Internal audit

Internal audit is a very diverse group of services. Traditionally it is divided into:
  • operational audit (effectiveness of the processes in the first place)
  • financial audit (related with financial statement audit, the main scope is the reliability of financial information)
  • compliance audit (verification of compliance with internal and external regulations).
Internal audit does not have to be performed by an auditor who is a full time employee. It can be outsourced, providing many advantages:
  • greater independence of auditor: an auditor working full time may sooner or later be unable to assess his organization in an unbiased way because of the necessity to assess the work of colleagues and the lack of freshness in approach
  • greater flexibility and scalability — the number and scope of audits can be easily adjusted to present needs and abilities
  • economic effectiveness — the cost of internal auditor as a full time employee has to be paid regardless of tie-ups resulting from the temporary lack of demand for new audits or waiting for documents — in such a situation an external auditor works for other clients.

The scope of audit engagement can be chosen by the Client to be the most important processes (procurement, sales, project management) or it can be those chosen by the auditor on the basis of risk assessment.

Internal audit can improve a company’s effectiveness but it can also be a preventive means against frauds ("Let's better not to do this, because an auditor could catch us") and internal control system gaps.

An area closely related with internal audit is forensic audit (aimed at fraud detection). Internal audit engagements usually contain elements of fraud detection, but according to IIA standards, it is not their primary aim.

International Standards for the Professional Practice of Internal Auditing can be found on the website of The Institute of Internal Auditors.