Establishing Internal Audit Shop

The following suggestions and resources from The IIA can help you in establishing internal audit function.

Step 1:Start by establishing internal audit authority in the internal audit activity and review the new definition of internal auditing and the International Standards for the Professional Practice of Internal Auditing (Standards) to become familiar with what is required.

Step 2:Interview senior management and board of directors/audit committee [chairpersons] to build rapport, to ensure those at the top have a clear picture of the internal audit function, and to clarify expectations of all. Use this opportunity to quickly learn and address what management and the board view as the greatest risks to the organization, while keeping in mind issues, problems, and opportunities that have already been identified. Develop a system for cataloging such information, including date and name of person interviewed for quick reference in the future. There are many considerations that should be evaluated in determining the optimal structure and source for internal auditing resources.

Step 3:Obtain and review the audit committee charter. Of course, no sample charter encompasses all activities that might be appropriate to a particular audit committee, nor will all activities identified in a sample charter be relevant to every committee. Accordingly, this charter must be tailored to each committee’s needs and governing rules. This process is very important in establishing internal audit function.

Step 4:Understand “benchmarking” needs, i.e., industry, specialty groups, organizations with same staff size, etc. Ask senior management who they consider to be leaders and laggards in your organization’s market niche. Check out IIA’s GAIN services. Review past GAIN surveys. IIA’s GAIN gives insights and useful guidelines in establishing internal audit function

Step 5:Obtain and review your organization’s written policies and procedures, especially the policy pertaining to management’s responsibility to control the organization.

Step 6:Discuss with external auditors open and closed internal control issues, which they may have identified during their reviews. External auditors may give important tips in successfully establishing internal audit function.

Step 7:Start to develop the “audit universe,” or the list of all auditable entities.

Step 8:Map the major processes/operations within the organization. Meet with operations managers, including those in information technology, in order to understand their risks and concerns.

Step 9:Develop a risk assessment for your organization. This should be a macro-level assessment, which includes both external and internal risk factors.

Step 10:Develop a charter for Internal Audit. Ensure that both senior management and the audit committee review and approve the charter. Information on audit charters can be found within the Professional Practices Frame-work or Establishing Internal Audit Activity Manuals available at The IIA.

Step 11:Build the budget, including personnel and travel.

Step 12:Based on your risk assessment, develop an audit plan. The amount of the plan that can be accomplished in the allotted time period (usually a year) will depend on the risks identified and the internal audit resources and staff. You should always leave time in your audit plan for management requests (usually 10 percent).

Step 13:Hire your staff and develop a plan for staff training. Ensure your staff covers the range of expertise needed based on your risk assessment. You may also consider outsourcing portions of your audit plan to outside service providers or using professionals internal to the organization.

Step 14:Ensure that senior management notifies other departments of your existence and calls for complete coop-eration.

Step 15:Work with management to establish best-practice reporting relationships, to ensure internal audit is promoted throughout the organization, and to develop a methodology for following up on audit recommendations and measuring performance.

Step 16:Establish a quality assurance program. Guidelines on establishing internal audit function