The History of Internal Audit is essential to understanding the definition of Internal Auditing today. The need for some form of independent verification to reduce record-keeping errors, asset misappropriation, and fraud within a business and nonbusiness organizations drives the demand for both external and internal auditing. Internal auditing (IA) is not a new idea. It has progressed from simple audits of financial records to the detection of fraud and corruption. Today, IA enables the entire organization’s governance, resource conservation, compliance, risk management, and data verification and analysis.
History of Internal Audit
Internal audit has traditionally been focused on identifying policy violations and encouraging compliance with regulations. Internal audit departments, on the other hand, have recently shifted their focus to an integrated approach to risk management. Internal audit evolved as a result of both the changing nature of the market and industry regulations. The new perspective also includes a shift from a document-centric to a data-centric approach, allowing internal audit to leverage technology that can improve enterprise risk management (ERM).
Internal audit evolved because of senior management’s need to have a helping hand. Internal audit provides senior management with independent assurance the organizational objectives are being followed. On a global level, the history of internal auditing is closely connected with The Institute of Internal Auditors (IIA). This is an organization that started in the United States in 1941. IIA is leading the internal audit practice. It is the global body that issues internal auditing standards. (More on Internal Auditing Standards).
Internal auditing has evolved over the years, gaining recognition from executives and organization leaders. Internal auditing must respond to the changing needs of the global environment and adapt. The profession has advanced from focusing on financial information, compliance reviews, information technology, operational processes, and risk and controls.
The fundamental principles of establishing internal audit in a business concern are as follows:
Independence: The internal audit department should be autonomous within the organization. The internal auditor must hold a position of sufficient authority within the organization. He may be required to report directly to the board of directors.
Objectives: The internal audit function’s objectives should be clarified and conclusive. Internal audit should be properly communicated so that it is not viewed as a “over the shoulder check” by other departments.
Clarity in Scope: The scope of the internal audit department must be specified in detail. Under any circumstances, the department must have the authority to conduct every phase of organizational activity from a financial standpoint at all times.Reporting: The internal audit program should be time-bound. There should be protections for integrated reporting on various functions and other aspects.
Internal auditing is now primarily concerned with integrated audits, in which auditors provide assurance on any combination of the following types of engagements:
Financial assurance provides assurance related to the achievement of one or more financial assertions. Assertions include existence or occurrence, completeness, valuation, allocation, rights and obligations, presentation, and disclosure. It is like external audit. However, the scope of internal audit is greater.
Controls assurance provides assurance related to the design and operation of key control activities; controls may be operational, financial, or compliance related.
Information technology (IT) assurance provides assurance related to the design and operation of general IT control activities or specific application control activities.
Compliance Assurance provides assurance related to the design and operation of control activities and procedures in place to assure compliance with laws, regulations, policies, and operations. Compliance provides assurance related to the efficiency and effectiveness of an organization’s operations including profitability goals, performance, and safeguarding resources against loss.
It must be noted that integrated audits allow internal auditors to audit information received from all perspectives. The auditor will look at things from an ‘integrated’ view. He or she will review the systems used, data entered, and records maintained including their accuracy and efficiency of the procedures being followed. The evolution of this profession has led to the increasing use of computer-assisted audit techniques.
Integrated auditing places certain requirements on the internal auditing function such as the fact that the audit will probably require the use of multiple auditing techniques, which will affect the audit’s budget and staffing. Further, the audit department will have to coordinate the participation of experts from other areas of the organization or from outside the organization.
Final Thoughts
Internal auditing is an independent, objective assurance and consulting activity that adds value to and improves the operations of a company. It may assist an organization in achieving its goals by bringing a systematic, disciplined approach to evaluating and improving the effectiveness of risk management, control, and governance processes. Internal auditing may be able to achieve this goal by providing insight and recommendations based on data and business process analyses and assessments.