The role of internal audit departments is to provide an independent, objective assurance and consulting activity to add value and improve an organisation's operations. Internal Audit helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. Internal Audit has an enterprise-wide remit and mandate, which means assessing the adequacy and effectiveness of all areas of an organisation including the risk management, compliance and finance functions. Internal Audit is the last line of defence in an organisation and, as such, must remain impartial and independent in how it works alongside all areas of the organisation.
IAPracs will be competent in undertaking all aspects of internal audit engagements. They are typically part of an audit team operating under the management of the Internal Audit Professional (IAProf) or Head of Internal Audit.
The IAPrac’s typical responsibilities include:
researching the activities being audited by spending time with the area of the organisation being audited; walking through how they operate a task/process; review policy, processes and standards related to the activity being audited
data gathering, analysis and interpretation through face to face, email and other forms of data gathering practises used in the organisation
documenting the business process and control environment through process mapping, e.g. flowcharting, and validating the process via a ‘walkthrough’
identifying and evaluating the associated governance, risks and controls through mapping against governance policy set out in the organisation, reviewing the documented internal risk process including any documented management controls in place as set out by the business
performing tests and analyse to evaluate the effectiveness of controls (i.e. do the controls protect the organisation against potential risks, as identified by the organisation, management or internal control functions)
identifying vulnerabilities and exposures
communicating the results of their audit work to audit management
Internal auditor roles will be found in the public, private and voluntary sectors, where the Internal Audit function is acknowledged as a cornerstone of good corporate governance essential to the success of an organisation, as recognised by the UK Corporate Governance Code (or other sector-relevant codes of practice). The profession is overseen by the Chartered Institute of Internal Auditors (Chartered IIA), which sets out guidance and standards on how the profession should manage itself and deliver internal audit services for organisations.