What is an audit
One of the main components of the procedure for obtaining reliable information about the financial condition of a company is economic control. One of the main control tools is audit.
An audit refers to the collection, analysis and subsequent evaluation of data on the functioning of a company. The following types of audit are distinguished:
- External, which is understood as an independent analysis of the company’s reporting in accordance with business standards and tax legislation requirements.
- Internal, which involves conducting analysis within the company to identify weaknesses in activities and optimize processes.
Important! Both business owners and external investors are interested in conducting an audit. Shareholders are primarily interested in receiving profits from the company's activities, as well as in distributing dividends.
Creditors and counterparties are interested in the solvency of the company. And the company’s personnel want to feel confident in stable work and receiving regular payments (
External audit
Certain business entities are required to carry out an external audit annually. These include:
- open joint-stock companies;
- credit and insurance companies;
- brokers, stock exchanges;
- state extra-budgetary funds;
- a legal entity whose revenue is 500 thousand times higher than the minimum wage.
Mandatory audits are carried out exclusively by certified auditors. The main purpose of the external audit is to identify the compliance of financial reporting data with the real financial position of the company. During an external audit, the following tasks are solved:
- identifying compliance with accounting policies (how accurately business transactions are reflected);
- the legality of the operations carried out, the transactions concluded;
- the correctness of determining the company’s income, its expenses, as well as the assignment of these data to certain reporting periods;
- correct calculation of taxes and their payment;
- differentiation of expenses;
- identifying the correspondence of synthetic and analytical accounting data;
- reliability of company reporting.
Important! First of all, a company planning to conduct an audit enters into an agreement with an audit company. After this, external auditors begin the audit itself.
Features of internal and external audits
Bibliographic description:
Makhmudova, G. R. Features of internal and external auditing / G. R. Makhmudova. — Text: direct // Issues of economics and management. - 2020. - No. 3 (5). — P. 44-47. — URL: https://moluch.ru/th/5/archive/31/844/ (access date: 05/31/2020).
In international practice, there are two types of audits that complement each other and at the same time differ significantly. Let's look at the differences between internal and external audit.
Internal audit is intended to check and evaluate the activities of an enterprise in the interests of the enterprise itself. The purpose of internal audit is to help the management personnel of an enterprise effectively perform their functions. Internal auditors provide the management personnel of the enterprise with analysis and assessment data, recommendations and other necessary information based on the results of audits.
Internal audit has the following features:
Rice. 1.Features of internal audit
Thus, the internal audit service is created not because of receiving instructions from above, but in order to use it to successfully compete in the market by improving product quality, reducing costs, knowing the needs of the market, i.e. ultimately by increasing efficiency work of the management personnel of the enterprise. The company always seeks reserves in order to obtain sufficient profit for further development, since otherwise it will inevitably face bankruptcy. Therefore, the enterprise is interested in the effective work of internal audit and must constantly compare and analyze the effectiveness of the work of internal auditors and whether there is a return on the costs incurred for their maintenance. If the “balance” is not in favor of internal audit, measures should be taken either to improve it or to eliminate it [3].
The activities of internal auditors are almost similar to those of external auditors. The list of services of internal auditors also includes:
Rice. 2. List of services of internal auditors
Management audit is the study of business operations in order to develop recommendations for the economical and efficient use of financial and material resources, achieving the final result and developing policies for organizing the management of an enterprise. It should assist managers in performing their functions and lead to increased profitability of the enterprise.
The American Institute of Certified Public Accountants has defined management auditing as a type of consulting services to help a client improve the efficiency of using its production facilities, material resources and achieving its goals. Management audits are performed by independent firms of certified public accountants.
External audit is a systematic process of obtaining and assessing objective data about economic actions and events, establishing the level of their compliance with a certain criterion and presenting the results of verification and assessment to interested external users, i.e. external audit has its own specific purpose and logic of conduct, without being disorderly or unplanned.
The main purpose of the external audit is to form an opinion on the accuracy with which the financial statements reflect the financial position of the enterprise, the results of operations and the state of the flow of monetary and material resources, confirm the data presented in the financial statements or refute them and draw a conclusion based on the results of the audit. [4]
By conducting an external audit, the auditor also determines the quality of the internal audit work and the degree of possible confidence in the information obtained as a result of the internal audit activities.
Users of financial information. Parties interested in reliable financial information about the activities of an enterprise can be divided into two main groups:
Rice. 3. Users of financial information
Internal users include the administration, that is, the management personnel of the enterprise.
Administration is a group of people at an enterprise that bears full responsibility for managing its activities and achieving its goals. An enterprise has many goals, but success and survival in conditions of fierce competition require the administration to concentrate efforts from an economic point of view on the following factors: profitability (profitability), liquidity of the enterprise, solvency.
Profitability (profitability) is the ability to receive income (profit) from financial and economic activities sufficient for the further stable operation and development of the enterprise.
Liquidity is the sufficient availability of cash and other means of payment to pay assumed obligations within the established period.
Internal users make various production and financial decisions. For example, on the basis of reporting, a long-term financial plan of the enterprise is drawn up, decisions are made to increase or decrease the volume of product sales, taking into account current demand, about the prices of goods sold, the main directions for investing internal and external financial resources in the enterprise are determined, as well as the feasibility of attracting loans from commercial banks etc. Obviously, making such decisions requires a timely and high-quality analysis of the economic and financial activities of the enterprise, the most accurate information, since otherwise the enterprise may suffer large losses and even go bankrupt [4].
Solvency means the availability of funds to timely repay the accepted financial obligations of the enterprise.
Financial reporting and information in market conditions are of interest to two other groups of external users: those directly interested in the activities of the enterprise, and those indirectly interested in it.
The first group includes the following users:
- existing and potential owners of the enterprise’s funds who need to determine the increase or decrease in the share of the enterprise’s own funds and evaluate the efficiency of the use of resources by the enterprise’s management:
existing and potential lenders who use reporting to assess the feasibility of providing or extending a loan, determining loan terms, strengthening loan repayment guarantees, and assessing trust in the company as a client;
suppliers and buyers who determine the reliability of business relations with a given client;
- the state, primarily represented by the tax authorities, which check the correctness of tax calculations and analyze the effectiveness of the government’s tax policy;
company employees interested in reporting data from the point of view of their salary level and job prospects at this enterprise.
The second group of users of financial statements are those who are not directly interested in the activities of the enterprise, but they need to study the statements in order to protect the interests of the first group of users of the statements. This group includes:
audit services that check the compliance of reporting data with certain rules in order to protect the interests of users;
financial consultants who use reporting to make recommendations to their clients regarding the placement of their capital in a particular company;
securities exchanges that evaluate the information presented in the statements when registering the relevant companies, making decisions on suspending the activities of a company, assessing the need to change accounting and reporting methods;
- legislative bodies;
lawyers who need reporting information to assess the fulfillment of contract terms, compliance with legislative norms in the distribution of profits and payment of dividends, as well as to determine the conditions of pension provision;
press and news agencies that use reporting to prepare reviews, assess development trends and analyze the activities of individual companies and industries, and calculate projected financial performance indicators;
trade and manufacturing associations that use reporting for statistical summaries by industry and comparative analysis and evaluation of performance at the industry level;
trade unions interested in reporting information to determine their requirements for wages and terms of labor agreements, as well as to assess trends in the development of the industry to which the enterprise belongs. [3]
The annual financial statements of business entities must be open to interested banks, exchanges, investors, creditors, etc.
Open joint stock companies, insurance companies, banks, stock and commodity exchanges, investment funds and other financial institutions are required to publish annual financial statements (balance sheet, profit and loss account), prospectus for the issue of shares of the company after confirmation by auditors of their accuracy.
By analyzing financial statements, external users try to determine what financial prospects a given enterprise has in the future, whether it is worth investing its financial resources in it, and whether this enterprise has the ability to timely pay creditors, pay interest or dividends on the investor’s invested funds.
Literature:
- Law of the Republic of Uzbekistan “On Auditing Activities”. 2000
- National accounting standards of the Republic of Uzbekistan. No. 1–23.
- Audit / Ed. M. M. Tulakhodzhaeva, T. I. Dzhuraeva, F. G. Gulyamova. - Tashkent: TSEU, 2010.
- Dustmurodov R.D. Fundamentals of auditing. Textbook. — T.: “National Encyclopedia of Uzbekistan”, 2003.
Key terms
(automatically generated)
: internal audit, enterprise, external audit, management personnel of the enterprise, management audit, financial reporting, user, wages, reporting information, otherwise.
Internal audit
Important! Internal audit, as a rule, is aimed at solving individual problems, as well as at an overall assessment of the company's activities. The main goals must comply with the requirements put forward by the company's management. Internal audit is carried out either by a special audit department (if it is provided in the state) or by a specially appointed commission.
An internal audit is required in the following cases:
- when preparing a company for sale (the audit is carried out to obtain information about the real state of the company);
- if the structure of the organization is being reorganized;
- upon dismissal of the chief accountant and financial director;
- if the direction of the business changes (in order to identify ineffective business practices, as well as possible problems, to optimize the company’s resources);
- in cases of preparation for a tax audit;
- if there is suspicion of intentional distortion of information.
When conducting a voluntary audit, either all sectors of the company’s activities are checked, or only specific areas of accounting.
The tasks of internal audit include the following:
- assessing internal information and reporting;
- checking the execution of internal operations;
- exercising control over the company's assets;
- avoiding theft, possible losses and damages.
Based on the results of the inspection, a conclusion is drawn up, which is brought to the attention of the founders or the executive body. The result of the inspection is a report containing comments and recommendations on identified deficiencies. In some cases, a repeat audit is carried out to identify information about eliminating deficiencies.
Alexey Sonin, Certified Internal Auditor (CIA), Certified Fraud Examiner (CFE) Executive Director of the Institute of Internal Auditors
Over the past years, there has been a steady increase in interest in internal audit in Russia. Today, internal audit functions exist in most large and many medium-sized companies. Many managers of companies where such divisions do not yet exist are thinking about creating them.
Interest in internal audit is due, in our opinion, to a number of factors.
Firstly, this is the desire and urgent need for owners and management to streamline business processes in the company, which in many cases can lead to very significant cost savings.
Secondly, this is the need of the board of directors or other supervisory body for an independent and objective source of information about the state of affairs in the company.
Thirdly, which is especially important for developing markets, in particular for Russia, the presence of an internal audit in a company is relevant for company owners who hand over the reins to professional managers, but at the same time try to “keep their finger on the pulse.”
Definition of internal audit
Internal audit, as defined by the international Institute of Internal Auditors, is the activity of providing independent and objective guarantees and consultations aimed at improving the activities of the organization. Internal audit helps an organization achieve its objectives by using a systematic and consistent approach to assessing and improving the effectiveness of risk management, control and corporate governance processes.
This definition covers the main characteristics of internal audit.
- Independence and objectivity. The profession of internal auditor is based on these two fundamental qualities. By independence we mean organizational independence, which is determined to a large extent by the level of subordination of the internal audit service in the company. Objectivity refers to the individual quality of the internal auditor, which consists in how impartial the auditor is in his assessments and conclusions.
- Improving the organization's performance is the goal of internal audit. The main thing in internal audit activities is not to identify violations and errors for subsequent organizational conclusions and punish those responsible, not to write a report of several dozen pages, but to see and assess risks, weaknesses in the organization’s work and make recommendations aimed at reducing the level of risk and increasing efficiency systems and processes.
- Providing guarantees (English assurance) and consultations (English consulting) to customers (clients) of internal audit. Providing assurance, in this case, is an objective analysis of audit evidence in order to make an independent assessment and express an opinion on the reliability of information and the effectiveness of systems and processes. The main difference between consulting and providing guarantees is that in the first case the nature, scope of work and form of reporting are determined by the client, and in the second - by the auditor himself in agreement with the customer. At the same time, the scope of provision of guarantees and consultations has expanded significantly in recent years and includes:
- Management of risks,
- internal control,
- corporate governance.
The role of internal audit in a company
How much do business owners need internal audit? How can internal audit be useful to company managers? The decision on whether an internal audit is necessary in a company is made by the owners and senior executive management of the company. This decision is determined by many factors, which include the separation of the functions of owning and managing a business, the size and structural ramifications of the company, the geographical dispersion of its assets, and the level of risks inherent in the company’s activities.
Of course, the need for internal audit for a company should be dictated by economic feasibility. For smaller companies, having an internal audit function is probably not necessary. However, as the size of the company grows and management processes become more complex, owner-managers may develop the illusion that, despite all the changes, the company’s activities are under control. But in fact, management is no longer able to control the situation in its entirety. Then internal audit turns out to be very useful.
If in a company the functions of ownership and management are separated - the owners deal with determining the strategy and directions of development of the company, without delving into the details of business, and qualified managers are hired to manage the company - the issue of monitoring the state of affairs in the company and the activities of management becomes relevant for the owners. As they say, trust, but verify. (Note that the development of the theory of corporate governance is based on this very problem - the so-called principal-agent problem. It lies in the fact that the owner, while owning the property, does not manage it, and the manager, although managing the property, does not own it. When In this case, the aspirations and actions of management do not always meet the interests of the owners themselves.) In this case, internal audit becomes an integral component of the corporate governance system as one of the most effective tools for control by the owners over the activities of the company's hired management.
Internal audit is necessary not only for the owners, but also for the company’s management. The task of managers is to manage the business, achieving its goals in the most effective way. The success of this task depends largely on two factors:
- does the manager have the information necessary to make the right management decisions;
- Is there an effective system for monitoring the implementation of decisions made?
Managers themselves, for whom business management is part of their daily work, are not always able to objectively assess the situation. Even if a manager believes that he effectively controls all processes, he, as a rule, does not have the time and specific skills to collect and structure the relevant information. Due to its specific nature, internal audit has information on all aspects of the company’s activities and tools for summarizing and analyzing data. Therefore, close interaction with the internal audit service increases the efficiency of management decision-making. It is the internal audit that is that objective source of information that helps the manager look at things in a new way, “with an open eye”, and evaluate the quality of implementation of the management decisions made.
The role of internal audit is especially important for holding companies and companies with an extensive branch network. The significance of internal audit in this case is determined by the need for the parent/parent company to receive timely and objective information about the activities of branches/subsidiaries. And they, in turn, also receive considerable benefit from internal audit. Firstly, the entire company becomes familiar with the best practices in the work of individual divisions, the carrier of which, due to the specifics of its activities, is internal audit. Secondly, internal audit promotes a deeper understanding in branches/subsidiaries of the policies and procedures of the parent/parent company.
How many control bodies are needed?
Internal audit is an integral part of the company's internal control system. As part of the whole, internal audit evaluates the effectiveness of the system as a whole. Thus, it plays the role of feedback, which makes the system stable and allows it to adjust depending on the changes that occur.
How many and what control bodies a company has is determined, first of all, by legal requirements. For example, for joint-stock companies, the legislation provides for the presence of a board of directors (supervisory board) and an audit commission.
The owners and management of the company, based on their needs, can create other control bodies. There is a wide choice: control and audit service, internal control service, internal audit service, security service, quality control department. Another thing is that, sometimes, control bodies with different names largely duplicate each other’s work. This, as a rule, leads to economic inefficiency of their activities.
A significant role in deciding on the structure of control bodies is played by the state of the control environment in the company and, more broadly, the level of development of its corporate culture.
If internal control and risk management systems are not built or operate ineffectively, the field of activity for internal audit is greatly reduced, since the task of internal audit is to assess the effectiveness of these systems. In this case, the primary task for the company's management is the design and implementation of a control system. This is done by internal control services or control and audit services.
Since building an internal control system is a labor-intensive and lengthy process, the presence in the company of a separate control and audit unit (control and audit service) is an objective necessity at a certain stage. This division becomes especially important if the company’s management does not have the ability and/or desire to build an effective control system and create a highly developed corporate culture. In this case, the control and audit unit will focus on identifying errors and abuses, playing the role of a corporate policeman in its “pure form.” But it should be remembered that audit activity, at its core, is aimed at retrospect, that is, at events that have already occurred and their consequences. Internal audit is focused on the future, i.e., on the analysis of future events that may adversely affect the activities of individual departments and/or the company as a whole.
In other words, the audit evaluates the consequences of risks that have already materialized, while the internal audit evaluates the possibility and suggests ways to reduce risks and/or the negative effects of their impact. The presence of a control and audit unit in a company in no way means that internal audit is unnecessary. Everything is determined by what stage of its development the company is at and in what direction, from the point of view of internal corporate culture, it will move.
I would like to note that in many cases, executive management tends to view internal audit as a resource that solves management problems in building a control system.
This leads to ineffective use of the potential of internal audit and cannot but affect the degree of its objectivity in the subsequent assessment of the reliability and effectiveness of the control system. Another thing is that internal audit can become the best assistant to management in building a control system, providing consulting support during the development (implementation) of policies and control procedures. Table 1 . Division of responsibilities in the internal control system
Responsibility for the overall control state | Creating a control environment | Approval of control policies/procedures | Implementation of control measures | Assessing the reliability and effectiveness of control |
Top management | X | X | X policies | |
Heads of departments | X | X procedures | X | |
Employees | X | |||
Internal audit | X |
Modern internal audit is capable and must perform diverse and large-scale tasks. Internal audit:
- evaluates the internal control system in terms of the reliability of information, compliance with legislation, safety of assets, efficiency and effectiveness of the activities of individual operating and structural divisions and the company as a whole,
- evaluates the effectiveness of the risk management system and proposes risk control methods,
- assesses the compliance of the company's corporate governance system with the principles of corporate governance.
Focus on risks
Today, internal audit is being transformed into a risk assessment tool; there is a shift in emphasis from assessing individual operations to assessing risks in the company’s activities as a whole.
The current environment, both internal and external, is very dynamic, and this is reflected in the speed and scale of risk changes. Companies face a wide range of risks - a drop in demand, loss of liquidity, disruptions in the supply of raw materials and materials, difficulties with lending, increased internal tension among company employees, etc. Not to mention the risks of various types of abuses, including theft and falsification of reports. At the same time, those risks that were acute just a couple of months ago could give way to completely different, even more significant risks.
In these circumstances, internal auditors should first present their assessment of the most significant risks to key clients—boards of directors and senior executive management—and invite them to actively participate in the risk management process.
The forms and methods of such participation can be very diverse, for example:
- participation in the discussion of relevant issues at meetings of various commissions and committees,
- holding working meetings with managers at various levels,
- assistance to management in restructuring the internal control system, the need for which arises in connection with the reduction of personnel and cost items that have a direct impact on the state of control in the organization.
Of course, internal audit in its activities should not replace the company’s management, and this should be clearly discussed with customers.
Internal and external audits
The decision on whether an internal audit is necessary should not be determined by whether the company has an external auditor, since external and internal audits perform different functions.
First, an external audit traditionally deals with the assurance of a company's financial statements and focuses on transactions and events that may have a material impact on the company's financial statements. Internal audit is aimed primarily at assessing the company's existing control and risk management systems and focuses on operations and events that prevent the company from effectively achieving its goals. Secondly, the external audit, as part of the provision of audit services, does not assess the effectiveness of activities (operational efficiency), which is usually one of the tasks of the internal audit. Third, external audit serves primarily the interests of external stakeholders - potential investors, creditors, etc., while internal audit serves primarily the interests of the board of directors and executive management of the company.
It should be emphasized that effective internal audit can reduce the company's costs of external audit (if the external auditor is able to rely on the results of the internal audit, which will reduce the amount of audit procedures performed by the external auditor), but cannot eliminate the need for external audit for the company.
Table 2 . Comparative characteristics of external and internal audits
External audit | Internal audit | |
Target | Express an opinion on the reliability of the company's financial statements | Increasing the efficiency of the company's activities |
Primary users | Investors, creditors, government agencies | Board of Directors, management |
Audit object | Financial and accounting statements of the company | Systems of internal control, risk management, corporate governance |
Specifics | Focuses on transactions and events that could have a material impact on the company's financial statements; does not consider issues of economic validity of management decisions | Focuses on events that prevent the company from effectively achieving its goals; assesses the economic feasibility of management decisions |
Periodicity | At the end of the reporting period | Continuously based on audit plan |
Organization of the internal audit service
The internal audit function itself can be implemented in several ways. Moreover, in order to enjoy the benefits that effective internal audit gives a company, it is not necessary to create a separate service. This can be successfully carried out by an external consultant or a specialized company (except for cases where the internal audit service in the company is required by law) - this is the so-called outsourcing (or co-sourcing) of the function. Both outsourcing and co-sourcing have their own advantages and disadvantages, which we will not go into detail here. We can only say that various organizations resort to outsourcing and co-sourcing. These can be either small firms that do not have sufficient financial resources to create their own internal audit service, or large companies. The latter, as a rule, need such services for the audit of a specific area (for example, such as information technology or capital construction). In addition, additional audit resources may be required during peak periods of workload for in-house auditors.
Now let’s dwell on the issue of creating your own internal audit service (IAS).
When organizing IAS, first of all, it is necessary to determine its subordination. Both in Russia and abroad different approaches are used in this matter. The best option is considered to be the functional subordination of the head of the IAS to the audit committee of the board of directors, or directly to the board of directors of the company. In this case, a high level of independence of internal auditors from executive management is achieved, which allows, other things being equal, to make maximum use of the internal audit potential. If this option cannot be implemented for some reason, then the internal audit unit should report to the highest official of the company (president, general director).
However, the issue of subordination of the head of the internal audit service as a way to ensure the independence of internal audit is one of the most controversial in the practice of both Russian and foreign internal auditors.
To the question “who should internal audit report to in order to be as effective as possible?” there is no universal answer. The answer is determined by a combination of many factors, among which we highlight the professionalism of the board of directors and the competence of management, the nature of the relationship and the degree of interaction between the board of directors and the executive bodies of the company, and the level of development of corporate culture in the company.
It is also important what tasks the internal audit solves in the company. If its main task is to carry out control and audit activities, then it seems logical to submit to the top executive management of the company, since in this case the internal audit service is an instrument of control over the activities of management by the top executive management.
If internal audit is considered as a component of the corporate governance system that allows the board of directors (audit committee) to effectively fulfill its duties, the subordination of the internal audit service to the board of directors (audit committee) seems justified. As we have already said, in this situation, the board of directors (audit committee) helps ensure the maximum degree of independence of the internal audit service from the company’s management. For its part, the internal audit service (along with the external auditor) allows the board of directors to maintain a sufficient degree of independence from management in obtaining information about the company’s activities. It is obvious that these issues are interconnected, since the role of an objective source of information for the board of directors (audit committee) can only be performed by internal audit if it has maximum independence from executive management (including issues of appointment, remuneration, performance evaluation of the head and employees of the internal audit service and etc.).
Does the subordination of the internal audit function to the board of directors (audit committee) guarantee its independence and contribute to maximizing its usefulness to the company?
Much depends on the role, composition and professional level of the members of the board of directors (audit committee). Subordination of internal audit to the board of directors is justified if, firstly, the board of directors is an independent body and not a nominal conductor of ideas and proposals from the executive management of the organization; secondly, the board of directors includes independent directors; thirdly, members of the board of directors are aware of the role and importance of internal audit in the company.
Speaking about the structure and size of the internal audit service, it should be noted that there is no single (“template”) organization of the service. In each specific case, the structure and number of IAS are determined individually, based on various factors. The first of them is the goals and objectives that the company’s management sets for internal audit. The second factor is the maturity of the company's control environment. And finally, the geographical ramifications of the company and the dispersion of its structural divisions.
Unfortunately, in many cases the structure and size of the internal audit service are determined by the size of the allocated budget. And often other factors are not taken into account.
Assessing the effectiveness of internal audit
How to evaluate the effectiveness of internal audit? This task is quite non-trivial. The fact is that, firstly, the result is not always measurable quantitatively. Secondly, effectiveness depends not only on the auditors themselves, but, to a large extent, on the subsequent actions of customers (clients). And thirdly, the subjectivity of customer (client) assessments plays a role.
Qualitative and quantitative indicators should be used to analyze audit productivity. They should determine the dynamics of implementation of the annual internal audit plan and the costs of IAS for projects. In addition, the system of indicators should allow assessing the degree of satisfaction of customers (clients) from the work performed by auditors.
Each company determines its own criteria for the effectiveness of IAS activities. The composition and target values of the indicators are established by the head of the IAS in agreement with management. At the same time, the main customers (board of directors and senior executive management) could evaluate the activities of the IAS based on three or four indicators. On the other hand, the head of the IAS could evaluate the activities of the service headed by a larger number of indicators. Internal audit performance indicators may include, for example, the following:
- implementation of the approved audit plan,
- number of significant risks identified,
- percentage of audit recommendations accepted and implemented by management,
- economic effect of implementing recommendations
- number of repeated audit recommendations,
- satisfaction of audit customers (clients).
Along with the procedure for periodically assessing the effectiveness of the internal audit service, there should be a program for improving the quality of its work. Activities carried out within the framework of this program include:
- current control (monitoring) of the quality of internal audits. It is carried out by the head and managers of the internal audit team during audits. Monitoring is aimed at ensuring that the activities of internal auditors comply with the procedures and regulations of the company and the IAS itself. It also allows the head of the internal audit team to make sure that the auditors are performing audit tasks at the proper professional level;
- internal assessments conducted at least once a year by the head and managers of the IAS. Their goal is to identify, on their own, reserves for improving the activities of each internal auditor and the entire service as a whole;
- external assessments conducted at least once every 5 years. They are carried out by structures that are third-party to the internal audit service. Reputable external consultants or auditors usually act in this capacity. External assessments are especially valuable because they provide an “outside perspective” on the quality of internal audit work.
It is worth noting that the approach to improving the quality of internal audit should be comprehensive. Only the implementation of all of the above activities will most contribute to improving the work of the IAS.
How to become an internal auditor
First of all, we note that working in internal audit provides an excellent opportunity to study all aspects of the company’s business, which is an invaluable advantage for professional and career growth, and also contributes to the acquisition of skills and qualities necessary for a successful manager. In many companies, work in internal audit is seen as the best preparation for candidates to take on future leadership positions in the company. Working in internal audit allows you to get to know the company's employees performing a wide variety of functions and establish working relationships with managers at all levels. Internal auditors, by participating in a variety of audit assignments, gain in-depth knowledge of the activities of all departments and the ability to see the work of the company as a whole. As a result, they become generators of fresh ideas and constructive proposals and develop an idea of how and in what direction the company should develop.
And one more observation. Internal auditors have a high level of competence in internal control and risk management issues and are well versed in the preparation of financial statements. It is this knowledge that is primarily necessary for each member of the audit committee to work effectively. Thus, experience in internal audit becomes a serious advantage for candidates to the audit committee of the board of directors of a joint-stock company. What knowledge, skills and qualities should an internal audit specialist have?
First of all, it is important to understand the role of internal audit, knowledge of performance standards and internal audit methodology. A prerequisite is knowledge of management principles, as well as basic knowledge in general disciplines such as accounting, financial analysis, and law. The internal auditor will also need special knowledge in areas such as fraud investigations, mergers and acquisitions, capital projects, etc. Of course, it is necessary to know and understand the industry specifics of the business.
The most important quality of an internal auditor is professional skepticism, which consists in the fact that the internal auditor does not take various statements on faith, but tries to find confirmation for them, independently obtaining answers to questions that arise. The internal auditor must also have the following qualities and skills:
- objectivity,
- sound judgment
- good analytical skills,
- developed communication skills (the ability to “listen” and “hear”; the ability to clearly express thoughts and defend one’s point of view),
- performance,
- ability to work in a group (team).
Most of the listed qualities and skills can be developed over time, and their required set is determined in each specific case, based on the role of internal audit in the company and the tasks assigned to internal auditors.
Second question: how do they become internal auditors in Russia? According to our assessment, in most cases people come to internal audit from the financial and control and audit departments of companies. However, many internal auditors previously worked in the operating divisions of their companies.
Today in the labor market there is a shortage of highly qualified specialists in the field of internal audit. We note with regret that the profession is not sufficiently supplied with young personnel, since the programs of higher educational institutions do not provide training in the specialty “internal auditor”, and internal audit issues are briefly discussed as part of a course in accounting and auditing.
But demand creates supply. An increasing number of specialists are choosing internal audit as their main profession, the number of students interested in studying this subject in depth is increasing, and universities are beginning to think about making it a separate course.
The difference between internal audit and external audit
Main characteristics | External audit | Internal audit |
Initiator of the audit | Owner of company | Supervisor |
Main purpose of the audit | Determining the correctness of accounting and tax accounting, compliance of the data presented in the reports | Verification of the reliability of information about the company’s economic activities, work efficiency |
Based on what standards is it carried out? | Regulated by current legislation and international auditing standards | Carried out on the basis of internal regulations and instructions |
Who conducts the audit | External independent auditors with confirmed qualifications | The company's audit department, or a specially created commission |
Audit cost | The audit is paid at the cost determined by the agreement concluded with experts | According to the staffing table |
How often is it carried out? | Once a year | During a year |
Auditor's report | May have official publication | Sent exclusively to management |
The essence of external financial audit
The economic entity responsible for the conduct of the external financial audit is obliged to:
- Carry out a comprehensive analysis of assets and liabilities, as well as income and expenses of the organization for each type and separately for each type of activity.
- Study financial ratios, valuation principles, recognition of liabilities and assets.
- Assess the impact of all accounting policies, including pro forma values and estimates.
- Identify and objectively evaluate factors influencing the main financial indicators of the enterprise.
- Establish the nature of the movement of financial flows and determine the elements that guide them.
- Formulate an opinion on the prospects for the development of the company’s financial activities.
- Determine the real possibility of following these forecasts, taking into account the current sales volume and financial situation of the organization.
Procedure for conducting an audit
The audit consists of three main stages:
- The preparatory stage, during which the necessary information is collected, including:
- features of the company’s work in a particular industry and region;
- financial position of the company;
- organizational, technological components;
- qualifications of accountants;
- accounting automation;
- information on obligations, legal proceedings, etc.
- An inspection plan is drawn up. At this stage, the auditor draws up an inspection schedule and also selects specialists who will have to perform the work. Initially drawn up documents at the planning stage are not final; they are subject to adjustment and revision.
- Verification is a stage in which the necessary information is collected and then analyzed. As a rule, the check is performed in the following sequence:
- recalculation;
- inspection;
- survey;
- inspection and research of information in documents;
- evaluation of indicators.
- Drawing up a conclusion. After all the information has been verified, the auditors draw up a written report. The conclusion can be absolutely positive, that is, when no contradictory factors are found, or modified. If the auditor does not have enough information to draw up an opinion, he has the right to refuse to provide his opinion.
Answers to common questions
Question: In what cases should auditors refuse to conduct an audit?
Answer: An individual specialist or company should refuse to conduct an audit in the following cases:
- if the auditor or employees of the audit company are shareholders of the company that is subject to audit;
- the auditor or employees of the audit company maintain records or prepare reports in the company subject to audit;
- the audited company is the main founder or one of the founders of the audit firm, or is a subsidiary of the audit firm;
- in other cases.