Best Tips on Establishing an Internal Audit Department

June 29, 2010 by  Filed under: Management 

Internal audit has increasingly gained ground recently and companies have found it very useful in keeping check of systems and procedures, predicting risks and providing recommendations where there are weaknesses. An entity may opt to fully outsource, co-source internal audit services or establish an in house assurance department.

Due to the nature of internal auditing and the company information that the auditors will acquire, most companies prefer having an in house team with occasional outsourcing of experts in specific areas.

Developing an assurance department is an exercise that should be carefully carried out to ensure efficiency and acceptability of the department by other stakeholders. Often managers and sometimes the entire workforce of an entity may develop a general dislike for the audit team where in such circumstances an in house team may not be effective.

However if keeping critical company information under lock and key as well as full implementation of recommendations is an entity’s priority, an internal audit department could be a very powerful agent of change in an organization.

The manner in which the department is set up and the process in which the team carries its tasks is most important. The following are key steps that can be taken to ensure a successful set up of an internal audit department:

1. Obtain and discuss expectations with senior management, the board and audit committee, including required listing standards for listed companies. Non-listed organizations should consider voluntary compliance.

2. Develop an audit charter and have it discussed and approved by the audit committee.

3. Design an appropriate budget and staffing model (e.g., in-house, co-sourced or outsourced). In addition review what companies within your industry are doing while taking into account company preferences.

4. Formulate reporting lines and responsibilities of the internal audit function.

5. Identify the auditable areas within the organization.

6. Conduct an initial risk assessment with company management and audit committee involvement. You may consider COSO enterprise risk management (ERM) framework.

7. Consider the need to comply with various statutory requirements within your environment for instance compliance with Sarbanes-Oxley Act for companies in the USA.

8. Develop an internal audit plan responsive to the risk assessment.

9. Design staffing requirements and whether the department will be staffed internally, co-sourced or outsourced.

10. Plan and execute audit work called for in the audit plan, including a system to monitor and follow up on audit recommendations.

11. Update the risk assessment for changing circumstances during the year.

12. Continuously enhance and modify the internal audit function to meet changing needs of management
and the audit committee.

Once the department has been set up the head should ensure that the objectives of the department are reviewed from time to time depending on the organizational changing needs and risk profile. Often the department will be guided by the risk assessment results to develop intervention policies. The head of the department can develop a risk assessment questionnaire which is distributed to all heads of auditable areas to evaluate their risk exposures from time to time.


You can read more on internal audit here:

Starting an internal audit department

Article Source:

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

You must be logged in to post a comment.

Prev Post:
Next Post: