Breadcrumb

What is an internal audit?

Written by

The GoCardless content team comprises a group of subject-matter experts in multiple fields from across GoCardless. The authors and reviewers work in the sales, marketing, legal, and finance departments. All have in-depth knowledge and experience in various aspects of payment scheme technology and the operating rules applicable to each. The team holds expertise in the well-established payment schemes such as UK Direct Debit, the European SEPA scheme, and the US ACH scheme, as well as in schemes operating in Scandinavia, Australia, and New Zealand. See full bio

Last editedOct 20202 min read

While financial investigations may spring to mind when you hear the term “audit,” there are several types of auditing processes, including an internal audit. Please keep reading to learn more about what an internal audit is, how it differs from an external audit, and what to expect.

Internal audit definition

An internal audit is an unbiased review of a company’s processes, systems, and procedures. Rather than having an outside consultant or specialist conduct this review, an internal audit is performed by professionals within the company. This could be an individual auditor, auditing department, or specialty organization. Here are just a few areas that an internal audit might focus on:

Operational risks
Environmental compliance
Corporate responsibility
Procedural efficiency
Effectiveness of systems
Health and safety compliance
Fraud protection

The internal audit team gathers information about the company’s various processes to see what’s working well and where there may be areas of risk. This information is then compiled into a comprehensive report, along with any accompanying recommendations. Audit outcomes are presented to senior leadership, who can then implement these recommended changes.

Who performs an internal audit?

Any members of an internal audit team must be entirely unbiased for the audit to be valid. In larger organizations, there is usually a standalone audit department specifically for this purpose. Internal audits are ordered at the top level, typically by the CEO or board of directors. The audit team works closely with senior management to review critical processes within the organization.

What is the primary internal audit function?

An internal audit might cover just one area of the organization, like IT development, or it could be a general assessment of the company’s strengths and weaknesses. The main goal or function is to identify risks within the company’s internal environment. By tackling this task internally, problems can be fixed before they cause any external damage or liability to stakeholders. It’s essentially a way to get ahead of the curve with a proactive risk assessment process. Apart from highlighting risks, the internal audit function includes highlighting areas where a company’s efficiency could be improved or where money could be saved.

Internal audit vs. external audit

While the outcomes might be similar, internal and external audits differ in a few ways.

Internal audits:

Are performed by internal auditors, often company employees
Results are reported to the Board of Directors and senior management
The audit covers internal controls pertaining to risk management and process improvement
The audit is performed to assess risk and improve efficiency
Can be performed at any frequency

External audits:

Are performed by outside auditors, often from a CPA firm
Results are reported to outside entities and shareholders
Covers financial reports
The audit is performed to validate financial reports for stakeholders’ benefit
Usually performed annually

Internal audit process

No matter the internal audit function, the process is generally the same:

Step 1: Planning

During this initial phase or step of the internal audit process, the audit team carefully defines the investigation’s objectives. Any relevant guidance or regulations will be reviewed in-depth to lay the groundwork for the audit. A realistic timeline for the audit will be set and shared with management.

Step 2: Investigating

This is the active phase of the audit, when the team performs any research or relevant investigations. They carry out the audit plan according to the prearranged timeline, conducting interviews, reviewing documents, and testing controls. During this investigative phase, statistics are recorded, and observations are made.

Step 3: Reporting

Having concluded the active stage of the audit, it’s the audit team’s job to compile an internal audit report. Any results of the investigation should be presented in this written report. When risks or trouble spots are identified, these should be accompanied by actionable recommendations.

Step 4: Following Up

The process isn’t finished with the delivery of the internal audit report. The report should be presented to the senior leadership team, with the opportunity for a question and answer session after the presentation. Beyond this point, the audit team must conduct follow-up with appropriate parties to implement any recommendations that have been made.

We can help

GoCardless helps you automate payment collection, cutting down on the amount of admin your team needs to deal with when chasing invoices. Find out how GoCardless can help you with ad hoc payments or recurring payments.