One stop for all your legal solutions. Mylegalroute offers the best services on time.Highly recommended.
Internal audits refer to the audits done by employees and stakeholders within the organizations with a view to evaluate and assess whether the organization is following the internal processes, norms, rules, and regulations in addition to determining whether it is in compliance with the regulatory norms.
Indeed, internal audits are sometimes the first checkpoints for organizations to determine whether their books of accounts, operational processes, and IT infrastructure and security protocols are in order with both the internal objectives, strategic imperatives, and external regulatory requirements.
Having said that, it must be noted that the reason why internal audits are not accorded more importance over external audits is that since they are being performed by employees and individuals within the organizations, the apparent lack of objectivity and thoroughness apart from a tendency to "cover things up" means that often, external audits are considered more trustworthy.
External audits are done by independent and third party agencies and companies that are especially tasked with assessing and evaluating an organizations’ compliance with the regulatory norms.
Further, some organizations also hire external auditors to "hold a mirror to themselves" in the sense that any deficiencies and irregularities can be found that are otherwise not "visible" to the senior leadership and management during the course of conducting the everyday operational business.
Moreover, external audits are also mandatory due to regulatory and compliance reasons as well as due to the shareholder requirements which mandate that external audits need to be done annually, quarterly, and half yearly to be presented in the Annual General Meetings, and meetings of the Board of Directors.
In addition, external audits might also be required in case of contingencies wherein the regulators who suspect that "something is amiss" in the companies might mandate those companies to be audited by independent and third party auditors to ascertain the "true picture" of the finances and operational details of those companies.
As mentioned earlier, financial audits are the most common form of audits for various reasons including the fact that businesses exist to make money and return profits and generate wealth for their shareholders. This means that investors and other stakeholders must know whether the businesses are being run properly so that their capital is safe and generating the stated returns.
Moreover, financial audits are also the most common forms of audits since any discrepancies in the books of accounts reflects the mismanagement of the companies in addition to finance affecting almost all operational and strategic areas of the companies’ and their businesses.
Audits begin with the issuance of some kind of notification to the company or organization being audited. The notification letter generally will specify the purpose of the audit, when it will be conducted and the date and time of an initial meeting the auditors would like to schedule with the company’s leaders.
The notification will also list what documents the auditor wants to examine. For a corporation, this can include articles of incorporation, the recorded minutes of any board meetings, an organizational chart, correspondence, sales records and more.
After the notification is sent, the auditor will take some time to plan the audit. This is done before meeting with the organizational leadership in order to craft the appropriate strategy for that meeting and the fieldwork that follows. Auditors also need to identify the key areas of inquiry and concern and the specific information they wish to examine in order to analyze those areas. This also gives the company time to gather the requested documents.
The planning stage usually leads to an initial meeting between the senior management of the company and the auditors. Administrative staff may also be present. The purpose of the meeting is to give the auditors an opportunity to explain the process, as well as to give the organization a chance to express any practical, strategic or scheduling concerns they may have.
Fieldwork is the first active auditing stage. A more detailed schedule is usually drawn up so that the auditor’s presence isn’t too disruptive to business. Interviews with key employees may take place to investigate business procedures and practices. Auditors may also perform sample document checks, to make sure the company’s document creation and retention practices are sound.
The fieldwork may be conducted by a few auditors or a larger team, depending on the size and scope of the audit.
While the fieldwork is carried out by the auditing team on-site at the company’s premises, the team should be in regular contact with the corporate auditor in order to clarify procedures and ensure proper access to needed documents.
When the auditing team completes the fieldwork and document review, the auditors prepare a draft audit report. This document details the purpose of the audit, the procedures the auditors used, the documents reviewed and the audit’s findings. It will also likely include a preliminary list of unresolved issues. The draft report is circulated among the team for review and suggested revisions.
After the auditing team makes the last revisions to the audit report, the final document is given to management for its review and response. The audit document usually asks management to respond to each of the audit’s findings and conclusions by stating whether it agrees or disagrees with the problems cited, the plan to correct any observed problems or deficiencies and the expected date by which all issues will have been addressed.
Following the management response, which may be formally attached to the final audit report, a formal exit meeting may be scheduled with the company being audited to close any existing loose ends or answer questions, discuss the management response and address the scope of the audit.
The finalized audit report is distributed to all necessary stakeholders, including inside and outside the area audited, if applicable.
Finally, the audited company implements the changes recommended in the audit report, then the auditors review and test how well those changes solve the identified problems or issues. The feedback between the company and the auditors continues until all issues are resolved and the next audit cycle begins
The department will be contacted in advance of the audit visit;
Heads of audited institutions and departmental administrators will attend an initial scoping meeting where the internal auditor will explain the purpose of the audit;
The internal auditor will explain what information will be required;
After the audit takes place, a draft report will be prepared for the department to comment upon;
There will be a closing meeting which heads of institutions are encouraged to attend and they will be asked to complete and sign feedback forms for consideration by the Audit Committee;
The final report is issued.
Your department will be contacted either because it has been identified for audit as part of a cycle which aims to cover all departments, or because a sample of departments has been selected by the auditors to carry out a thematic audit, for example to look at purchasing processes and procedures. Often, School Offices are consulted over the choice of Department to audit from their School. Occasionally the auditors will be asked to conduct an audit in response to a particular concern at an institution. In all cases, the audit brief will be discussed with the head of institution before any fieldwork takes place.
The audit plan is designed to ensure that all major University departments participate in some form of audit over the course of the three-year programme; most will have contact with the audit team on more than one occasion owing to differing types of audit taking place. You will be given several weeks' notice of the audit and efforts will be made to conduct the audit at a time which is convenient to you.
Each audit has a designated sponsor. This can be the Head of the Department or institution concerned, but may be a senior person with designated responsibility for a certain area (e.g. continuity planning). The audit team will work with the audit sponsor to define the scope and timing of the audit. They will also ask for recommendations of people who should be interviewed as part of the audit field work. The audit sponsor will also attend key meetings during the audit and is responsible for providing written management responses to the draft audit report.
Internal audit covers all areas of the University’s operations. There are different types of audit, the most common being 'departmental' and 'thematic'. Departmental audits cover a range of processes and procedures, typically focusing on compliance with the University’s and/or sponsor’s regulations. Thematic audits involve a number of institutions to provide assurance on a particular area, such as purchasing or credit control. Other audits may look at systems and IT. The auditors are looking to assess compliance with regulations and to get an understanding of the mechanisms in place to manage key areas of risk. They may identify areas of best practice as well as areas for improvement.
When the auditors have completed their work they will make a number of recommendations ranked by priority and will also give an overall assurance rating for the department/area concerned. The audit sponsor will be asked to provide a response to all recommendations made before the report is finalised. As stated above, the auditors may also highlight areas of best practice which could be shared with other departments and institutions.
Draft internal audit reports are seen only by the audit sponsor, any other agreed stakeholders, the Director of Finance and his Deputy. The Audit Committee receives a copy of the final report. Copies of all audit reports are held on file by the Registrary’s Office. The Council receives minutes of the Audit Committee (but not usually papers) and so will see which audits have been conducted along with a synopsis of their outcome. The Audit and Regulatory Compliance Officer, who is the Assistant Secretary to the Audit Committee, forwards the relevant minutes of the Committee’s discussion to the audit sponsor.
Each of the auditor’s recommendations will have a deadline for action and these will be followed up when the agreed deadline in the final report is due. The timing of the follow-up visit is dependent upon the nature of the finding.