Facebook
Email
Twitter
LinkedIn

We had a huge level of interest in our recent Internal Audit webinar that we presented on behalf of the London and South East Forum. We therefore thought it would be useful to cover some of the key areas in a series of blogs starting with “What is Internal Audit”.

“The role of internal audit is to provide independent assurance that an organisation's risk management, governance and internal control processes are operating effectively”

Who should carry out the work

Internal Audit should not be carried out by your external auditor. The Ethical Rules of the Financial Reporting Council prevent an organisation from carrying out internal audit work for an external audit client. The PRA have also been very clear that the same people should not be carrying out your internal and external audit. The work should also not be done by operational staff or the Board at the Credit Union or you have the risk of auditing your own work. An independent internal auditor also gives a fresh perspective and by being independent you get a greater level of assurance.

The work can be performed by your Supervisory Committee or an Internal Auditor. For a number of clients we work in conjunction with the Supervisory Committee. The key thing is, that the work should be done by people who understand Credit Unions and how they operate, in order to be able to understand weaknesses and areas for improvement.

Importance of Internal Audit

Internal Audit plays a key role in the Credit Union for a number of reasons:

  • Regulatory requirement– Both the PRA and FCA Rulebooks set out requirements for Credit Unions to have an internal audit function.
  • Assurance– The Board and Management of the Credit Union both require assurance that the controls that they set are operating satisfactorily and this is a key role for the internal audit function.
  •  Improvements– Internal Audit can help identify areas for improvement in the Credit Union that can help save time and money.
  • Three Lines of Defence– The Institute of Internal Auditors and the Institute of Directors both endorse the ‘Three Lines of Defence’ model. This is a framework for operational risk management. Internal audit plays a key role as the third line of defence in this mode.

Difference with External Audit

There are some important differences between internal and external audit:

  • Focus– External audit work is focused on allowing the external auditor to make their report on the financial statements. While the operation of controls is important to the external auditor it is a primary focuses of internal audit. Finance will also be only one area of internal audit as it will look at different operations within the Credit Union.
  • Standards– External audit must follow Auditing Standards set by the Financial Reporting Council. The Institute of Internal Auditors sets standards for Internal Auditors but these are not mandatory for all internal audits. 
  • Reporting- The external auditor is reporting to the members of the Credit Union while the Internal Auditor is reporting to management. As such the Credit Union can decide in terms of the areas and number of areas that the Internal Auditor will review. The Credit Union can not decide on what the external audit will review as that is governed by external auditing standards.

Guidance

There are a number of sources of information and guides for internal audit:

  • The Institute of Internal Auditors set standards for Internal Audits
  • “Effective Internal Audit in the Financial Services Sector” by the IIA
  • FCA rulebook contains guidance on areas that internal audit should cover. It should be noted it was written a number of years ago and therefore does not cover important areas for internal audit.

More Information

For more information on internal audit please see our internal audit pages.