The Internal Auditing Defined Accounting Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. (

It seeks to assess the entity's internal control over its operations, risk exposures, procedures, and management and information systems as to how it operates effectively and efficiently as it supports its objectives. Reliability of operational and financial information reflected is also assessed providing an acceptable assurance not just to its shareholders and employees but also for external purposes. It also evaluates how well the assets of the entity are used and managed and whether it pursues consistently the necessary set of laws, policies and regulations and treaties and programs.

The audit activity facilitates the entity to recognize immediate problems, high-quality practices and risks to further improve its customer relations and how they can serve them better.


In Corporate Governance

Corporate governance is defined as the system by which companies are directed and controlled (BNET Business Dictionary). Basically, governance of the entity is primarily dealt with the board of director and latest occurrences may have underscored their decisive role of upholding good corporate governance. The board then is responsible for the hiring of auditors to assure to themselves that there are in the right track in governing the company.

Internal audit carries out customary checking of key controls and methods and assuring that the audit function is sufficiently resourced and had been keenly subsisting within the organization. It considers independently how effective the internal control is. It is important for the board to keep an eye on the monitoring of the internal control so they could foresee or correct errors in management and which areas in the organization needs improvement or pose immediate course of action to whatever problems that may occur. Morever, the internal audit function also offers the management the monitoring and implementing internal control frameworks, codes of conducts in the areas of:

  • accomplishment of customary aims and objectives

  • Compliance with policies, plans, procedures and regulations

  • Safeguarding of assets

  • Accuracy of information

  • Economic and efficient use of resources

    (Lilja Steinthórsdóttir)

Ethics and values subsisted in the organization and how management performs is also audited to aide effective good governance.

In Risk Management

Risk management refers to Policies, procedures, and practices involved in identification, analysis, assessment, control, and avoidance, minimization, or elimination of unacceptable risks( It is also the culture, processes and structures that are directed towards the effective management of potential opportunities and adverse effects (

It is undeniable that internal have a significant role in the organization's risk management. The internal auditors appraise the sufficiency and efficacy of how risks are recognized and dealt with in all the areas of management and corporate governance

There is a relationship subsisting flanked by the extent of risk that a material flaw may be present in some areas of the entity's internal control in relation to its financial reporting which auditors must focus with. Usually, higher risk is also associated when the internal control in financial reporting may be corrupted by misstatements caused by fraud than failing to identify or avoid errors. It is the auditor's initiative to focus more on areas that carry the highest risk.

The auditor's role has also evolved to preventing risk though issues concerning them are of increasing complexity as the pace of technological advances, international commerce, innovative products and services and complex business frameworks, structure and relationships are deliberated.

In other words, they provide the objective guarantee to the board of directors in managing risks ensuring that these risks are handled properly taking also in consideration that the internal control systems are also functioning successfully.

In Internal Control

Internal control comprises the plan of organization and all of the coordinate methods adopted within a business to safeguard its assets, check the accuracy and reliability of its accounting data, promote operational efficiency, and encourage adherence to prescribed managerial policies. This definition recognizes that a system of internal control extends beyond those matters which relate directly to the functions of the accounting and financial departments (The College of Brackport State University of New York).

The primary role of the internal auditors is to weigh up the efficacy of the internal control system and giving a contribution to its continuing efficiency. The significance of their role in the monitoring of the internal control system is also in giving their reports straightly to the board of directors and/or to the management's most superior level. Similarly, the board is the one responsible for recognizing its range of lapses of the internal control system which concerns the three key areas of control namely operations, conforming to set of laws and regulations, and in financial reporting. The auditors then will be the board's foremost line up of defense in relation to the method of internal control over financial reporting.

It is supposed that the board and management can settle issues floating through the internal auditing and apply the necessary solutions. After presenting conclusions, the management and the board are responsible for consequent choices-to act or not. If a solution is made, the management is responsible in assuring that development has taken place. The internal audit committee will decide if the specific action has met the expected output. If no action is to be done, auditors have the duty to inform the board and the management whether they have understood and have implicit peril of inaction.

whether the actions had the desired results. If no action is taken, internal auditors have responsibility to determine if management and the board understand and have implicit peril of inaction. Under all instances, the internal audit committee have the direct accountability to advise management and the board of important matters that they think they need their attention.

III. Key Assumptions of internal auditing

The three significant assumptions implied in the scope, definition and objectives of internal auditing are independence, competence and confidentiality.


Internal auditors can assess neutrally, liberated from political concentration, clash of personal interests, or monetary conflicts that may restrain their inquiring, prejudice their reports, or bargain their recommendations. Auditors must deviate from areas and circumstances where their reporting might be affected and forces them to come up with biased judgments. Auditors must reflect in their reports the information and data that the management needs to know and hear and not what they wanted them to do so. They must see to it that they will not deviate from its objectives not putting at stake its judgments caused by somewhat conflicts of interests. An assumption related to independence is that that the internal auditors will have unhampered access like forecasts, data, facilities, plans, records or anything that may be necessary in drawing up an objective judgment.


The next key assumption is that the internal audit committee is employed with people who possess the required experience, education, knowledge and skills to execute the necessary duties and responsibilities. If the auditor doesn't know what he is doing then it will just be a waste of time and resources for the company and misstatements may arise causing the judgments to be out of its place and unreliable. As stated above, the auditors are the board's frontline defense when it comes to internal control over financial statements. So if they, in turn, dont have the proficiency in handling the tasks, it might put the organization in danger somehow. The real problems might not have solved with the right course of action or neglected because the auditor fails to fulfill what he is ought to do.


Lastly, it is presumed that the assessments, conclusions and recommendations stated in the audit reports are internally evaluations and conclusions contained in internal auditing reports are reported internally to management and the board, not to the public unless called by the law for some specific reasons. These reports are confidential properties of the company and auditors are not allowed to disclose data or any information relating to this to just anybody or even for external purposes.

A baseline definition of internal auditing provides a starting point for understanding the roles and responsibilities of internal audit function. The Institute of Internal Auditors("IIA") offers the following description:

"Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation's operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes."

IV. Building a Strategic audit Function

Significant keys for successful internal audit function

The Internal Audit function must contribute deliberately to the performance of the business

  • the objectives and roles of the internal audit function should be clear, efficiently communicated and are drawn out from the framework of the corporate governance

  • the composition of the internal audit upholds a better understanding of the business and reliability
  • the internal audit function has a well planned process that brings about quality in the service that it performs

    • technological advancements are considered for a smooth flow of the audit process

    • there is a suitable structure where the auditors follow to achieve its desired outcome

    • it enhances the relationships with its shareholders

The internal audit is staffed with competent and knowledgeable committee to attain its objectives

  • its recruitment strategy mirrors its goal, roles and necessary competencies to come up with a consistent and reliable audit report


The audit committee must develop a good strategic audit to contribute to high quality corporate governance, improved internal control, and enhanced risk management. As the organizations set aside funds and provide resources to carry out the auditing functions, it is expected that the outcomes or reports presented by the auditors would contribute to the development of their operations and strategies.

Both the operational and financial aspects of the organizaion must be given attention in a good strategic audit ( Shareholders expect this from the auditors communicating to them the necessary information, opinions, and recommendations to meet the company's needs.

The roles of the auditors may be critical in a sense that the company accepts the reliability of the audit report and follows deliberately the conclusions derived from the audit. it would be of material difference when an auditor fails to draw out the correct conclusions about any of the accounting information he has analyzed, certain complications may arise. It may lead to legal accountability which might put the organization at stake because they have taken the audit report as a reliable source to follow whatever outcome it derives in the end. Otherwise, if the auditor is competent and skilled enough to perform his duties, has carefully analyzed both the internal and external factors affecting the organization-both financial and operational, knowledgeable of the company he is working for, then he is confident enough to communicate to the management the areas that are in good standing and the deficiencies as well in their accounting system.

With the aid of the audit report, auditors impart their expertise as they share their opinions, judgments and conclusions regarding the entity's accounting system. It would help the company to detect fraud and deficiencies and help the company to soar on a greater height or may lead it to wrong decision makings that may affect the company's business performance. Additionally, it is not always a guarantee that auditors will never be able to draw out a wrong conclusion about certain accounting information as they analyze and share their views based in their utmost skills and knowledge in this area. However, auditors must always consider their roles and duties in their audit performance and always putting their best foot forward for the benefit of their clients and not just for themselves.

The Strategic Audit Process

Riksrevisjonen has provided a clearer picture of the overview of the entire audit process. It is shown in the figure that the entity is colored gray which depicts that it has broader objectives compared to the auditing objectives set.

Here, he defined risk as the chance that the organization may not be able to achieve entirely its goals and objectives which is represented in red. This shows that as the auditors identify,analyze, prevent and suggest actions to be taken to address the risk issues, the risks are slowly eliminated.

The analyses starts with a strategic level and getting more detailed steadily. The strategic analysis appraises the company's external and internal factors that have been affecting the company as a whole as it drives to achieve its goals and objectives. Here, he pointed out that auditors evaluate the elements of risk at a general level.

The process analysis then enables the auditors to point out the elements of risk and evaluate whether the internal control procedures reduce the level of risk associated in the entity's operations and financial measures. Then, residual risk defined as the exposure to loss left behind after other identified risks are dealt with- is left for the auditors to be compared with the audit risk. This is done to verify the range of methods that should be made to derive with an acceptable audit risk level.

As shown above, audit evidence is gathered in the entire audit process to support the control risks evaluation. This is can be done to support his views whether his client's control over financial reporting is efficient for the year. To make sure that the opinions drawn out are supported with accurate information, auditors need to prove the evidence collected during the year.

After this, if the auditor has verified he audit evidence, he will then formulate his conclusions. The outcome of the Then, the internal auditor communicates his opinions to the board or the management, in writing, all the significant deficiencies detected during the audit process. If, for example, the auditor presumes that the company's internal control, governance or risk management is not effective, he should inform this to the board so that the board, in turn, can take the necessary steps to improve the deficient area.