Role of Internal Audit in Internal Control and Risk Managment

Role of Internal Audit in Internal Control and Risk Managment

Internal auditors provide assurance to a company’s directors that the company’s risk management systems and internal controls are operating effectively.

Whilst the Risk Management department of a company will actually assess and manage the risks, the internal auditor’s role is to check all aspects of this process and report back to the board, typically through the audit committee, on how the risk management processes can be improved. 

For example, the internal auditor will assess how effectively risks are being identified. The auditor will look at the methods being used for risk identification, and the people who are doing it, and will use his experience to suggest alternative methods, or maybe to suggest that the wrong people are currently doing it and need to be replaced. The auditor will look at all other stages in the risk management process as well, questioning risk measurement techniques, the design of risk solutions, how the implementation of these solutions could be improved etc. 

Historically, the auditor’s primary role has been in ensuring that the actual risk management solutions chosen (e.g. internal controls, insurance, hedging) are happening, and are operating effectively. Control procedures will be tested, levels of insurance assessed to ensure they are appropriate and hedging positions checked to verify they are covering currency risks adequately. 

Whilst the Risk Management department would be expected to check their own work to ensure it is effective, the existence of an independent internal audit function is likely to provide greater assurance to the board.