An internal audit is an audit conducted by a business or organization for the purpose of improving the business' operations. Generally, the auditors are not employees of the company, and they bring an objective, independent view to the business. They help the organization improve their accounting, risk management, control, and operating processes. Often the auditors work for the company's accounting firm, or they may be hired from a group totally independent of the business.
An independent audit may look at internal controls, business risk, and management efficiency. The auditors must have a firm understanding of how the business works, what its goals are, and all the laws and regulations that apply to it that must be followed. They may also assess intangibles such as business ethics or values, performance of personnel, and communications.
Internal controls include information used to make decisions and the reliability of that data. It also includes a system to keep track of the assets of the business and assure that the assets are properly protected. It also looks at the operating practices to make sure they are good and that they are in compliance with policies, laws, and regulations. Internal controls also monitor the use of resources to make sure they are being put to good use.
Once your internal controls satisfy the auditors, they will look at the risks your business is exposed to. Risk and come in many forms and includes issues of health and safety, resource loss, asset loss, public image, security, laws and regulations that are not followed correctly, and inefficient business practices. Without controls around these issues, problems can arise that put your business at risk of loss or liability.
In order for the controls put in place to work, however, management must reinforce them and model appropriate behavior. When the internal audit is complete, they auditors provide recommendations for improvement in any areas they found lacking. A good internal audit also gives regulators, shareholders, investors and lenders, and employees added assurance that the company is well run and viable.
Before the audit takes place, the auditors meet with management to plan the audit and conduct a preliminary review. This is followed by a review of the business and its internal control structures. The actual audit, or fieldwork, looks at transactions and conducts informal interviews with employees. Transaction testing looks at the major internal controls and tests their accuracy and appropriateness.
Significant findings are then discussed with the client, allowing client the opportunity to offer insights and comments. Finally, the audit summary is prepared along with working papers that connect the accounting and financial records to the auditors' observations. The final document is the audit report that gives findings and makes recommendations for improvements. This is discussed with the client before it is made final and incorporates the client's comments in the discussion draft. This is then given to operating management for review and approval. The final step is the exit conference when the company management and the audit team try to reach an agreement on the finding. The formal draft and final report are then written and approved. At this point, the client has the opportunity to respond and give plan for how the recommendations will be implemented. A follow-up process is also set in place.