+61 419 533 234
+61 419 533 234
The internal audit function is a fundamental element of corporate governance structures within most organisations. It operates primarily to provide assurance to executive management that the internal control structure of the organisation is effective. Internal audit assists the Audit Committee in discharging its governance responsibilities.
Internal audit has no direct involvement in the day-to-day operations of the organisation and should remain independent from management. Over the past decade the focus of internal audit has changed significantly and now concentrates on forming partnerships with line management and fostering business improvement processes. The following values provide the basis of an effective internal audit process:
Therefore, the internal audit program should be based on the organisational risk profile. Internal audit should identify and assess business risks in consultation with senior management. By being risk-focused, internal audit can ensure that audit programs consistently address current organisational risks and priorities.
The condition of the current control structure is integral in determining the focus, depth and activities of internal audit in each area of the structure or organisation. A strong control structure may require internal audit to provide independent, expert advice, while a weak control structure may require compliance audits on controls and procedures.
Senior management need to have a sound understanding of both the present state of the control structure and of future controls and governance procedures which are to be implemented. In this way, internal audit can be allocated tasks where it can optimally utilise its resources and add value to the organisation.
The first approach concentrates on compliance audits designed to provide assurance on key controls to senior management, while the latter approach focuses on organisational efficiency and effectiveness, and seeks to improve processes. Internal audit needs to find a balance between the two methodologies and tailor its program to the specific circumstances of the organisation.
Establish the program: An effective internal audit program is one which is based on the organisational risk profile. It is recognised that this business-oriented risk approach adds greater value than the traditional ‘cyclical audit’ approach as it focuses attention on two important elements affecting organisational success: areas with the greatest potential for loss and areas where process improvement is required.
Resources: The aim of internal audit is to deliver a cost-effective service and resources should be allocated appropriately with qualified and skilled staff. Resources should be balanced with organisational needs by considering factors such as size of organisation, cost of audit function and staff turnover.
Review mechanisms: Internal audit review mechanisms should be implemented to provide:
Review mechanisms should cover both internal audit processes and audit outputs. Additionally, performance reports should provide a balanced view by incorporating qualitative and quantitative indicators.
Review mechanisms should facilitate ongoing performance measurement. It is recommended that reviews be undertaken at the end of each internal audit project, and that the internal audit function be formally reviewed by an Audit Committee at least annually.
WynContract is perfect for this scenario