What Does an Internal Auditor Do?

Updated on June 15, 2020
Katrina McKenzie profile image

As the founder of KLM Audit & Compliance, I relieve the stress and worry business people often feel when dealing with compliance issues.

What does an internal auditor do? Find out!
What does an internal auditor do? Find out!

What Do You Do?

Over the years, I have gotten very used to family and friends telling me they have no idea what I do for a living. What I did find interesting is that when I applied for audit roles at accounting firms some of the feedback I received included ‘We don’t know where you would fit with what we do,’

Now please don’t take this as me having a go at the accountants, I have a lot of respect for them and the work they do. Their role has purpose and value for the organisations they work with, just like my role. It is just that the purpose and value of our roles are very different.

I have mentioned before that I am not an accountant. When asked what I do I usually reply with ‘I specialise in compliance and operational audits’ or ‘I relieve the worry and stress business people often feel when dealing with compliance issues.’

But what exactly does that mean?

Compliance and Operational Audits

First, here's a little clarification on compliance audits versus operational audits.

Compliance audits are any audits relating to an external document. This could include:

  • legislation such as the Estate Agents Act
  • standards such as ISO 9001 or the Good Manufacturing Practice
  • a contract or deed allowing you to provide goods
  • services—such as the government contracts to provide employment services

Basically they relate to any document that you haven’t written yourself and that you have to follow, meaning you are compliant to it, so that you can continue operating in your chosen field and be able to provide your goods or services.

Most industries have a number of different external documents they need to be compliant to so at times it can get complicated.

While your internal auditor can help you get ready for a compliance audit, the actual audit is carried out by an external auditor. The external auditors are employed by the governing body responsible for the document they are auditing against.

For example, an auditor from Consumer Affairs will audit a real estate agency to determine if they are following the requirements of the act. An auditor from the Department of Employment will audit an employment services provider to make sure they are following the guidelines set out in the Deed and their individual contract.

When organisations talk about being ‘Audit Ready’ they are talking about compliance audits. They want to make sure they pass the external audit and can continue to trade.

In contrast, operational audits are all about your own internal policies, procedures, work instructions and the countless other documents you have created for your business.

I like to think that these documents create the culture of your business.

Your Business

When you start your business you put together your business plan which gives you the structure, or how you want your business to look, e.g., sole trader versus a company, manufacturing of products or providing a service.

Your internal documents create the feel of your business, essentially they are the heart of your business. They state how you want your staff to interact with each other and clients/customers, as well as the level of quality and consistency you want your products or services to have.

A good internal auditor will not only know how to read these documents, they will know how to get them to talk!

Every one of these documents make up the story of your business. They can tell you where the business has been, where it is now, where you want to take it and what is stopping you from getting there.

A well planned internal audit schedule can also provide the majority of the information you need for strategic planning for years to come.

By taking into account your compliance audit requirements when you create your internal documents, such as referencing the relevant external documents and aligning your policies and procedures with their requirements, you can make sure that any operational audits are also helping to keep you audit-ready.

Where I Fit In

So, getting back to the question of what it is I do.

Short answer—all of the above and more!

I can actually come in at any stage, such as:

  • Creating the internal documents
  • Creating an internal audit program
  • Training new auditors
  • Creating an audit schedule and conducting the risk
    assessments that go with it
  • Conducting and reporting on operational audits
  • Preparation for compliance audits
  • And yes, even conduct the compliance audits

It is a complex occupation, you have to be able to understand and interpret a wide range of legal documents, often for industries that you have had no experience in. Plus there are always challenges being thrown at you.

My favourite challenge so far was being asked to completely revise an
internal audit program:

  • Create all new policies, procedures, work
    instructions and forms,
  • Create risk assessment tools and preform the
    initial assessments,
  • Create and deliver a training package for both
    lead auditors and support auditors

And I had six weeks to do it all and have the program up and running—hey, who needs sleep anyway! But honestly, I wouldn’t have it any other way.

Please Note: The above article is not intended for use as standalone audit advice.

This article is accurate and true to the best of the author’s knowledge. Content is for informational or entertainment purposes only and does not substitute for personal counsel or professional advice in business, financial, legal, or technical matters.

© 2017 Katrina McKenzie


    0 of 8192 characters used
    Post Comment

    No comments yet.


    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, toughnickel.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://maven.io/company/pages/privacy

    Show Details
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)
    ClickscoThis is a data management platform studying reader behavior (Privacy Policy)