Duties of an Internal Auditor

An internal auditor is a company employee who independently and objectively evaluates the organization’s operations. The role of an internal auditor is to gather relevant and objective information about the organization. An internal auditor essentially serves as the eyes and ears of the company’s senior leadership and board of directors. Their assigned work may cover any area of an organization; however, their work should be directed by the audit committee. Internal audits have historically been aligned with accounting and financial reporting audits. However, there are other types of audits. The following are a few examples:

• Information Technology Audits: IT audits are performed to assess information systems to ensure that they are operating securely, and that sensitive data is secure and accurate. These audits can align with regulations and compliance, for example PCI DSS ( Payment Card Industry Data Security Standard), ISO 27001 (or other ISO security standards), SOC (System and Organization Control), and HIPAA (Health Insurance Portability and Accountability Act) compliance.
• Operation Audits: Operational audits may cover a variety of areas including evaluating whether or not internal controls are sufficient and working as intended, operating procedures are being performed consistently and efficiently, and activities within the company are in compliance with regulatory requirements, industry standards, and internal policies.
• Performance Audits: Performance audits are performed to evaluate an organization’s actual performance as compared with the goals and objectives set by its board of directors or members of senior leadership.

The Duties of an Internal Auditor

What are the duties of an internal auditor? That depends on the company, the particular role of an internal auditor, and what they are auditing… but at a very high level you can expect an internal auditor to:

• Objectively assess a company’s IT and/or business processes
• Assess the company’s risks and the efficacy of its risk management efforts
• Ensure that the organization is complying with relevant laws and statutes
• Evaluate internal control and make recommendations on how to improve
• Identifying shortfalls or gaps in processes
• Promote ethics and help identify improper conduct
• Assure safeguards
• Investigate fraud
• Communicate the findings and recommendations
• Provide an opinion (Unqualified, qualified, adverse, or disclaim)

Below is an example of the auditor’s responsibilities and scope of work:

Internal Audit

Auditor is responsible for performing procedures that test the efficiency and effectiveness of company internal controls put in place to achieve business objectives. The scope of an internal audit includes all financial and operational controls that are used to create maximum productivity at a company. Example findings include:

• Provide recommendations to improve weak internal controls
• Investigate instances of possible fraud (even those considered immaterial)
• Perform reconciliations of financial and operating information
• Monitor compliance with industry standards, laws and guidelines
• Evaluate whether processes and procedures are functioning properly