How To Setup Your Internal Audit Function

How To Setup Your Internal Audit Function

Setting up a new department or function within an organization poses great challenges with everyone involved directly or indirectly. Reasonable amount of time, resources and energy is invested into actualizing it, but it may take more time to materialize than anticipated.

The same thing holds for setting up an internal audit function for any organization. Establishing an internal audit function is more challenging in that it is not utilized in day to day functions, and often requires a shift from the organization orthodox before it is seen to be of benefit.

This guides looks at relevant considerations and activities involved in setting up your internal audit function.

An alternative to setting up an internal audit function internally is to outsource your internal audit function. Some of the benefits from outsourcing your internal audits are immediate access specialist, no extra head counts or the effort setting up the department. Often the overall cost of outsourcing the function is lower than developing it internally.

Stakeholders Expectation

Knowing your stakeholders and what they want is key in establishing your internal audit function. Internal stakeholders will include the audit committee, executives, board of directors and employees. External stakeholders should include the external auditor, local, state or national government, regulators and customers.

Members of the new function should actively identify and communicate with relevant stake holders at an early state because their views will greatly impact the role of the internal audit. Understanding the expectations of each stakeholder will prove very useful when preparing the internal audit strategy as it will detect areas where assurance is required.

Structure and Governance of the Internal Audit Function

Your new internal audit function must have a streamlined position within the organizational structure. In essence, there should a clear line between its activities and that of the organization at large. Its activities should be granted direct access to the audit committee, board and members of the executive management.

The activity of the internal audit function will be governed by the internal audit charter. The internal audit charter will document its purposes, responsibilities, right and place within the organization.

The charter review is carried out by the head of internal audit but the board (audit committee) has the responsibility for approving the charter. Therefore there is need for scheduled review for subsequent amendments.

Evaluate and Enhance Risk Management

The approach and strategy of an internal audit will be determined by such organization’s risk maturity. Less risk mature organization require that the auditor focuses more on the control while the auditor focuses more on design and application in a more risk mature organization.

Whatever the case may be, internal audit should try to periodically express a view to the board on the maturity level of the organization’s risk management. This will enormously support the organization’s annual governance.

The internal audit function should seek to contribute to enhancement of the organization of the organization’s risk management processes from time to time. This can be achieved by providing advice on risk management processes to the board or undertaking benchmarking evaluations to identify areas of improvement.

Agree Priorities and Formulate Plans for the Internal Audit Function

The internal audit function should develop a strategy which is in correspondence with the organization’s overall strategy over a period of time.

The head of the internal audit function should agree to key areas where stakeholders need assurance and incorporate these into the strategy. More focus may be placed on areas of higher risk.

In addition, the strategy should explain the internal audit’s key objectives and outputs, the procedure, method and resources that will be utilized to achieve them with measures of success.

An annual internal audit plan is essential. It will give a clear indication of the time table for internal audit work over the course of the following year.

Policies and Procedures Must Be Developed

The internal audit activity should have adequate policies and procedures to guide it work. The form, scope, procedure and policy will depend on the size of the internal audit function. For larger internal audit teams, some form of automation of procedures should be considered to enhance efficiency.

Measuring and Monitoring Performance with Key Performance Indicators (KPI)

The internal audit function should agree on some set of KPIs with the audit committee to allow evaluation of the performance of the activity. Quantitative and qualitative indicators should be monitored closely. Quantitative indicators include reviews completed against the speculated plan, recommendations implemented and performance against budget. Qualitative indicators may include training provided for audit team members and the fulfilment of continuing professional development.

If you are interested in outsourcing your internal audit function please contact us for a quote.

Request a free consultation

Contact us to discuss your needs and see how we can support to reach your goal.

Recent posts

How Can ISO 45001 Consultancy Support an Organisation
How Can ISO 45001 Consultancy Support an Organisation

ISO 45001 is an internationally recognised standard for occupational health and safety management systems. It provides a framework that organisations can use to manage and improve their OH&S performance, minimize...

Learn More
What is the ISO Certification Process
What is the ISO Certification Process

ISO (International Organisation for Standardisation) is an independent, non-governmental organisation that develops and publishes international standards for various industries and fields. The ISO certification process is a way for organisations...

Learn More
Benefits of Attending an ISO 9001 Auditor Training
Benefits of Attending an ISO 9001 Auditor Training

What is ISO 9001 ISO 9001 is the most widely used and recognised global standard for a Quality Management System (QMS). Its primary goal is to assist companies meet the...

Learn More

Just a Few of Our Clients

 Bellingham + Stanley
 Defence Science and Technology Laboratory
 Elemental Microanalysis

Request a Free Consultation

Contact us to discuss your needs and see how we can support to reach your goal.