Nature of internal audit work can vary substantially between different entities, depending on their size and structure, the nature of their business, the extent of regulation within their industry and markets, the extent of computerisation of the entity’s main operational systems, the attitude of senior management to risk management, the nature and scale of the perceived control risks, and so on.
ISA 610 Considering the work of internal auditing, states that internal auditing activities will usually include one or more or the following:
- Monitoring of internal control. The establishment of an adequate internal control system is a responsibility of management and is an important aspect of good corporate governance. Internal audit is therefore usually given specific responsibility by management for reviewing internal controls, monitoring their operation and recommending improvements via a report to the directors.
- Examination of financial and operating information. This may include review of the means used to identify, measure, classify and report such information or specific inquiry into individual items including detailed testing of transactions, balances and procedures.
- Review of the economy, efficiency and effectiveness of operations. This could include a review of non-financial controls.
- Review of compliance with laws, regulations and other external requirements and with internal requirements such as management policies and directives.
- Special investigations into particular areas such as suspected fraud.