About | Code of Ethics | CIA Exam
The Profession | All in a Day's Work

Assuring Safeguards
Organizational resources are valuable. It's in the company's best interest to defend and guard them against potential damage. Since most holdings can be pricey and even priceless, there is a great risk of loss if they aren't safeguarded appropriately.

Enter the internal auditors. By reviewing the means used by the organization to protect its assets, internal auditors can determine whether appropriate safeguards are in place.

They must be able to evaluate the procedures used to safeguard assets from different types of losses like theft, fire, activities that are illegal or improper, and exposure to elements.

If the assets in an organization aren't protected appropriately, then internal auditors must make recommendations to ensure they are.

Assets aren't just tangible items, such as computers, printers, and copiers. Employees and information are also important assets to be safeguarded. A high turnover in staff results in loss of human assets: good, educated employees, and the cost of time and training for new hires. Information, knowledge management, and information technology are just as imperative. And, as technology continues to develop, so do challenges in safeguarding. New dimensions include product support, advisory and consulting engagements, and active involvement in the process of restructuring. Internal auditors must be accomplished in anticipating emerging issues and creating solutions.

Recommending Controls
As a result of proper management organizing, planning, and directing, control increases the possibility of meeting goals and objectives. Internal auditors examine and evaluate these processes, provide information based on their findings, and ultimately recommend appropriate controls.

Internal auditors evaluate the efficiency and effectiveness of controls to achieve objectives. Controls refer to ethical values, consistency in meeting goals, performance measures, and much more. Frameworks such as COSO (U.S.), CoCo (Canada), and Cadbury (UK) provide guidelines for effective internal control implementation and monitoring.

Today, a broad array of successful internal control practices is available for practitioners who want to stay on the leading edge of the profession. Control Self-Assessment (CSA) is just one such practice. And, with advanced control implementation, internal auditors can broadly address problems quickly and work to prevent disasters in the future. The IIA felt so strongly about CSA that it created a CSA Center, rich with information, networking opportunities, products, and special services.

Modern internal auditing's role in internal control is essential. Working in partnership with management, the internal audit function can be invaluable to every aspect of the organization.

Reviewing Compliance
Compliance--conformity to fulfill obligations in the auditing world, ensures that organizations adhere to rules and regulations. When those in an organization ignore guidelines, the structure can crumble. Part of an internal auditor's job is to review compliance and ensure that the structure stays solid. Management's role is to impose specific regulations, implement policies, and maintain extensive knowledge of the compliance requirements of all laws, regulations, and contracts applicable to the organization. In reviewing compliance, the realm of responsibility over which internal auditors preside is lengthy. Specifically, internal auditors are responsible for reviewing objectives, providing insight to the impact that noncompliance has on an organization, and informing senior management of indications of significant noncompliance. In short, they make sure the base structure of the organization is strong so it can hold steady during potentially turbulent times.

Compliance issues are always changing. As organizations alter policies, internal auditors have to be prepared to deal with the onset of new challenges. They not only need to identify areas that do not comply with policies and guidelines, but also see that objectives set by management adhere to the organization's overall mission, culture, and climate.

Whether determining if an organization fulfills its legal and ethical obligations or its members comply with the proper guidelines, internal auditors' areas of expertise are constantly growing. By ensuring that an organization's structure is strong and can withstand the tests of negative weathering from outside and inside, it is the internal auditors who help senior management sleep well at night.

Analyzing Operations
When an organization creates corporate objectives and goals, it must follow the appropriate procedures to make sure those goals are reached. Internal auditors review operations closely, confirming that the correct protocol is being followed and the goals are being met. This is vital to the organization's health and well-being. Internal auditors must be well versed in the objectives of an organization and have the ability to examine and analyze to make sure the operations are effective. After investigating the process, they report their findings and recommend appropriate courses of action. They may also have to establish criteria, based on their objective opinion, for meeting the organization's goals.

Competent professional internal auditors accurately interpret facts and figures of the organizational process quickly and strive for continuous improvement. Through a strong commitment to the organization's corporate values and goals, their understanding of the "big picture" plays a crucial role in the overall success of the organization.

Today, internal auditors work closer than ever before with their customers. By doing so, they can be more accurate in their recommendations and help the organization adhere more closely to its objectives. As valuable resources for internal processes and operations, internal auditors continue to prove themselves vital to the organization.

Evaluating Risk
All organizations encounter risk. Risk assessment, as defined by The IIA Standards for the Professional Practice of Internal Auditing, is "a systematic process, for assessing and integrating professional judgments about probable adverse conditions or events." Risk impacts the organization's ability to compete and to maintain its financial strength and quality of its products and services. It's the internal auditor's job to identify all auditable activities and relevant risk factors, and to assess their significance.

The polished skills internal auditors possess assist them in accurately identifying the risks an organization faces. As auditors examine these risks, they must investigate the sources, put a relative value on each risk, and keep the lines of communication open in the process. This not only fosters a close and invaluable relationship with management, but also enables the auditor to anticipate emerging issues and opportunities.

Changing trends may impact the way an internal auditor assesses risk. A recent study from The IIA Research Foundation, by Georges M. Selim, PhD, and David McNamee, CIA, CISA, describes internal auditing as changing from a reactive control-based form to one that is risk-based and proactive.

This means that greater emphasis is placed on the internal auditor's role in mitigating risks. By focusing on effective risk management, the internal auditor not only offers remedies for current trouble areas, but also anticipates problems and plays an important role in protecting the organization from catastrophes or missed opportunities in the future.

Internal auditors must be flexible to the changing tides of today's business environment. Evaluating risk in a rapidly changing world means auditors have to stay abreast of global and workplace issues such as mergers and acquisitions, new computer systems, and electronic commerce. Through careful and timely preparation, internal auditors protect their organizations from potential disasters today and in the future.