“Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
The value of internal audit lies in its provision of objective and independent assurance on governance, risk management and control processes. The virtues of independence and objectives, which are enshrined in the definition of internal auditing, enable credit unions and its stakeholders to rely on the assurance provided by their internal audit functions. Internal audit’s value also lies in the breath of coverage it provides with respect to assurance.
The internal audit function plays a crucial role in the ongoing maintenance and assessment of a Credit Union’s internal control, risk management and governance. Furthermore, the internal auditor may use risk based approaches to determine their respective work plans and actions.
The internal audit function should cover the following:
The Internal Audit function and Internal Audit Charter
The Internal Auditor shall prepare, implement and maintain a document called the “Internal Audit Charter” which defines
- The activities and objectives of the internal audit function within the credit union, and
- The scope of those activities including roles and responsibilities
- Statement of Policy
- Mission of Internal Audit
- Activities and Scope of Activities
- Processes to be used to assess areas of significant risk
- Authority and Access
- Independence and safeguards in place
- Procedures for the coordination between Internal Audit function and Internal auditor
- Reporting and Recommendations
- Review and Approval and timelines
- The Internal charter shall be reviewed and modified at least annually.
The Internal Auditor shall have access to all records, personnel and physical properties of the credit union.
The internal audit function shall be separate from other functions and activities of the credit union, and be capable of operating independently of management and without undue influence over its activities
The Internal Audit function and Internal Audit Plan
In advance of preparing the internal audit plan the internal audit function should undertake a risk assessment to identify key risks within the credit union. Activities that are determined to be higher risk should be audited in more depth and more frequently than activities that are determined to be lower risk. However, the internal audit plan should provide for all areas of the credit union’s business to be covered over a set period. The internal audit plan should also take account of the audit plans of the auditor.
The internal audit plan should be dynamic and flexible to allow for changes throughout the year. The internal audit function should communicate any significant deviations from the internal audit plan, the reasons for these deviations and proposed action to address the deviations to the board of directors (or the audit committee where one exists).
The Internal Auditor or Internal Audit function shall prepare a written plan known as an “Internal Audit Plan” detailing
- Scope and objectives of audits
- Setting Priorities as regards areas to be audited and determine the necessary resources required to implement the plan
- Setting out all risks identified and Key risks identified and the timelines to complete the audits
- The Internal Audit plan should be reviewed and modified at least annually
The Internal Audit function and Internal Audit Reporting
The internal audit function shall report the results of its evaluations and recommendations to the audit committee, where one exists, or otherwise to the board of directors, on a regular basis, and at least quarterly
The board of directors of the credit union should encourage the internal audit function to adhere to internal audit professional standards and benchmarks relating to internal audit. An example of such standards is the international standards for professional practice of internal auditing established by the Institute of Internal Auditors
The board shall regularly review, but at least annually, the performance and effectiveness of the internal audit function, including reviewing and approving the internal audit charter and the internal audit plan and reviewing and approving any modifications to them, ensuring they are updated and that any issues identified in the review are managed and rectified in a timely manner