What is Internal Audit?
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
Performed by professionals with an in-depth understanding of the business culture, systems, and processes, the internal audit activity provides assurance that internal controls in place are adequate to mitigate the risks, governance processes are effective and efficient, and organizational goals and objectives are met.
Evaluating emerging technologies. Analyzing opportunities. Examining global issues. Assessing risks, controls, ethics, quality, economy, and efficiency. Assuring that controls in place are adequate to mitigate the risks. Communicating information and opinions with clarity and accuracy. Such diversity gives internal auditors a broad perspective on the organization. And that, in turn, makes internal auditors a valuable resource to executive management and boards of directors in accomplishing overall goals and objectives, as well as in strengthening internal controls and organizational governance.
I. Foundations Of Internal Auditing
Interpret The IIA`s Mission of Internal Audit, Definition of Internal Auditing, and Core Principles for the Professional Practice of Internal Auditing, and the purpose, authority, and responsibility of the internal audit activity
Explain the requirements of an internal audit charter (required components, board approval, communication of the charter, etc.)
Interpret the difference between assurance and consulting services provided by the internal audit activity
Demonstrate conformance with the IIA Code of Ethics
II. Independence And Objectivity
Interpret organizational independence of the internal audit activity (importance of independence, functional reporting, etc.)
Identify whether the internal audit activity has any impairments to its independence
Assess and maintain an individual internal auditor`s objectivity, including determining whether an individual internal auditor has any impairments to his/her objectivity
Analyze policies that promote objectivity
III. Proficiency And Due Professional Care
Recognize the knowledge, skills, and competencies required (whether developed or procured) to fulfill the responsibilities of the internal audit activity
Demonstrate the knowledge and competencies that an internal auditor needs to possess to perform his/her individual responsibilities, including technical skills and soft skills (communication skills, critical thinking, persuasion/negotiation and collaboration skills, etc.)
Demonstrate due professional care
Demonstrate an individual internal auditor`s competency through continuing professional development
IV. QUALITY ASSURANCE AND IMPROVEMENT PROGRAM
Describe the required elements of the quality assurance and improvement program (internal assessments, external assessments, etc.)
Describe the requirement of reporting the results of the quality assurance and improvement program to the board or other governing body
Identify appropriate disclosure of conformance vs. nonconformance with The IIA’s International Standards for the Professional Practice of Internal Auditing
V. Governance, Risk Management, And Control
Describe the concept of organizational governance
Recognize the impact of organizational culture on the overall control environment and individual engagement risks and controls
Recognize and interpret the organization`s ethics and compliance-related issues, alleged violations, and dispositions
Describe corporate social responsibility
Interpret fundamental concepts of risk and the risk management process
Describe globally accepted risk management frameworks appropriate to the organization (COSO - ERM, ISO 31000, etc.)
Examine the effectiveness of risk management within processes and functions
Recognize the appropriateness of the internal audit activity’s role in the organization`s risk management process
Interpret internal control concepts and types of controls
Apply globally accepted internal control frameworks appropriate to the organization (COSO, etc.)
Examine the effectiveness and efficiency of internal controls
VI. Fraud Risks
Interpret fraud risks and types of frauds and determine whether fraud risks require special consideration when conducting an engagement
Evaluate the potential for occurrence of fraud (red flags, etc.) and how the organization detects and manages fraud risks
Recommend controls to prevent and detect fraud and education to improve the organization`s fraud awareness
Recognize techniques and internal audit roles related to forensic auditing (interview, investigation, testing, etc.)
1. Internal Audit Operations
Describe policies and procedures
for the planning, organizing, directing, and monitoring of internal audit
operations
Interpret administrative activities (budgeting, resourcing,
recruiting, staffing, etc.) of the internal audit activity
2. Establishing a Risk-based
Internal Audit Plan
Identify
sources of potential engagements (audit universe, audit cycle requirements,
management requests, regulatory mandates, relevant market and industry trends,
emerging issues, etc.)
Identify
a risk management framework to assess risks and prioritize audit engagements
based on the results of a risk assessment
Interpret
the types of assurance engagements (risk and control assessments, audits of
third parties and contract compliance, security and privacy, performance and
quality audits, key performance indicators, operational audits, financial and
regulatory compliance audits)
Interpret
the types of consulting engagements (training, system design, system
development, due diligence, privacy, benchmarking, internal control assessment,
process mapping, etc.) designed to provide advice and insight
Describe
coordination of internal audit efforts with the external auditor, regulatory
oversight bodies, and other internal assurance functions, and potential
reliance on other assurance providers
3. Communicating and Reporting to
Senior Management and the Board
Recognize that the chief audit
executive communicates the annual audit plan to senior management and the board
and seeks the board`s approval
Identify significant risk
exposures and control and governance issues for the chief audit executive to
report to the board
Recognize that the chief audit
executive reports on the overall effectiveness of the organization`s internal
control and risk management processes to senior management and the board
Recognize internal audit key
performance indicators that the chief audit executive communicates to senior
management and the board periodically
1. Engagement Planning
Determine
engagement objectives, evaluation criteria, and the scope of the engagement
Plan
the engagement to assure identification of key risks and controls
Complete
a detailed risk assessment of each audit area, including evaluating and
prioritizing risk and control factors
Determine
engagement procedures and prepare the engagement work program
Determine
the level of staff and resources needed for the engagement
1. Information Gathering
Gather
and examine relevant information (review previous audit reports and data,
conduct walk-throughs and interviews, perform observations, etc.) as part of a
preliminary survey of the engagement area
Develop checklists and risk-and-control
questionnaires as part of a preliminary survey of the engagement area
Apply
appropriate sampling (nonstatistical, judgmental, discovery, etc.) and
statistical analysis techniques
2. Analysis and Evaluation
Use
computerized audit tools and techniques (data mining and extraction, continuous
monitoring, automated workpapers, embedded audit modules, etc.)
Evaluate
the relevance, sufficiency, and reliability of potential sources of evidence
Apply
appropriate analytical approaches and process mapping techniques (process
identification, workflow analysis, process map generation and analysis,
spaghetti maps, RACI diagrams, etc.)
Determine
and apply analytical review techniques (ratio estimation, variance analysis,
budget vs. actual, trend analysis, other reasonableness tests, benchmarking,
etc.)
Prepare
workpapers and documentation of relevant information to support conclusions and
engagement results
Summarize
and develop engagement conclusions, including assessment of risks and controls
Engagement Supervision
Identify key activities in
supervising engagements (coordinate work assignments, review workpapers,
evaluate auditors` performance, etc.)
Arrange preliminary communication with
engagement clients
Demonstrate communication quality (accurate,
objective, clear, concise, constructive, complete, and timely) and elements
(objectives, scope, conclusions, recommendations, and action plan)
Prepare interim reporting on the engagement
progress
Formulate recommendations to
enhance and protect organizational value
Describe the audit engagement
communication and reporting process, including holding the exit conference,
developing the audit report (draft, review, approve, and distribute), and
obtaining management`s response
Describe the chief audit executive`s
responsibility for assessing residual risk
Describe the process for
communicating risk acceptance (when management has accepted a level of risk
that may be unacceptable to the organization)
Describe the audit engagement communication
and reporting process, including holding the exit conference, developing the
audit report (draft, review, approve, and distribute), and obtaining
management`s response
Describe the chief audit executive`s
responsibility for assessing residual risk
Describe the process for communicating risk
acceptance (when management has accepted a level of risk that may be
unacceptable to the organization)
Beacon FinTrain prioritizes excellence in every service, ensuring top-notch, reliable, and consistent outcomes that meet and exceed client expectations.
We focus on finance, offering expert knowledge and bespoke solutions that cater to the unique needs of finance professionals in the Middle East and Africa.
Time is money. We respect deadlines, delivering precise and timely results to help our clients stay ahead in the fast-paced financial world.
Beacon FinTrain is a guiding light in finance, providing insightful advice and support to navigate the complexities of financial markets and regulations.
We uphold the highest ethical standards, fostering trust and transparency in all our dealings to build lasting relationships with clients.
Adapting to the dynamic finance sector, we offer versatile services and solutions that align with the evolving needs of our clients.