In any kind of organization, whether it’s a Fortune 500 multinational company, or the small, local non-profit down the street, these places must be internally audited at some point in time. Most people associate the auditing process with the IRS, when they take a closer look at your finances if they think something is fishy. While that is one form of auditing, the version we are discussing today is different, and much less frightening, as it’s usually done at the request of the organization’s leaders themselves, and is meant to help the firm run more smoothly.
The guidelines for the internal audit, also referred to as the audit procedures, is our subject today. They dictate how and where the auditor should be looking at an organization in order to get a thorough and honest assessment of its inner workings. As you can imagine, this is a very organized process, that may appeal to people that thrive in that type of environment. If you think you would enjoy the auditing profession, then this article on human resources (HR) auditing, and this article on making the auditing process smoother will both give you a pretty good idea of what this job is all about.
Why Have an Internal Audit?
You may be curious as to why an organization would want to have itself audited. An organization reaps many benefits from an internal audit, so it behooves them greatly to have them done, even when it’s not required. Companies that are publicly traded on the New York Stock Exchange (NYSE) are required to have an internal auditing body, meant to consistently assess the firm’s performance. Privately owned companies, on the other hand, are not required to have internal audits, though many do.
The main reason for having an internal audit, other than it sometimes being required by law, is to provide an independent and objective evaluation of an organization’s operations, specifically, its internal structure. Other reasons for the internal audit include:
- Goals and objectives are more easily met when the internal systems are functioning as intended.
- Due to the broad scope of the internal audit, the reliability and accuracy of many different aspects of the firm are assessed, including IT, detection and deterrence of fraud, compliance of rules and regulations, and accuracy of financial statements. This course on how to interpret financial statements will help explain these valuable accounting tools.
- Any risk management issues are reported, resulting in better efficiency and effectiveness. This course on risk management provides a glimpse into this world.
- Potential sources of problems are thoroughly evaluated, including information security, regulatory compliance, and how well the organization could handle a potential interruption, among other things.
- Internal audits also hope to open up the lines of communication with management, as well as any internal and external organizations that may need to involve themselves. If you’re in the professional world, and think you need to work on your communication skills, this course on communicating and relationship building should help you open up the lines of communication in your processional life.
- Any employee development or education that’s needed may come as a result of the internal audit.
Even though the auditor is not an employee of the company, as that would be a conflict of interest, it is important that they work closely with management, while still maintaining independence, in order to be as effective as possible.
The Audit Procedures
Now on to the subject of our article today, the audit procedures. The audit procedures are the various tasks an internal auditor utilizes as guidelines in the auditing process, and helps them to collect, analyze, interpret, and finally document the information found in the audit. The result of using these audit procedures is the audit objectives, or, accomplishments.
Audit procedures may fall into one of three categories: risk assessment procedures (areas of uncertainty), tests of controls (effectiveness of policies), or substantive procedures (accuracy).
- Inspection: An internal audit will include the thorough examination and validation of the organization’s various records and documents that refer to its internal operations. The auditor will examine documents that are both internal and external, in both paper and electronic form, as well as any other type of media, and may even physically examine an asset’s performance. In the process of checking these records and documents, the organization must prove them to be valid and reliable, as well as effective, meaning that inspection is a test of controls. An example of the inspection procedure would be to look at the documentation for heavy machinery to ensure it’s operating safely and legally.
- Observation: This is when the auditor watches how a process or procedure is performed by others, making sure it’s happening in an effective manor. An example of this may be how a worker performs an inventory count. A few of the major drawbacks of this procedure is that it’s limited in its scope of time, being observed only during a limited amount of time, and the fact that the worker being watched may perform differently as a result of the monitoring.
- Inquiry: The inquiry procedure is less a stand-alone procedure, as much as it is a tool to aid in carrying out other procedures. Even though the auditor simply going around asking questions of the workers is insufficient in concluding whether a control is effective or not, it is a valuable tool when used in conjunction with other procedures, and is used throughout the entire auditing process. The auditor may direct questions to knowledgeable people both within, as well as outside, of the company, who may be in both financial and non-financial roles. These lines of questioning may be of the informal oral sort, or they may need to be written down, and take more of a formal nature.
- Confirmation: This procedure is tied in with the inquiry procedure. It simply is evidence that an official inquiry made by the auditor to a third party was officially confirmed, and is done to keep in accordance with the standards of the Public Company Accounting Oversight Board (PCAOB), which oversees the audits of public companies.
- Recalculation: Just like the name suggests, this procedure is done by the auditor to double check the mathematical accuracy of any documents or records, and it may be done either manually or electronically. Considering this, or any other math-related job, but it’s not exactly your strong point? This course on easy advanced math skills will make learning math fun.
- Reperformance: Connected to the previous procedure, an auditor may personally execute a procedure or control that he or she witnessed a worker perform. This is done in order to make sure the worker wasn’t hiding anything, or otherwise attempting to misguide or mislead the auditor in any way, and to make sure it’s being done in the most efficient manor possible.
- Analytical Procedures: The final audit procedure refers to the evaluation of any financial information the company has, in which the auditor studies the relationships between both financial and non-financial data, and decides whether or not there are any large discrepancies between actual amounts and expected amounts. It may help to have a bit of accounting knowledge in this career, and this course on management accounting is good (and cheap) way to pick up some of the basics.
So, Now What? Now that the auditor has completed his or her tasks, using the audit procedures as a guide, how can the organization use the information gathered by the auditor? There are two main services that the auditing process can provide for the organization: assurance services, and consulting services, and they help dictate what kind of benefits they see.
- Assurance Services: When an audit is done for assurance purposes, the organization’s performance is compared to similar ones, letting them know how they stack up to the competition. The auditor can offer recommendations to improve performance, minimize weaknesses, and verify that all laws and regulations being upheld.
- Consulting Services: Basically the same as assurance, auditing done for consulting reasons is requested by the organization being audited, rather than a third party requesting it, as with assurance auditing. The benefits of consulting services can be added value to the organization, as well as an improvement in their governance, risk management, and control processes, and may result in the auditor offering advice, training, facilitation, and counsel to the auditee.
The auditing process is only as effective as the auditor is thorough and organized, because if they weren’t, then the auditor would then need to be audited. As you can tell, this is a very detailed line of work, with the audit procedures meant to aid an auditor, and hopefully resulting in an organization that runs more efficiently than before the audit. If this line of work appeals to you then check out this course on SAP audit compliance to find out if this is the right career for you.