What is an Audit?

An audit is an unbiased examination and evaluation of the financial statements of an organization with a view of expressing an opinion as to whether the financial statements show a true and fair view and are free from any material misstatements. There are two types of audit: internal and external audit.

What is an Internal Audit?

Internal audit is an independent, objective assurance and consulting activity designed to improve an organization’s operations and add value to it. Internal audit helps an organization achieve its objectives by systematically evaluating and improving upon the effectiveness of risk management, control, and governance processes.

In carrying out internal audit, a company’s internal controls would be evaluated as well as its corporate governance and accounting processes. The essence of the audit is to ensure compliance with laws and regulations and to also maintain proper and timely financial reporting and data collection. Internal audits also provide management with the tools necessary to attain operational efficiency by identifying problems and correcting lapses before they are discovered in an external audit.

Internal audit provides an independent assurance that an organisation’s risk management, governance and internal control processes are operating effectively. Internal Audit Department of an organization is tasked with the responsibility of carrying out independent unbiased reviews of systems, business organizations and processes.

Internal Audit is a department or an organization of people within a company that is tasked with providing unbiased, independent reviews of systems, business organizations, and processes. The role of Internal Audit is to provide senior leaders and governing bodies of an organization an objective source of information regarding the organization’s risks, control environment, operational effectiveness, and compliance with applicable laws and regulations.

Internal auditors report to the organization’s senior leadership and their activities are directed by the CEO or Board of Directors through its Audit Committee. It is important for members of Internal Audit to be independent of internal politics and unbiased so they will be able to provide leadership with objective source of information. Under the direction of Audit Committee, Internal Audit works with management to systematically review control activities over critical systems and processes.

The reviews performed by Internal Audit are often called internal audits. An internal audit may be used to assess an organization’s performance or the execution of a process against a number of standards, policies, metrics, or regulations. These audits may include examining a business’s internal controls around corporate governance, accounting, financial reporting, and IT general controls. Internal audits may also entail evaluating the effectiveness/efficiency of critical business operations such as supply chain management. Those individuals working in Internal Audit are called internal auditors.  Internal auditors may cover all areas of an organization or specialize based on their skill-sets.

The aim of internal audits is to identify weaknesses within the organization’s processes and control environment internally. so that they can be fixed as quickly as possible to prevent harm to the organization or its stakeholders. Accordingly, the internal audit plan for an organization should be driven by risk basis or, in other words, be designed to examine those areas that present the greatest risk to the company. The internal audit plan should also include a component of the strategic needs of an organization.


Importance of Internal Audit

An internal audit offers risk management and evaluates the effectiveness of a company’s internal controls, corporate governance, and accounting processes.

Internal audits provide management and board of directors with a value-added service where flaws in a process may be caught and corrected prior to external audits.

The Sarbanes-Oxley Act of 2002 holds management responsible for their financial statements by requiring senior corporate officers to certify in writing that the financials are accurately presented


Companies Act, 2013 mandates all the companies satisfying specific conditions to have an Internal Audit mechanism in relation to its size of operations.

The focus is to ensure strong internal control systems to minimize the risk of accidental or deliberate errors and omissions. Safeguarding of assets, adequate division of authority over key control areas and compliance with internal operating policies and guidelines are other focus areas.

A good internal audit function can be of immense importance to the survival and prosperity of any organization as it looks beyond financial statement reporting risk to consider broader issues such as the organization’s reputation, operational efficiency, strategic growth, its impact on the environment, and the way it treats its employees.


Internal Audit Policies

Internal audit activities are to be performed in a manner that provides reasonable assurance that audit work complies with the International Standards for the Professional Practice of Internal Auditing, the internal audit charter, and procedures as laid down in the internal audit operations manual. Management, external ICOs, the audit committee, government/regulatory agencies, all rely on performance consistent with the reasonable assurance  guidelines.


The activity of internal auditing is primarily one of information gathering, review, analysis, evaluation, appraisal, and testing for the degree of, compliance with and the adequacy of management systems and controls put in place to mitigate risks that exist in achieving organizational objectives. It is a staff advisory function and, therefore, does not exercise authority over other persons in the organization or establish and implement policies and procedures. The internal audit activity is free to review and appraise policies, plans, procedures, and other internal controls in any area of the organization, and to report audit observations and recommendations for improvement to the people who have managerial responsibility. This review and appraisal in no way relieves other persons in the organization of responsibilities assigned to them.


The Director is responsible for maintaining a high level of professional standard and quality assurance in internal audit. The OIC of the individual audit groups, posted in Ministries and Departments, report to the Accounting Officer. Internal control officers posted in ministries and Department shall report to their respective OIC unless otherwise directed.


Types of Internal Audit

  • Environmental Auditsassess the impact of a company’s operations on the environment. They may also assess the company’s compliance with environmental laws and regulations.

Information Technology Audits may evaluate information systems and the underlying infrastructure to ensure the accuracy of their processing, the security and confidential customer information or intellectual property. They will typically include the assessment of general IT controls related logical access, change management, system operations, and backup and recovery.

  • Operational Auditsassess the organization’s control mechanisms for their overall efficiency and reliability.
  • Performance Auditsevaluate whether the organization is meeting the metrics set by management in order to achieve the goals and objectives set forth by the Board of Directors


Internal Audit Process

The Internal audit process involves identifying a department, getting an understanding of the current internal control process, conducting a fieldwork test, following up with department staff about identified issues, preparing an official audit report, reviewing the audit report with management, and following up with management and the board of directors as needed to ensure implementation of recommendations given.

An internal audit should have four general phases of activities—Planning, Fieldwork, Reporting, and Follow-up. The following provides a brief synopsis of each phase.

Planning – Planning is the first phase in the audit process. During the planning process, the internal audit team will define the scope and objectives, review guidance relevant to audit (e.g., laws, regulations, industry standards, company policies and procedures, etc.), review the results from previous audits, set a timeline and budget for the audit, create an audit plan to be executed, identify the process owners to involve, and schedule a kick-off meeting to commence the audit.

Fieldwork – The second phase is fieldwork. The actual audit work takes place during fieldwork. Throughout this phase, the audit team will execute the audit plan. This usually includes interviewing key personnel to confirm an understanding of the process and controls, reviewing relevant documents and artifacts for an example execution of the controls, testing the controls for a sample over a period of time, documenting the work performed, and identifying exceptions and recommendations.

Reporting – After the field wok, the next phase is the reporting phase where the audit report will be drafted. The report should be clearly written and unambigous to avoid misinterpretation and to encourage the intended audience to actually read and understand the report. Findings should be accompanied by recommendations that are actionable and lead directly to process improvements. The process of issuing an internal audit report should include drafting the report, review the draft with management to ensure the accuracy of findings, and issuance and distribution of the final report.

Follow-up – The final phase is the follow-up. This last phase is very important but it is often overlooked and neglected. After findings and recommendations have been made to management, it is important to do follow-up to ensure that the recommendations have been implemented to address the findings identified. This process should include appropriate follow-up with process owners needing to implement the recommendations as well as Board oversight of the company’s overall status in addressing findings identified by internal audit. An organization that fails to follow-up on the implementation of recommendations is not likely to effect the changes recommended.


Audit Procedures & Techniques for an Internal Audit

A semi-annual or annual internal audit allows you to gauge the effectiveness of your business’s internal control system. Unlike an external audit, which focuses on determining whether financial statements conform to generally accepted accounting principles, an internal audit focuses on uncovering internal control weaknesses and evidence of fraud, waste or abuse at your company. Internal audit procedures and techniques are essential to effective risk-management implementation. There are two basic internal audit techniques. These are:

  • Assessment Techniques

Assessment techniques ensure an internal auditor gathers a full understanding of the internal control procedures and whether employees are complying with internal control directives. To avoid disrupting the daily workflow, auditors begin with indirect assessment techniques, such as reviewing flowcharts, manuals, departmental control policies or other existing documentation. If documented procedures are not being followed, direct discussion with department staff may be necessary.

Creating audit trails that trace specific processes from start to finish are another common assessment technique. Techniques in the second phase, including one-on-one interviews and process observations, are techniques internal auditors use if audit trails or document reviews don’t fully answer auditors’ questions.

  • Analysis Techniques to Test Data

Auditing fieldwork procedures can include transaction matching, physical inventory count, audit trail calculations, and account reconciliation as is required by law. Analysis techniques may test random data or target specific data, if an auditor believes an internal control process is at risk and needs to be improved.

Substantive procedures include, but aren’t limited to, transaction matching, a physical inventory count, audit trail calculations and recalculating already-reconciled financial statements such as a monthly bank reconciliation.


Audit Procedures and Objectives

An internal audit helps you asses and improve internal business controls at your company by reviewing risk-management plans and business processes for weaknesses and failures. Audit procedures typically start by assessing current processes and procedures. Auditors then analyze and compare results against internal control objectives to determine whether audit results comply with internal policies and procedures as well as federal and state rules and regulations. As a final step, auditors compile an audit report to present to the business owner.


Audit Reporting Procedures

A final internal audit report marks the end of the internal auditing process for your business. Although reporting always includes a formal report, it can also include a preliminary or memo-style interim report. An interim report generally includes sensitive or significant results the auditor feels are necessary to share immediately with the business owner. A final report is more formal and includes a summary of the procedures and techniques used in completing the audit, a description of audit findings and suggestions for changes or improvements to internal controls and control procedures.

Functions of Internal Auditors

  • Internal auditors have a professional duty to provide an unbiased and objective view. They must be independent from the operations they evaluate and report to the highest level in an organisation: senior managers and governors. Typically this is the board of directors or the board of trustees, the accounting officer or the audit committee.
  • To be effective, the internal audit activity must be done by qualified, skilled and experienced people with ability to work in accordance with the Code of Ethics and the International Standards.
  • Internal auditors deal with issues that are fundamentally important to the survival and prosperity of any organisation. Unlike external auditors, they look beyond financial risks and statements to consider wider issues such as the organisation’s reputation, growth, its impact on the environment and the way it treats its employees.
  • In sum, internal auditors help organisations to succeed. We do this through a combination of assurance and consulting. The assurance part of our work involves telling managers and governors how well the systems and processes designed to keep the organisation on track are working. Then, we offer consulting help to improve those systems and processes where necessary.

We help companies set up Internal Audit Systems, Develop Policies & Procedures and help the organization save money and improve their operations

Our Internal Audit Services have helped many organizations enjoy risk management, seamless operations, improve strategy, controls, corporate governance

We have also supported our Clients with Strategic Management Issues, Control issues, operational improvements.

Where areas are identified for improvement, we can work with you to help you identify solutions and achieve your objectives.

Operational, Financial, Compliance and Information Technology Audits / Assurance Services – Assurance services involve the objective assessment of information, facts, or data by Internal Auditing to provide an independent opinion or conclusion.  The scope and nature of assurance services may include reviewing and evaluating for: operational efficiencies and effectiveness; reliability of financial and operational systems; adequacy and clarity of policies and procedures; compliance with policy and state and federal law; safeguarding of assets; accomplishment of objectives and goals; or other agreed-upon procedures.

Consulting Services – Consulting services are advisory and other service activities include counsel, advice, facilitation, process design and limited training. The objective of consulting services is to add value in the development or modification of processes, procedures, and controls to minimize risk and achieve objectives. The nature and scope of particular consulting services are agreed upon with management. Internal Audit will not assume management’s responsibilities in order to maintain appropriate objectivity and independence.

Advisory on sound internal control

Special Investigations – We also conduct special investigations to evaluate allegations of fraudulent business practices and/or misconduct involving financial or operational matters to determine if allegations are substantiated and to prevent future occurrences.

Follow-up Engagements – Follow-up engagements evaluate plans and actions taken to correct previously reported conditions as a result of completed audits and investigations.

Coordination of External Audits – These services ensure external auditors or regulators have access to the organizations staff and resources necessary to conduct their audits.


Evaluating the key structures, dynamics and processes required to underpin effective corporate governance.

Audit Staff Competency Review, manage core operations risks

Evaluating core operations risks to business performance and goals

To learn more how we can help you with this service, please reach us now on 08023200801, email or send us a detailed request by completing our enquiry form



    Facebook Comments

    Open chat
    Hoa can we help you?