ESTABLISHMENT (SET-UP) OF THE INTERNAL AUDIT DEPARTMENT
An increased need to identify business process improvement opportunities and to enhance the reliability of mitigating controls against strategic, business, and other emerging risks triggers the establishment of an internal audit department within an organisation. Having the establishment of an internal audit department within an organisation ensures compliance with regulatory requirements and leading practices for corporate governance, as well as increasing the board’s confidence in the efficiency of business processes and controls. The organisational structure of an internal audit department varies with the form of the organisation and the nature of its business. GRC Internal Auditors can assist you in establishing an in-house internal audit department that typically brings the following advantages:
- The processes within an organisation are often better understood by the in-house internal audit staff.
- The expertise of the staff can be honed business-function-wise, thereby yielding better quality.
- The in-house staff has total ownership of the assurance function. Thus, responsibility and accountability can be clearly established.
- Internal audit staff can be rotated to jobs within an organisation as they have a good per-spective on the functions, having seen them from the outside.
- The knowledge base within the internal audit department can serve to disseminate good practices from one function to another.
- In cases of serious findings, immediate escalations to management to initiate corrective steps are possible.
- The internal audit focus can be fine-tuned in a changing risk environment.
GRC Internal Auditors focus on the following three key steps in establishing a successful internal audit department within an organisation:
Once the internal audit department is established, an emphasis should be placed on integrating the internal audit function and building relationships across the business’s functions. This is because the internal audit department, although independent, is a collaborative function that works together with management to support business maturity, manage risk, and strengthen governance through effective controls. Integration should be supported by the organisation’s senior leadership team.