When we think of formal processes like internal audit, sometimes we only think they apply to large and complex organisations. There can be real benefits to all organisations, provided the processes introduced are proportionate – don’t use a sledgehammer to crack a nut!
Here are out top 7 tips:
1. Agree the purpose of the internal audit processes – to provide assurance that the controls put in place are working, and to identify any changes needed in risk management, controls and governance arrangements.
2. Agree whether the internal audit function will be delivered by internal staff or outsourced to a professional provider. Ensure account is taken of the skills (technical, industry specific, communications) and time needed, the importance of independence from management, and the costs involved.
3. Develop a tailored Audit Plan for the year, based on the areas of key risk identified in the Compliance Checklist, and ensuring that independent assurances provided by other stakeholders are acknowledged (eg) regulators or funders who perform audits on particular areas.
4. Ensure clarity on lines of communication and accountability (eg) to the Audit Committee.
5. Develop systematic processes for the internal auditor to receive assurance that management have taken timely and effective action on any recommendations.
6. Ensure that the head of internal audit meets with the Audit Committee in a private session, without managers present, to enable open and confidential conversations in case they are needed. Ideally, all matters that need to be dealt with can be addressed in open and honest conversations during the usual Audit Committee meetings.
7. The Audit Committee should monitor the effectiveness of internal audit processes at least annually.