Skip to content
Go to GoCardless homepage
Pricing
LoginSign up

What is an internal audit?

While financial investigations may spring to mind when you hear the term “audit,” there are several types of auditing processes, including an internal audit. Please keep reading to learn more about what an internal audit is, how it differs from an external audit, and what to expect.

Internal audit definition

An internal audit is an unbiased review of a company’s processes, systems, and procedures. Rather than having an outside consultant or specialist conduct this review, an internal audit is performed by professionals within the company. This could be an individual auditor, auditing department, or specialty organization. Here are just a few areas that an internal audit might focus on:

  • Operational risks

  • Environmental compliance

  • Corporate responsibility

  • Procedural efficiency

  • Effectiveness of systems

  • Health and safety compliance

  • Fraud protection

The internal audit team gathers information about the company’s various processes to see what’s working well and where there may be areas of risk. This information is then compiled into a comprehensive report, along with any accompanying recommendations. Audit outcomes are presented to senior leadership, who can then implement these recommended changes.

Who performs an internal audit?

Any members of an internal audit team must be entirely unbiased for the audit to be valid. In larger organizations, there is usually a standalone audit department specifically for this purpose. Internal audits are ordered at the top level, typically by the CEO or board of directors. The audit team works closely with senior management to review critical processes within the organization.

What is the primary internal audit function?

An internal audit might cover just one area of the organization, like IT development, or it could be a general assessment of the company’s strengths and weaknesses. The main goal or function is to identify risks within the company’s internal environment. By tackling this task internally, problems can be fixed before they cause any external damage or liability to stakeholders. It’s essentially a way to get ahead of the curve with a proactive risk assessment process. Apart from highlighting risks, the internal audit function includes highlighting areas where a company’s efficiency could be improved or where money could be saved.

Internal audit vs. external audit

While the outcomes might be similar, internal and external audits differ in a few ways.

Internal audits:

  • Are performed by internal auditors, often company employees

  • Results are reported to the Board of Directors and senior management

  • The audit covers internal controls pertaining to risk management and process improvement

  • The audit is performed to assess risk and improve efficiency

  • Can be performed at any frequency

External audits:

  • Are performed by outside auditors, often from a CPA firm

  • Results are reported to outside entities and shareholders

  • Covers financial reports

  • The audit is performed to validate financial reports for stakeholders’ benefit

  • Usually performed annually

Internal audit process

No matter the internal audit function, the process is generally the same:

Step 1: Planning

During this initial phase or step of the internal audit process, the audit team carefully defines the investigation’s objectives. Any relevant guidance or regulations will be reviewed in-depth to lay the groundwork for the audit. A realistic timeline for the audit will be set and shared with management.

Step 2: Investigating

This is the active phase of the audit, when the team performs any research or relevant investigations. They carry out the audit plan according to the prearranged timeline, conducting interviews, reviewing documents, and testing controls. During this investigative phase, statistics are recorded, and observations are made. 

Step 3: Reporting

Having concluded the active stage of the audit, it’s the audit team’s job to compile an internal audit report. Any results of the investigation should be presented in this written report. When risks or trouble spots are identified, these should be accompanied by actionable recommendations.

Step 4: Following Up

The process isn’t finished with the delivery of the internal audit report. The report should be presented to the senior leadership team, with the opportunity for a question and answer session after the presentation. Beyond this point, the audit team must conduct follow-up with appropriate parties to implement any recommendations that have been made.

We can help

GoCardless helps you automate payment collection, cutting down on the amount of admin your team needs to deal with when chasing invoices. Find out how GoCardless can help you with ad hoc payments or recurring payments.

GoCardless makes it easy to collect recurring payments

Sign upContact sales

Interested in automating the way you get paid? GoCardless can help

Contact sales

Contact Us

Sales

Contact sales

+44 20 8338 9539

Support

Request support

+44 20 8338 9540

Seen 'GoCardless Ltd' on your bank statement? Learn more

GoCardless Ltd., Sutton Yard, 65 Goswell Road, London, EC1V 7EN, United Kingdom

GoCardless (company registration number 07495895) is authorised by the Financial Conduct Authority under the Payment Services Regulations 2017, registration number 597190, for the provision of payment services. GoCardless SAS (23-25 Avenue Mac-Mahon, Paris, 75017, France), an affiliate of GoCardless Ltd (company registration number 834 422 180, R.C.S. PARIS), is authorised by the ACPR (French Prudential Supervision and Resolution Authority), Bank Code (CIB) 17118, for the provision of payment services.