Internal audit at the enterprise. Internal audit and control of organizations Internal audit of an institution
Internal audit is used in most large companies. It is needed to prevent the occurrence of significant shortcomings. It is carried out in accordance with the specified algorithm.
What is internal audit
Internal audit is an audit of the company's activities, which is carried out in the interests of the owner. The procedure is carried out on the basis of the regulations drawn up by the company itself. In the process, documents are checked, a survey of employees is carried out.
Main goals
Consider the tasks of the internal audit of a firm:
- Organization of effective financial and economic activities.
- Establishing productive interaction with contractors.
- Prevention of the occurrence of material violations.
- Reducing the number of losses.
- Ensuring compliance of activities with the law.
- Checking the accuracy of the information contained in the documents.
An internal audit is needed, first of all, for the head of the company. The verification results will help optimize production.
The legislative framework
The work of specialists performing internal audit must comply with international (ISVA) and domestic standards. It is regulated by Federal Law No. 307 "On the Activities of the Auditor". In addition, the inspection must not contradict these norms:
- Federal Law No. 115 "On Combating Money Laundering" dated August 7, 2001.
- Federal Law No. 273 "On Combating Corruption" dated December 25, 2008.
Internal audit standards should also be contained in the company's internal documents.
What is checked during the internal audit process
Internal audit involves an integrated approach. That is, all aspects of the enterprise are checked. In particular, these are:
- Keeping records of fixed assets, intangible assets, cash transactions, financial results, capital and others.
- Transactions in foreign currency, settlement and other accounts, settlements with counterparties, insurance companies.
- OS condition, documenting funds, correctness of depreciation, execution of the repair plan.
The auditor also needs to ascertain information security. The information processing in the company, the current information system, the presence of trade secrets are checked. The specialist conducts an audit of the information protection system.
Varieties of internal audit
There are different types of internal audit. The audit is divided into types depending on the tasks assigned to the auditor. There are the following varieties of it:
- Checking the control system.
- Organizational and technical control.
- Control audit of the main activities.
- Checking the compliance of the work with internal and legal regulations.
- Establishing the appropriateness of the activities of officials.
All considered types of audit are optional. They are carried out at the initiative of the head.
Documentary support of the audit
As part of the audit, it is imperative to draw up a number of documents. Otherwise, the audit will not be legal.
Issuance of an audit order
The check is carried out on the basis of the order of the head. This document establishes the following aspects of work:
- Dates of the inspection.
- The employees who will be engaged in the audit.
- Conditions for conducting internal audit.
- Control over the work of the auditor.
The order should contain clear instructions on how to start the audit.
Check list
As part of the audit, control is carried out in many areas. Many operations are performed, the sequence of which must be followed. To comply with the algorithm, it is recommended to draw up a checklist. It includes a checklist. There are no laws governing the preparation of this document. The checklist is filled out in accordance with the wishes of the head. It allows you to solve these problems:
- Correct planning of the control event in accordance with the law.
- Execution of intermediate and selective control of the auditor's activities.
- Implementation of all the main stages of the procedure.
- Facilitating the work of the auditor.
- The ability to carry out a complex and holistic procedure.
It is possible to draw up a checklist on the basis of the provisions of the Federal Law No. 307 "On Auditing Activity" dated December 30, 2008.
Internal audit stages
Internal audit can be divided into three stages:
- Preparation. Includes the publication of an order, drawing up a checklist.
- Worker. As part of it, documents are checked for compliance with the law, interviews with employees and management personnel.
- Final. A conclusion is drawn up, in which the results of the procedure are prescribed.
Each of these stages has its own meaning. For example, if adequate preparation is not carried out, the procedure will become less effective in the future.
Internal audit tools
The components of an internal audit depend on the needs of the company. For example, these can be the following tools:
- Checking the correctness of the preparation of estimates, projects and plans.
- Analysis of existing orders for the supply of raw materials.
- Verification of the fulfillment of supply contracts.
- Establishment of the actual write-off of materials for production.
- Establishing the correctness of calculations, checking the reflection of their results in the accounting of the cost of goods.
- Checking invoices.
- Checking the legality of depreciation.
- Execution of control over the movement of funds.
- Timely reflection in accounting of all business transactions.
- Establishing the correctness of settlements with counterparties.
This list can be supplemented. The nature of the additions is determined by the specifics of the companies' activities.
In the course of their work, auditors use a variety of tools. For example, if invoices are checked, the following control procedure is relevant:
- Establishing the accuracy of keeping the book of sales and purchases.
- Analysis of invoices for missing numbers.
- Control over the entry of all transactions into the general ledger.
- Checking the accuracy of customer accounts.
- Reconciliation of information from analytical and synthetic accounting.
- Reconciliation of the dates of operations performed with the dates indicated in the invoices.
Checking the movement of material values is carried out by means of an inventory. You need to prepare for this procedure. Preparation includes these steps:
- Drawing up a list of materials that are subject to inventory.
- Formation of an inventory commission.
- Receipt of a receipt stating that all documents related to the inventories are in the accounting department.
The analysis of the correctness of depreciation is carried out on the basis of documents. The list of papers subject to audit includes inventory cards. The auditor can also recalculate.
Internal audit results
The results of the audit are recorded in the report. This information is written in it:
- List of verified documents and areas of activity.
- Identified shortcomings.
- Recommendations for correcting shortcomings.
- The person who performed the audit.
Audit reports should be retained. They can be compared with each other in order to analyze the dynamics of the company. Based on the reports, work is carried out to correct the detected deficiencies.
FOR YOUR INFORMATION! Not every employee can participate in the audit. It is desirable that a specialist has an appropriate education. You can get all the necessary knowledge in specialized courses.
You will learn:
What is internal audit and how is it different from external audit?
What legal requirements exist regarding internal audit.
How the internal auditor can help in the work of the enterprise.
Until recently, internal audit was required only for certain categories of organizations (banks, insurance organizations, etc.). Their internal audit activities are regulated by a large number of special regulations (directly related to their industry), which require separate consideration. And we will not pay attention to them in this article.
For other organizations, internal audit (control) became mandatory after the entry into force of the Federal Law "On Accounting" dated 06.12.2011 N 402-FZ. In particular, in this law in Art. 19 of this law says the following: “an economic entity is obliged to organize and carry out internal control of the committed facts of economic life. An economic entity whose accounting (financial) statements are subject to mandatory audit is obliged to organize and carry out internal control of accounting and preparation of accounting (financial) statements (except for cases when its head has assumed the responsibility for accounting). "
We will analyze this legal requirement a little later. Now we will pay attention to several significant points:
- Conventionally, internal audit (control) can be divided into general internal control (which, according to Federal Law No. 402-FZ, must be carried out in all organizations and special, regulatory requirements for which have existed for a long time (concerning banks, insurance organizations, etc.))
- The legal framework related to general internal audit (control) is rather laconic. We will analyze it a little later.
- There is no clear legal responsibility for violation of the legislation on the implementation of general internal control. With a fairly big stretch in this case, you can apply the article of the Administrative Code, which establishes sanctions for violation of accounting rules. Therefore, many organizations require Art. 19 of the Federal Law No. 402-FZ are considered declarative.
- Despite the fact that no clear responsibility for violation of the requirements of the Federal Law "On Accounting" has been established, the implementation of internal audit (control) can be more than useful for the organization itself and its founders.
General internal control
Unfortunately, a significant number of people still believe that internal control (audit) is similar to external control. That is, the internal auditor checks the legal, personnel and accounting documentation, as well as the external one. The only difference is that the internal auditor is an employee of the audited organization, and the external one is not. However, this is absolutely not the case. And if we carefully study the Information of the Ministry of Finance N PZ-11/2013 "Organization and implementation by an economic entity of internal control of the committed facts of economic life, accounting and preparation of accounting (financial) statements", we will see that this point of view is not correct.
First, internal audit can be performed by external specialists. In clause 18.2. The information of the Ministry of Finance says: "The organization and assessment of internal control can be carried out by an economic entity independently or / and an external consultant (including an audit organization)."
In addition, the content of an internal audit is more than significantly different from an external one.
The International Institute of Internal Auditors of the United States, created in 1941, is considered the ancestor of general internal audit. According to the American concept, the task of the internal auditor is to calculate the risks that the enterprise can expect (they can be associated with both internal and external reasons); assess the likelihood of their occurrence; to isolate those of them to which the business is not tolerant and to develop measures to minimize them.
Example 1.
The task of the internal auditor is to analyze changes as a result of political events in the external economic situation; forecasting losses from the loss of some economic partners and the need for the enterprise to search for other suppliers and buyers.
At the same time, the scope of the internal auditor is not limited only to accounting issues, issues of correct management of personnel and legal documentation, it concerns all areas of the enterprise, for example, HR.
Example 2.
In one manufacturing company, workers were given paltry wages. As a result, this led to staff turnover; high costs of permanent search for personnel, theft by workers of products from the enterprise. In addition, in order to motivate people to stay and pay them a large salary, the heads of some shops (loading and unloading, logistics) wrote that their subordinates, pieceworkers, did more work than they actually did. As a result, such salary savings led to large losses of company finances.
If the firm had an internal auditor, he would have to calculate the negative consequences of such savings.
Thus, the work of the internal auditor applies to all areas of the enterprise: it is also checking the effectiveness of the rules for constructing the budget; controlling; evaluation of investment projects; development of an asset protection strategy; control over the creation of a system of measures to minimize abuse within the organization; investigation of fraud within the organization; control over cost accounting; analysis of quality control of manufactured products; customer service quality control assessment and much more. the priority areas of internal audit are: contributing to the receipt of profit by the company and the safety of assets.
In general, this concept is reflected in the Information of the Ministry of Finance N PZ-11/2013.
Requirements of Russian legislation for internal control (audit)
Let us now consider the norms of Russian legislation related to internal audit. First, let us pay attention to the fact that in Art. 19 of the Federal Law “On Accounting” there is still a slight contradiction.
According to it, all economic entities must exercise internal control. A priori, it is assumed that this internal control must be carried out in all areas of the organization. But in part 2 of the same article, it is specified that an economic entity whose accounting (financial) statements are subject to mandatory audit is obliged to organize and exercise internal control of accounting and preparation of accounting (financial) statements (except for cases when its head has assumed the responsibility of maintaining accounting for yourself). A logical puzzle arises, but what in other areas (apart from accounting and reporting), an economic entity is not obliged to carry out internal audit, unlike other organizations? In theory, the requirements for the internal control of such organizations, on the contrary, should be more stringent than in relation to those firms that are not subject to mandatory external audit. Or the legislator implies that internal audit is mandatory for all organizations (including in the field of control over accounting records); Is it strictly mandatory for firms subject to internal audit? In general, the article leaves a wide field of activity for its interpretation.
The next normative act in which we can find the requirements for internal audit is the RF Government Decree of 23 .09.2002 No. 696 “On the approval of the federal
rules (standards) of auditing ”). We draw your attention immediately to the fact that no fresh changes and additions have been made to this document after the entry into force of the accounting law. Therefore, some of its norms do not quite correspond to the point of view of the Ministry of Finance expressed in the information. For example, according to this document, internal audit is a control activity carried out within the audited entity by its subdivision - the internal audit service (as we can see, this rule runs counter to the information of the Ministry of Finance, because according to it, an external organization can also carry out internal audit). Of course, explaining this contradiction, one can refer to the fact that the information provided by the Ministry of Finance refers to internal control, while the resolution of the Government of the Russian Federation refers to internal audit. But in essence, these two concepts are identical.
According to the authors of this resolution, the functions of the internal audit service include monitoring the adequacy and effectiveness of the internal control system. The scope and objectives of internal audit are different in each case and depend on the size and structure of the auditee and the requirements of its management. Typically, the functions of an internal audit function include one or more of the following elements:
- monitoring the effectiveness of internal control procedures;
- research of financial and management information;
- control of economy, efficiency and effectiveness, including non-financial controls of the audited entity;
- control over compliance with the legislation of the Russian Federation, regulations and other external requirements, as well as policies, directives and other internal management requirements.
Let us analyze in more detail some of the items of the Information of the Ministry of Finance N PZ-11/2013 “Organization and implementation by an economic entity of internal control of the committed facts of economic life, accounting and preparation of accounting (financial) statements.
According to the Ministry of Finance, the effectiveness of internal control may be limited:
- changes in the economic environment or legislation, the emergence of new circumstances outside the sphere of influence of the leadership of the economic entity;
- exceeding official powers by the management or other personnel of an economic entity, including collusion of personnel;
- the occurrence of errors in the process of decision-making, the implementation of the facts of economic life, accounting, including the preparation of accounting (financial) statements.
In fact, in this case it is said that it is impossible to create a control system that will not fail under any circumstances. Here are two specific examples corresponding to the first and second points.
Example 3.
As you know, the situation in Ukraine led to the imposition of sanctions. Russian businessmen stopped working with partners from some countries, instead of them other suppliers and buyers appeared. Surely there are enterprises that, at the time of restructuring their business (looking for new partners in countries that did not impose sanctions), incurred some losses. Whether it was possible to predict such an economic situation in the future (when the sanctions had not yet been introduced) is a rather complicated question. Perhaps, at some enterprises there are ingenious specialists who were able to calculate the likelihood of such events and their management began to look in advance for new sales and supply channels. However, most of the internal control services most likely failed to do this.
Example 4.
Even in a non-governmental organization there is a place for corruption schemes: the head of the procurement department buys goods from those suppliers that give him the biggest kickback; develops a budget for departments in favor of more funding (training of employees, payment of salaries, etc.), whose boss pays him an informal remuneration in gratitude; in many industries, theft of products is carried out; overestimates the number of hours that workers allegedly worked and which should be paid, etc. Typically, an effective internal control system involves a segregation of duties that can exclude the possibility of fraudulent activity on the part of employees. However, there is an unshakable rule that any system developed to counteract corruption and fraudulent schemes can be circumvented by the collusion of three employees, between whom the corresponding responsibilities were divided in order to minimize abuse.
The Ministry of Finance names the following elements of internal control:
- control environment;
- risk assessment;
- internal control procedures;
- information and communication;
- assessment of internal control.
1. Control environment is a set of principles and standards for the activity of an economic entity, which determine a general understanding of internal control and requirements for internal control at the level of an economic entity as a whole.
2. Risk assessment is the process of identifying and analyzing risks. Risk is understood as a combination of the likelihood and consequences of the failure of the economic entity to achieve the goals of its activity.
The Ministry of Finance draws attention to the fact that one of the important areas of risk assessment is the assessment of the risk of abuse (possible options for abuse within the organization are named in Example 4). The Information says that abuses can be associated with the acquisition and use of assets, accounting, including the preparation of financial statements, committing acts that are corrupt (including commercial bribery). Assessment of this risk involves identifying areas (areas, processes) where abuses may occur, as well as opportunities for their commission, including those associated with deficiencies in the control environment and internal control procedures of an economic entity.
3. Internal control procedures represent are actions aimed at minimizing risks affecting the achievement of the goals of an economic entity.
Let's turn to Example 2 to illustrate what this means.
Continuation of example 2.
The abuse in this case was expressed in the overestimation of the working hours of the employees of the enterprise (in fact, the time norms). The task of the internal auditor is accordingly to identify this risk and to minimize it. In this case, in our opinion, a set of measures could be proposed: a reasonable increase in wages; the affixing of the hours worked by the shop manager and confirmation of these hours by another, independent employee (for example, from the OH&S department).
The Ministry of Finance indicates that an economic entity can apply the following internal control procedures:
- a) documentary registration (for example, making entries in accounting registers on the basis of primary accounting documents);
- b) confirmation of compliance between objects (documents) or their compliance with the established requirements (for example, checking the execution of primary accounting documents for compliance with the established requirements when they are accepted for accounting). These internal control procedures also include procedures for controlling interrelated facts of economic life (for example, correlating the transfer of funds in payment for material values with the receipt and posting of these values);
- c) authorization (authorization) of transactions and operations, providing confirmation of the legality of their execution;
- d) reconciliation of data (for example, an economic entity with suppliers and buyers to confirm the amounts of receivables and payables);
- e) separation of powers and rotation of duties;
- f) procedures for controlling the actual presence and condition of objects, including physical security, access restriction,;
- g) supervision, ensuring the assessment of the achievement of the set goals or indicators, etc.
For the purposes of counteracting abuse, the most effective internal control procedures are authorization (authorization) of transactions and operations, delineation of powers and rotation of duties, control of the actual availability and state of objects.
Here is a specific example illustrating a rotation risk prevention measure.
Example 5.
There are several managers in the purchasing department (each of whom is engaged in purchasing in his own area). One of them selects suppliers for kickbacks. In the case of a rotation of a purchasing manager who is engaged in unseemly activities with a conscientious employee, the corruption scheme will be broken. In order to agree on kickbacks, etc., from a purchasing manager at a new site, a scammer will take a lot of time and effort.
4. Communication is the dissemination of information necessary for making management decisions and exercising internal control. For example, the personnel of an economic entity should be aware of the risks related to its area of responsibility, the role assigned to it and the tasks of exercising internal control and informing management.
5. Internal control assessment carried out at least once a year. The scope of the internal control assessment is determined by the head or the internal auditor (internal audit service) of the economic entity. One of its types is continuous monitoring of internal control. It can be carried out by the management of an economic entity in the form of regular analysis of the results of the activity of an economic entity, verification of the results of individual business operations, regular assessment and clarification of internal organizational and administrative documentation and other forms.
A separate chapter of the Ministry of Finance's information is devoted to documenting internal control. From it we can conclude that the organization should have the following documents:
- risk matrix (includes quantitative and qualitative description of risk)
- a document that describes in text or graphic form the business processes and procedures of the organization;
- documents that would reflect the procedure for organizing and exercising internal control(this may be a separate document, or there may be norms prescribed in various company documents (orders, orders, regulations, job and other instructions, regulations, methods, accounting standards of an economic entity). For convenience, the author of this article would advise the company to develop a separate the provision on internal control It is not excluded the use of reference technology in such a document (when on a particular issue the Provision will refer the user to other local acts of the organization).
- Documents establishing the rules of communication;
They can be: regulations on information policy (in the field of external and internal communications), schedules for the provision of data and reporting, job descriptions.
- Documents regulating the assessment of the internal control design.
The documentation that formalizes the organization of internal control must be regularly updated (at least once a year).
Guided by this information from the Ministry of Finance, you can assess how your company is exposed to risks, give them a quantitative and qualitative assessment, determine which risks your company will tolerate and which will not, develop measures to minimize risks (in the information, as we have demonstrated measures to counter the risks above). Thus, by following these guidelines, if desired, you can create an effective control system in the organization.
Internal audit is one of the types of internal control of business entities. Internal audit is an independent activity of an enterprise aimed at checking and evaluating its activities in the interests of management.
The purpose of internal audit is to protect the interests of owners in the preservation and efficient use of the company's resources, as well as to obtain reliable and complete information for making informed management decisions.
A special demand for internal audit has arisen in the last decade. Today, internal auditors provide their services to both public and private enterprises. The need for internal audit is due to a number of factors. The growth in the volume of activities of enterprises creates a problem of information exchange in a multilevel management apparatus, thus, the control of various levels of management by the central management becomes more complicated, which increases the risk of errors and contributes to abuse by personnel. The presence of internal audit is relevant for owners who are not directly involved in the management of the company, but transferred these functions to managers. Therefore, despite the professionalism of the management, the issue of control over the activities of the enterprise becomes urgent, one of the main tools of which can be an internal audit.
The introduction of internal audit is especially advisable in large and medium-sized enterprises that have at least one of the features:
The presence of branches or separate divisions;
The presence of various types of activities;
Possibility of cooperation;
The desire of top management to have objective and unbiased information about the activities of the enterprise
The subjects of internal audit are employees of internal audit departments, internal audit services, who report only to the management of the enterprise
The objects of internal audit are determined by its goals and objectives. The main objects of internal audit are:
The state of accounting at the enterprise;
Financial statements and their reliability;
The state of the assets of the enterprise and the sources of their formation;
Provision of the enterprise with its own circulating assets;
Provision with own funds;
Solvency and financial stability;
Enterprise management system;
The work of economic and technical services;
Payment of taxes by a company;
The reliability of design and estimate documentation;
Business processes;
The subject of internal audit is a set of information that is essential in making management decisions
Note that internal audit, in no case should be perceived as an alternative to external. The difference lies not only in the fact that the external audit is carried out by independent auditors or their audit firms, and the internal audit is carried out by employees of the internal audit departments of the audited company.
Signs |
Internal audit |
External audit |
The scope of the check |
Determined by the control system |
Determined by the type of audit and regulations governing its conduct |
Audit object |
Determined by management, these are mainly the assets and liabilities of the enterprise |
Determined by the status of the enterprise Dominated by the audit of financial statements and balance sheets In some countries, the audit of economic activities is developing |
Qualification |
Defined from the point of view of management structures Has a lower degree of independence and a lower professional level of the internal auditor |
Determined by legislation m Has a high degree of independence and a high professional level of the auditor |
Methods used |
General methods that distinguish between the scope and accuracy of checks |
|
Determined by management |
Follows with legislation, as well as court decision, external needs |
|
Reporting |
Reporting to management |
Reporting to the customer |
Fig 31 ... Comparative characteristics of external and internal audit
If we compare internal and external audit, it turns out that they differ not only in subjects (Figure 31). So the external audit is independent, while the internal audit is controlled by the owner of the enterprise. Therefore, the users of the information will be different. If the owners of the enterprise and managers are satisfied with the information provided by the internal audit service, external users (investors, creditors, government agencies, etc.) have confidence in the reporting of the enterprise certified by the external opinion, i.e. an independent auditor.
In addition, an external audit, in contrast to an internal one, is strictly regulated, based on the norms of international audit standards and the current legislation of Ukraine. With regard to internal audit, recommendations for its conduct are set out in the standards for the professional practice of internal audit developed. Institute of Internal Auditors based on. International Standards on Auditing. And also the enterprise must be approved. Regulations on the service (department) of internal audit, which defines the tasks, functions, rights and duties and responsibilities of this structural unit.
External audit is carried out periodically, usually once a year, while internal audit is carried out continuously. Taking this into account, internal audit uses methods of preliminary, current and subsequent control of people, while external audit uses exclusively follow-up control. Also, internal and external audits differ in functions, the degree of openness of information, the scope and objects of verification, and the responsibility is too low.
It is clear that internal audit cannot replace external audit, but it carries out separate procedures that can be used for the needs of external audit. That is why these two types of audit should function in parallel pairs, performing their functions and thus complementing each other.
Considering the above, internal audit should meet the following characteristics:
1) impartiality, that is, the auditor must make all conclusions and assessments objectively;
2) independence implies that the internal audit service reports only to the top management of the enterprise;
3) improving the activities of the enterprise, i.e. it is necessary to clearly understand that the purpose of the internal audit service is not to identify errors and violations and the subsequent punishment of the guilty, but, first of all, in the established risks and weaknesses in the activities of the enterprise and to provide recommendations for improving the efficiency of the functioning of this enterprise
4) the provision of guarantees is important for the owners of enterprises and can be ensured only as a result of the high-quality work of the internal audit service;
5) the advisory nature provides for the possibility of management personnel to receive qualified assistance in solving certain problems related to the activities of the enterprise
So, the requirements for the professional level of internal auditors are growing. And although today in our country the provision of the services of an internal auditor does not require a special certification of the level of his qualifications from him. The Institute of Internal Auditors (C1A), which cooperates with auditors in 60 countries, provides training and certification of internal auditors. The implementation of the certification of internal auditors at the global level is a confirmation of the popularity of the profession of internal auditor and recognition of its necessity and importance in modern conditions.
Internal audit is carried out at the preliminary stage of a commercial, technological or financial transaction, in the process of its passage and after completion. It provides expert, scientifically based assessment of business operations and processes.
Internal audit is a systematic and strictly documented, continuous, universal (continuous) measure. Internal auditors work in the public and private sector, they report to the highest standards of the enterprise, provide the results of analysis, recommendations, advice and information on the activities of the audited enterprise.
Internal audit provides for preliminary control at the stage of consideration of primary documents, when signing contracts, orders, estimates, etc., that is, it can act as a preventive measure
Current control is carried out during the registration of business transactions and inventory
Subsequent control is carried out at the stage of generalization and analysis of accounting and reporting information
The main objectives of the internal audit system are:
Facilitating the conduct of the business in an orderly and efficient manner;
Ensuring adherence to management policies;
Ensuring the safety of property;
Achieving high-quality documentation of operations
Internal audit can be viewed as an integral part of the overall management control system. It is carried out within the organization itself at the request and at the initiative of the management.
2020-03-16 31481
Internal audit is a guarantee of improving the company's activities
Today the concept of "internal audit" has become widespread in business. Many large enterprises and companies choose to create their own internal audit services and departments, training their employees. In addition, the demand for specialists who have the relevant knowledge and have an international diploma is constantly growing in the labor market.
Internal audit tasks at the enterprise
Internal audit in an enterprise is an activity that is aimed at providing objective and independent advice and guarantees to improve the company's performance. The purpose of internal audit is to assess risks, find ways to reduce them, and increase the profitability of business processes.
Auditor consulting includes assessing, analyzing and reporting on the productivity and reliability of processes. They are addressed directly to the administration of the organization.
The main tasks of internal audit at the enterprise:
- checking internal control systems to determine the level of efficiency of the departments;
- development of a holistic risk management system, analysis of its work, as well as the creation of measures to reduce them;
- control over compliance with the principles of corporate governance.
The need to implement internal audit
Recently in Russia there has been an orientation towards the separation of the functions of management and business ownership. The owners implement one general strategy for the development of the organization and manage the main directions, and to solve small and daily tasks, as a rule, they hire top managers. In this case, the company uses a tool for monitoring the state of affairs - internal or external audit. It allows owners to obtain a complete and objective assessment of the activities of the entire organization.
The implementation of internal audit in Russian companies was influenced no less by the Federal Law “On Accounting” dated 06.12.2011. According to Article 19, from the beginning of 2013, absolutely all economic entities must carry out internal control of economic activities.
Internal audit checklist
Controlling accounting and management accounting, as well as other areas of management, should take place absolutely at all enterprises. However, it is important to be aware of the specifics of this procedure. All processes must follow one another in an orderly manner. Since it is precisely due to the compliance with this requirement that many errors and problems can be avoided during the audit by the regulatory authorities. Filling out the checklist greatly simplifies the process. Its role is very difficult to exaggerate.
What you need to know about the checklist
This document consists of a checklist of detailed audit questions. The checklist does not have a format defined in the legislation. However, it is necessary to follow some rules when drawing up and filling it out. This is what will reduce the likelihood of problems in the audit process.
In fact, with the help of a checklist, you can solve a fairly large number of issues and tasks, not only during the audit, but also during the ongoing activities of the enterprise. This document can be used by various organizations, controlling institutions and their officials.
Using a checklist, you can solve the following tasks:
- correctly plan the audit in accordance with legal regulations;
- carry out intermediate and selective control, conduct effective time management;
- ensures that important parts of the audit are not missed;
- is one of the means of memory;
- simplifies the audit;
- with its help, the audit is carried out in a complex, structured and holistic manner, etc.
The legislative act that governs the preparation of this document is Federal Law No. 307 of December 30, 2008 “On Auditing”.
An example of an internal audit checklist is available.
Internal audit of the QMS
QMS - a quality management system - one of the parts of the entire management system of the company, which was created to ensure and control the stability of economic activities, high quality and minimize the cost of manufacturing products or providing services.
According to the QMS, the structure of the documentation is as follows:
- quality requirements (quality manual);
- goals and policy in the field of product and service quality;
- required documented processes;
- regulations of procedures, work instructions;
- quality records.
The audit of quality management systems is not regulated by either federal or international legislation. Therefore, there are no mandatory legislative norms that determine the procedure and rules for conducting an audit of quality systems at an enterprise. This is due to the voluntary desire of the organization to certify quality systems. And all the work that accompanies the construction and implementation of the quality system is also a voluntary initiative.
Consequently, organizations that are engaged in auditing the QMS can carry out their activities without additional licenses or other permits. And for the implementation of internal audit, even more so, these documents are not needed. Despite this, there are special rules that govern the conduct of audits of the QMS. For example, ISO 19011: 2011, which is called Guidelines for auditing management systems. It can be used for internal and external audits.
Internal audit order
Internal audit order is an internal document that is drawn up by the head of the company and establishes:
- dates of the audit;
- a group of internal auditors and specialists responsible for its conduct;
- provision of conditions for conducting internal audit;
- control over the conduct of the audit.
How to become an internal audit professional
Every day the demand for specialists who are able to carry out internal control of the enterprise is growing. But the requirements for them are also increasing. They should have knowledge in the financial sector, understand internal control and corporate governance, know national and international standards for internal audit, and understand the specifics of the activities that need to be analyzed.
Online training comes to the rescue of always busy financial professionals. Online courses allow you to study without interrupting your main activity, at home or at work in convenient comfortable familiar conditions. The quality of distance learning is not inferior to, and often exceeds, full-time counterparts, due to the involvement of high-quality teachers, a modular course system, online tests and much more.
Internal Audit Diplomas and Certificates
To obtain a diploma that confirms qualifications in the field of internal audit, it is worth choosing an international program of a foreign institution. Today, Russian specialists have access to such programs as IPFM, IFA, ICFM and CIA.
The fastest and most effective way to master internal audit is the distance learning course "Internal audit" program of the British Institute of Professional Financial Managers (IPFM). The course program includes the concepts of internal control, training in the skills of mastering the tools of the internal auditor, identification and risk management in IAS, and more.
Certified Internal Auditor (CIA) is the most valuable professional international certificate (along with ACCA, CIMA). It is issued by the International Institute of Internal Auditors after successfully passing four exams.
- How to buy games or applications in the App Store without linking a card Payment methods for purchases in the app store
- Calculator for calculating insurance premiums SP for yourself
- There is a problem with the payment of the previous purchase how to remove Updating the payment information in the Apple device
- Invalid credit card number