The internal audit function is there to carry out the responsibilities to evaluate the effectiveness of risk management, regulation, and governance processes and to provide insight and recommendations to improve these processes, particularly in terms of operational effectiveness, financial management and reporting reliability, and compliance with applicable laws.
Internal Audit Functions
The functions of internal audit and its role is to verify the existence of assets and recommend appropriate safeguards for their protection. Evaluating the adequacy of the internal control system and recommending control improvements.
In addition, the functions of Internal Audit is to evaluate compliance with policies and procedures, as well as sound business practices. Examine its adherence to state and federal laws, as well as contractual obligations. Examining operations/programs to determine whether results are consistent with established objectives and whether operations/programs are being carried out as planned, as well as investigating reported instances of fraud, embezzlement, theft, waste, and so on. The functions of internal audit to educate management and employees on how to improve business operations and efficiency.
Internal Audit Roles
In the public sector, the term “internal auditor” is used in a variety of contexts. For example, some people with the title “internal auditor” are actually elected officials who, in practice, serve as independent auditors. In contrast, many people in the public sector perform one or more of the duties of an internal auditor, albeit under a different job title. An internal auditor is defined for the purposes of this recommended practice as any audit professional who works directly for management at some level and whose primary responsibility is to assist management in fulfilling its oversight and internal control duties as effectively and efficiently as possible.
Internal auditors can provide significant benefits to state and local governments in a variety of ways. They frequently assist management in monitoring the design and proper operation of internal control policies and procedures. Internal auditors, in this capacity, serve as an additional level of control, contributing to the improvement of the government’s overall control environment. Internal auditors can also help with performance audits, as well as special investigations and studies.
What is the Internal Audit’s Purpose?
Every government must consider the viability of instituting an official internal audit function because such a function can significantly contribute in maintaining a complete framework of internal controls. In general, a formal internal audit function is especially beneficial for activities that involve a high level of risk (e.g., complex accounting systems, contracts with outside parties, a rapidly changing environment).
If establishing a separate internal audit function is not feasible, a government should consider either assigning internal audit responsibilities to regular employees or retaining the services of an accounting firm other than the independent auditor for this purposes:
The internal audit function should indeed be formally established by charter, enabling negotiated settlement, or other necessary legal means, including the scope of work, to whom internal auditor reports to (i.e. top management and/or the audit committee/governing body), application of an annual report, and the auditing standards to be follow.
It is recommended that state and local government internal auditors carry out their duties in accordance with the professional standards for internal auditing outlined in the U.S. Government Auditing Standards, published by the General Accounting Office, including those pertaining to internal auditor independence;
At the basic level, the head of the internal audit function should have a college degree and relevant experience. It is also highly desirable that the head of the internal audit function have some form of professional certification.
Internal auditor reports, as well as the annual internal audit work plan, should be made available to the government’s audit committee or equivalent.
Internal Audit Charter Definition
Internal audit is an independent and objective assurance and consulting activity guided by a value-added philosophy to improve the control environment surrounding GitLab’s financial reporting and to recommend operational efficiencies as requested. It contributes to the achievement of its goals by implementing a systematic and disciplined approach to evaluating and improving the effectiveness of the organization’s governance, risk management, and internal controls.
Internal audit charter will be governed by The Institute of Internal Auditors’ mandatory guidance, which includes the Definition of Internal Auditing, the Code of Ethics, and the International Standards for the Professional Practice of Internal Auditing. This mandatory guidance establishes the fundamental principles for the professional practice of internal auditing and for assessing the effectiveness of the internal audit activity’s performance.
Independence and Objectivity of IAC
Internal audit activity will be free of interference from any element within the organization, including audit selection, scope, procedures, frequency, timing, or report content, in order to maintain the required independent and objective mental attitude.
Internal auditors will not have direct operational responsibility or authority over any of the audited activities. As a result, they will refrain from implementing internal controls, developing procedures, installing systems, preparing records, or engaging in any other activity that may impair the internal auditor’s judgment.
Internal auditors will maintain the highest level of professional objectivity when gathering, evaluating, and communicating information about the activity or process under investigation. Internal auditors will form judgments based on a balanced assessment of all relevant circumstances and will not be unduly influenced by their own or others’ interests.
However, its defining document is the Internal Audit Charter (IAC). IAC is at the heart of any internal audit function. A typical IAC covers the following points:
Introduction and role of the internal audit function,
A professional statement that internal auditors will follow the Internal Audit Standards and other laws as applicable,
Authority of the internal audit function to access all records bearing in mind that auditors will maintain strict confidentiality with all information obtained in the course of their services,
Reporting of the internal audit function (more in lesson 3.4)
The independence and objectivity of the internal audit function such as the fact that internal auditors will have no direct operational responsibility or authority over any of the activities audited. Hence, internal auditors will not be implementing controls or developing procedures.
Definition of the roles and responsibilities of internal audit (further defined in Lesson 3.6)
Development of an annual risk-based internal audit plan
Reporting of the internal audit department – administrative to Chief Executive Officer and to the board
Lastly, a statement that internal auditors will comply with all ethics requirements of the standards
The internal audit charter also covers the responsibilities of the board of directors to:
Approve the internal audit budget and resource plan,
Approve the risk-based internal audit plan,
Approve the internal audit charter,
Receive communications from the Chief Audit Executive (CAE) on the internal audit activity’s performance relative to its plan and other matters,
Approve decisions regarding the appointment and removal of the CAE,
Approve the remuneration of the CAE, and
Make appropriate inquiries of management and the CAE to determine whether there is the inappropriate scope or resource limitations.
The Chief Audit Executive will communicate and interact directly with the Board including in executive sessions and between board meetings as appropriate. The internal audit charter, once approved by the board, establishes the internal audit function. It defines requirements internal audit function must fulfill.
Final Thoughts
It assists an organization in achieving its goals by bringing a systematic, disciplined approach to evaluating and improving the effectiveness of risk management, control, and governance processes.” Internal audit is responsible for monitoring the effectiveness of management-established internal control processes.