internal audit 101: an overview of the basics

*As defined by The Institute of Internal Auditors (IIA) (http://www.theiia.org), a global organization set up and aligned with other accounting, finance, risk, and compliance associations. https://na.theiia.org/standards-guidance/mandatory-guidance/Pages/Definition-of-Internal-Auditing.aspx

O V E R S I G H T

Reports operat ional ly Reports administrat ively

Internal auditAudit committee of the

Board of DirectorsCFO, CEO

or COONote: senior management remains the owner of “internal controls,” and internal audit was not established to focus only on “internal controls over financial reporting.

INTERNAL AUDIT CHARTER

A document that describes the role of internal audit, their objectives and their unabated access to information throughout the organization.

INTERNAL AUDIT APPROACH

Policies, procedures and other approach documentation that set outthe order and expectations of activities, responsibilities and

evidence/documentation. This is sometimes referred to as the internal audit methodology.

ROLES AND RESPONSIBILITIES:

These should be defined in the Board of Directors’ audit committee charter.Internal audit’s role as set out in the audit committee charter is then

further expressed in the internal audit department’s own charter,mission statement and methodology.

STANDARDS:

The IIA is a global organization that establishes guidance and advocates the continued development of internal auditors. International Standards for the Professional Practice of Internal Auditing (Standards) is the global

“mandatory guidance” for an internal audit department, e�ective as of January 1, 2013.

Purpose, authority,and responsibility (1000)

Independence andobjectivity (1100)

Quality assurance and improvement program (1300)*

*(QAIP) a combination of internal and external processes and assessments to ensure conformance with the standards

An LSEG Business

FOR MORE INFORMATION ABOUT REFINITIV AUTOAUDIT VISIT:HTTPS://WWW.REFINITIV.COM/EN/PRODUCTS/AUTOAUDIT-INTERNAL-AUDITOR-SOFTWARE

INTERNAL AUDIT 101: AN OVERVIEW OF THE BASICS

STRUCTURE:

Leading practice is an internal audit department structure that is globally aligned to the business while being geographically

dispersed to support global internal audit activities.

• Industry factors• Financial results• Competitors• Inherent industry risks• Geography• Strategic plans

UNDERSTANDTHE BUSINESS

• Interview executive management• Interview senior management• Complete questionnaires/ assessments of operational management• Facilitate sessions• Appoint an audit committee

ASSESS RISK

• Draw up plan & budget of audit activities• Check resource availability and geography• Check resource experience and education• Conduct individual internal audit planning and coordination• Collect auditee evidence• Draw up internal audit approach and checklist documents• Carry out internal fieldwork and update status• Conduct internal audit testing• Document internal audit preliminary exceptions, observations, issues and findings

EXECUTE AUDIT

• Review internal quality of work paper documentation• Finalize internal audit report• Draw up internal audit and auditee draft action items• Create internal audit issues final report• Communicate significant internal audit matters separately

COMMUNICATERESULTS

• Action items (plan) and management’s activities• Organizational changes and audit activities• Audit team performance evaluations• Auditor performance evaluations

MONITOR, TRACKAND UPDATE

APPROACH AND METHODOLOGY:

on an ongoing basis as part of the QAIP, and

The internal audit department’s practices and processes should be reviewed:• annually with the audit committee

• • by an external party as part of the QAIP

Visit refinitiv.com

@Refinitiv

Refinitiv

RE1324322/3-21

DEFINITION:Internal audit is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the e�ectiveness of the risk management, control and governance processes.