Internal auditing comprises the independent review of specific aspects of an organisation intended to improve organisational processes and operations and to ensure compliance with best practices and existing regulations.
According to the Institute of Internal Auditors,
“Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”
– Definition of Internal Auditing, Institute of Internal Auditors (2009)
Internal audits are usually undertaken in a systematic way and follow a pre-defined approach. Among other things, internal audits can cover risk management, security (both physical and cybernetic), information access, organisational control structures, operational efficiency, revenue assurance, fraud control, HR, procurement, legal compliance, reliability of financial reporting and governance processes. Internal auditing is one of the major driving forces behind organisational effectiveness and efficiency and translates, by the end of the exercise, into a set of recommendations based on the analysis and findings of the audit process.
Internal auditing usually involves the assessment of compliance not only with external laws and regulations but also with the organisation’s internal policies and procedures. With a view to making sure that the results of internal audits do not fall on deaf ears, internal auditors usually provide their advice directly to top management and the Board of Directors (or its equivalent). As the cases of Enron, Parmalat, Bernard Madoff and AIG have amply demonstrated, internal auditing has a crucial role to play in today’s organisations.
Since 2008, organisations around the world in nearly all industries have experienced some degree of stress or turmoil caused by the global financial crisis. In this environment, internal auditors continue to play a vital and growing role in monitoring organisation-wide systems, processes and controls and in helping their improvement. This role is likely to continue to grow in the coming years as organisations address not only internal financial pressures, but also external regulatory pressures coming from the imposition of new regulation by Governments in response to the financial crisis.
The Internal Audit profession has, through Institute of Internal Auditors (IIA), continued to evolve and to redefine itself pari passu with this evolution in a context where business risk and organisational complexity have themselves evolved.
We do not believe in “one size fits all” solutions, so we strive to customise our approach and resources to the particular client’s needs and objectives within the parameters of international standards and code of ethics which we abide with. Our audit methodology is in accordance with generally accepted standards for the professional practice of auditing, which includes complete confidentiality, independence, appropriate documentary evidence to support observations / recommendations, transparency in the conduct of its work and timely reports. Our internal auditors are Certified Internal Auditors. We are very well versed in – and adhere religiously to – the internal audit standards as set out by the Institute of Internal Auditors (IIA), and have an active membership in the IIA.
In auditing Information Systems (ISs), we partner with CIOs, CFOs and other executives to ensure that their organisations are maximising the return on ISs investments, while at the same time minimising their risks. Using tried and tested IT governance processes and principles, we ensure the alignment of IT with business strategies, and strive to drive excellence through the IT infrastructure and into the supporting applications and data analytics.
Our internal auditors are qualified and Certified Information Systems Auditors (CISAs) and members of ISACA. They are experienced in reviewing corporate ISs processes and can carry out value-added reviews in accordance with applicable IS auditing standards.
The specialised nature of ISs auditing and the skills necessary to perform such audits require standards that apply specifically to IS auditing. One of the goals of ISACA is to advance globally applicable standards to meet its vision. The development and dissemination of the IS Auditing Standards are cornerstone of the ISACA professional contribution to the audit community. The framework for the IS Auditing Standards provides multiple levels of guidance.