What can Internal Audit do for your organisation
The first role of internal audit is the primary one of providing assurance. If the organisation decides not to have internal audit to cover this, it must be able to demonstrate what other forms of assurance it is reliant upon in these areas.
A secondary, optional role for internal audit can be in providing consultancy, where it is clearly specified as being non audit work. Some smaller organisations feel they benefit from having access to someone familiar with their operations to call upon to perform special assignments. Such work is conducted on an ad-hoc basis and subject to a separate fee.
To assess the need for an internal audit service, an organisation needs to consider the extent that internal audit will contribute in terms of:
- the anticipated Value added
- Risk mitigation and
- Continuous improvement and
- A Service level agreement
Value added
The value added by internal audit relates to how it contributes to the organisation’s achievement of its corporate objectives. Internal auditors gather data to understand and assess risks and controls and, in the process, develop significant insight into operations and opportunities for improvement that can be extremely beneficial to their organisation. An organisation looking to employ an internal audit service can tap in to this valuable information. This may be then communicated to the appropriate management or operating personnel by providing consultation, advice, written communications, or through other means.
Risk mitigation
The internal auditor should assist the organisation in risk mitigation and help to ensure that it is taking calculated risks. This is done by promoting risk awareness and control consciousness and can include facilitation of risk management workshops.
Continuous improvement
The internal auditor should contribute to the continuous improvement in operations (the core principle of Best Value) by their ability to critically observe the actual operation of processes compared to those documented, by benchmarking and making suggestions for improvements in effectiveness and efficiency.
Service level agreement
The provision of internal audit services can be divided into four categories and encapsulated in a service level agreement.
- Internal Audit
- Risk Management
- Internal Controls Assurance
- General advice and review of systems under development