What is Internal Auditing?
According to the Institute of Internal Auditors, “internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.” Simply said, internal audit is responsible for monitoring the effectiveness of the internal control processes that have been established by management.
How does Internal Audit monitor effectiveness of internal controls?
Internal audit serves many purposes, but the principal tasks include:
- Risk assessment – Assisting management with identifying and prioritizing areas or processes that require attention and audit focus
- Process walkthroughs and documentation – Gaining an understanding of the processes and procedures as they currently exist, especially with respect to the IT systems utilized in the processing of high volumes of policyholder/claims data
- Control assessment – Identifying gaps, also known as “trouble spots,” where procedures and controls are not properly designed
- Testing – Performing tests of controls to verify whether controls are working as designed
- Reporting – Providing observations and recommendations to improve processes and controls.
Risk is defined as the probability that an event or action may adversely affect the organization or activity under audit. Internal Audit should certainly participate in management’s entity-level Enterprise Risk Management assessment; but in addition, the more specific purpose of a risk assessment from an audit perspective is to enable the organization to:
- Prioritize audit projects by level of potential risk
- Determine the nature, timing, and extent of internal audit procedures in direct relation to the level of the risk
- Develop a plan for performing internal audit projects in risk areas to minimize the risk of loss to the Company
- Use everyone’s time in an effective and efficient manner
The risk assessment process includes the review of existing documentation such as Prior Audit Findings, the entity’s Strategic Plan, and its Financial Statements, and interviewing department heads and process owners with a focus on “what can go wrong” scenarios.
In particular, Internal Audit would be alert for organizational changes that could potentially impact the management of risk. These shifts could include organizational ethics, management reorganizations, financial demands, resource constraints, technology/internet/E-business, consolidations/alliances, and legislative/regulatory imperatives to name a few.
Benefits of Internal Audit
Having now articulated management’s responsibility for internal controls and how internal audit might play a role in assisting management to fulfill that responsibility, let’s look at some specific benefits that an Internal Audit function can provide to an organization and its management:
- The scope of the internal audit is defined by management or the Board (not an outside agency or adversarial entity)
- Internal Audit “reports” directly to management or the Board (not an outside agency or adversarial entity)
- Improves the “control environment” of the organization
- Makes the organization process-dependent instead of person-dependent
- Identifies redundancies in operational and control procedures and provides recommendations to improve the efficiency and effectiveness of procedures
- Serves as an Early Warning System, enabling deficiencies to be identified and remediated on a timely basis (i.e. prior to external, regulatory or compliance audits)
- Ultimately increases accountability within the organization.
So with a properly staffed internal audit function, management would have, at its fingertips: an advocate, a risk manager, a controls expert, an efficiency specialist, a problem-solving partner and a safety net.
here below we provide HSE Internal Audit Form to be used at your workplace it’s easy to download and consist of the following Scored Elements :
|DESCRIPTION||ELEMENTS||POSSIBLE POINTS||ACTUAL POINTS||SCORE %|
|III. Employee Involvement||9||56|
|IV. Hazard Prevention||11||123|
|V. Accident Investigation||13||92|
|VI. Safety and Health Training||12||118|
|VII. Occupational Illness Analysis||8||65|
|VIII. OSHA Standards||20||166|
|IX. Medical Programs||25||167|
|X. Emergency Preparedness||21||191|
|XI. Accident Recording System||7||55|
|XII. Safety Committee||9||92|
|XIII. Safety Communication||5||35|
|XIV. Employee Orientation||7||80|
|XV. Plant Hazard||9||93|