A semi-annual or annual internal audit is a common method used to assess the effectiveness of a business’s internal control system. Unlike an external audit, which focuses on determining whether financial statements conform to generally accepted accounting principles, an internal audit focuses on uncovering internal control weaknesses and evidence of fraud, waste or abuse. Internal audit procedures and techniques are essential to effective risk-management implementation.
Ads by Google
VDA 6.3 Process Audit
2010 in European standards store. EN and DIN standards pdf on-linewww.en-standard.eu
Audit Procedures and Objectives
The main objective of an internal audit is to assess and, when necessary, improve the effectiveness of internal business controls, risk-management plans and overall business processes. Audit procedures typically start by assessing current processes and procedures. Auditors then analyze and compare results against internal control objectives to determine whether audit results comply with internal policies and procedures as well as federal and state rules and regulations. As a final step, auditors compile an audit report to present to the business owner.
Assessment Techniques
Assessment techniques are designed to ensure internal auditors fully understand internal control procedures and determine whether employees are complying with internal control directives. Auditors try to avoid disrupting the daily workflow by starting the internal audit process using indirect assessment technique. These include reviewing existing documentation such as flowcharts, manuals and departmental control policies. Creating audit trails that trace specific processes from start to finish are another common assessment technique. Techniques in the second phase, including one-on-one interviews and process observations, are techniques internal auditors use if audit trails or document reviews don’t fully answer auditors questions.
Related Reading: Internal Audit Compliance
Analysis Techniques
Internal audit analysis techniques include substantive procedures that are designed to determine whether work products contain data entry errors or whether financial statements contain misstatements. Analysis techniques can be used to test random data or target specific data if an internal auditor feels an internal control process is at risk. Substantive procedures include, but aren’t limited to, transaction matching, a physical inventory count, audit trail calculations and recalculating already-reconciled financial statements such as a monthly bank reconciliation.
Reporting Procedures
A final internal audit report marks the end of the internal auditing process. Although reporting always includes a formal report, it can also include a preliminary or memo-style interim report. An interim report generally includes sensitive or significant results the auditor feels are necessary to share immediately with the business owner. A final report is significantly more formal and includes a summary of the procedures and techniques used in completing the audit, a description of audit findings and suggestions for changes or improvements to internal controls and control procedures.