Internal auditing is a profession and activity involved in advising organizations regarding how to better achieve their objectives. Internal auditing involves the utilization of a systematic methodology for analyzing business processes or organizational problems and recommending solutions. Professionals called internal auditors are employed by organizations to perform the internal auditing activity. The scope of internal auditing within an organization is broad and may involve internal control topics such as the efficacy of operations, the reliability of financial reporting, deterring and investigating fraud, safeguarding assets, and compliance with laws and regulations. Internal auditors are not responsible for the execution of company activities; they advise management and the Board of Directors (or similar oversight body) regarding how to better execute their responsibilities. As a result of their broad scope of involvement, internal auditors may have a variety of higher educational and professional backgrounds. Publicly-traded United States corporations typically have an internal auditing department, led by a Chief Audit Executive ("CAE") who generally reports to the Audit Committee of the Board of Directors, with administrative reporting to the Chief Executive Officer. The profession is unregulated, with the international Institute of Internal Auditors ("IIA") the primary standard-setting body. The IIA has established the Standards for the Professional Practice of Internal Auditing.^[1] The IIA has over 130,000 members representing 165 countries, including approximately 65,000 Certified Internal Auditors.^[2] Wikipedia does not have an article with this exact name. ... An audit committee is an operating committee of a publicly-held company. ... In relation to a company, a director is an officer (that is, someone who works for the company) charged with the conduct and management of its affairs. ... A Chief Executive Officer (CEO), or Chief Executive, is the highest-ranking corporate officer, administrator, corporate administrator, executive, or executive officer, in charge of total management of a corporation, company, organization or agency. ... Established in 1941, The Institute of Internal Auditors (IIA) is an international professional association of more than 128,000 members with global headquarters in Altamonte Springs, Fla. ...

Organizational independence

To perform their role effectively, internal auditors require organizational independence from management, to enable unrestricted evaluation of management activities and personnel. Although internal auditors are part of company management and paid by the company, the primary customer of internal audit activity is the entity charged with oversight of management's activities. This is typically the Audit Committee of the Board of Directors in the United States. To provide independence, most Chief Audit Executives report to the Chairperson of the Audit Committee and can only be replaced with the concurrence of that individual.

Nature of the internal audit activity

Internal auditing activity is generally conducted as one or more discrete projects. Based on a risk assessment of the organization, internal auditors, management and oversight Boards determine where to focus internal auditing efforts. By analyzing and recommending business improvements in critical areas, auditors help the organization succeed. In addition to assessing business processes, specialists called Information Technology (IT) Auditors may review company IT systems and activities. Risk assessment is a step in the risk management process. ...

Role in internal control

Internal auditing activity is primarily directed at improving internal control. Under the COSO Framework, internal control is broadly defined as a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: Wikipedia does not have an article with this exact name. ... COSO refers to a document produced by the Committee of Sponsoring Organizations of the Treadway Commission providing a common definition of internal controls, standards, and criteria against which companies and organizations can assess their control systems. ...

• Effectiveness and efficiency of operations.
• Reliability of financial reporting.
• Compliance with laws and regulations.

Role in risk management

Internal auditors may assess the organization's Risk management or risk assessment processes. Risk management relates to how an organization identifies, analyzes, and responds to those risks that could potentially impact its ability to realize its objectives. Internal auditors may also play an important role in helping companies execute a SOX 404 top-down risk assessment. Internal auditors also help companies establish and maintain Enterprise Risk Management processes.^[3] Risk management is the human activity which integrates recognition of risk, risk assessment, developing strategies to manage it, and mitigation of risk using managerial resources. ... Risk assessment is a step in the risk management process. ... In financial auditing of public companies in the United States, SOX 404 top-down risk assessment (TDRA) is a financial risk assessment performed to comply with Section 404 of the Sarbanes-Oxley Act of 2002 (SOX 404). ... In business Enterprise Risk Management (ERM) are the methods and processes used to manage those risks, possible events or circumstances that can have influence on the enterprise in question. ...

Role in corporate governance

Internal auditing activity as it relates to corporate governance is generally informal, accomplished primarily through participation in meetings and discussions with members of the Board of Directors. Corporate governance is a combination of processes and organizational structures implemented by the Board of Directors to inform, direct, manage, and monitor the organization's resources, strategies and policies towards the achievement of the organizations objectives.^[4] Internal auditing is often considered one of the "four pillars" of corporate governance, the other pillars being the Board of Directors, management, and the external auditor.^[5] Corporate governance is the set of processes, customs, policies, laws and institutions affecting the way a corporation is directed, administered or controlled. ...

A primary focus area of internal auditing as it relates to corporate governance in helping the Audit Committee of the Board of Directors (or equivalent) perform its responsibilities effectively. This may include reporting critical internal control problems, informing the Committee privately on the capabilities of key managers, suggesting questions or topics for the Audit Committee's meeting agendas, and coordinating carefully with the external auditor and management to ensure the Committee receives effective information.

History of internal auditing

The Internal Auditing profession evolved steadily with the progress of management science after World War II. It is conceptually similar in many ways to financial auditing by public accounting firms, quality assurance and banking compliance activities. Much of the theory underlying internal auditing is derived from management consulting and public accounting professions. With the implementation in the United States of the Sarbanes-Oxley Act of 2002, the profession's growth accelerated, as many internal auditors possess the skills required to help companies meet the requirements of the law. A financial audit, or more accurately, an audit of financial statements, is the examination by an independent third party of the financial statements of a company or any other legal entity (including governments), resulting in the publication of an independent opinion on whether or not those financial statements are relevant... Before the signing ceremony of the Sarbanes-Oxley Act, President George Bush meets with Senator Paul Sarbanes, Secretary of Labor Elaine Chao and other dignitaries in the Blue Room at the White House on July 30, 2002. ...

References

1. ^ IIA Standards
2. ^ IIA Website
3. ^ Role of Internal Auditing in ERM
4. ^ Rezaee, Zabihollah. Financial Statement Fraud: Prevention and Detection. New York: Wiley; 2002.
5. ^ IIA Article "Getting a Leg Up"

External links

• The Institute of Internal Auditors (US)
• The Institute of Internal Auditors (UK)
• Gives details of risk-based internal auditing
• The Institute of Internal Auditors (Bulgaria)