What makes internal audit really effective - the five Top Tips
9th February 2016
What makes internal audit really effective
- the five Top Tips
By James Gourlay
Internal audit has a role to play within organisations, but there are still significantly differing opinions about the effectiveness and particularly the return on investment of internal audit.
The Chartered Institute of Internal Auditors, which represents the profession in the UK and Ireland, is firmly of the view that that audit should add value and improve an organisation's operations.
It says: "Internal audit helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes."
But what makes an internal audit strategy effective, and what should key stakeholders primarily be aware of? Here are some key considerations.
1. Compliance: Many governing bodies/regulators are now considering whether internal audit should be a mandatory requirement as part of its governance arrangements.
2. Improvement: Internal audit can provide organisations with recommendations on where they can improve on their standard processes and controls. Often a fresh eye can give a different perspective on problem areas.
3. Insight: If there has been a control failing or fraud, internal audit can investigate the root cause of the failing and provide recommendations for improvements. A follow up visit can test whether the recommendations suggested have been implemented and are working effectively.
4. Foresight: Internal audit can ensure organisations keep up to date with the latest industry developments and identify upcoming issues which will affect organisations in the future.
5. Risk: Internal audit can assist with risk management by identifying risks never previously considered, it can also help the organisation to define its risk appetite and risk maturity level.
Internal auditing is effective if it provides the audit committee and executive management with the assurance they need, namely that they can rely on the organisation's processes and systems to manage risks to the achievement of the organisation's objectives.