In much the same way that individuals are encouraged to get yearly medical check-ups, companies too are subjected to regular ‘health’ assessments. Internal audits, as they are known, are systematic reviews of a company’s vulnerability to risk, and an assessment of its risk-management mechanisms. In contrast to external audits, internal audits are conducted by a company’s own internal audit team (or outsourced to an external organisation), which answers to the audit head or the company’s Board of Directors. Internal audits ensure that a company’s every unit adheres to organisationalpolicies, and is compliant with applicable legal frameworks.They pre-empt any sudden surprises that an external audit might uncover, strengthen internal control, and keep the company in a state of preparedness. While the word ‘audit’ sounds forbidding, complicated, and highly technical it is really just a ‘systems check’. The goal is to ascertain if there are any existing or potentialirregularities, oversights, or gaps in an organisation’s internal processes, to report them should they be present, and to recommend ways to address or prevent such problems.
Getting ready for an internal audit
- Part of gearing up for an internal audit is determining whichfunctions tofocus on. There are three key organisational categories that are subject to audits: management, operations, and finances.
- Management audits compare and contrast companies’ organisational objectives with its structure to see if the latter is conducive to the former
- Operations audits examine employees on the job to see if their activities are consistent with local and organisational goals and expectations, and that accountability is established
- Finally, financial audits ensure that financial records and business licenses and permits are well organised and maintained, and that employee wages and benefits are being properly calculated and disbursed
- Establish frequency and timeline: Once you’ve determined how often to conduct your audits—some processes require reviews on a daily basis, others annually—create a schedule. This should help streamline the entire process and avoid any confusion.
- Give departments a heads up, and avoid springing any surprises on them. Unless you suspect something illicit or underhanded, treat this as you would any routine process. Inform departments in advance so that they can participate to the best of their abilities.
- Come prepared. Both parties should do their homework before hand. Auditors too should study the policies and procedures pertaining to the department or function that they will be auditing. The better they understand the material, the more thorough they can be in their evaluation of compliance/divergence etc.
- Interview employees to suss out gaps. An employee’s understanding of their job, and their description of the department’s workflow may be at odds with company policy. This discrepancy is something that only an audit can uncover, and once uncovered, must be reconciled.
- Write up and report findings. Once the data has been collected and cleaned, the auditor writes up the final report. This report should shed light on risk-prone areas and gaps that were encountered in the course of the audit. Once completed it should be shared with senior staff or board members.
Audits don’t have to be onerous. If they are planned and scheduled properly, and integrated into the functioning of the organisation, they become a routine part of internal ‘housekeeping’.