According to The Institute of Internal Auditors (https://na.theiia.org) —
“Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”
During the normal course of business, department heads – identify operational risks; develop and document policies and procedures to mitigate these risks; and train their staff on the procedures. These policies and procedures are amended, probably annually by the responsible department. Internal auditors validate that the policies and procedures are followed and effective at minimizing financial risk.
But, recent market turmoil revealed additional risks that if not addressed expose the company to brand and reputational risks, as well as financial risk. The role of the internal auditor is expanding and the approach employed is evolving. Internal Auditors are accountable for reviewing current processes and improving them when possible, by implementing best practices.
A proper internal audit approach includes understanding business goals usually identified through senior manager interviews, preparing risk assessments, scoping key audit areas, evaluating controls, creating remediation plans, and testing controls. An internal auditor must be able to evaluate, assess and implement controls across business areas.
According to the 2012 Internal Audit Capabilities and Needs Survey (Protiviti March 2012), identified themes for 2012 are associated with technology and the risks presented, such as IT Asset Management; Vendor Negotiations; Fraud; Social Media Applications; Cloud Computing; Continuous Auditing/Monitoring.
What has been your experience?© Copyright 2012 Regis Quirin, All rights Reserved. Written For: CFO Tips - What you need to know, to be a CFO TODAY!