Internal Auditors and Structuring Internal Control

Considerations for internal auditors in irregularity audit

Internal auditors play a key role in helping management create a culture of honesty and integrity. They support and provide assurance to management in evaluating internal controls used to detect fraud. While it is management's responsibility to design internal controls to prevent, detect and mitigate fraud, internal auditors evaluate the effectiveness of management's practices.

Roles of Internal Auditors,

Internal auditors provide analysis, assessments, recommendations and other information, as well as reasonable assurance to the entity's management and board of directors and others with equivalent authority and responsibility. To fulfill this responsibility, internal auditors must maintain objectivity regarding the activity being audited.

Prevention

As part of their assurance activities, internal auditors monitor fraud risks, assess the adequacy of relevant controls and make recommendations for improvement.

Detection

Internal auditors play an important role in fraud detection as they uncover key processes across the organization and have open lines of communication with the board and staff. 

Investigation

Internal auditors have an important role in investigating fraud and misconduct. In addition to detecting fraud directly, they may also detect fraud indirectly or investigate on tip-off.

Standard examples of internal controls,

Controls over the initiation, authorization, recording, processing, reconciliation and reporting of transactions and disclosures related to significant accounting accounts included in the financial statements,
Controls for the prevention, identification and detection of irregularities,
Controls related to the initiation and processing of non-routine and non-systematic transactions,
Controls related to the selection and application of appropriate accounting policies.

The tasks that management should fulfill in internal controls are;

Determine which internal controls to test when performing the assessment by understanding the importance of each control, both individually and collectively,
Evaluate whether a lack of control could result in a misstatement of the financial statements, the likelihood and magnitude of any misstatement that does occur, and whether other controls are in place to mitigate the effect,
Determining which processes or business units will be included in the assessment,
Evaluate the design and operational status of internal controls,
Assessing the likelihood and extent of risks arising from identified internal control deficiencies and determining whether they individually or collectively constitute significant deficiencies,
Providing adequate documentation, including documentation of the design of internal controls and the results of management's testing and evaluation.