How Internal Audits Help Organizations Grow and Adapt to Change

Jason Emmons, Partner, Internal Audit Services
Weston Nelson, Partner, Internal Audit Services

Requests and demands for internal audits can be vast. It’s important to drive progress and growth from within your organization by harnessing opportunities that can help:

  • Successfully navigate risks
  • Achieve reliable financial reporting and regulatory compliance
  • Streamline operations
  • Promote stakeholder confidence

An internal audit can keep you moving forward if you’re looking to attain or maintain compliance with the Sarbanes-Oxley Act of 2002 (SOX), regulatory requirements, or government contracts, or if you simply hope to gain an overall assessment of your internal controls related to finance, operations, or compliance.

What Is an Internal Audit?

An internal audit involves an independent and objective evaluation of financial and operational business activities, including verifying compliance with various federal and state laws by implementing processes and procedures to reduce risk exposure while protecting the company’s assets and efficiency.

For large companies, it’s ideal for an internal audit to take place on an annual basis because these companies already shift their internal control and audit focus areas and review their risk areas annually.

As audits are scalable based on objectives, internal audits are also beneficial for smaller companies that don’t want to develop a full internal audit department.

Why Should Companies Conduct an Internal Audit?

Auditing a company’s internal controls and operational practices can provide objective insight to help a company identify gaps, detect fraud, mitigate risk, and remain compliant.

There are three main reasons to perform an internal audit:

  • Financial and SOX compliance
  • Compliance testing
  • Operational audits and requests

Financial and SOX Compliance

While fast-growing companies might be lured by shortcuts, cutting corners can often have devastating effects in a heavily regulated market.

Not fully addressing compliance requirements under SOX is one shortcut that can lead to errors in financial statements and corporate disclosures, such as devaluing stock price and damaging investor confidence.

A balanced approach to SOX compliance considers the organization’s risk tolerance, budget, and operational goals.

Top Value-Adding Benefits
  • Money. Delivers the ability to save money with an external auditor by leveraging more work from the organization.
  • Training. Provides training ground to understand the organization’s transactions.
  • Big-picture perspective. Provides the ability to see the process from beginning to end.
  • Efficiency. Creates an opportunity to increase efficiencies in the organization’s processes.
Factors to Consider
  • Time. Significant time and effort are involved and could limit time for other requests.
  • Perceptions. Often seen as offering little value within the organization or as an obligatory task.
  • Resources. Can cause strain or fatigue on internal resources if the organization’s goals are to conduct more compliance or operational audits.

Compliance Testing

Compliance testing is auditing for adherence to a policy, rule, or regulation. Compliance testing is the process used to test internal controls related to risk.

Compliance testing is often the first type of test an organization performs when assessing the control environment.

Top Value-Adding Benefits
  • Risk profile. Helps to assess and manage your compliance risk profile.
  • Planning. Identifies violations to assist with remediation planning.
  • Opportunities. Can elevate internal control improvement opportunities.
Factors to Consider
  • Monitoring. Requires ongoing monitoring.
  • Scrutiny. Ad hoc testing can result in increased regulatory scrutiny.
  • Remediation. Identified violations require timely remediation.

Operational Audits and Requests

Primarily composed of a combination of processes, people, and IT systems, these audits review internal control activities.

Deficiencies in any of these areas can lead to a disclosed material weakness—before or after you go public—even if that area isn’t subject to formal assessment by external auditors.

External auditor assessments could range from privacy assessments to very technical reviews, but this can vary depending on the organization’s industry.

Top Value-Adding Benefits
  • Security. Helps decrease your vulnerability to fraud and misconduct.
  • Early adoption. Encourages early adoption of internal control over financial reporting.
  • Tolerance. Identifies risk tolerance and the impact to financial reporting.
  • Strategic practices. Creates policies and procedures that follow industry best practices and improves efficiency.
Factors to Consider
  • Resources. Highlights deficiencies in the organization that may need action or additional resources.
  • Feasibility. Not feasible for smaller, resource-constrained companies.
  • Personnel. Can require additional headcount or financial commitment.

How Can Internal Audits Help Organizations Adapt to Change?

Auditing a company’s internal controls can provide objective insight to help a company identify gaps, detect fraud, and mitigate risk.

When leveraged with purpose, an internal audit could add value by:

  • Improving efficiencies. Auditing often requires understanding the process from beginning to end. This cradle-to-grave analysis can highlight opportunities to reduce redundancies, improve execution—whether controls or activities—and improve the overall ability to reduce risk.
  • Enhancing effectiveness. Auditing can improve the knowledge and experience of those performing controls or activities by highlighting what matters and focusing on it with greater understanding of control nuances or risk.
  • Providing an early warning or detection of growing or emerging risks. Internal audits can be designed to evaluate new or trending technologies, growing services or product offerings, and new divisions or company acquisitions.
  • Providing insight into common areas that overlap frameworks. Audits can shine a light on redundancies or inefficiencies across multiple departments, compliance efforts, groups, and divisions.

Ultimately, internal audits help to improve the business and its people, while minimizing risk, maintaining compliance, and increasing confidence of those charged with governance.

We’re Here to Help

For more information about your internal audits and how best to utilize them, please contact your Moss Adams professional.

You can also visit our Internal Audit Services for additional resources.

Ask a Question

Assurance, tax, and consulting offered through Moss Adams LLP. ISO/IEC 27001 services offered through Cadence Assurance LLC, a Moss Adams company. Wealth management offered through Moss Adams Wealth Advisors LLC. Services from India provided by Moss Adams (India) LLP.

Related Topics

How to Control Your SOX Compliance Costs
Take a Solutions-Based Approach to Fraud Prevention
5 Steps to Prevent Material Weaknesses Before an Independent Audit
Three Steps for Improving Your Internal Audit and Increasing Return on Investment

Contact Us with Questions

Enter security code:
 Security code