Internal auditing is an independent consulting activity used to add value and improve an organization's operations. Internal auditing improves an organization by providing insight and recommendations based on analyses and assessments of data. Professionals called internal auditors are employed by organizations to perform the internal auditing activity. The goal of internal audit within an organization is very broad and involves topics such as an organization, risk management, effectiveness of operations, the reliability of financial and management reporting, and compliance with laws and regulations. Internal auditing may also have fraud audits to identify potential fraudulent acts. Auditors are not responsible for the execution of company activities they just advise management and the Board of Directors. Some of the philosophy behind internal auditing comes from the work of Lawrence Sawyer. His philosophy emphasized assisting management and the Board in achieving the organization’s objectives through well-reasoned audits, evaluations, and analyses of operational areas. He encouraged the modern internal auditor to act as a counselor to management rather than as an adversary. Sawyer saw auditors as active players influencing events in the business rather than criticizing all degrees of errors and mistakes. Sawyer often talked about “catching a manager doing something right” and providing recognition and positive reinforcement. Writing about positive observations in audit reports was rarely done until Sawyer started talking about the idea. He understood and forecast the benefits of providing more balanced reporting while simultaneously building better relationships. Sawyer understood the psychology of interpersonal dynamics and the need for all people to receive acknowledgment and validation for relationships to prosper. Internal auditing activity is primarily directed at evaluating internal control. Under the Management is responsible for internal control, which includes five critical components: the control environment; risk assessment; risk focused control activities; information and communication; and monitoring activities. Managers establish policies, processes, and practices in these five components of management control to help the organization achieve the four specific objectives listed above. Internal auditors perform audits to evaluate whether the five components of management control are present and operating effectively, and if not, provide recommendations for improvement. A typical internal audit assignment involves the following steps: First, the auditors develop an understanding of the business area under review. Then, they describe the key risks facing the business activities. After that, they identify management practices in the five components of control used to ensure each key risk is properly controlled. Next, they develop a risk-based sampling approach to determine whether the most important management controls are operating as intended. Then they report issues and negotiate action plans with management to address the problems. Lastly, they follow-up on reported findings at appropriate intervals. Internal audit departments maintain a follow-up database for this purpose. Under the IIA standards, a critical component of the audit process is the preparation of a balanced report that provides executives and the board with the opportunity to evaluate and weigh the issues being reported in the proper context and perspective. In providing perspective, analysis and workable recommendations for business improvements in critical areas, auditors help the organization meet its objectives. Internal auditors usually work for government agencies, publicly traded companies; and for non-profit companies across all industries. Each department is led by a Chief Audit Executive who generally reports to the Audit Committee of the Board of Directors. Although internal auditors are part of company management...
Please join StudyMode to read the full document