Definition

internal audit (IA)

Contributor(s): Ben Cole

An internal audit (IA) is an organizational initiative to monitor and analyze its own business operations in order to determine how well it conforms to a set of specific criteria.

In the enterprise, an internal audit can focus on enterprise risk management functions, security processes or maintaining regulatory compliance, as well as many other business departments and activities. As part of the internal audit plan, auditors try to find discrepancies between operational processes and what those processes are designed to do. If internal auditors do find discrepancies, these issues are included in the final report issued to company leadership so the processes can be improved.

Internal audit plans are often designed as a pre-emptive maneuver to maintain operational efficiency and financial reliability, as well as to safeguard assets.

Why internal audits matter

Regular internal audits assess a company's controls and help uncover evidence of fraud, waste or abuse. The frequency of internal audits will depend on the department or process being examined. Some types of manufacturing may require daily audits for quality control, while a department such as human resources may require only an annual audit of records.

Unlike an external auditor that primarily considers financial risk, the internal auditor examines issues relating to wide-ranging risks to the organization's reputation and growth. For example, an internal audit can uncover threats to the organization's reputation if it finds employee safety violations or instances where employees are treated unfairly. One of the internal auditor's primary goals is to assess the management of risk and to ensure that risk management processes are efficient, effective, secure and compliant.

Once the internal audits are completed, auditors issue a final audit report outlining how well the systems and processes are working. This report is often provided first to the most senior levels of executive management, as well as to its internal audit committee. When required, internal auditors offer consulting help to improve areas in which systems and processes are lacking and conduct a follow-up audit to determine how well the improvements are working.

Information provided by internal auditors can help the company thrive in a competitive business environment and inform new initiatives to help it continue to prosper.

Internal auditing strategies

An internal auditor will typically analyze documents outlining a company's mission, objectives and related performance, then determine how well these goals are being met. When gathering information for their final report, internal auditors will observe operations firsthand, take notes, review official documents and interview employees. The duration of the audit depends on its scope, as well as the size of the company or the department being audited.


The International Professional
Practices Framework for
internal audits.

Using various assessment techniques, the internal auditor will examine the effectiveness of internal control procedures and determine whether employees comply with internal control directives. These assessments can be completed after reviewing documents such as responsibility flowcharts, control policies and results from previous audits. The auditor can also conduct interviews with staff or examine processes firsthand to complete the assessment process.

Internal auditors also analyze business and financial transactions to determine falsehoods. Procedures examining transactions, inventory and financial statements can locate errors or falsehoods, as well as determine where in the process these instances occurred. These analyses can also target a specific process if the company wants to examine how well a particular control is working.

At the conclusion of the internal audit, the auditor will issue a formal report presenting significant findings. The final report includes a summary of the procedures and techniques used for completing the audit, a detailed description of audit findings and suggestions for improvements to internal controls and control procedures.

The internal audit function is different than an external audit. An external auditor reports to those outside the governing structure of the organization and focuses on determining the reliability and credibility of financial reports. An internal audit report is provided to those within the governing structure and is designed to educate management and employees about how they can operate the business better.

This was last updated in September 2017

Continue Reading About internal audit (IA)

Dig Deeper on Regulatory compliance audits

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What are the regulatory compliance benefits of having a formal internal audit program in place?
Cancel

-ADS BY GOOGLE

File Extensions and File Formats

SearchCIO

SearchHealthIT

SearchCloudComputing

SearchDataCenter

SearchDataManagement

SearchSecurity

Close