iia.org.uk
* Have you defined the nature and scope of the internal audit?
* Have you established what the system is trying to achieve?
* Have you identified the key controls?
* Are your staff fully informed of what is happening and the actions you are going to take?