What Does an Internal Auditor Do?
What Do You Do?
Over the years I gotten very used to family and friends telling me they have no idea what I do for a living. What I did find interesting is that when I applied for audit roles at accounting firms some of the feedback I received included ‘We don’t know where you would fit with what we do,’
Now please don’t take this as me having a go at the accountants, I have a lot of respect for them and the work they do. Their role has purpose and value for the organisations they work with, just like my role. It is just that the purpose and value of our roles are very different.
I have mentioned before that I am not an accountant. When asked what I do I usually reply with ‘I specialise in compliance and operational audits’ or ‘I relieve the worry and stress business people often feel when dealing with compliance issues.’
But what exactly does that mean?
Compliance and Operational Audits
First a little clarification on compliance audits versus operational audits.
Compliance audits are any audits relating to an external document. This could include:
- legislation such as the Estate Agents Act;
- standards such as ISO 9001 or the Good Manufacturing Practice;
- a contract or deed allowing you to provide goods
- or services, such as the government contracts to provide employment services
Basically they relate to any document that you haven’t written yourself and that you have to follow, meaning you are compliant to it, so that you can continue operating in your chosen field and be able to provide your goods or services.
Most industries have a number of different external documents they need to be compliant to so at times it can get complicated.
While your internal auditor can help you get ready for a compliance audit, the actual audit is carried out by an external auditor. The external auditors are employed by the governing body responsible for the document they are auditing against.
For example an auditor from Consumer Affairs will audit a real estate agency to determine if they are following the requirements of the act. An auditor from the Department of Employment will audit an employment services provider to make sure they are following the guidelines set out in the Deed and their individual contract.
When organisations talk about being ‘Audit Ready’ they are talking about compliance audits. They want to make sure they pass the external audit and can continue to trade.
In contrast operational audits are all about your own internal policies, procedures, work instructions and the countless other documents you have created for your business.
I like to think that these documents create the culture of your business.
When you start your business you put together your business plan which gives you the structure, or how you want your business to look, e.g. sole trader versus a company, manufacturing of products or providing a service.
Your internal documents create the feel of your business, essentially they are the heart of your business. They state how you want your staff to interact with each other and clients / customers, as well as the level of quality and consistency you want your products or services to have.
A good internal auditor will not only know how to read these documents, they will know how to get them to talk!
Every one of these documents make up the story of your business. They can tell you where the business has been, where it is now, where you want to take it and what is stopping you from getting there.
A well planned internal audit schedule can also provide the majority of the information you need for strategic planning for years to come.
By taking into account your compliance audit requirements when you create your internal documents, such as referencing the relevant external documents and aligning your policies and procedures with their requirements, you can make sure that any operational audits are also helping to keep you audit ready.
Where I Fit In
So, getting back to the question of what it is I do.
Short answer – all of the above and more!
I can actually come in at any stage, such as –
- Creating the internal documents,
- Creating an internal audit program,
- Training new auditors,
- Creating an audit schedule and conducting the risk
assessments that go with it,
- Conducting and reporting on operational audits,
- Preparation for compliance audits,
- And yes, even conduct the compliance audits
It is a complex occupation, you have to be able to understand and interpret a wide range of legal documents, often for industries that you have had no experience in. Plus there are always challenges being thrown at you.
My favourite challenge so far was being asked to completely revise an
internal audit program –
- Create all new policies, procedures, work
instructions and forms,
- Create risk assessment tools and preform the
- Create and deliver a training package for both
lead auditors and support auditors
And I had six weeks to do it all and have the program up and running – hey who needs sleep anyway!
But honestly, I wouldn’t have it any other way.
Please Note: The above article is not intended for use as standalone audit advice.
© 2017 Katrina McKenzie