Insights: Article

Create an Internal Audit with More Value

By Joscelyn Brown

August 13, 2018

In this time of constant change and organizational disruptions, the cost of a breakdown of even one internal control in a high-risk area has the potential to be quite significant. Think about the potential impact of a control not functioning as intended within your revenue collection function, treasury or controller departments. But how do you monitor your internal controls in both an effective and efficient manner? Your internal audit function is likely the best tool you have for monitoring whether your controls are in place and functioning as intended.

Benefits of Internal Audit
The benefits of a strong internal audit function go well beyond mitigating breakdowns in controls that may have significant financial and operational impacts on your organization:

  • Regardless of an organization’s size, regulatory or oversight entities expect those charged with governance (such as a City Council) and management to be responsible for ensuring an effective internal control system, including an internal audit function.1 Ideally, an internal audit function should report directly to those charged with governance and not an executive function.
  • The preparation and use of a documented risk assessment that is updated with each change in internal controls and linked directly with your annual internal audit plan ensures your internal audit time and resources are spent in the most economical and efficient manner, and that you are getting the most value.
  • As introduced, an independent internal audit function, reporting directly to governance, gives you greater (but not foolproof) confidence in your controls. Internal audit personnel provide a level of objective evaluation that other management functions may not.
  • Internal audit testing and observations can help to identify inefficiencies and duplication in processes.

Options to Fit Your Organization
A strong internal audit department can take one of many forms, depending on your size, shape, and available resources:

  • Outsourced – The entire internal audit cycle is outsourced to a third party. You’ll have access to industry expertise and best practices, variable costs replace fixed staffing costs, and independence is ensured. Current personnel’s time can then be allocated to core functions where they can provide more value.
  • Co-sourced – A third party works with your internal audit personnel to provide additional hours or special expertise, as needed. Your organization will still have access to best practices.
  • Internal – Your internal audit personnel complete all internal audit functions. The benefit of utilizing internal personnel include familiarity with the organization and its policies and procedures, no engagement letters/contracts, and ongoing communication with management. A third party may still advise your internal personnel, or review its plan on a regular basis providing a report on effectiveness to those charged with governance.

The costs resulting from a breakdown in controls have the potential to be higher than the costs of maintaining a strong internal audit department. Developing a strong, risk-based internal audit function will help you to monitor your internal controls and resolve the fear of the unknown.

1Interagency Policy Statement on the Internal Audit Function and Its Outsourcing

Latest Insights

March 11, 2019
Article
When a business is looking to examine its financial health, it’s important to keep the “why” in mind to determine the best approach.
March 7, 2019
Article
Forensic audits and internal audits can both be beneficial for your business. But how do you determine which one you need?
January 17, 2019
Article
In this installment of our Common Single Audit Findings and Remediation Series, we discuss the three distinct parts that make up Requirement “G.”
January 15, 2019
Article
The back and forth on tariffs is wreaking havoc for many businesses. Here’s what you can do to help ease the pain.
January 2, 2019
Article
Risk assessment can be daunting. But an effective risk assessment ultimately results in a better understanding of an organization’s critical business and operational risks.
September 4, 2018
Video
How do I implement ASC 606? Here are a few examples of ways ASC 606 can be implemented in an organization. Each video covers a different aspect of the new regulation.
Find A Location