Internal Audit In Small Medium Enterprise

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization  to accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.” – IPPF

“To embrace complexity is to treasure diversity. To eliminate uncertainties is to limit possibilities. Be ready to walk out of your comfort zone for sustainability.” -Kelvin Chau

Compliance?     Assurance?     Risk Assessment & Management?     Corporate Governance?     Internal Control?

Highlighted Topic:

  • What is Internal Audit?
  • Why Internal Audit is important for an organization?
  • What we do?
  • Differences between External Audit & Internal Audit.
  • Audit Committee in SME: Essential or Excessive?
  • What are the key areas need to be audited?
  • How we conduct our internal audit?

Key Points:

  • Independent & Objective

-This is the combination of fact and frame of mind. The internal auditors need to ensure no conflict of interest exists prior to accepting an engagement.

  • Helps an organization to accomplish its objectives.

-One of the primary goal of the internal audit function is to make the organization better and to add value. Internal audit does not only evaluate but to improve the effectiveness within the areas that are being reviewed.

  • Risk Assessment

-Internal Audit ensures the survival and prosperity of an entity. It does not just look at financial risk but consider the wider issues such as reputation, growth, treatment of employees and environmental impact.

Why Internal Audit is important?

  • Assessing the management of risk.

-The profession of internal audit is fundamentally concerned with evaluating an organization’s management of risk. The key to an organization’s success is to manage the risk effectively, more effectively than competitors and as effectively as stakeholders’ demand.

  • Assisting management in the improvement of internal control.

-An internal auditor’s knowledge of the management of risk also enables him or her to act as a consultant providing advice and acting as a catalyst for improvement in an organization’s practices.

  • Provide assurance to the Management.

-Internal Audit helps executive management and boards to demonstrate that they are managing the organization effectively on behalf of their stakeholders. This is summarized in the mission statement of the internal audit’s role is “to enhance and protect organizational value by providing risk based and objective assurance, advice and insight.

What We Do?

  • Evaluating controls and advising manager at all levels.

-Internal audit’s role in evaluating the management of risk is wide ranging because everyone from the mailroom to the boardroom is involved in internal control. The internal auditor’s work includes assessing the tone and risk management culture of the organization at one level through the evaluating and reporting on the effectiveness of the implementation of management policies at another.

  • Evaluating risks

-It is management’s job to identify the risks facing by the organization and to understand how they will impact the delivery of objectives if they are not managed effectively. Managers need to understand how much risk the organization is willing to live with and implement controls and other safeguards to ensure these limits are not exceeded. Some organizations will have a higher appetite for risk arising from changing trends and business/economic conditions. The techniques of internal auditing have therefore changed from a reactive and control based form to more proactive and risk based approach. This enables the internal auditor to anticipate possible future concerns and opportunities providing assurance, advice and insight where it is more needed.

  • Analyzing operations and confirm information

-Achieving objectives and managing valuable organizational resources requires systems, processes and people. Internal auditors work closely with the line managers to review operations then report their findings. The internal auditors must be well versed in the strategic objectives of their organization and the sector in which it operates in, so that they have a clear understanding of how the operations of any given part of the organization fit into the bigger picture.

  • Working with other assurance providers.

-Providing assurance to executive management and the board’s audit committee that risks are being managed effectively is not the exclusive domain of internal audit. There are likely to be other assurance providers who perform a similar role. This can include risk management professionals, compliance officers, fraud investigators, quality managers and security experts. The difference between these assurance sources and internal auditors is that internal audit are independent from management operations and are able to give objective and unbiased opinions about the way risks are reported and managed.







Meaning Internal Audit refers to an ongoing audit function performed within an organization by a separate but an independent separate internal auditing department. External Audit is an audit function performed by the independent body which is not a part of the organization.
Objective To review the routine activities and provide suggestion for the improvement. To analyze and verify the financial statements of the company.
Conducted by Employees/Third Party Third Party
Auditor is appointed by Management Members
Users of Report Management Stakeholders
Opinion Opinion is provided on the effectiveness of the risk management on operational activities of the organization. Opinion is provided on the truthfulness and fairness of the financial statement of the company.
Scope Decided by the management or audit committee of the entity. Decided by the statute.
Obligation No, it is voluntary. Yes, according GAAP.
Period Continuous Process. Once in a year.
Checks Operational Efficiency. Accuracy and Validity of Financial Statements.

Coordination between internal and external auditors is essential for the success of such auditors. External auditors in many cases rely on the work of internal auditors in performing their duties. The results in reduction of their time and fees.



Essential Why SME’s rejecting Audit Committee?


  • Independently mitigate the risk of fraud, theft and embezzlement.
  • Audit committees are more valuable than ever with the upcoming mounting pressure that companies face today to do more with fewer resources.
  • Provides the professional experience required to assess the organization’s corporate level-risks, discuss the areas of greatest risk and create appropriate work plans to mitigate those risks
  • Complement existing audit activities and enhance the overall quality of the organization’s corporate governance.

Misconception No.1

My business is too small for an internal audit function.

Misconception No.2

Our audit committee isn’t required to be independent, so there is no need to have an independent committee.

Misconception No.3

We can’t afford internal audit.

Misconception No.4

Facilitating audit committee oversight takes time away from daily business operations.

Misconception No.5

Nobody cares.

Common Internal Audit Cycles

How We Conduct Audit

Share with your friends & colleagues