Overview
Starting up the internal audit function
To start an internal audit (IA) function, certain documents need to be created and approved by the audit committee. These documents include the terms of reference in the form of a charter, audit methodology, etc. The IA charter should establish the position of the internal audit activity within the organisation, define the scope of internal audit's activities, as well as give the authority to perform audits and gather relevant information required for specific engagements. The charter should be approved by the Chief Audit Executive as well the audit committee. The IA Methodology is a formal document that stipulates the process taken by the IA department to achieve its goals. This includes gaining an understanding of the organisation, developing an audit plan, executing this plan and reporting to both management and the audit committee. Finally a IA year plan should be established. The plan should be established in accordance with available resources, requests from senior management and the audit committee and areas that were identified as high risk areas.
Auditing the cycles
Each organisation has various departments, however it is often recommended that instead of auditing a department that the auditor should audit a cycle in the organisation. This ensures completeness and gives the audit committee assurance that all areas of the organisation have been audited. Depending on the organisation the cycles may differ but the general ones are, revenue and receipts cycle, purchases and payable cycle, bank and cash, human resources and payroll cycle, health and safety, inventory, and finally the production and warehousing cycle. For each of the audits there are two phases, the planning phase and the performing phase. The planning phase starts with obtaining an understanding of the area under review and its risks. This is followed by conducting an opening meeting with the process owner, develop an audit scope and create the audit programme. The performing phase includes the execution of the audit program by auditing the relevant processes and procedures, collecting evidence and reporting this to the process owner.
Audit tools
There are many tools that the internal auditor can utilise to improve the governance of the organisation. These tools can be used by both the internal auditor or even given to management to improve their risk mitigation strategy. The tools include risk management, combined assurance model, control-self assessment questionnaires, segregation of duties, etc.