{"id":55,"date":"2021-11-26T05:33:16","date_gmt":"2021-11-26T05:33:16","guid":{"rendered":"https:\/\/www.krestonsg.com\/blog\/?p=55"},"modified":"2025-08-09T10:20:48","modified_gmt":"2025-08-09T10:20:48","slug":"internal-audit-methodology-process-hows-and-whys-explained","status":"publish","type":"post","link":"https:\/\/www.krestonsg.com\/blog\/2021\/11\/26\/internal-audit-methodology-process-hows-and-whys-explained\/","title":{"rendered":"Internal Audit Methodology &#038; Process \u2013 How\u2019s and Why\u2019s explained"},"content":{"rendered":"\r\n<p class=\"wp-block-paragraph\"><strong>Internal Audit\u00a0is a foundation of sound corporate governance in organisations and can play an\u00a0essential\u00a0role to enhance\u00a0the following functions:<\/strong><\/p>\r\n\r\n\r\n\r\n<ul>\r\n<li>Understanding the Business Management and Accountability\r\n\r\n<\/li>\r\n<li>Determining the risk areas\r\n\r\n<\/li>\r\n<li>Analysing the internal process mechanisms and controls.<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p class=\"wp-block-paragraph\"><strong>Here are the Internal Audit Objectives to assess and enhance the effectiveness of business methods:<\/strong><\/p>\r\n\r\n\r\n\r\n<ul>\r\n<li>To strengthen governance\r\n\r\n<\/li>\r\n<li>To enhance internal control system\r\n\r\n<\/li>\r\n<li>To assist strategic risk management\r\n\r\n<\/li>\r\n<li>To assure transparency in reporting \u2013both for internal MIS purposes and statutory purposes\r\n\r\n<\/li>\r\n<li>Compliances \u2013external and internal\r\n\r\n<\/li>\r\n<li>Optimization of resources, costs and processes<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p class=\"wp-block-paragraph\"><strong>Internal Audit responsibilities include the following: <\/strong><\/p>\r\n\r\n\r\n\r\n<ul>\r\n<li>Process Assurance &#8211; To obtain a level of comfort in their processes\u00a0\r\n\r\n<\/li>\r\n<li>Fraud detection and prevention- To establish that their business is fraud-free.\r\n\r\n<\/li>\r\n<li>Control Framework-To establish a controlled environment that facilitates segregation of duties and a clear reporting framework.\r\n\r\n<\/li>\r\n<li>Process Driven Organization- Transform the organization from being people-driven to being process\u2013driven<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p class=\"wp-block-paragraph\"><strong>Let us understand the IA Methodology | Life Cycle.<\/strong><\/p>\r\n\r\n\r\n\r\n<p class=\"wp-block-paragraph\"><strong>Here is the step-by-step procedure:<\/strong><\/p>\r\n\r\n\r\n\r\n<ul>\r\n<li>Understand the business and identify the critical business risks\r\n\r\n<\/li>\r\n<li>Identify the critical business processes that mitigate these risks\r\n\r\n<\/li>\r\n<li>Analyse these processes and assess the risks\r\n\r\n<\/li>\r\n<li>Perform internal audit, with the help of standardised checklists \/ RCMs and extensive use of data analytics and assess the effectiveness of operating control\r\n\r\n<\/li>\r\n<li>Report observations to the management on a set frequency\r\n\r\n<\/li>\r\n<li>Present summary of critical issues to the Audit committee\r\n\r\n<\/li>\r\n<li>Assesses management\u2019s progress against the agreed-upon action plan for adequate and timely actions performance<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p class=\"wp-block-paragraph\"><strong>Strategic Analysis for getting insights on the following: \u00a0\u00a0\u00a0\u00a0\u00a0<\/strong><\/p>\r\n\r\n\r\n\r\n<ul>\r\n<li>Understand the Business\r\n\r\n<\/li>\r\n<li>Industry information\r\n\r\n<\/li>\r\n<li>Company information\r\n\r\n<\/li>\r\n<li>Sources of industry wide information\r\n\r\n<\/li>\r\n<li>PEST \/ SWOT analysis<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p class=\"wp-block-paragraph\"><strong>Understand Key Aspects<\/strong><\/p>\r\n\r\n\r\n\r\n<ul>\r\n<li>Industry wide issues and objectives\r\n\r\n<\/li>\r\n<li>Company\u2019s strategic objectives\r\n\r\n<\/li>\r\n<li>Key stakeholders\r\n\r\n<\/li>\r\n<li>Key historical issues\r\n\r\n<\/li>\r\n<li>Business model specific to the company<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p class=\"wp-block-paragraph\"><strong>Strategic Risk Assessment<\/strong><\/p>\r\n\r\n\r\n\r\n<p class=\"wp-block-paragraph\"><strong>Discuss the procedure for the following, with the client, for Internal Audit roll out:<\/strong><\/p>\r\n\r\n\r\n\r\n<ul>\r\n<li>Establishment of an agreement on risk rating criteria\r\n\r\n<\/li>\r\n<li>Agreement on approach to risk assessments and facilitated discussions\r\n\r\n<\/li>\r\n<li>Identification, assessment, and analysis of risks\r\n\r\n<\/li>\r\n<li>Performance of control environment review\r\n\r\n<\/li>\r\n<li>Selection of crucial processes and interviewers-based on existing risk profile (previous internal audits conducted, identification of high-risk areas)\r\n\r\n<\/li>\r\n<li>Documentation of results and validation with the management<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p class=\"wp-block-paragraph\"><strong>Management Assurance Plan Creation<\/strong><\/p>\r\n\r\n\r\n\r\n<p class=\"wp-block-paragraph\"><strong>The Internal Audit Plan sets out the scope of work to be undertaken by the client\u2019s internal audit<\/strong><\/p>\r\n<p><strong>\r\n\r\n<\/strong><\/p>\r\n<p class=\"wp-block-paragraph\"><strong>Function.<\/strong><\/p>\r\n<p><strong>\r\n\r\n<\/strong><\/p>\r\n<p class=\"wp-block-paragraph\"><strong>Based on strategic analysis and enterprise risk assessment:<\/strong><\/p>\r\n\r\n\r\n\r\n<ul>\r\n<li>Determine and prioritize the areas and business processes to be reviewed\r\n\r\n<\/li>\r\n<li>Identify the number and types of audit projects to be performed, along with associated resource requirements\r\n\r\n<\/li>\r\n<li>Obtain input and approval of executive management and the Audit Committee, and\r\n\r\n<\/li>\r\n<li>Establish a process to evaluate, update, and maintain the plan continually.\r\n\r\n<\/li>\r\n<\/ul>\r\n<p class=\"wp-block-paragraph\"><strong>Plan should specify the areas to be audited, estimated hours and priority of audits<\/strong>.<\/p>\r\n\r\n\r\n\r\n<p class=\"wp-block-paragraph\"><strong>Process Analysis<\/strong><\/p>\r\n\r\n\r\n\r\n<p class=\"wp-block-paragraph\"><strong>Process analysis consists of three broad steps:<\/strong>\r\n\r\n<\/p>\r\n<ul>\r\n<li>Interviews with process owner(s)\r\n\r\n<\/li>\r\n<li>Process walkthroughs\r\n\r\n<\/li>\r\n<li>Mapping of as\u2013Is process maps and buy\u2013in from process owner for As\u2013Is understanding of the process<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p class=\"wp-block-paragraph\"><strong>Process Risk Assessment<\/strong><\/p>\r\n\r\n\r\n\r\n<p class=\"wp-block-paragraph\"><strong>The ultimate objective of audit execution is to determine the effectiveness of controls over the significant risks within processes<\/strong><\/p>\r\n\r\n\r\n\r\n<ul>\r\n<li>To achieve this, we should first identify and assess the significant risks\r\n\r\n<\/li>\r\n<li>A risk is an event that has an adverse consequence on the objective of the process\/sub \u2013process\r\n\r\n<\/li>\r\n<li>Risks are identified by analysing the characteristics of the processes concerning our internal audit focus and identifying what events, actions, or inactions would adversely affect the achievement of the objectives\r\n\r\n<\/li>\r\n<li>Perform a \u2018What can go wrong\u2019 analysis to identify risks\r\n\r\n<\/li>\r\n<li>To remove a degree of subjectivity and to ensure consistency, the risks assessed is agreed upon with the Auditee\/ Process Owner<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p class=\"wp-block-paragraph\"><strong>Internal Audit Execution<\/strong><\/p>\r\n\r\n\r\n\r\n<p class=\"wp-block-paragraph\"><strong>Internal audit execution involves the following steps:<\/strong><\/p>\r\n\r\n\r\n\r\n<ul>\r\n<li>Developing the audit program\r\n\r\n<\/li>\r\n<li>Testing effectiveness of controls and identification of exceptions\r\n\r\n<\/li>\r\n<li>Extensive data analysis to cover a more incredible sample and to ascertain the financial impact\r\n\r\n<\/li>\r\n<li>Root Cause Analysis for exceptions identified and identification of risks originating from operating ineffectiveness\/non \u2013existence of perceived controls\r\n\r\n<\/li>\r\n<li>Developing a road map to manage\/mitigate identified risks\r\n\r\n<\/li>\r\n<li>Obtaining process owners buy-in for identified risks and recommendations<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p class=\"wp-block-paragraph\"><strong>Reporting<\/strong><\/p>\r\n\r\n\r\n\r\n<p class=\"wp-block-paragraph\"><strong>The audit report is one of the most visible deliverables, providing feedback to auditee management on the results of our audit.<\/strong><\/p>\r\n<p><strong>\r\n\r\n<\/strong><\/p>\r\n<p class=\"wp-block-paragraph\"><strong>The report should include all the significant issues identified as a result of our audit procedures<\/strong><\/p>\r\n\r\n\r\n\r\n<ul>\r\n<li>Gather and review issues summaries for reportable items\r\n\r\n<\/li>\r\n<li>Review management\u2019s responses for inclusion in the report\r\n\r\n<\/li>\r\n<li>Prioritize observations (Based on Impact or Level of effort-as agreed in audit plan)\r\n\r\n<\/li>\r\n<li>Review for any inappropriate language\r\n\r\n<\/li>\r\n<li>Prepare the draft report using the agreed upon format<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p class=\"wp-block-paragraph\"><strong>Issues Resolution Tracking<\/strong><\/p>\r\n\r\n\r\n\r\n<p class=\"wp-block-paragraph\"><strong>Throughout the delivery of our Internal Audit Methodology, issues are uncovered and reported, and ultimately action plans are agreed to by management.<\/strong><\/p>\r\n\r\n\r\n\r\n<ul>\r\n<li>As part of the follow-up process, monitor the progress of the implementation of agreed-upon management action plans Assess management\u2019s progress against the agreed-upon action plan and whether its actions were performed adequately and timely\r\n\r\n<\/li>\r\n<li>With an organized, disciplined approach, IA helps an organization achieve its desired business goals.<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p class=\"wp-block-paragraph\"><strong>Need help or assistance with our Finance experts. Contact us now!<\/strong><\/p>\r\n","protected":false},"excerpt":{"rendered":"<p>Internal Audit\u00a0is a foundation of sound corporate governance in organisations and can play an\u00a0essential\u00a0role to enhance\u00a0the following functions: Understanding the Business Management and Accountability Determining the risk areas Analysing the internal process mechanisms and controls. Here are the Internal Audit Objectives to assess and enhance the effectiveness of business methods: To strengthen governance To enhance&hellip; <a class=\"more-link\" href=\"https:\/\/www.krestonsg.com\/blog\/2021\/11\/26\/internal-audit-methodology-process-hows-and-whys-explained\/\">Continue reading <span class=\"screen-reader-text\">Internal Audit Methodology &#038; Process \u2013 How\u2019s and Why\u2019s explained<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":50,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2],"tags":[],"class_list":["post-55","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-grc","entry"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.krestonsg.com\/blog\/wp-json\/wp\/v2\/posts\/55","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.krestonsg.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.krestonsg.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.krestonsg.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.krestonsg.com\/blog\/wp-json\/wp\/v2\/comments?post=55"}],"version-history":[{"count":4,"href":"https:\/\/www.krestonsg.com\/blog\/wp-json\/wp\/v2\/posts\/55\/revisions"}],"predecessor-version":[{"id":62,"href":"https:\/\/www.krestonsg.com\/blog\/wp-json\/wp\/v2\/posts\/55\/revisions\/62"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.krestonsg.com\/blog\/wp-json\/wp\/v2\/media\/50"}],"wp:attachment":[{"href":"https:\/\/www.krestonsg.com\/blog\/wp-json\/wp\/v2\/media?parent=55"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.krestonsg.com\/blog\/wp-json\/wp\/v2\/categories?post=55"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.krestonsg.com\/blog\/wp-json\/wp\/v2\/tags?post=55"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}