Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. Every organization, regardless of its size, should have some type of internal control system or process.
- Establish a Governance Framework: Includes gaining an understanding of the organization and its existing governance structure and aligning this understanding with the expectations of various stakeholders
- Develop Operational Guidance: Calls for establishing the operational framework of the internal audits
- Establish Executive/ Board Reporting: Requires determining reporting requirements with key stakeholders and developing related protocols. It also entails developing the necessary reporting tools and formalizing the reporting process
- Perform Enterprise Risk Assessment: Involves developing risk criteria and performing risk assessment. It requires identifying enterprise risks and facilitating discussions on how these risks threaten business objectives.
- Internal Audit Plan Development: Leads to creating a risk-based internal audit plan and includes determining timing and resource requirements. It entails developing and sharing a draft plan with the function sponsor before obtaining the audit committee approval.