INTERNAL/INVESTIGATIVE AUDIT

The internal audit consists of audit, investigation or review work carried out voluntarily by an entity, for its control purposes. The internal audit work may be carried out by the entity’s own full-time internal audit staff, or by an external accountancy firm. There is no regulatory or statutory requirement for internal audit; therefore an entity will only carry out internal audit work if it considers the benefits sufficient to justify the cost.

Internal audit functions

Since there are no regulatory requirements for internal audit, the nature of internal audit work can vary substantially between different entities, depending on their size and structure, the nature of their business, the extent of regulation within their industry and markets, the extent of computerization of the entity’s main operational systems, the attitude of senior management to risk management, the nature and scale of the perceived control risks, and so on. Internal auditing activities will usually include one or more of the following:

Monitoring of internal control.

The establishment of an adequate internal control system is a responsibility of management and is an important aspect of good corporate governance. Because the internal control system needs to be monitored continuously, large companies are likely to establish an internal audit function to assist management in this role. Internal audit is therefore usually given specific responsibility by management for reviewing internal controls, monitoring their operation and recommending improvements via a report to the directors.

Examination of financial and operating information.

This may include a review of the means used to identify, measure, classify and report such information or specific inquiry into individual items including detailed testing of transactions, balances, and procedures.

Review of the economy, efficiency, and effectiveness of operations.

This could include a review of non-financial controls.  Review of compliance with laws, regulations and other external requirements and with internal requirements such as management policies and directives.

Special investigations

into particular areas such as suspected fraud.