Essay on What is internal auditings role in modern business?
This paper is oriented towards the basic of
internal auditing and what it’s role in modern businesses and organization.
Internal auditing is a tool that organization can use as a self checking and
evaluation its processes. The scope and objectives of internal auditing that
show for which purpose internal audit is applied in the organization.
Description of internal audit process gives overview of procedure followed at
the time of auditing. The paper is also describing role of internal auditing in
risk analysis and in quality management system. Also it covers similarities and
differences from external auditing. The paper also gives information about job
of auditor and what his importance in the auditing process.
2.0 Introduction:
Internal auditing, it is not a new term for the
world of organization. The concept of internal audit is old like 5000 years, at
that time people of civilized communities which were economically and
politically stable used this approach to check effectiveness of their taxes and
businesses so they can check errors and safe the state property from dishonest
taxpayers.
This essay is an example of a student's work
In modern world especially in the United States
this approach rise after the Second World War and steadily growing. Internal
audit has much similarity with financial auditing and a number of theories are
derived from management consulting and public accounting.
Definition:
“Internal auditing is an independent, objective
assurance and consulting activity designed to add value and improve an
organization's operations. It helps an organization accomplish its objectives
by bringing a systematic, disciplined approach to evaluate and improve the
effectiveness of risk management, control, and governance processes.”
Internal audit is a preventive action of a
company and it is done by the professionals or experts of that company. These
professionals called internal auditor and they evaluate internal control system
of the company. This study or audit report is submitted to management and from
this report they can take steps for improvements. In requirement part of ISO
9001:2000 it is found in the monitoring and measurement section which gives
idea that it is an activity that measures implementation of quality management
system.
3.0 Scopes and objectives of internal auditing:
Objectives:
The main objective of an internal audit in the
company is to improve quality and reduce risk by evaluating the effectiveness
of process. Other than this internal audit is done for checking financial and
operating information’s reliability, to safe assets from loss, resource management,
established process or program me is following its objective and compliance
with policies, laws and regulations, identification which area needed
improvement, verification of cGMP compliance.
Scopes:
Internal audit’s main scope is assuring quality
in respected area which is under the audit procedure. Design, approval and
evaluation of product should comply with GMP. Ensure quality in GMP
implementation, performance of staff, feedbacks. Include documents, instruction
and records and covering all parts of GMP.
4.0 Principles and Requirements of internal
audit:
As per ISO 9000 standards require maintenance of
document evidence for internal audit process. Document evidence must include:
who is executing the internal audit, which department is under the audit,
describing whole process, supervision after internal audit plan and where the
results are documented.
These are the some common principles that
applied at the time of internal audit implementation.
Internal audit is independent and evidence based
approach.
All activities of internal audit should be
reviewed by independent party, have a sampling and tracking line and they are
open and constructive.
Insure all resources are available before
starting audit.
5.0 Internal Auditor:
Auditor is a employee of the company with
sufficient experience and background who conduct the internal audit. Though he
is an employee of the firm he has to audit his colleagues and their performance
and for this he has some abilities that audit results are not affected by his
personal relation. For this he has to be ethical, open minded, diplomatic,
observer, versatile, persistence, decisive and independent.
Patience is needed in auditing and so the
auditor must be cool and need to see what the actual situation in the
organization. Generally people don’t like to be audited and for this he makes
lot of effort psychologically to get the real answer and avoid the conflict. In
the audit period he has main one objective - put the real status of the
organization to top management.useful links we will discuss in next chapters-Main Financial Ratios
Accounting Ratios - Introduction to Ratio Analysis
6.0 Internal Audit process:
For successful audit it is required effective
communication between management and auditor. To obtain effectiveness and in
time audit it is necessary that auditor do not go depth in every item and take
a quick overview and focus on the parts which do not comply with the company
policies.
Every audit is unique; the audit process is
containing these four stages which are commonly found in every audit:
Planning of audit ( review and preliminary
phase)
Performing an audit ( field work phase)
Audit report ( documentation phase)
Change implementation ( follow-up phase)
1. Planning of an audit (review and preliminary
phase)
In the stating of an audit management do a
meeting to plan about auditor that who will handle the audit, objectives and
scopes of an audit, which area should be cover under the audit, which criteria
should be considered, gather information about important processes, prepare
paper work and distribution of audit plan.
2. Performing an audit (field work phase)
After planning now it is time to implement audit
procedure but there is no common way that auditor perform the audit. An auditor
should looking what is requirement, which way the process can be improved,
gathering and analyzing information and making best conclusion on his effort.
Keep in mind that internal audit is not always
done for the improvement or find out defects, it also recognize individuals who
are putting their outstanding efforts.
The following procedure is generally followed in
each audit:
In starting of audit process the auditor first
make a meeting with the head of area which is going to be audited, explaining
him scope and objective of this effort and making him relax for the audit.
Auditor will study all processes carefully and
their outcome, here auditor checking that processes is operating in conformance
of company’s quality management system.
He gathers information by asking open-ended
question about process and personal competence.
Auditor make notes about data he got during the
various point of audit process.
Auditor analyzes all the data he found and ask
himself that is process running in compliance with company’s policy? Or process
needs improvement.
Before reaching the conclusion he take all the
aspects of audit in consideration, is there any failure event appeared, any
area needs to be considered improvement? Are there any individuals or
departments displayed uncommon behavior?
In the end of his fieldwork the auditor, hold
the closing meeting with head of the area in presence of plant manager. Explain
him positive and negative outcome of his study and corrective actions for that.
He tries to resolve any disagreement on his conclusion in this meeting.
3. Audit report (documentation phase)
It is most difficult part of the process. An
auditor should write brief and clear summery of his finding, which includes
both positive and negative outcomes of his study. These positive outcomes may
help company for improvement.
The data or findings must be truthful, scope and
objective oriented, and written in manner that management can easily understand
that and can take corrective action from that. Audit report is a official
record that should contain: scope, criteria and objective of an audit,
Auditor’s information, time and area where auditing done, outcomes of audit
(positive and negative), a closing statement.
4. Change implementation (follow-up phase)
During this phase the non compliance is
submitted to quality committee. The quality committee studies the report
submitted by an Auditor and checking all the non compliances are in fact differ
from the company’s quality management system. Upon agreement that process or
item is none conforming, the quality committee takes action to correct it and
gives responsibility for this correction to suitable person with time limit.
During correction quality committee observe the
process of correction and after change is implemented and process or item
working in compliance with company’s policy, committee ask the same person for
follow up inspection. The Auditor check in same manner as he done before and
check the difference in outcome, if it is compliance with quality management
system of company than he give the satisfactory report to the management. The
whole process is documented that it could be useful for future study.
7.0 Internal controls:
Internal control is a major part of an internal
auditing and evaluation of internal controls is one of the primaries objectives
of internal auditing.
In auditing internal controls can be defined as
process affected by organization’s structure, employee and management
information system, authority and work flow, designed to fulfill organization’s
scope and objectives. These are common objectives for internal control:
effective and efficient operations, reliable financial reports, compliance with
laws and policies, protecting assets of organization.
Internal controls are divided in main two
categories preventive controls (designated to prevent errors and irregularities
from occurring) and detective controls (designed to find out errors and
irregularities after they have occurred). The examples of internal control
activities are separation of duties, authorization, proper documentation,
control over assets, variance analysis, monitoring operations.
A question arise that who take the
responsibility for internal controls, it’s not only a job of internal auditor.
Every employee of the organization is responsible for maintenance of internal
controls. Internal audit assist management to evaluate and promote internal
control system.
8.0 Risk management:
Internal audit play an important role in risk
assessment and evaluation of processes which have significant risks. Risk
management is process that in which way organizations sets its objectives and
then evaluates and analyzes the risks which can produce impact to realize its
objective.
In regular basis organization applied strategic,
marketing or capital planning, budgeting, and hedging to evaluate the risk.
Internal audit evaluate all this activities and processes applied by the
management to report and monitor potential risk identified.
This essay is an example of a student's work
These are some core roles of internal audit in
risk management: assuring risk management process, assuring evaluation of risks
and evaluation of risk management process, key risks evaluation and reviewing
them to the management, assisting management in responding of risks, developing
risk management framework and coordinating all activities.
9.0 Internal audit vs. External audit:
External audit:
In External audit organization contact person
(auditor) outside of the firm who audits organization’s financial statement and
submit a report to the management. External auditor differs from internal
auditor mainly in two ways: (1) internal auditor mainly focuses on risk management
and internal control framework, (2) internal auditor do not form an opinion on
organization’s financial statements.
Some similarities also there between internal
and external auditor:
Both internal and external auditor examines and
evaluates many transactions.
Both report if the procedures are poor and
ignorance in adhering them.
They both deeply involved in information system
and based on discipline and work with profession standards.
Both are concerned for occurrence of errors and
they are tied with internal control system of organization.
Both give formal report of their activities.
factor
Internal audit
External audit
objective
Mainly focus on risk management system and
internal controls
Attests to financial statements and controls.
Scope
Check overall system value for money, management
information system and compliance
Financial accounts, balance sheet, profit and
loss accounts and annual reports.
Management
Reporting done directly to executive management
administration.
Primary report submitted to audit committee for
financial status and controls.
Standards
please read related article:Finance and investment management
Auditing follows international standards for
professional practice of internal auditing.
It is governed by appropriate accounting and
audit standards.
Independence
It is not independent from organization. (it is
independent from the area being audited though it is integral part of
organization.)
It is independent of the organization.
staff
Varies in every audit generally CAE, managers,
seniors and assistants.
Partners, managers, trainees and seniors are
involved in this.
Risk
Identify key business risks and their
probability of occurrence and impact on business and form appropriate
recommendations.
Identify financial misstatements and key
transactions.
Recommendations
Submitted in the audit report to the management.
Communicate with management about
recommendations.
Follow- up
Follow up is done to ensure that recommended
change are done or not and system is compliance with company’s policy.
Limited follow ups and mainly in the financial
area of the organization.
Size
Only in the large organization.
In public sectors and all registered companies.
10.0 Quality Management System:
Quality management system is defined as policies
and procedures established for planning and execution in all areas of organization.
QMS integrates various controls in organization and gives best process approach
to execute the project. The main objectives of QMS continuous improvement in
organization, improve regulatory compliance and bottom line without
compromising the product quality.
For a good quality management system
implementation entity should follow ISO 9001 standards and guiding principles
of QMS are: customer focus, leadership and employees’ involvement, systemic
approach to management, process approach, and continuous improvement.
By following ISO 9001 based quality management
system an organization can improve in efficiency, processes, documentation,
customer satisfaction, consistency, employee morale and an entity can get
international recognition.
Internal auditor’s role in ISO 9001 QMS
maintenance:
Internal audit is the best tool to evaluate the
effectiveness of ISO 9001 QMS of an organization. With sufficient knowledge
about ISO 9001 QMS a trained auditor easily evaluate the QMS. An auditor should
know how to interrelate the audit report and effectiveness of ISO 9001 quality
management system.
After this audit organization has nothing to
fear from 3rd party audit. Successful and deeply audited QMS of the
organization gives confidence at the time of external audit that nothing can
surprise organization from the external audit report. For that an internal
auditor has sufficient experience and thoroughly knowledge of ISO 9001 QMS
standards.
11.0 Summary:
This paper mainly focusing on basic of internal
auditing and what it’s role in different area of organization builds for
maintaining quality in all the processes. The important benefits like the real
situation of the organization and which area or processes needs improvement can
find out by internal audit application. This help company to identify the
potential risk and what should company do to overcome these risks, also it
build confidence in quality system of the company that all the processes are
operating the compliance with standards which are made by the company’s quality
management system.
Internal audit is not a regulatory requirement
that a company must follow and submit the report to regulatory agencies like
FDA. It is a tool that company can apply in time intervals that makes all the
processes and records up to date that when inspection comes outside of the
company, company can provide them all the information without any hesitation.
In short it is a self checking process that helps organization in continuous
improvement.
The present trend in the organization is setting
a view of role of internal audit in future. Today management and agencies are
taking internal audit as a precaution for the risks that might be evolved in
the future. A risk focused model of internal auditing is an example if this
thinking, this can improve in identifying and monitoring the risk. As
technologies immersed and market is becoming global the probability and the
areas of risk also increased that are becoming top priority of the management
and so for the internal audit.
For the future the role of auditor is also
becoming more important in the business world, special expertise will certainly
needed to overcome these new identified risks.
The Leaders of internal auditing education are
also changing their methods according to these future needs. The internal
auditor should be ready with intimate knowledge and with ability to use other
discipline in audit work.
following links are useful too:Investment Strategy by Behavioural FinanceIssues in accounting standards for Islamic financial institutions
No comments:
Post a Comment