What is internal audit. Internal audits

Internal audit is one of the types of internal control of entities entrepreneurial activity... Internal audit is independent activity the enterprise is aimed at checking the ku and evaluating its activities in the interests of management.

The purpose internal audit is to protect the interests of owners to preserve and effective use resources of the enterprise, as well as obtaining reliable and complete information for making informed management decisions.

A special demand for internal audit has arisen in the last decade. Today, internal auditors provide their services to both public and private enterprises. The need for internal audit is due to a number of factors. The growth in the volume of activities of enterprises creates a problem of information exchange in a multilevel management apparatus, thus complicating the control of various levels of management on the part of the central management, which increases the risk of errors and contributes to abuse by personnel. The presence of internal audit is relevant for owners who are not directly involved in the management of the company, but transferred these functions to managers. Therefore, in spite of the professionalism of the management, the issue of control over the activities of the enterprise becomes urgent, one of the main tools of which can be an internal audio audit.

The introduction of internal audit is especially advisable in large and medium-sized enterprises that have at least one of the characteristics:

The presence of branches or separate divisions;

The presence of various types of activities;

Possibility of cooperation;

The desire of senior management to have objective and unbiased information about the activities of the enterprise

The subjects of internal audit are employees of internal audit departments, internal audit services, who report only to the management of the enterprise

The objects of internal audit are determined by its goals and objectives. The main objects of internal audit are:

Maintenance status accounting at the enterprise;

Financial statements and their reliability;

The state of the assets of the enterprise and the sources of their formation;

Provision of the enterprise with its own circulating assets;

Provision with own funds;

Solvency and financial stability;

Enterprise management system;

The work of economic and technical services;

Payment of taxes by an enterprise;

Reliability of design and estimate documentation;

Business processes;

The subject of internal audit is a set of information that is essential in making management decisions

Note that internal audit, in no case should be perceived as an alternative to external. The difference lies not only in the fact that the external audit is carried out by independent auditors or their audit firms, and the internal audit is carried out by employees of the internal audit departments of the audited company.

Signs

Internal audit

External audit

The scope of the check

Determined by the control system

Determined by the type of audit and regulatory documents regulating its conduct

Audit object

Determined by management, these are mainly the assets and liabilities of the enterprise

Determined by the status of the enterprise Audit dominates financial statements and balance sheet Business audit is developing in some countries

Qualification

Defined from the point of view of management structures Has a lower degree of independence and a lower professional level of the internal auditor

Determined by legislation m Has high degree independence and high professional level of the auditor

Methods used

General methods that distinguish between the scope and accuracy of checks

Determined by management

Follows with legislation, as well as court decision, external needs

Reporting

Reporting to management

Reporting to the customer

Fig 31 . Comparative characteristics external and internal audit

If we compare internal and external audit, it turns out that they differ not only in subjects (Figure 31). So the external audit is independent, while the internal audit is controlled by the owner of the enterprise. And therefore the users of the information will be different. If the owners of the enterprise and managers are satisfied with the information provided by the internal audit service, external users (investors, creditors government bodies etc.) have confidence in the reporting of the enterprise certified by the conclusion of the external, i.e. an independent auditor.

In addition, external audit, in contrast to internal, is strictly regulated, based on the norms of international audit standards and the current legislation of Ukraine. With regard to internal audit, recommendations for its conduct are set out in the standards for the professional practice of internal audit developed. Institute of Internal Auditors based on. International standards audit. And also the enterprise must be approved. Regulations on the service (department) of internal audit, which defines the tasks, functions, rights and duties and responsibilities of this structural unit.

External audit is carried out periodically, usually once a year, while internal audit is carried out continuously. Taking this into account, internal audit uses methods of preliminary, current and subsequent control of people, while external audit uses exclusively follow-up control. Also, internal and external audits differ in functions, the degree of openness of information, the scope and objects of verification, and the responsibility is too low.

It is clear that internal audit cannot replace external audit, but it carries out separate procedures that can be used for the needs of external audit. That is why these two types of audit should function in parallel pairs, performing their functions and thus complementing each other.

Considering the above, internal audit should meet the following characteristics:

1) impartiality, that is, the auditor must make all conclusions and assessments objectively;

2) independence implies that the internal audit service reports only to the top management of the enterprise;

3) improving the activities of the enterprise, i.e. it is necessary to clearly understand that the purpose of the internal audit service is not to identify errors and violations and the subsequent punishment of the guilty, but, first of all, in the established risks and weaknesses in the activities of the enterprise and to provide recommendations for improving the efficiency of the functioning of this enterprise

4) the provision of guarantees is important for the owners of enterprises and can be ensured only as a result of the high-quality work of the internal audit service;

5) the advisory nature provides for the possibility of management personnel to receive qualified assistance in solving certain problems related to the activities of the enterprise

So, the requirements for the professional level of internal auditors are growing. And although today in our country the provision of the services of an internal auditor does not require a special certification of the level of his qualifications from him. The Institute of Internal Auditors (C1A), which cooperates with auditors in 60 countries, provides training and certification of internal auditors. The implementation of certification of internal auditors at the global level is a confirmation of the popularity of the profession of internal auditor and recognition of its necessity and importance in modern conditions.

Internal audit is carried out at a preliminary stage of commercial, technological or financial transaction, in the course of its passage and after completion. It provides expert, scientifically based assessment of business operations and processes.

Internal audit is a systematic and strictly documented, continuous, universal (continuous) measure. Internal auditors work in the public and private sector, they report to the highest standards of the enterprise, provide the results of analysis, recommendations, advice and information on the activities of the audited enterprise.

Internal audit provides for preliminary control at the stage of consideration primary documents, when signing contracts, orders, estimates, etc., that is, it can act as a preventive measure

Current control is carried out during registration business transactions and inventory

Subsequent control is carried out at the stage of generalization and analysis of accounting and reporting information

The main objectives of the internal audit system are:

Facilitating the conduct of the business in an orderly and efficient manner;

Ensuring adherence to management policies;

Ensuring the safety of property;

Achieving high-quality documentation of operations

Internal audit can be considered as an integral part common system management control. It is carried out within the organization itself at the request and at the initiative of the management.

Internal audit is used in most large companies... It is needed to prevent the occurrence of significant shortcomings. It is carried out in accordance with the specified algorithm.

What is internal audit

Internal audit is an audit of the company's activities, which is carried out in the interests of the owner. The procedure is carried out on the basis of the regulations drawn up by the company itself. In the process, documents are checked, a survey of employees is carried out.

Main goals

Consider the tasks of internal audit of a firm:

  • Organization of effective financial and economic activities.
  • Establishing productive interaction with contractors.
  • Prevention of the occurrence of material violations.
  • Reducing the number of losses.
  • Ensuring compliance of activities with the law.
  • Verification of the accuracy of the information contained in the documents.

An internal audit is needed, first of all, for the head of the company. The verification results will help optimize production.

The legislative framework

The work of specialists performing internal audit must comply with international (ISVA) and domestic standards. It is regulated by Federal Law No. 307 "On the Activities of an Auditor". In addition, the inspection should not contradict these norms:

  • Federal Law No. 115 "On Combating Money Laundering" dated August 7, 2001.
  • Federal Law No. 273 "On Combating Corruption" dated December 25, 2008.

Internal audit standards should also be contained in the company's internal documents.

What is checked in the internal audit process

Internal audit involves an integrated approach. That is, all aspects of the enterprise are checked. In particular, these are:

  • Keeping records of fixed assets, intangible assets, cash transactions, financial results, capital and other things.
  • Transactions in foreign currency, settlement and other accounts, settlements with counterparties, insurance companies.
  • OS state, documenting funds, the correctness of depreciation, the execution of the repair plan.

The auditor also needs to reassure himself of information security. The processing of information in the company is checked, Information system, the presence of trade secrets. The specialist conducts an audit of the information protection system.

Varieties of internal audit

There are different types of internal audit. The audit is divided into types depending on the tasks assigned to the auditor. There are the following varieties:

  • Checking the control system.
  • Organizational and technical control.
  • Control audit of the main activities.
  • Checking the compliance of the work with internal and legal regulations.
  • Establishing the feasibility of activities officials.

All considered types of audit are optional. They are carried out at the initiative of the head.

Documentary support of the audit

As part of the check, it is imperative to draw up a number of documents. Otherwise, the audit will not be legal.

Issuance of an audit order

The check is carried out on the basis of the order of the head. This document establishes the following aspects of work:

  • Dates of the inspection.
  • The employees who will be engaged in the audit.
  • Conditions for conducting internal audit.
  • Control over the work of the auditor.

The order should contain clear instructions on how to start the audit.

Check list

Within the framework of the audit, control is carried out in many areas. Many operations are performed, the sequence of which must be followed. To comply with the algorithm, it is recommended to draw up a checklist. It includes a list control questions... There are no laws governing the preparation of this document. The checklist is filled in according to the wishes of the manager. It allows you to solve these problems:

  • Correct planning control event compliant with the law.
  • Execution of intermediate and selective control of the auditor's activities.
  • Implementation of all the main stages of the procedure.
  • Facilitating the work of the auditor.
  • The ability to carry out a complex and holistic procedure.

A checklist can be drawn up on the basis of the provisions of Federal Law No. 307 "On audit activity"Dated December 30, 2008.

Internal audit stages

Internal audit can be divided into three stages:

  1. Preparation. Includes the publication of an order, drawing up a checklist.
  2. Worker. As part of it, documents are checked for compliance with the law, interviews with employees and management personnel.
  3. Final. A conclusion is drawn up, in which the results of the procedure are prescribed.

Each of these stages has its own meaning. For example, if adequate preparation is not carried out, the procedure will become less effective in the future.

Internal audit tools

The components of an internal audit depend on the needs of the company. For example, these can be the following tools:

  • Checking the correctness of the preparation of estimates, projects and plans.
  • Analysis of existing orders for the supply of raw materials.
  • Verification of the fulfillment of supply contracts.
  • Establishing the actual write-off of materials for production.
  • Establishing the correctness of calculations, checking the reflection of their results in the accounting of the cost of goods.
  • Checking invoices.
  • Checking the legality of depreciation.
  • Execution of control over the movement of funds.
  • Timely reflection in accounting of all business transactions.
  • Establishing the correctness of settlements with counterparties.

This list can be supplemented. The nature of the additions is determined by the specifics of the companies' activities.

In the course of their work, auditors use a variety of tools. For example, if invoices are verified, the next order control:

  • Establishing the accuracy of keeping the book of sales and purchases.
  • Analysis of invoices for missing numbers.
  • Control over the entry of all transactions into the general ledger.
  • Checking the accuracy of customer accounts.
  • Reconciliation of information from analytical and synthetic accounting.
  • Reconciliation of the dates of operations performed with the dates indicated in the invoices.

Movement check material values carried out by means of an inventory. You need to prepare for this procedure. Preparation includes these steps:

  • Drawing up a list of materials that are subject to inventory.
  • Formation of an inventory commission.
  • Receipt of a receipt stating that all documents related to the inventories are in the accounting department.

The analysis of the correctness of depreciation is carried out on the basis of documents. The list of securities subject to audit includes inventory cards... The auditor can also recalculate.

Internal audit results

The results of the audit are recorded in the report. This information is written in it:

  • List of verified documents and areas of activity.
  • Identified shortcomings.
  • Recommendations for correcting shortcomings.
  • The person who performed the audit.

Audit reports should be retained. They can be compared with each other in order to analyze the dynamics of the company. Based on the reports, work is carried out to correct the detected deficiencies.

FOR YOUR INFORMATION! Not every employee can participate in the audit. It is desirable that a specialist has an appropriate education. You can get all the necessary knowledge in specialized courses.

You will learn:

What is internal audit and how is it different from external?
What legal requirements exist regarding internal audit.
How the internal auditor can help in the work of the enterprise.

Until recently, internal audit was mandatory only for some categories of organizations (banks, insurance organizations, etc.). Their internal audit activities are regulated by a large number of special regulations (directly related to their industry), which require separate consideration. And we will not pay attention to them in this article.

For other organizations, internal audit (control) became mandatory after the entry into force Federal law"On accounting" dated 06.12.2011 N 402-FZ. In particular, in this law in Art. 19 of this law says the following: “an economic entity is obliged to organize and exercise internal control over the committed facts of economic life. An economic entity whose accounting (financial) statements are subject to statutory audit, is obliged to organize and carry out internal control of accounting and preparation of accounting (financial) statements (except for cases when his manager has assumed the responsibility for accounting). "

We will analyze this legal requirement a little later. Now we will pay attention to several significant points:

  • Conventionally, internal audit (control) can be divided into general internal control (which, according to Federal Law No. 402-FZ, must be carried out in all organizations and special, regulatory requirements for which have existed for a long time (concerning banks, insurance organizations, etc.))
  • The legal framework related to general internal audit (control) is rather laconic. We will analyze it a little later.
  • Clear legal responsibility for violation of legislation on the implementation of the general internal control no. With a fairly big stretch in this case, you can apply the article of the Administrative Code, which establishes sanctions for violation of accounting rules. Therefore, many organizations require Art. 19 of the Federal Law No. 402-FZ are considered declarative.
  • Despite the fact that there is no clear responsibility for violation of the requirements of the Federal Law "On Accounting", the implementation of internal audit (control) can be more than useful for the organization itself and its founders.

General internal control

Unfortunately, a significant number of people still believe that internal control (audit) is similar to external control. That is, the internal auditor checks the legal, personnel and accounting documentation, as well as the external one. The only difference is that the internal auditor is an employee of the audited organization, and the external one is not. However, this is absolutely not the case. And if we carefully study the Information of the Ministry of Finance N PZ-11/2013 "Organization and implementation by an economic entity of internal control of the committed facts of economic life, accounting and preparation of accounting (financial) statements", we will see that this point of view is not correct.

First, internal audit can be performed by external specialists. In clause 18.2. The information of the Ministry of Finance says: "The organization and assessment of internal control can be carried out by an economic entity independently and / or an external consultant (including an audit organization)."

In addition, the content of an internal audit is more than significantly different from an external one.

The United States International Institute of Internal Auditors, established in 1941, is considered the ancestor of general internal audit. According to the American concept, the task of the internal auditor is to calculate the risks that the company can expect (they can be associated with both internal and external reasons); assess the likelihood of their occurrence; to isolate those of them to which the business is not tolerant and to develop measures to minimize them.

Example 1.

The task of the internal auditor is to analyze changes as a result of political events foreign economic situation; forecasting losses from the loss of some economic partners and the need for the enterprise to search for other suppliers and buyers.

At the same time, the scope of the internal auditor is not limited only to accounting issues, questions correct management personnel and legal documentation, it concerns all areas of the enterprise, for example, HR.

Example 2.

In one manufacturing company, workers were given paltry wages. As a result, this led to staff turnover; high costs of permanent search for personnel, theft by workers of products from the enterprise. Also, to motivate people to stay and pay them big salary, the heads of some shops (loading and unloading, logistics) wrote that their subordinates, pieceworkers, did more work than they actually did. As a result, such salary savings led to large losses of company finances.

If the firm had an internal auditor, he would have to calculate the negative consequences of such savings.

Thus, the work of the internal auditor applies to all areas of the enterprise: it is also checking the effectiveness of the rules for constructing the budget; controlling; grade investment projects; development of an asset protection strategy; control over the creation of a system of measures to minimize abuse within the organization; investigation of fraud within the organization; control over cost accounting; analysis of quality control of manufactured products; customer service quality control assessment and much more. priority areas internal audit are: contributing to the company's profit making and the safety of assets.
In general, this concept is reflected in the Information of the Ministry of Finance N PZ-11/2013.

Requirements of Russian legislation for internal control (audit)

Consider now the norms Russian legislation related to internal audit. First, let us pay attention to the fact that in Art. 19 of the Federal Law "On Accounting" there is still a slight contradiction.

According to it, all economic entities must exercise internal control. A priori, it is assumed that this internal control must be carried out in all areas of the organization. But in part 2 of the same article, it is specified that an economic entity whose accounting (financial) statements are subject to mandatory audit is obliged to organize and exercise internal control over accounting and preparation of accounting (financial) statements (except for cases when its head has assumed the responsibility of maintaining accounting for yourself). A logical puzzle arises, but what in other areas (besides accounting and reporting), an economic entity is not obliged to carry out internal audit, unlike other organizations? In theory, the requirements for the internal control of such organizations, on the contrary, should be more stringent than in relation to those firms that are not subject to mandatory external audit. Or the legislator implies that internal audit is mandatory for all organizations (including in the field of control over accounting records); Is it strictly obligatory for firms subject to internal audit? In general, the article leaves a wide field of activity for its interpretation.
The next normative act in which we can find the requirements for internal audit is the RF Government Decree of 23 .09.2002 No. 696 “On the approval of the federal

rules (standards) of auditing ”). We draw your attention immediately to the fact that no fresh changes and additions were made to this document after the entry into force of the accounting law. Therefore, some of its norms do not quite correspond to the point of view of the Ministry of Finance expressed in the information. For example, according to this document, internal audit is a control activity carried out within the audited entity by its subdivision - the internal audit service (as we can see, this rule runs counter to the information of the Ministry of Finance, because according to it, an external organization can also carry out internal audit). Of course, explaining this contradiction, one can refer to the fact that the information provided by the Ministry of Finance refers to internal control, while the resolution of the Government of the Russian Federation refers to internal audit. But in essence, these two concepts are identical.
According to the authors of this resolution, the functions of the internal audit service include monitoring the adequacy and effectiveness of the internal control system. The scope and objectives of internal audit are different in each case and depend on the size and structure of the auditee and the requirements of its management. Typically, the functions of an internal audit function include one or more of the following elements:

  • monitoring the effectiveness of internal control procedures;
  • research of financial and management information;
  • control of economy, efficiency and effectiveness, including non-financial controls of the audited entity;
  • control over compliance with legislation Russian Federation, regulations and other external requirements, as well as policies, directives and other internal management requirements.

Let us analyze in more detail some of the items of the Information of the Ministry of Finance N PZ-11/2013 “Organization and implementation by an economic entity of internal control over the committed facts of economic life, accounting and preparation of accounting (financial) statements.
According to the Ministry of Finance, the effectiveness of internal control may be limited:

  • changes in the economic environment or legislation, the emergence of new circumstances outside the sphere of influence of the leadership of the economic entity;
  • exceeding official powers by the management or other personnel of an economic entity, including collusion of personnel;
  • the occurrence of errors in the decision-making process, the implementation of the facts of economic life, accounting, including the preparation of accounting (financial) statements.

In fact, in this case, it is said that it is impossible to create a control system that will not fail under any circumstances. Here are two specific examples corresponding to the first and second points.

Example 3.

As you know, the situation in Ukraine led to the imposition of sanctions. Russian businessmen stopped working with partners from some countries, instead of them other suppliers and buyers appeared. Surely there are enterprises that, at the time of restructuring their business (looking for new partners in countries that did not impose sanctions), suffered some losses. Was it possible to predict such economic situation in the future (when the sanctions have not yet been introduced) - the question is quite complex. Perhaps at some enterprises there are ingenious specialists who were able to calculate the likelihood of such events and their management began to look in advance for new sales and supply channels. However, most of the internal control services most likely failed to do this.

Example 4.

Even in a non-governmental organization there is a place for corruption schemes: the head of the procurement department buys goods from those suppliers that give him the biggest kickback; develops a budget for departments in favor of more funding (employee training, payments salaries etc.), whose boss pays him an informal remuneration in gratitude; in many industries, theft of products is carried out; overestimates the number of hours that workers allegedly worked and which should be paid, etc. Typically, an effective internal control system involves a segregation of duties that can exclude the possibility of fraudulent activity on the part of employees. However, there is an unshakable rule that any system developed to counteract corruption and fraudulent schemes can be circumvented by the collusion of three employees, between whom the corresponding responsibilities were divided in order to minimize abuse.

Ministry of Finance calls the following items internal control:

  • control environment;
  • risk assessment;
  • internal control procedures;
  • information and communication;
  • assessment of internal control.

1. Control environment is a set of principles and standards for the activity of an economic entity, which determine a general understanding of internal control and requirements for internal control at the level of an economic entity as a whole.

2. Risk assessment is the process of identifying and analyzing risks. Risk is understood as a combination of the likelihood and consequences of failure of the economic entity to achieve the goals of its activity.

The Ministry of Finance draws attention to the fact that one of the important areas of risk assessment is the assessment of the risk of abuse ( possible options abuses within the organization are named in Exhibit 4). The Information says that abuse can be associated with the acquisition and use of assets, accounting, including drawing up accounting statements committing acts of corruption (including commercial bribery). Assessment of this risk involves identifying areas (areas, processes) where abuses may occur, as well as opportunities for their commission, including those associated with deficiencies in the control environment and internal control procedures of an economic entity.

3. Internal control procedures represent are actions aimed at minimizing risks affecting the achievement of the goals of an economic entity.

Let's turn to Example 2 to illustrate what this means.

Continuation of example 2.

The abuse in this case was expressed in the overestimation of the working hours of the employees of the enterprise (in fact, the time norms). The task of the internal auditor is accordingly to identify this risk and to minimize it. In this case, in our opinion, a set of measures could be proposed: a reasonable increase in wages; the affixing of the hours worked by the shop manager and confirmation of these hours by another, independent employee (for example, from the OH&S department).

The Ministry of Finance indicates that an economic entity can apply the following internal control procedures:

  • a) documentary registration (for example, making entries in accounting registers on the basis of primary accounting documents);
  • b) confirmation of compliance between objects (documents) or their compliance with established requirements (for example, checking the execution of primary accounting documents for compliance with established requirements when they are accepted for accounting). These internal control procedures also include procedures for controlling interrelated facts of economic life (for example, the correlation of a transfer Money in payment of material values ​​with the receipt and posting of these values);
  • c) authorization (authorization) of transactions and operations, providing confirmation of the legality of their execution;
  • d) reconciliation of data (for example, an economic entity with suppliers and buyers to confirm the amounts receivable and accounts payable);
  • e) separation of powers and rotation of duties;
  • f) procedures for controlling the actual presence and condition of objects, including physical security, access restriction,;
  • g) supervision, ensuring the assessment of the achievement of the set goals or indicators, etc.

For the purpose of counteracting abuse, the most effective internal control procedures are authorization (authorization) of transactions and operations, delineation of powers and rotation of duties, control of the actual availability and state of objects.

Let us give specific example, illustrating a risk prevention measure in the form of rotation.

Example 5.

There are several managers in the purchasing department (each of whom is engaged in purchasing in his own area). One of them selects suppliers for kickbacks. In the case of a rotation of a purchasing manager who is engaged in unseemly activities with a conscientious employee, the corruption scheme will be broken. In order to agree on kickbacks, etc., from a purchasing manager at a new site, a scammer will take a lot of time and effort.

4. Communication is the dissemination of information necessary for making management decisions and exercising internal control. For example, the personnel of an economic entity should be aware of the risks related to its area of ​​responsibility, the role assigned to it and the tasks of exercising internal control and informing management.

5. Internal control assessment carried out at least once a year. The scope of the internal control assessment is determined by the head or the internal auditor (internal audit service) of the economic entity. One of its types is continuous monitoring of internal control. It can be carried out by the management of an economic entity in the form of regular analysis of the results of the activity of an economic entity, verification of the results of individual business operations, regular assessment and clarification of internal organizational and administrative documentation and other forms.

A separate chapter of the Ministry of Finance's information is devoted to documenting internal control. From it we can conclude that the organization should have the following documents:

  • risk matrix (includes quantitative and qualitative description of risk)
  • a document that describes in text or graphic form the business processes and procedures of the organization;
  • documents that would reflect the procedure for organizing and exercising internal control(this may be a separate document, or there may be norms prescribed in various company documents (orders, orders, regulations, job and other instructions, regulations, methods, accounting standards of an economic entity). For convenience, the author of this article would advise the company to develop separate provision dedicated to internal control. The use of reference technology in such a document is not excluded (when, on a particular issue, the Regulations will refer the user to other local acts of the organization).
  • Documents establishing the rules of communication;

They can be: regulations on information policy (in the field of external and internal communications), schedules for the provision of data and reporting, job descriptions.

  • Documents regulating the assessment of the internal control design.

The documentation that formalizes the organization of internal control must be regularly updated (at least once a year).

Guided by this information from the Ministry of Finance, you can assess how your company is exposed to risks, give them a quantitative and qualitative assessment, determine which risks your company will tolerate and which will not, develop measures to minimize risks (in the information, as we have demonstrated measures to counter the risks above). Thus, by following these guidelines, if you wish, you can create an effective control system in your organization.

Internal audit is an independent activity within an organization to review and evaluate its performance for the benefit of managers. The purpose of internal audit is to help people in an organization perform their functions effectively. Internal audit is carried out by auditors who work directly in this firm. Small organizations may not have in-house auditors. In this case, the internal audit can be entrusted to the audit commission or audit firm on a contractual basis.

At the same time, internal audit is understood as a system of control over compliance with the established procedure, accounting and the reliability of the functioning of the internal control system, which:

organized by an economic entity;

regulated by internal documents;

acts in the interests of the management of the economic entity and (or) the owners.

Internal audit is one of the ways to control the performance of the links in the structure of an economic entity.

The organization, role and functions of internal audit are determined by the economic entity itself - its management and (or) owners, depending on:

  • A) the content and specifics of the activity of the economic entity;
  • B) the volume of economic activity of economic entities;
  • C) the management system of the economic entity;
  • D) the state of internal control.

Internal audit functions can be performed by:

  • - special internal audit services;
  • - individual auditors who are on the staff of an economic entity;
  • - audit commissions(auditors);
  • - third-party organizations involved for the purpose of internal audit;
  • - external auditors engaged for internal audit purposes.

Thus, an audit license is not required to carry out the internal audit function.

An internal audit is created to optimize the activities of an economic entity, to assist management in the performance of its duties, as well as to inform and advise it.

Typically, internal audit functions include:

  • - checking accounting and internal control systems, monitoring them and developing recommendations for improving these systems;
  • - verification of accounting and operational information, including an examination of the means and methods used to identify, evaluate, classify such information and compile reports on its basis, as well as a special study of individual reporting items, including detailed checks of transactions, account balances;
  • - verification of compliance with laws and other regulations, as well as requirements accounting policies, instructions, decisions and instructions of the management and (or) owners
  • - checking the activities of various levels of management;
  • - assessment of the effectiveness of the internal control mechanism, study and assessment of control procedures in branches, in structural divisions economic entity;
  • - checking the presence, condition and ensuring the safety of the property of an economic entity;
  • - work on special projects and control over individual elements of the internal control structure;
  • - evaluation of the software used by the economic entity;
  • - special investigations isolated cases, for example, suspicions of abuse;
  • - development and submission of proposals to eliminate the identified deficiencies and recommendations to improve management efficiency.

The objectivity of internal audit is determined by the degree of its independence in the management structure of an economic entity. This requirement for internal audit, as a rule, is ensured by the fact that he obeys and is obliged to submit reports only to the management and owners who have appointed him, independent of the heads of the audited branches of the economic entity, structural divisions.

Internal and external audit are closely related. In the course of the external audit, the auditor can use the results of the work of the internal audit. To do this, at the entrance of the audit, the auditor must:

study and evaluate the effectiveness of the work of internal audit;

to assess the impact of the work of internal auditors on the efficiency of the entire internal control system of an economic entity.

Based on the results of these assessments, the auditor:

  • - clarifies the scope and content of audit procedures;
  • - determines the possibility of using the results of internal audit work.

To facilitate the auditor's work in using the results of internal audit, developed Russian rule(standard) auditing "Learning and using the work of internal audit."

The auditing organization applies the provisions of the rule (standard) only in relation to internal audit activities related to the audit of financial statements. The activities of services such as a service environmental audit, the audit organization is not evaluated.

The effectiveness of internal audit can be an important factor in the firm's assessment audit risk and internal control systems and thereby significantly reduce the volume of procedures that should be performed by the audit organization, although it cannot completely eliminate the need for such procedures. That is why the audit organization must form its opinion on the activities of internal audit even before planning the upcoming audit.

The auditor should draw up a program for the assessment of internal audit and reflect in his working documentation conclusions related to the specific work of internal audit that has been tested, studied and evaluated. When forming the assessment of internal audit at the planning stage, it should be taken into account:

  • - organizational status - the position of the internal audit service in the management system of an economic entity, its capabilities and ability to observe objectivity and independence of the presence or absence of other duties, the effect of constraining factors and restrictions imposed by the management and (or) owners of an economic entity on internal audit. It should be remembered that the situation is ideal when the internal audit function reports only to the top management or the owners of the economic entity;
  • - competence - professional education and skills (work experience) of auditors, recruitment policy, training and professional development of internal audit staff, the degree of their understanding of the tasks and problems;
  • - professional level - the state of planning, control, documentation of the work of internal audit, the presence and content of relevant provisions on internal audit, work programs and working documentation;
  • - functional framework - the content and scope of work performed by the internal audit service;
  • - the level of significance - whether the recommendations of the internal audit are considered and accepted for implementation by the management and (or) the owners of the economic entity.

After evaluating the internal audit activities at the planning stage, the auditing organization should decide whether the internal audit work can be used for external audit purposes.

If the firm decides to use the work of internal audit, it should continue to study it, review the internal audit working papers, and ensure that:

  • A) the relevant programs and scope of internal audit work are consistent with the objectives of the external audit;
  • B) the work of internal auditors is carried out according to plan and is documented;
  • C) the conclusions (conclusions) of the internal auditors are sufficiently substantiated by the data obtained by them and correspond to the existing circumstances, and the content of the reports prepared by the internal auditors corresponds to the results of the work performed by them;
  • D) the zone of increased risks, known to the specialists of the economic entity, is taken into account when planning work and is checked by an internal audit;
  • E) the attitude of management and (or) owners to comments, suggestions and questions raised by internal auditors is constructive.
  • - assessment by external auditors of audit risk;
  • - the materiality of the object of verification;
  • - preliminary assessment of the internal audit service.

This work may include: testing objects already verified by internal audit; checking other objects of interest; overseeing internal audit procedures; other methods of verification at the discretion of the auditor.

The audit organization should have the right to freely and fully deal with internal auditors.

Since the tasks of the internal audit are determined by the management and (or) the owners of the economic entity, they differ from the tasks of the external audit, which is obliged to give an independent assessment of the submitted financial statements. At the same time, the means of solving specific problems facing external and internal audit can in a number of cases coincide and be used in determining the content, timing and scope of external audit procedures.

When using the work of internal auditors, the effectiveness of the audit can be influenced by the following:

  • A) mutual coordination of audit plans;
  • B) exchange of reports;
  • C) regular working meetings;
  • D) consolidated and open mutual access to working documentation;
  • E) joint submission of reports to the management and (or) owners of the economic entity;
  • E) general order documenting the audit.

An audit organization should not rely entirely on the work of internal auditors in its audit. It is necessary to carry out audit checks of items and transactions already audited by internal auditors. If these checks give summary (comparable) results, no adjustments are required in the intended work. If discrepancies are found, appropriate measures should be taken, for example, to change the content or increase the volume of audit procedures.

The audit organization is solely responsible for issuing audit report, written information of the auditor to the management of the economic entity based on the results of the audit, as well as for determining the content, timing and scope of audit procedures. This responsibility is not diminished even when any results of the internal audit work are used.

The concept of internal audit has already become firmly established in the activities of many companies, although there are still organizations that do not apply control in their activities. They confine themselves to formal verification, without thinking about how effective the systematic work of internal auditors can be.

What is internal audit

Let's first figure out the difference between external and internal audit. Under the internal audit it is customary to understand the control activity, organized on a specific economic entity, carried out in the interests of the owner and regulated by his documents. In fact, VA is a kind of control method that allows you to check and analyze the activities of individual management processes and divisions of the company.

The main goal of the IA is to ensure the efficient operation of the company. This includes identifying gaps and suggestions for eliminating errors, as well as monitoring the correct functioning of individual work processes and departments of the organization.

About the state internal financial control and internal financial audit, audit on labor protection at the enterprise, improving the QMS at the defense industry enterprise and other types of inspections, read below.

Internal audit and internal control system are described in this video:

Different kinds

Depending on the tasks to be solved, internal audit is different types... Such checks can be carried out all in the enterprise or be limited to only one variety.

The following types are often distinguished:

  1. Functional control of control systems.
  2. Organizational and technical audit of the management systems.
  3. Verification of activities.
  4. Compliance audit.
  5. Checking officials for compliance with the appropriateness of their activities.

These types of controls are optional activities.

There is one more type - its implementation is imputed to all organizations, without exception, at the legislative level. This is a financial audit that checks the activities of the accounting department and all aspects related to cash flow.

The need to organize an internal personnel (or other type) audit at the enterprise will be discussed below.

Main functions

Depending on the specific tasks of the organized audit, its functions may also differ. The most commonly defined VA functions are:

  • Monitoring, verification and analysis of accounting systems. Examination of financial documents, their classification and assessment
  • Study of laws and changes in regulations to verify compliance with them, as well as analysis of instructions, orders and other internal company documentation for compliance
  • Evaluation of the effectiveness and verification of the mechanisms of the quality of work of individual links and divisions of the organization
  • Checking the condition and safety of the company's property, assessing the availability of everything necessary for effective operation, checking the quality of software and its functionality
  • Development and provision of recommendations for eliminating identified errors and shortcomings. General analysis activity and its verification for compliance with the company's strategy.

Internal audit can take various forms that are required for a particular company. Sometimes this changes both the tasks and the functions of the reviewers. Basically, these are various control, information, analytical and consulting functions of various orientations. In special cases, the IA function may even be to monitor the activities of one employee or a small workflow.

Regulatory regulation

  • The activities of internal auditors are defined by international (ISVA) and national standards (FSAD). On the territory of the Russian Federation, Law No. 307-FZ "On Auditing Activity" is in force, which considers the main aspects of the work of auditors.
  • Also, auditors must adhere to other laws. The following documents are related to their work - Federal Law No. 115 of 08/07/01 "On Combating the Legalization (Laundering) of Criminally Obtained Incomes and Financing of Terrorism", Federal Law No. 273 of December 25, 2008 "On Combating Corruption". There is also another document in the field of financial audit - the Code of Ethics for Professional Accountants.
  • In addition, the development and implementation of personal in-house standards is allowed. They can be detailed and very different from federal and international regulations, but they must not contradict them.

Internal audit is the topic of the following video:

Objects and subjects

  • Under object Internal audit is understood as an administrative link, a specific work process or an integral element of activity that is subject to control. The choice of an object is always based on the purpose and type of audit, therefore it can relate to any area of ​​the company's activity.
  • Subjects IA are specialists who provide control activities. The quality of control directly depends on their level of competence, therefore, even in small enterprises, the work of only one auditor is usually formed, rather than organized.

The internal audit service consists of direct subjects and their head. The branching structure of the IA service depends on the size and number of activities. For many effective organizations, IAS activities are indispensable, thanks to its well-coordinated work, shortcomings are regularly identified and effective ways of doing work are proposed, which significantly increases overall efficiency.

Now we will learn how to conduct an internal audit at an enterprise, and about the details with examples of such a procedure.

Auditing

The organization and conduct of internal audit always begins with an order from the management. VA is often of a planned nature and is performed in certain terms... Conducting a control check always has 3 stages:

  1. Preliminary.
  2. Worker.
  3. Final.

These stages cannot be changed - excluding or neglecting one of them makes it impossible for internal audit to achieve its goal. Each stage solves its own tasks, they cannot be included in another paragraph or abolished.

At the preliminary stage, all preparatory work(incl.). Terms are determined, documents are spoken and control methods are selected. Then it is carried out directly auditing according to the chosen methods. After its completion, it is necessary to summarize, analyze the results obtained, and perform other final operations.

Important information

Not all rated yet positive effect from systematic internal audits different kinds... The state obliged organizations to carry out control only in the area financial activities, but does not force audits in other areas of the company. The presence of regular internal audits significantly increases the efficiency of work processes, so more and more companies are trying to organize an IAS.

Audit is really a powerful link in correcting the activities of all work processes. He is able to identify shortcomings and evaluate the overall strategy of the company. Its functions and types are different, but they are all aimed at one thing - increasing the efficiency of a particular organization.

The video below will tell you about the internal audit and the ICS system (IAAP):

To share with friends:
Similar publications
© 2021 com-roseltorg.ru Popular articles about banking services