Internal audit - what is it?

Table of contents:

Internal audit - what is it?
Internal audit - what is it?
Anonim

Internal control and audit should take pride of place in any company that has limited resources and does not want to go bankrupt. In the vastness of Russia, this aspect does not lose its relevance both in legislative and institutional and professional terms. So what is an internal audit organization?

Dealing with terminology

Let's pay attention to the basic concepts and first of all we will analyze what an internal audit is. This phrase is used to denote activities regulated by internal documents of the organization to control various aspects of the work of the structure and management units, which is carried out by representatives of the authorized body within the established framework.

The end consumer of information can be a board of directors, a general meeting of shareholders or members of a company, an executive body, and so on.

The goal pursued is to help the management link to effectively control the various elements of the system. The main task -provide reliable information on various issues that are of interest. Internal auditors perform general functions:

  1. Assess the adequacy of the control system(s). This means conducting checks of links, providing reasoned and reasonable proposals aimed at eliminating the identified shortcomings, as well as preparing recommendations to increase management efficiency.
  2. Evaluation of performance. It implies the presentation of expert assessments for various aspects of the functioning of organizations, as well as the provision of reasoned proposals in terms of their improvement.

Species diversity

Conducting an internal audit
Conducting an internal audit

What can be an internal audit system? Highlight:

  1. Functional audit of the management system(s). It is carried out in order to evaluate the productivity and efficiency of any section of economic activity.
  2. Cross-functional audit. Assesses the quality of the performance of various tasks, as well as the interconnection and interaction in the country.
  3. Organizational and technological audit of management system(s). It is displayed in the exercise of control over different links. Everything related to management is of interest. Particular attention is paid to technological and/or organizational rationality.
  4. Audit of activities. It involves conducting an objective survey and a comprehensive analysis of all areas of work and ongoing projects in order to identify opportunities for improvement. Besides,verification of the elements that link the organization to the external environment can be launched. Examples include professional connections, image, and the like. Here, the auditors are faced with the question of finding the strengths and weaknesses of the organization's work and assessing the stability of its position in higher-order systems and the prospects for development and growth.
  5. If an audit is carried out simultaneously on the four previous points, then it is designated as a comprehensive audit of the organization's management system.
  6. Checking for compliance with regulations. In this case, it is established whether the laws, regulations and instructions of the management bodies of the organizational structure are observed.
  7. Checking for appropriateness. It implies the exercise of control over the activities of officials in terms of their rationality, reasonableness, expediency, usefulness, validity of their decisions.

Theoretical aspect of system construction

Meeting of auditors
Meeting of auditors

So we have considered the theoretical points. But how is the internal audit service formed? Initially, the administration develops the policy and executable procedures of the company. But the staff cannot always understand them, they often simply ignore them, and managers sometimes do not have enough time to check and detect shortcomings in a timely manner. It is for this purpose that the internal audit service is being created. Their task is to help managers in matters of control, provide protection against abuse of office and errors, identify risk areas and workover the elimination of future shortages or shortcomings. In addition, they can help identify and eliminate weaknesses in management systems. All this should be discussed with the highest authorities, for which information is collected.

Stages of building a system

Let's say we need to ensure a high-quality and complete internal audit in the enterprise. To do this, you should organize a multi-stage process, which includes the following steps:

  1. Critical analysis followed by a comparison of previously defined economic goals of the functioning of the organization, strategy and tactics of the structure, the adopted course of action, opportunities.
  2. Developing and then documenting an improved business concept that reflects all needs and needs. It should also provide for a set of measures that will allow it to be successfully implemented and developed in the future. In addition, it is necessary to pay attention to the most important points. For them, separate provisions can be prepared that affect personnel, accounting, supply, marketing, innovation, production and technology, financial and investment policies. They should be based on a deep analysis of each element and choose the most appropriate options for the organization.
  3. Analysis of the effectiveness of the current structure with subsequent adjustment. A provision is being developed that affects the organizational structure, in which it is necessary to describe all organizational links, indicating the administrative, functional and methodologicalsubordination, areas of activity, functions performed, regulations of relationships. A workflow scheme is also created.
  4. Establishment of an internal audit unit.
  5. Development of standard procedures. Provides for the creation of formal instructions for the control of specific economic and financial transactions. They are necessary for assessing the level of quality (reliability) of information, effective resource management and streamlining relationships between specialists.

Why is internal control and audit necessary?

Careful examination of the data
Careful examination of the data

The expediency of such a decision can be expressed in the following theses:

  1. Allows the executive body to ensure effective control over individual divisions of the organization.
  2. Targeted checks and analysis carried out by auditors make it possible to identify production reserves and lay the foundation for increasing efficiency, as well as the most promising areas of development.
  3. Specialists on whose shoulders the exercise of control often perform advisory functions in relation to accounting and financial and economic services, as well as officials of the main organization, its branches and subsidiaries.

In such cases, as a rule, one general scheme is used to ensure maximum coverage and effectiveness. It looks something like this:

  1. The specific range of issues to be addressed by the internal audit department is identified and clearly defined. For them, a system of goals is created, correspondingcompany policy.
  2. The main functions necessary to achieve the goals are determined.
  3. Combining the same type of indicators into groups, and creating on their basis structural units that specialize in their processing, implementation and achievement.
  4. A relationship scheme is being developed that defines duties, rights and responsibilities. This needs to be worked out for each structural unit, documenting the result in the regulations and job descriptions.
  5. The connection of all elements of the system into a single whole. Determination of organizational status.
  6. Integration of the internal audit department into other parts of the enterprise management structure.
  7. Development of internal work standards.

After that, we can talk about conducting an internal audit.

About principles and requirements

Exploring various data
Exploring various data

What needs to be done to get an efficient system? To do this, it is necessary to ensure compliance with the following points:

  1. The principle of responsibility. It states that when there is an internal audit, the person (group of people) conducting the audit should bear disciplinary, administrative and economic responsibility for improper performance of their duties.
  2. The principle of balance. Inextricably linked with the previous one. It says that the auditor cannot be given control functions without providing the means to carry them out. Also, nothing extra should be issued that will not be used in the work activity.
  3. The principle of timely reporting of deviations. He says that any extra information revealed during the period when an internal audit is being carried out should be transferred to the management link as soon as possible. If this requirement is not met and undesirable deviations are exacerbated, then the very meaning of control is lost.
  4. Principle of correspondence between managed and governing systems. It states that the control system should be flexible enough to allow effective and adequate data verification.
  5. The principle of complexity. It says that full-fledged internal control and audit should cover objects of different types.
  6. The principle of separation of duties. It provides for the division of functions between specialists in such a way that they minimize the abuse of power and do not allow individuals to hide problematic facts.
  7. The principle of approval and permission. It provides that formal coordination of all ongoing financial and economic operations by the relevant officials within their powers should be ensured.

Basic Requirements for Success

Information verification
Information verification

We've covered internal audit pretty well already. The qualities needed to increase the level of efficiency are:

  1. Infringement claim. Provides for the need to create specific conditions that put the organization or its employee (their group) at a disadvantage and stimulate the elimination of deviations.
  2. Don't over-concentrate primary controls on one person, which could lead to misreporting and/or abuse.
  3. Requiring the interest of the administration. Fair and mutual cooperation of control and management officials must be ensured.
  4. Requirement for the suitability (acceptability) of the internal control methodology. Provides that the goals and objectives must be rational and expedient, as well as the distribution of functions performed.
  5. The demand for continuous improvement and development. Over time, even the most advanced methods become obsolete. Therefore, the system must be flexible and adapted to new tasks, even with adjustments.
  6. Priority requirement. Control over minor operations should not distract from the really important tasks.
  7. Exclusion of unnecessary control steps. It is necessary to organize activities rationally, without spending additional funds and labor.
  8. Single responsibility requirement. The demand for action and observation must be from a single center (individual or specific group).
  9. The requirement of regulation. The effectiveness of the internal oversight system directly depends on what and how many problems were foreseen by the regulatory documentation.
  10. Requirement for potential functional substitution. If one internal control entity has temporarily withdrawn from the review process, this should not adversely affect procedures or interrupt activities.

On efficiency and effectiveness

When comparing external and internal audit, two significant camps form, each with its own vision of what is most appropriate. They back up their positions with fairly weighty arguments. Thus, a good internal audit can be based on knowledge of the internal mechanisms in the organization and identify many potentially dangerous or promising points, while the involvement of external specialists allows minimizing personal sympathy and ensuring the impartiality of the audit. In general, each organization, depending on the circumstances, makes an independent decision about whose services to use, but it is up to managers to improve the result of their work.

How to improve the performance of internal control?

Develop content for audit
Develop content for audit

We all want more with less resources. Is it possible to consider the process of internal audit and increase its effectiveness? Quite. What needs to be done for this? The simplest option is to develop ethical norms and professional standards. If they are adequate, then one of their observance will allow to achieve a high quality of work.

In addition, senior management should periodically audit the internal control system. What should inspectors do? What is their ideal portrait? The Institute of Internal Auditors has been operating in the United States since 1941. In the Russian Federation, this structure is just beginning to emerge, so we use the experience of foreign colleagues. Institute of Internal Auditorsissued a number of recommendation documents, in which the main bet is on:

  1. Independence. Impartial performance of their duties and the expression of objective judgments are implied. At the same time, you do not need to rely on the judgments of colleagues.
  2. Objectivity. This point follows directly from the previous one. Objectivity requires that work be done with skill and integrity. When compiling a report, the specialist must clearly separate fact from speculation.
  3. Loy alty. This implies that internal auditors should not knowingly engage in inappropriate or illegal activities that could cause results to be discredited.
  4. Responsibility. It is assumed that a specialist should perform work exclusively within the framework of his capabilities and professional competence. He must also be held accountable for his actions.
  5. Privacy. Care must be taken in the use of information accessed in the course of duty.

Final example

Examining data for internal audit
Examining data for internal audit

That's the end of the article. We have already looked at what internal audits are. An example will consolidate the knowledge gained. Let's say we have a commercial structure. Suddenly, a drop in revenue begins to be recorded, although the workload and turnover have not changed. To find out the reason, an internal financial audit begins. Initially, there is an acquaintance with the documentation, which describes the movement of funds,operations and the like. The correctness of the design and the absence of signs of forgery are being studied. If in this case nothing suspicious could be found, then the internal financial audit proceeds to the stage of reconciliation of the real situation and the situation displayed in the documentation. As an example, it checks in the warehouse whether the indicated materials, blanks, pieces of equipment really exist. Attention is also paid to consumables. So, if one car travels 100 kilometers a day and at the same time manages to spend 50 liters of gasoline, this should be suspicious. It is necessary to carefully study all possible aspects of the occurrence of shortages, waste and theft. Upon completion of an internal audit, documentation should be promptly submitted to senior management to prevent aggravation of identified issues and to facilitate the adoption of adequate prompt corrective action.

Recommended: