According to the Institute of Internal Auditors, Internal Auditing could be defined as "an independent, objective assurance and consulting activity designed to add value and improve an organisation's operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes". Internal auditing, which is therefore a process, usually involves three distinct identities: "the process owner" (who owns the company), "the internal auditor" (the person who is delivering his evaluation), "the user" (who is going to use the evaluation). The goal of an operational auditing is to ensure that financial reporting complies with the accounting principles broadly accepted. Compliance is therefore a key concept in operational auditing. "Audits based on compliance focus on the adequacy and effectiveness of management controls governing adherence to external laws and regulations" (definition of compliance given by COSO, The Committee of Sponsoring Organizations of the Treadway Commission).
[...] An operational auditing must abide by the Financial Accounting Standards Board (FASB). The role of FASB is an essential body since it is "the designated body in the private sector responsible for establishing and improving standards of financial accounting and reporting for non- governmental public and private enterprises, including small businesses" (Sources: FASB). The missions of FASB, implemented in 2003, is to ensure a homogenisation of the way to conduct financial reports by establishing standards. "The mission of the Financial Accounting Standards Board is to establish and improve standards of financial accounting and reporting for the guidance and education of the public, including issuers, auditors, and users of financial information" (Sources: FASB). [...]
[...] Internal Auditing is presented in every company (Part I). Internal Auditing differs from Internal Control most notably in terms of responsibility because both are aimed to assess the company (Part II). The creation of an institutional framework for Internal Auditing is in the interest of the companies because they are more world-wide implanted than they used to be which has become especially true with the reduction of obstacles that hamper free trade (Part III). Internal auditing enables the reduction of the risks incurred by a company (Part IV). [...]
[...] Then, internal auditing promotes efficiency and reduces the risks incurred by a company. Frauds and abuses have led to a complete revision of accounting principles. The responsibility of the auditors has been strengthened as well as the responsibility of CEOs. They currently incurred prison sentences if they are accused of frauds. The scandals have cast a glance on audit profession that had to prove its integrity. Internal Auditing functions reconsideration has been brought to the fore especially after the implementation of the Sarbanes-Oxley Act. [...]
[...] A satisfactory operational auditing for Risk Assessment is achieved if (Sources: COSO): - "Management has predefined relevant objective" - "Such objectives are compatible with broader objectives" - "Management has identified relevant risks to achieve its objectives" - "Management has a basis for determining which risks are most critical" - "Management has ensured mitigation of critical operating risks" - "Audit tests detect key risks not previously contemplated by management" V - OPERATIONAL AUDIT AND FRAUDS Internal Auditing implies objectivity and independence. [...]
[...] In this paper I will focus on operational auditing. Risk Management Internal auditing can promote the implementation of an efficient Enterprise Risk Management method. It consists in reducing the risks of the company. The internal audit "should assist the organisation by identifying and evaluating significant exposures to risk and contributing to the improvement of risk management and control systems." (Performance Standards of the Institute of Internal Auditors). In that respect, the risks should be evaluated according to various criteria: - "Reliability and integrity of financial and operational information" - "Effectiveness and efficiency of operations" - "Safeguarding of assets" - "Compliance with laws, regulations, and contracts" The authors of "Enterprise Risk Management: Pulling It All Together" have put into evidence that internal audit has a strong role to play to promote the successful implementation of Enterprise Risk Management (ERM). [...]
Online readingwith our online reader
Content validatedby our reading committee