What is an internal audit?

Internal control and audit should take pride of place in any company that has limited resources and does not want to go broke. In the vastness of Russia, this aspect does not lose its relevance, both legislatively and institutionally and professionally. So what is an internal audit organization?

We deal with terminology

Let's pay attention to basic concepts and first of all we will analyze what constitutes an internal audit. This phrase is used to denote the activities regulated by internal documents of the organization to control various aspects of the structure and management links, which is carried out by representatives of the authorized body within the established framework.

The final consumer of information may be the board of directors, the general meeting of shareholders or participants of the company, the executive body, and so on.

The aim is to help the management link to effectively control various elements of the system. The main task is to provide reliable information on various issues that are of interest. Internal auditors perform general functions:

1. Assess the adequacy of control systems (s). This implies conducting link checks, providing reasoned and substantiated proposals aimed at eliminating the identified shortcomings, as well as preparing recommendations to increase management efficiency.
2. Performance evaluation. It implies the issuance of expert assessments for various aspects of the functioning of organizations, as well as the provision of reasoned proposals in terms of their improvement.

Species diversity

What could be an internal audit system? Allocate:

1. Functional audit of management systems (s). It is carried out in order to evaluate the productivity and effectiveness of any section of economic activity.
2. Cross-functional audit. Evaluates the quality of various tasks, as well as the relationship and interaction in the country.
3. Organizational and technological audit of management systems (s). It is displayed in the exercise of control over different links. Of interest is everything related to management. Particular attention is paid to technological and / or organizational rationality.
4. Audit of activities. It involves an objective examination and a comprehensive analysis of all areas of work and ongoing projects in order to identify opportunities for their improvement. In addition, the verification of elements that connect the organization with the external environment can be started. An example is professional communication, image, and the like. Here, the auditors are faced with the question of finding the strengths and weaknesses of the organization's work and assessing the stability of its position in higher-order systems and prospects for development and growth.
5. If a check is carried out at the same time on the four previous points, then it is designated as a comprehensive audit of the organization’s management system.
6. Check for compliance. In this case, it is established whether the laws, regulations and regulations of the organizational bodies are being followed.
7. Verification of appropriateness. It implies the exercise of control over the activities of officials regarding their rationality, reasonableness, expediency, usefulness, and the validity of their decisions.

The theoretical aspect of building a system

So we examined the theoretical points. But how is the internal audit service formed? Initially, the administration develops the company’s policies and procedures. But the staff can not always understand them, often simply ignores them, and sometimes the managers do not have enough time to check and timely detect deficiencies. It is for this purpose that an internal audit service is being created. Their task is to help managers in matters of control, provide protection against abuse of authority and mistakes, identify risk areas and work to eliminate future shortcomings or shortcomings. In addition, they can help identify and address weaknesses in control systems. All this should be discussed with senior management bodies, for which information is collected.

System building steps

Suppose we need to ensure a high-quality and complete internal audit at the enterprise. To do this, organize a multi-stage process, which includes the following steps:

1. A critical analysis , followed by a comparison of the previously defined economic goals of the functioning of the organization, the strategy and tactics of the structure, the adopted course of action, opportunities.
2. Development and subsequent documenting of an improved business concept that reflects all needs and needs. It should also include a set of measures that will allow it to be successfully implemented and developed in the future. Additionally, you need to pay attention to the most important points. For them, you can prepare separate provisions affecting personnel, accounting, procurement, marketing, innovation, production and technological, financial and investment policies. They should be based on a deep analysis of each element and choose the most appropriate options for the organization.
3. Analysis of the effectiveness of the current structure with subsequent adjustment. A situation is being developed that affects the organizational structure, in which it is necessary to describe all organizational units, indicating the administrative, functional and methodological subordination, areas of activity, the functions performed, the rules of relations. A workflow diagram is also created.
4. Creation of an internal audit unit.
5. Development of standard procedures. It provides for the creation of formal instructions for monitoring specific business and financial transactions. They are necessary to assess the level of quality (reliability) of information, effective resource management and streamlining relationships between specialists.

Why is internal control and audit necessary?

The feasibility of such a decision can be expressed in the following theses:

1. It will allow the executive body to provide effective control over individual departments of the organization.
2. Targeted audits and analysis carried out by auditors make it possible to identify production reserves and lay the basis for increased efficiency, as well as the most promising areas of development.
3. Professionals on whose shoulders lies the exercise of control often perform advisory functions with regard to accounting and financial and economic services, as well as officials of the main organization, its branches and subsidiaries.

In such cases, as a rule, one general scheme is used, which ensures maximum coverage and effectiveness. It looks something like this:

1. A specific range of issues that the internal audit department should decide is identified and clearly defined. A system of goals is created for them, in line with company policies.
2. The basic functions necessary to achieve the objectives are determined.
3. The unification of similar indicators into groups, and the creation on their basis of structural units that specialize in their processing, implementation and achievement.
4. A relationship scheme is being developed that defines responsibilities, rights and responsibilities. This must be worked out for each structural unit, fixing the result documented in the positions and job descriptions.
5. The combination of all elements of the system into a single whole. Determination of organizational status.
6. Integration of the internal audit department into other parts of the enterprise management structure.
7. Development of internal work standards.

After that, we can talk about conducting an internal audit.

About principles and requirements

What needs to be done to get an efficiently functioning system? To do this, it is necessary to ensure compliance with the following points:

1. The principle of responsibility. It states that when an internal audit is in progress, the person (group of people) conducting the audit must bear disciplinary, administrative and economic responsibility for the improper performance of his duties.
2. The principle of balance. Inextricably linked to the previous one. It states that the auditor cannot be vested with oversight functions without providing the means to carry them out. Also, nothing superfluous should be given out that will not be used in work activities.
3. The principle of timely reporting of deviations. He says that any excess information identified during the period when the internal audit is carried out should be transferred to the manager in the shortest possible time. If this requirement is not met and unwanted deviations are exacerbated, then the very meaning of monitoring is lost.
4. The principle of conformity of managed and guiding systems. It states that the control system must be flexible enough to provide effective and adequate verification of data.
5. The principle of complexity. It states that full internal control and audit should cover objects of various types.
6. The principle of separation of duties. It provides for the separation of functions between specialists in such a way that they minimize abuse of authority and do not allow individuals to hide problematic facts.
7. The principle of approval and permission. It provides that formal approval of all financial and economic operations carried out by relevant officials within their powers should be ensured.

Key Requirements for Success

We have pretty well reviewed the internal audit. The qualities necessary for the growth of the level of efficiency are:

1. Claim for infringement of interests. It requires the creation of specific conditions that the organization or its employee (their group) puts at a disadvantage and stimulates the elimination of deviations.
2. Prevention of excessive concentration of primary control by one person, which may lead to the receipt of false data and / or abuse.
3. Demand for administration interest. It is necessary to ensure honest and mutual cooperation of control and management officials.
4. Requirement of the suitability (acceptability) of the internal control methodology. It provides that goals and objectives must be rational and appropriate, as well as the distribution of functions.
5. The requirement of continuous improvement and development. Over time, even the most advanced methods become obsolete. Therefore, the system must be flexible and adaptable to new tasks, even with adjustments.
6. Priority requirement. Monitoring minor operations should not detract from truly important tasks.
7. Elimination of unnecessary control steps. Activities should be organized rationally without spending additional funds and labor.
8. The requirement of single liability. Demand for actions and observations should be from a single center (a person or a specific group).
9. Regulatory requirement. The effectiveness of the internal oversight system depends directly on what and how many problems were provided for in the regulatory documents.
10. Requirement of potential functional substitution. If one subject of internal control temporarily leaves the verification process, this should not adversely affect the procedures or interruption of activities.

About efficiency and effectiveness

When external and internal audits are compared, two significant camps are formed, each of which has its own vision of what is most suitable. They reinforce their positions with fairly weighty arguments. Thus, a high-quality internal audit can be based on knowledge of internal mechanisms in the organization and identify many potentially dangerous or promising points, while the involvement of external experts can minimize personal sympathy and ensure the impartiality of the audit. In general, each organization, depending on the circumstances, makes an independent decision about whose services to use, but in the power of managers to improve the result of their work.

How to improve the performance indicators of the internal control service?

We all want more with less resources. Is it possible to consider the process of implementing internal audit and increase its effectiveness? Quite. What needs to be done for this? The easiest option is to develop ethical standards and professional standards. If they are adequate, then one of their compliance will achieve high quality work.

In addition, top management should periodically audit the internal control system. What should reviewers do? What is their perfect portrait? Since 1941, the Institute of Internal Auditors has been operating in the USA. In the Russian Federation, this structure is only beginning to emerge, therefore, we use the experience of foreign colleagues. The Institute of Internal Auditors has issued a number of recommendation documents in which the main focus is on:

1. Independence. Implied impartial performance of their duties and the expression of objective judgments. In this case, you do not need to rely on the opinions of colleagues.
2. Objectivity. This item directly follows from the previous one. Objectivity requires that the work is done professionally and honestly. When compiling a report, a specialist should clearly separate the facts from speculation.
3. Loyalty. This implies that internal auditors should not be consciously involved in inappropriate or illegal activities that could discredit the results.
4. Responsibility. It is assumed that a specialist should perform work exclusively within the framework of his capabilities and professional competence. He must also be responsible for his actions.
5. Confidentiality. Care must be taken in terms of applying the information that was obtained during the course of duty.

Final example

That article is coming to an end. We have already examined what internal audits are. An example will consolidate the knowledge gained. Let's say we have a commercial structure. Suddenly a drop in revenue begins to be recorded, although the workload and turnover did not change. To find out the reason, an internal financial audit begins. Initially, there is a familiarization with the documentation, which describes the movement of funds, operations and the like. We study the correct design and the absence of signs of fake. If in this case nothing was found to be suspicious, then the internal financial audit proceeds to the stage of reconciling the real situation and the situation displayed in the documentation. As an example, it checks at the warehouse whether there are any specified materials, blanks, or pieces of equipment. Attention is paid to consumables. So, if one car travels 100 kilometers per day and at the same time manages to spend 50 liters of gasoline - this should be suspicious. It is necessary to carefully study all possible aspects of the occurrence of shortages, embezzlement and theft. After completion of the internal audit, it is necessary to immediately file documentation with top management in order to prevent aggravation of identified problems and to facilitate the adoption of adequate operational measures to eliminate errors.