The Definition, Purpose, Stakeholders and Strength of Push Digits in Internal Auditing
What is an Internal Audit?
An internal audit is an in-depth analysis of a company or organization’s performance in respect to the organization’s business plan or other predefined performance benchmarks. An internal audit provide management and board of directors with vital information about several aspects of the company’s activities and help them move forward with plans to build business and increase profits. Less effective business activities will be pointed out and suggestions to improve effectiveness may be presented. Auditors provide advisory information only and do not have any control or authority over business operations. The actual business activities being audited are usually specified in the mandate calling for the audit. This list of audited activities can include management effectiveness, efficiency of operations, compliance with laws and regulations, or any other aspects of business operation as defined in the audit request documents. Audits may also look into fraudulent activities, the validity of financial reporting processes or potentials for financial loss. The actual scope of an internal audit is defined in the audit blueprint or in the contract with an outside auditor. Audits may be requested by a government agency, a business lender, or the business management. Internal audits may be scheduled in the business plan to keep the business on track. The intent of an internal audit is not to penalize a business but to provide useful information to improve overall business operations or to provide risk assessment.
Why are internal audits performed?
Internal audits are very valuable tools for assuring a business’s management is following a correct path to business growth and profitability. Audits can reveal weaknesses in the management processes in use and suggest changes to ameliorate any discovered weaknesses. A company’s utilization of resources can be evaluated to promote most efficient consumption of resources. A company’s resources will include financial resources, workforce and human resources, natural resources, property – both tangible and intellectual, and anything that contributes to the company’s profit.
Top-level business managers rely on internal audits to understand how the various divisions of an organization are performing. Strongly performing divisions can provide information applicable to weaker divisions. If a division is determined to be non-productive, management may decide to reduce losses by eliminating the division or refocusing the division’s resources in a new direction.
Financial institutions and investors sometimes require internal audits to ensure the financial support they provide is being properly utilized and that the risk to the investment is being managed. Anytime a company’s management suspect employees of improper actions or if outside threats are suspected; an internal audit can identify the risks and suggest corrections or defensive measures.
Changes in government regulations sometimes generate an internal audit to assure compliance with the new regulations. When a marketplace environment changes an internal audit can prepare the business for the changes and/or assess the risks posed by the new marketplace. A basic risk management process is a regularly scheduled (or impromptu) internal audit focused on risk management. The risks that any business is exposed to can be quite numerous. An internal audit focused on risk management will often identify hidden risks and offer suggestions to counterbalance both new and well-known risks.
In many cases, new ventures include scheduled internal audits in the business plan. These scheduled audits determine if the business is performing according to plan. If business performance does not meet expectations the audit can help determine where the weaknesses are and suggest corrections to get the business back on plan.
The actual reasons for internal audits are as varied as the types of information they can provide. The authorization for an audit will establish the scope of the audit and the type of information expected which will be disclosed in a formal document called internal audit charter. Without some specific direction in the authorization documents, the results of an audit will be unpredictable or perhaps unreliable. Requesting an audit without establishing the scope and focus is like hiring someone to paint your car but not specifying a color. Reputable audit and accounting firms will require specific instructions in the authorization documents. If an organization has established an audit division the scope of audits performed by the division will be predetermined when the audit division is set up. Sometimes the scope is specified in the authorization documents.
Who performs internal audits?
Internal audits are performed by outside accounting and auditing services or by auditing departments within the organization. Smaller organizations are unlikely to have dedicated auditing departments so outsourcing this function is the only option. For larger organizations with established auditing functions the decision about auditors becomes more complicated. If an audit is mandated by an external entity such as a lender or a government agency the choice of auditor may be specified in the mandate. Internal audits requested from within an organization will most likely utilize the organization’s auditing functions unless absolute objectivity is very important. The suggestion of objectivity is more easily presented by an outside auditing agency. The quality and integrity of the information reported by the auditor is important. Reputable auditing agencies rely on a strong reputation of integrity.
Who requests internal audits?
As mentioned earlier, internal audits can be requested or initiated by several processes. For relatively new businesses, internal audits are often included in the business plan. These audits are intended to examine management’s effectiveness or to verify the business is operating according to plan. Outside entities such as lenders or shareholder groups can request audits in order to examine the risks to their investments. Government agencies request internal audits to assure compliance with regulations and ethical business practices. Company managers request audits to identify and manage risks; to investigate suspicions of inappropriate activities by employees or managers; to identify under-performing departments and find ways to improve performance; or to identify and defend against outside threats to business success. Regularly scheduled audits are quite often part of management processes intended to maintain awareness of all aspects of business operations and to manage risks.
What information is discovered in Internal Audits?
The information revealed by an internal audit is primarily established by the scope specified in the authorization documents or internal audit charter. The request for an audit will indicate the scope of the audit and suggest the type of information the audit will return. Risk management audits will report on well known and newly revealed risks while providing suggestions for managing the risks. Performance audits will examine and report on the effectiveness of management at all levels or relative performance of various company divisions. Compliance audits will examine and report on how well the company is following government regulations and established business practices.
What qualifies an internal auditor?
The Institute of Internal Auditors (IIA) is an established Professional Network which regulates the world wide recognized qualifications of internal auditing such as Certified Internal Auditor (CIA). IIA provides certifications for individuals as certified professional internal auditors and certified auditors in specific areas of specialization. Any valid accounting and auditing firm will be staffed by certified audit professionals in any of several audit disciplines. Certified auditors will have demonstrated knowledge and understanding of the technical aspects of auditing as well as the ethical principles that are a very important part of the auditing domain. Qualified auditors also practice Continuing Professional Education (CPE) to stay abreast of emerging technology and trends and to maintain valid certifications.
How Push Digits can help
Push Digits internal audit professionals look strategically at how THEY can add value, reduce costs and improve efficiency of your business.
“Internal auditing is an independent, objective assurance consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve effectiveness and risk management, control and governance processes.” (Institute of Internal Auditors)
Push Digits internal auditing can make your company more successful. Push Digits uses a combination of consulting experience and technical knowledge to assist our clients. Our services include informing board of directors and senior management on how effectively existing processes and systems are working to keep the entity on path. Also, we provide recommendations to make those processes and systems more efficient and effective.