Management is responsible for maintaining an adequate system of internal control. Internal auditors independently evaluate the adequacy of the existing internal control systems by analyzing and testing controls. The Internal Audit Department makes recommendations, based on their review, to management to improve controls.
The internal auditors' are part of the organization. Their objectives are determined by professional standards, the board, and management. Their primary clients are management and the board. External auditors are not part of the organization, but are engaged by it. Their objectives are set primarily by statute and their primary client the board of directors. The internal auditors' scope of work is comprehensive. It serves the organization by helping it accomplish its objectives, and improving operations, risk management, internal controls, and governance processes. Concerned with all aspects of the organization- both financial and non-financial --.the internal auditors focus on future events as a result of their continuous review and evaluation of controls and processes. The primary mission of the external auditors is to provide an independent opinion on the organization's financial statements, annually. Their approach is historical in nature, as they assess whether the statements conform to generally accepted accounting principles, whether they fairly present the financial position of the organization, whether the results of operations for a given period of time are accurately represented, and whether the financial statements have been materially affected.
The IIA's Certified Internal Auditor® (CIA) is the only globally accepted certification for internal auditors and remains the standard by which individuals demonstrate their competence and professionalism in the internal audit field. The IIA also offers several specialty certification programs, including the Certification in Control Self Assessment (CCSA); the Certified Government Auditing Professional (CGAP); and the Certified Financial Services Auditor (CFSA). ISACA offers the Certified Information Systems Auditor (CISA) certification; the Association of Certified Fraud Examiners offers the Certified Fraud Examiner (CFE) certification; and the Board of Environmental, Health and Safety Auditor Certifications (BEAC) offer the Certified Professional Environmental Auditor (CPEA).
A broad range of skills and expertise, and ongoing professional development are critical to the formation and maintenance of an effective internal audit activity. Increasingly internal audit activities are performed by multi disciplinary teams that include engineers, accountants, management graduates, and even environmental specialists who reflect a broad range of today's assurance needs. Also, information technology audit experts are a core component of modem-day internal audit activities. Internal auditors should also possess the following attributes:
• Strong interpersonal skills.
• Effective oral and written communications skills.
• Good coaching and group leadership skills.
• The ability to influence at all levels
Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes (IIA).
The internal auditors are expected to provide recommendations for improvement in those areas where opportunities or deficiencies are identified. While management is responsible for internal controls, the internal audit activity provides assurance to management and the audit committee that internal controls are effective and working as intended.
Internal auditors support management's efforts to establish a culture that embraces ethics, honesty, and integrity. They assist management with the evaluation of internal controls used to detect or mitigate fraud, evaluate the organization's assessment of fraud risk, and are involved in any fraud investigations.
Although it is management's responsibility to design internal controls to prevent, detect, and mitigate fraud, the internal auditors are the appropriate resource for assessing the effectiveness of what management has implemented.
Prevention: As a part of their assurance activities, internal auditors watch for potential fraud risks, assess the adequacy of related controls, and make recommendations for improvement.
Detection: Because the internal auditors are exposes to key processes throughout the organization and have open lines of communication with the executive board and staff, they are able to play an important role in fraud detection. In many organizations, the chief audit executive (CAE) is responsible for responding to issues raised on the ethics hotline or through another process that may lead to detection of fraud.
Investigation: Internal auditors may either have a direct role in investigating fraud incidents, or act as a resource to those responsible, they generally are not expected to have the expertise of those whose primary responsibility is detecting and investigating fraud.
The Institute of Internal Auditors (IIA) is the internal audit profession's acknowledged leader, recognized authority, and principal educator. Although the practice of internal auditing is not regulated, The IIA provides comprehensive guidance for the profession through its Professional Practices Framework (PPF). The PPF comprises the official definition of internal auditing, the International Standards for the Professional Practice of Internal Auditing (the Standards), the Code of Ethics, Practice Advisories, and development and practice aids. Compliance with the Standards and the Code of Ethics is mandatory for all members of The IIA and Certified Internal Auditors (CIAs). The IIA also provides guidance on assessing, maintaining, and improving quality within the internal audit activity.