Internal audit shows highlight on the internal control, audit and compliance in corporate governance. The best practice should be that the company maintains sound internal control systems and risk management systems. The effectiveness of internal control systems and better risk management as well as internal audit activities must be reviewed and analysed by the Audit committee.
The Board of Directors should identify the risk relating to the organisation and according to the risk type they should accept, transfer, reduce or avoid risk by establishing the internal controls. While the internal audit department should test the design and implementation of these controls especially related to the strategic and operational level controls and gives the report.
Some industries may require mandatory internal audit and also there will be close scrutiny by the regulatory body failing to comply with conditions may apply significant sanctions up to the cancellation of trade license. Companies in regulated industries may require form their internal audit department to submit the reports and calculation to the regulators. So accurate and reliable internal audit information is needed.
The Turnbull criteria to assess the need for internal audit
- Scale, diversity and complexity of the company’s operations
- Number of employees
- Cost-benefit considerations
- Changes in organisational structure
- Changes in key risks
- Problems with internal control systems
- Increased number of unexplained or unacceptable events
Members of internal audit team may face some ethical threats e.g. familiarity, self-review, independence threats, and so on… For example, an accountant working as internal auditor may not criticise CFO because he may face challenges in future. Therefore, Internal Audit department must not be dependent and its independence should ensure for the effective working of IA Department.
Corporate governance great picture should be addressed if internal audit is going to be effective. The board must be responsible for effective working of strategic level controls.