Internal Audit

Internal auditing is an independent, impartial process which enables a company to be reassured about the level of control over its activities, and to suggest ways of optimizing them, thereby helping to generate added value.

What is internal auditing?

Internal auditing is a crucial component of any management system. According to ISO 19011, internal auditing is an independent process using specific methods to gather concrete evidence and make an impartial assessment.

The internal audit scrutinizes an organization’s processes and practices to confirm their compliance with a quality policy and defined quality standards.

The purpose of internal audits is to confirm that the Management System is in line with the entity’s own requirements and those of the standard, ensuring that it is effective and up to date.

Internal audit is also a key instrument in the organization’s continuous improvement process.

Internal audit objectives

To ensure that your internal audits are consistent and, above all, beneficial, it is advisable to :

  • Design an internal audit program (plan internal audits over several months).
  • Use qualified, neutral auditors (wherever possible, especially in small organizations), the principle being to avoid auditing your own work.
  • Carry out the audit according to the prerogatives of the standard, and internal processes or regulations.
  • Examine practices.
  • Highlight points of excellence, those to be preserved or popularized, those to be maintained, risks and opportunities for improvement.

How to conduct effective internal audits?

To ensure that your internal audits are consistent and, above all, beneficial, it is advisable to :

  • Design an internal audit program (plan internal audits over several months).
  • Use qualified, neutral auditors (wherever possible, especially in small organizations), the principle being to avoid auditing your own work.
  • Carry out the audit according to the prerogatives of the standard, and internal processes or regulations.
  • Examine practices.
  • Highlight points of excellence, those to be preserved or popularized, those to be maintained, risks and opportunities for improvement.

The quality of your internal audits will depend mainly on the skills of your auditors. It’s not just a question of professional skills, but above all of auditing methods, interpersonal skills, discernment, understanding of the principles of the audited standard, and the specifics of an effective management system. ISO 19011 provides guidance (in § 7.2 Determining an auditor’s competence) on the selection of internal auditors. Some of the qualities they should focus on include integrity, diplomacy, open-mindedness and discernment. Afterwards, appropriate training will enable them to acquire the skills needed to prepare, conduct and report on an audit, based on an established frame of reference.

Who can carry out an internal audit?

An internal audit requires the intervention of an independent auditor. He must conduct his investigations with neutrality. To this end, it is imperative that he adopts a neutral, unbiased stance. It is essential to avoid any situation of conflict of interest, so as to base your observations on tangible, attested elements. Internal controllers analyze financial data, internal audit mechanisms, risk management strategies, operating procedures and compliance protocols to assess the entity’s ability to achieve its ambitions and comply with applicable standards and regulations.

Internal audit is an integrated mechanism within a company. It can be carried out by an independent internal controller such as SFH Conseil. Its task is to scrutinize the company’s organization for imperfections and threats that could compromise the strategy established by management. It thus plays a crucial role in validating the rigor of internal quality controls.

The conclusions of the internal audit are passed on to the structure’s management and key stakeholders, with a view to proposing appropriate recommendations.

Who does internal auditing concern?

Internal auditing is primarily aimed at organizations, whether in the public or private sector. This includes commercial companies, financial institutions, government authorities, non-profit organizations, institutions of higher education and similar bodies.

In these organizations, internal auditing is primarily aimed at senior executives, risk management specialists, compliance officers and board members, to assess and optimize the efficiency of internal control, risk management and governance systems.