The majority of small to medium enterprises have never been audited either by an internal or an external auditor mainly because of the following reasons:
- They think auditing is for big organisations
- They do not value auditing
- They have no budget for it
- They have no designed and documented operational processes
- As long as they are making money it is not necessary to have an audit done
Internal auditors form a company’s financial regulators. They are tasked to objectively examine the company’s financial documents and review the operating procedures independent of management. So an internal audit focuses on enterprise risk management functions, security processes and regulatory compliance among other departments.
Internal auditors look for discrepancies between operational processes and what those processes are designed to do. And if such discrepancies are found, they advise the senior management on processes to be implemented for improvement.
Internal audit is therefore a pre-emptive maneuver to maintain operational efficiency and financial reliability, and to safeguard assets. It provides independent assurance that an organisation’s risk management, governance and internal control processes are operating effectively
The Value of an Internal Audit to a Company
The benefits of an internal audit to a company include:
Increase in productivity: Internal auditing is an objective assurance and consulting activity designed to add value and improve an organisation’s operations. It can help an organisation accomplish its strategic objectives by bringing a systematic, disciplined approach to evaluating and improving the effectiveness of risk management, control, and governance processes.
Confidence to stakeholders: The internal auditor reports to executive management that important risks have been evaluated and necessary improvements highlighted. This to executive management and boards demonstrate that they are managing the organisation effectively on behalf of their stakeholders.
Detection of frauds: Regular internal audits assess a company’s controls and help uncover evidence of fraud, waste or abuse. The frequency of internal audits will depend on the department or process being examined. For example, in manufacturing, daily audits may be required, while for human resources, an annual review may be sufficient. Scheduling of internal audits is an important management function so that there is consistency in doing the audits.
Quality control: Internal auditors play the role of combining assurance and consulting. Assurance informs the management how well systems and processes are designed to keep the company’s goals on track. Consulting advises the management on how to improve those systems and processes if and when necessary.
Good corporate governance: Internal audits evaluate a company’s internal controls, including its corporate governance and accounting processes. They ensure compliance with laws and regulations, accurate and timely financial reporting and data collection. They also help maintain operational efficiency by identifying problems and correcting lapses before they are discovered in an external audit.
Enforcement or adherence to recommendations of the audit is the responsibility of the management or owners of the company, the auditor in this case functions like a medical doctor who examines a patient and writes a prescription for the drugs the patient must buy and take in order to be healed. The auditor’s report is like a prescription to the company which must be read and then apply the antidote to the specific areas or departments highlighted in the report as prescribed for the recommendations to work