As a result of the numerous corporate and accounting scandals, the financial crisis, and other similar events that have occurred in the first part of the 21st century, numerous regulatory and protection acts have been enacted to provide assurance to individuals, investors, and the boards and management of organizations regarding the financial and operational integrity of these companies.
Given the heightened awareness and requirements of the regulatory environment, many people hear the term ‘audit’ and immediately relate it to the ‘external audit’ teams of Certified Public Accountants tasked to review the accounting of organizations to assure the accuracy of the financial information.
An ‘internal audit’ can be critical to the successful operation and growth of any organization before the external audit team even begins to add their value. According to The Institute of Internal Auditors “internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”
To understand the value of internal versus external auditors, one first needs to consider their difference in approach. The external auditor maintains a specific focus, reviewing primarily financial information, and looking primarily into the past records and reporting of the organization. On the other hand, the internal auditor has a much broader focus that includes, but is not limited to financial information, operational objectives, risk management concerns, and compliance.
The internal auditor is focused not only on past information, but also the current operational objectives as well as future risk mitigation and organizational success. The internal auditor may have a much more diverse background that includes expertise in information technology, business administration, finance, data analytics, and accounting to name a few.
In the current regulatory environment, it is often difficult or impossible for the external audit team to diversify and provide internal audit guidance and services while still maintaining the required independence that is so critical in the external review process of an organization’s financial results and reporting. For this reason, it is critical that an organization maintain a separate internal audit function comprised of employees of their organization or outsourced internal audit consultants, or a combination of both.
The practice of outsourcing some or all of the internal audit function to an independent third-party firm affords an organization numerous benefits over maintaining an employee-only internal audit function. Examples of these benefits include:
• An independent internal audit review allows for control of employment costs related to the internal audit function. Many organizations may not have the size and cash flow to support a full-time audit staff. Even in larger organizations, using a combination of employee and consultant internal auditors allows for flexibility with respect to expenditures in this area.
• Independent consultants will often specialize in particular industries and bring an in-depth knowledge of that industry, utilizing years of experience to support an internal audit function within an organization, regardless of the age or experience of the particular organization.
• Independent consultants are often aware of issues, both industry-specific and general, that the individual organization may not be privy to, thereby being in a position to offer guidance across those areas to help alleviate the risks and possible negative impact on the organization.
• An independent internal audit review allows an unbiased assessment specific to the organization’s industry of operation. This allows for new ideas to be communicated to improve efficiency and effectiveness of operations, improve internal controls, and reduce risk.
• The independent audit function, often results in the development of benchmarks, which management and employees may use as a standard to measure performance.
• There is an element of independence added to the internal audit function that may not be effectively realized using only employee internal auditors that are being directly paid and possibly influenced by the organization itself.
• The independent approach allows for outside consulting and advisement of industry best practices, which allows the organization to generate a set of operational standards by which the internal audit team can examine and judge compliance, resulting in a more in depth internal audit.
The internal audit function aids an organization in protecting against both current and emerging risks, such as those related to new technology. Having an internal audit partner that is experienced in numerous operational approaches and numerous industries allows for a more comprehensive plan and review.
Managing risks associated with daily operations requires strong internal controls, the application of best practices, and training. Lowers and Associates’ internal compliance review is a systematic, independent, and documented approach to examining internal controls, physical and system security, and processes for daily operations against best practices, contractual obligations, and established policies, procedures, and other requirements.