Back to top

What Is The Role Of An Internal Audit?



Definition of Certified Internal Auditor: An internal auditor is an employee of the company who evaluates the operations of the organization, independently and objectively. An internal auditor's role is to collect relevant and objective organization’s information. In fact, an internal auditor acts as the eyes and ears of the senior management and board of directors of the company. Their assigned work can cover any area of an organization; however, it is the audit committee that should guide their work. Historically, internal audits were aligned with audits of accounting and financial reporting. Many forms of audits, however, exist. The following are a few examples:

  • Information Technology Audits: IT audits are undertaken to review information systems to ensure safe operation and reliable and correct sensitive data. Such audits may be compliant with legislation and enforcement, such as compliance with PCI DSS (Payment Card Industry Data Security Standard), ISO 27001 (or other ISO security standards), SOC (System and Organizational Control), and HIPAA (Health Insurance Portability and Accountability Act).
  • Operation Audits: Operational audits may cover a variety of areas including assessing whether or not internal controls are adequate and functioning as intended, consistent and efficient operating procedures, and compliance with regulatory requirements, industry standards, and internal policies within the company.
  • Performance Audits: Quality audits are conducted to assess the actual performance of a company relative to the targets and goals set by its board of directors or senior management members.

Internal Auditor vs. External Auditor

There are also several differences between an internal auditor and an external auditor, for example:

  • Internal auditors are generally internal company employees while external auditors are always third-party to the organization and their clients.
  • Internal auditors generally do not perform a single comprehensive annual audit, but rather conduct a number of smaller focused internal audits throughout the year.
  • Internal auditors generate reports for the use of management, while external audit reports are prepared for use by external entities (e.g., investors, clients, lenders, and other stakeholders).
  • Internal auditors can also serve as internal consultants. Whereas external auditors are prohibited from providing attestation and consultative services to the same organization.

The Duties of an Internal Auditor

What are the duties of an internal auditor? That depends on the company, the particular role of an internal auditor, and what they are auditing. On the other hand, at a very high-level you can expect an internal auditor to:

  • Objectively assess a company’s IT and/or business processes
  • Assess the company’s risks and the efficacy of its risk management efforts
  • Ensure that the organization is complying with relevant laws and statutes
  • Evaluate internal control and make recommendations on how to improve
  • Identifying shortfalls or gaps in processes
  • Promote ethics and help identify improper conduct
  • Assure safeguards
  • Investigate fraud
  • Communicate the findings and recommendations
  • Provide an opinion (Unqualified, qualified, adverse, or disclaim)

How Can an Internal Auditor be Impartial and Objective?

While performing internal audits an independent auditor must remain objective and impartial. This can sometimes be challenging with internal politics or prejudices which can compromise the objectivity of an internal auditor or audit team. When this happens, the effectiveness of the team is limited and its value reduced for the company. An organization can reduce this risk by ensuring that its own work is not audited by internal audit. Internal audit should not report that they are auditing an individual or a group. The role of internal audit will report to the audit committee of the company or to a member of the board that has oversight authority. Although internal auditors seek to remain impartial, leadership in the company must understand that internal auditors must remain impartial. Leadership should, therefore, aim not to manipulate or force the internal audits into a particular conclusion. For example, in order to manipulate a conclusion, leadership should not impose assumptions on an internal audit.


Do You Need Help Getting Ready For An Audit?

Are you terrified of you, your business or your non-profit getting audited by the IRS? Do you wake up in the middle of the night at the thought of hearing that knock on your door? Call Robert Arnon CPA today so you can get busy relaxing tomorrow! We also handle internal audits, of course.  We specialize in helping HOAs, non-profits, small and mid-sized businesses make sure their books are in order. So if you’re even a little concerned, now is the time to act. Contact us today!






Previous Article


Next Article