Steps to be followed when setting up a new Internal Audit Function in an organization
Nipuna Geethanga, MBA, AIB ????
Deputy Manager - Internal Audit Financial Services Sector Audit Expert Specialized in Internal Control Evaluation
Implement or set up a new internal audit function is not an easy task unless you have clearly identified the steps involved to set up the internal audit function. These steps and resources can help you get started.
Step 1: Establish the Authority of Internal Audit
Establish the authority of the internal audit activity and review the definition of internal auditing.
Step 2: Interview Leadership
Interview senior management and board of directors/audit committee chairmen to build rapport, to ensure those at the top have a clear picture of the internal audit function, and to clarify expectations of all. Use this opportunity to quickly learn and address what management and the board view as the greatest risks to the organization, while keeping in mind issues, problems, and opportunities that have already been identified.
Step 3: Understand Benchmarking Needs
Understand "benchmarking" needs such as industry, specialty groups, organizations with same staff size, etc will help to formalize internal audit function more effectively and objectively.
Step 4: Review the current Audit Committee Charter and audit methodology
There is no sample charter encompasses all activities that might be appropriate to a particular audit committee, nor will all activities identified in a sample charter be relevant to every committee. Accordingly, this charter must be tailored to each committee's needs and governing rules. However internal audit objectives, responsibilities and authorities should be clearly define. Further, internal audit methodology should cover all the internal audit functions starting with deciding internal audit universe to communicating results.
Step 5: Review Policies and Procedures
Obtain and review your organization's written policies and procedures, especially the policy pertaining to management's responsibility to control the organization.
Step 6: Discuss Control Issues
Discuss with external auditors open and closed internal control issues, which they may have identified during their reviews.
Step 7: Develop the "Audit Universe"
Start to develop the "audit universe," or the list of all auditable areas.
Step 8: Map Major Processes/Operations
Map the major processes/operations within the organization. Meet with operations managers, including those in information technology, in order to understand their risks and concerns.
Step 9: Develop Risk Assessment
Develop a risk assessment for your organization. This should be a macro-level assessment, which includes both external and internal risk factors.
Step 10: Develop Charter for Internal Audit
Develop a charter for internal audit. Ensure that both senior management and the audit committee review and approve the charter.
Step 11: Build the Budget
Build the budget, including personnel and travel.
Step 12: Develop an Audit Plan
Based on your risk assessment, develop an audit plan. The amount of the plan that can be accomplished in the allotted time period (usually a year) will depend on the risks identified and the internal audit resources and staff.
Step 13: Hire Staff and Develop Training Plan
Hire your staff and develop a plan for staff training. Ensure your staff covers the range of expertise needed based on your risk assessment. You may also consider outsourcing portions of your audit plan to outside service providers or using professionals internal to the organization.
Step 14: Ensure Complete Cooperation
Ensure that senior management notifies other departments of your existence and calls for complete cooperation.
Step 15: Establish Best-Practice Reporting Relationships
Work with management to establish best-practice reporting relationships, to ensure internal audit is promoted throughout the organization, and to develop a methodology for following up on audit recommendations and measuring performance.
Step 16: Establish Quality Assurance Program
The chief audit executive must develop and maintain a quality assurance and improvement program that covers all aspects of the internal audit function. (Standard 1300)
Further, when you are implementing audit function you need to strictly adhere and refer international standards for the professional practice of internal auditing (Attribute standards and performance standards)
Source - The Institute of Internal Auditors - Global
Former Chairman, Internal Audit Committee for $700-million Florida School District (2021-volunteer)
1 年Ok, but I am a retired Fortune 500 internal audit director and this sounds like an academic wrote it, not a field operations audit manager. So you will take 6 months before doing any audits? A competent COA should be able to assess risk, have a few interviews and launch audits while hiring staff. Defer all the administrative bureaucracy for the future.
Certified Bookkeeper | Registered Cost Accountant | Certified Accounting Technician | Certified Lean Six Sigma (Yellow Belt) | Licensed Insurance Advisor | Ignite Referral Partner
4 年How about those private companies that are family-owned and plans to set-up Internal Audit?
Nicely written. Add review of organizational chart for possible conflict, segregation issues or corporate governance concerns.
Director, Internal Audit, BRAC and BRAC International
4 年Very useful paper for IA professionals
Passionate about helping others streamline their workflows and maximize their data insights through customised Excel templates and enhancement of existing skills.
4 年Thank for sharing. A simple and and structured process like this makes it be easy for organisations to follow and creates a good foundation for the function.