What is Internal Auditing?

According to the Definition of Internal Auditing in The IIA's International Professional Practices Framework (IPPF), internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

Independence is established by the organizational and reporting structure. Objectivity is achieved by an appropriate mind-set. The internal audit activity evaluates risk exposures relating to the organization's governance, operations and information systems, in relation to:

  • Effectiveness and efficiency of operations.
  • Reliability and integrity of financial and operational information.
  • Safeguarding of assets
  • Compliance with laws, regulations, and contracts.

Based on the results of the risk assessment, the internal auditors evaluate the adequacy and effectiveness of how risks are identified and managed in the above areas. They also assess other aspects such as ethics and values within the organization, performance management, communication of risk and control information within the organization in order to facilitate a good governance process.

The internal auditors are expected to provide recommendations for improvement in those areas where opportunities or deficiencies are identified. While management is responsible for internal controls, the internal audit activity provides assurance to management and the audit committee that internal controls are effective and working as intended. The internal audit activity is led by the chief audit executive (CAE). The CAE delineates the scope of activities, authority, and independence for internal auditing in a written charter that is approved by the audit committee.

An effective internal audit activity is a valuable resource for management and the board or its equivalent, and the audit committee due to its understanding of the organization and its culture, operations, and risk profile. The objectivity, skills, and knowledge of competent internal auditors can significantly add value to an organization's internal control, risk management, and governance processes. Similarly an effective internal audit activity can provide assurance to other stakeholders such as regulators, employees, providers of finance, and shareholders.

As the primary body for the internal audit profession, The IIA maintains the International Standards for the Professional Practice of Internal Auditing and the profession s Code of Ethics. IIA members are required to adhere to the Standards and Code of Ethics.

References: The Professional Practices Framework, The IIA Research Foundation, January 2004.