Internal audit refers to the department located within a business that monitors the efficacy of its processes and controls. The internal audit function is especially necessary in larger organizations with high levels of process complexity, where it is easier for process failures and control breaches to occur. Internal audit is especially necessary in a publicly-held business, which must attest to the robustness of its systems of internal control. The internal audit staff is responsible for the following:
- Fraud detection
- Internal control assessments
- Legal and regulatory compliance
- Process assessments
- Risk assessments
- Safeguarding of assets
The internal audit manager schedules audit work, usually focusing on high-risk areas. Other examinations may be conducted as directed by the audit committee of the board of directors, or as requested by department managers. The areas being targeted for an examination are normally given advance notice, so that they can assemble all required documents for the internal audit team. In some cases where fraud is suspected, the audit team will appear without any prior announcement, in hopes of catching the perpetrator.
Internal audit is not simply a watchdog that monitors a business and flags problems. It can also act as an internal consulting department that adds value to company operations. It does so by highlighting opportunities for improvement and facilitating changes within the organization.
Ideally, the internal audit department reports to the board of directors or a committee of the board. By doing so, it remains independent of the management team, and so is able to investigate issues related to the team, reporting its findings back to the board of directors.
The industry entity most commonly associated with support of the internal audit function is the Institute of Internal Auditors.