Internal Audit is a foundation of sound corporate governance in organisations and can play an essential role to enhance the following functions:

  • Understanding the Business Management and Accountability
  • Determining the risk areas
  • Analysing the internal process mechanisms and controls.

Here are the Internal Audit Objectives to assess and enhance the effectiveness of business methods:

  • To strengthen governance
  • To enhance internal control system
  • To assist strategic risk management
  • To assure transparency in reporting –both for internal MIS purposes and statutory purposes
  • Compliances –external and internal
  • Optimization of resources, costs and processes

Internal Audit responsibilities include the following:

  • Process Assurance – To obtain a level of comfort in their processes 
  • Fraud detection and prevention- To establish that their business is fraud-free.
  • Control Framework-To establish a controlled environment that facilitates segregation of duties and a clear reporting framework.
  • Process Driven Organization- Transform the organization from being people-driven to being process–driven

Let us understand the IA Methodology | Life Cycle.

Here is the step-by-step procedure:

  • Understand the business and identify the critical business risks
  • Identify the critical business processes that mitigate these risks
  • Analyse these processes and assess the risks
  • Perform internal audit, with the help of standardised checklists / RCMs and extensive use of data analytics and assess the effectiveness of operating control
  • Report observations to the management on a set frequency
  • Present summary of critical issues to the Audit committee
  • Assesses management’s progress against the agreed-upon action plan for adequate and timely actions performance

Strategic Analysis for getting insights on the following:      

  • Understand the Business
  • Industry information
  • Company information
  • Sources of industry wide information
  • PEST / SWOT analysis

Understand Key Aspects

  • Industry wide issues and objectives
  • Company’s strategic objectives
  • Key stakeholders
  • Key historical issues
  • Business model specific to the company

Strategic Risk Assessment

Discuss the procedure for the following, with the client, for Internal Audit roll out:

  • Establishment of an agreement on risk rating criteria
  • Agreement on approach to risk assessments and facilitated discussions
  • Identification, assessment, and analysis of risks
  • Performance of control environment review
  • Selection of crucial processes and interviewers-based on existing risk profile (previous internal audits conducted, identification of high-risk areas)
  • Documentation of results and validation with the management

Management Assurance Plan Creation

The Internal Audit Plan sets out the scope of work to be undertaken by the client’s internal audit


Based on strategic analysis and enterprise risk assessment:

  • Determine and prioritize the areas and business processes to be reviewed
  • Identify the number and types of audit projects to be performed, along with associated resource requirements
  • Obtain input and approval of executive management and the Audit Committee, and
  • Establish a process to evaluate, update, and maintain the plan continually.

Plan should specify the areas to be audited, estimated hours and priority of audits.

Process Analysis

Process analysis consists of three broad steps:

  • Interviews with process owner(s)
  • Process walkthroughs
  • Mapping of as–Is process maps and buy–in from process owner for As–Is understanding of the process

Process Risk Assessment

The ultimate objective of audit execution is to determine the effectiveness of controls over the significant risks within processes

  • To achieve this, we should first identify and assess the significant risks
  • A risk is an event that has an adverse consequence on the objective of the process/sub –process
  • Risks are identified by analysing the characteristics of the processes concerning our internal audit focus and identifying what events, actions, or inactions would adversely affect the achievement of the objectives
  • Perform a ‘What can go wrong’ analysis to identify risks
  • To remove a degree of subjectivity and to ensure consistency, the risks assessed is agreed upon with the Auditee/ Process Owner

Internal Audit Execution

Internal audit execution involves the following steps:

  • Developing the audit program
  • Testing effectiveness of controls and identification of exceptions
  • Extensive data analysis to cover a more incredible sample and to ascertain the financial impact
  • Root Cause Analysis for exceptions identified and identification of risks originating from operating ineffectiveness/non –existence of perceived controls
  • Developing a road map to manage/mitigate identified risks
  • Obtaining process owners buy-in for identified risks and recommendations


The audit report is one of the most visible deliverables, providing feedback to auditee management on the results of our audit.

The report should include all the significant issues identified as a result of our audit procedures

  • Gather and review issues summaries for reportable items
  • Review management’s responses for inclusion in the report
  • Prioritize observations (Based on Impact or Level of effort-as agreed in audit plan)
  • Review for any inappropriate language
  • Prepare the draft report using the agreed upon format

Issues Resolution Tracking

Throughout the delivery of our Internal Audit Methodology, issues are uncovered and reported, and ultimately action plans are agreed to by management.

  • As part of the follow-up process, monitor the progress of the implementation of agreed-upon management action plans Assess management’s progress against the agreed-upon action plan and whether its actions were performed adequately and timely
  • With an organized, disciplined approach, IA helps an organization achieve its desired business goals.

Need help or assistance with our Finance experts. Contact us now!