Monday, December 18, 2017

Who Are Internal Auditors?

Internal auditors are explorers, analysts, problem-solvers, reporters, and trusted advisors. They bring objectivity and a variety of skills and expertise to the organization. They come from diverse areas such as finance, operations, IT, and engineering. Today’s internal audit professionals are revered for their critical thinking and communication skills, as well as their general IT and industry-specific business knowledge.

Still, people often confuse internal auditors with accountants or external auditors (entities the organization engages to provide an annual review of the financial statements). The differences are significant:


Internal auditors are, to a great extent, key to an organization’s success. They review the organization’s processes, operations, and goals. They provide objective, professional advice to all levels of management and pave the path toward continuous improvement.

Competent internal auditors follow the profession’s internationally accepted code of ethics and standards for professional practice. They identify the organization’s greatest risks and plan audit coverage accordingly. To demonstrate their professionalism and competence, some internal audit practitioners choose to obtain professional certifications such as the globally recognized Certified Internal Auditor® or Certification in Risk Management Assurance™.

The most valuable and effective internal auditors stay abreast of business trends, constantly cast their eyes to the horizon to scan for signs of trouble, and are able to anticipate future challenges and risks.


Internal Audit Responsibilities

Depending on the structure, maturity, and resources of the function, internal auditors may perform some or all of the following tasks.

  • Offer Insight and Advice – There are times when internal auditors’ expertise, knowledge of controls, and broad perspective of the organization make them ideal candidates for consulting on a project to ensure that risks are considered and controls are built into a process on the front-end (e.g., mergers and acquisitions, new technology implementation). Internal auditors may offer insight regarding strategic risks and advice, though management must maintain ultimate responsibility for the processes in their area.
  • Evaluate Risks – Risks are everywhere (natural disasters, loss of key suppliers, reputation damage, inefficient operations, fraud, lawsuits, policy violations, regulatory compliance, theft, etc.). It’s the internal auditor’s job to assess the significance of the organization’s many risks and the effectiveness of risk management efforts, communicate these to management and the board, and develop recommendations to improve risk management.
  • Assess Controls – Internal auditors evaluate control efficiency and effectiveness and provide management and the board assurance that the controls in place are adequate to respond to the risks that threaten the organization.
  • Ensure Accuracy – Internal auditors ensure financial statement accuracy. They examine the reliability and integrity of financial and operational information.
  • Improve Operations – With a solid understanding of the organization’s objectives, internal auditors examine operations to determine whether they
    are efficient and effective.
  • Promote Ethics – Professional internal auditors agree to abide by a Code of Ethics that upholds the principles of integrity, objectivity, confidentiality, and competency. They raise red flags when they discover improper conduct.
  • Review processes and Procedures – Internal auditors review operations closely and assess whether existing processes are well designed to help the organization achieve its goals.
  • Monitor Compliance – Internal auditors assess the organization’s compliance with applicable laws, regulations, and contracts to ensure that management is addressing these requirements adequately. They also offer insight into the impact that noncompliance would have on an organization and inform senior management and the board of noncompliance.
  • Assure Safeguards – The organization’s tangible property, human resources, and intellectual property are valuable and must be guarded against potential damage. Internal auditors evaluate the procedures used to safeguard assets from theft, fire, illegal activities, or other types of loss. They bring deficiencies to light and make recommendations for enhanced protection.
  • Investigate Fraud – Because fraud can affect any level of the organization, it’s important that the board of directors grants the internal audit function access to all records and authority to conduct audits and investigate possible fraudulent behavior throughout the organization.
  • Communicate results – After auditing a particular area, internal auditors report their findings and recommend appropriate courses of action.


Internal auditors are well-disciplined in their craft, and they are committed to growing and enhancing their skills through continuing professional education. To fulfill all of their roles effectively, internal auditors must be accomplished in anticipating emerging issues and creating solutions. They must also have business acumen, critical thinking skills, and be excellent communicators who listen attentively, speak effectively, and write clearly.

Through their varied roles and responsibilities, internal auditors provide the organization tremendous value. They serve as the eyes and ears of senior management and the board. They are coaches, internal and external stakeholder advocates, risk and control experts, efficiency specialists, fact-checkers, and problem-solvers. They identify both risks and opportunities, and they tell it like it is.

It’s certainly not easy, but for these skilled and competent professionals, it’s all in a day’s work.


Lifted from All in a day’s work brochure.