Internal Audit FAQs

  1. What is Internal Auditing?

    Internal auditing is an independent, objective, assurance and consulting activity that adds value to and improves an organization’s operations.  It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
     
  2. What is Risk-Based Auditing?

    The risk-based approach toward auditing is mandated by the IIAs International Standards for the Professional Practice of Internal Auditing (Standards) and is the only way to ensure that the priorities of the internal audit activity are consistent with the organization's goals.  Such an approach provides internal auditors with the opportunity to become intimately knowledgeable of the organization's risk appetite and tolerance allowing them to target high-impact areas, appropriately allocate scarce resources, and be well positioned to advise management on vulnerabilities and corrective actions.
     
  3. What is the Institute of Internal Auditors?

    The Institute of Internal Auditors (IIA) is the internal audit profession’s global voice, recognized authority, acknowledged leader, chief advocate, and principal educator worldwide.  Established in 1941, the IIA serves members from all around the world in internal auditing, governance, internal control, IT auditing, education, and security.
     
  4. How does internal auditing maintain its independence and objectivity?

    Independence:  The audit charter should establish independence of the internal audit activity by the dual reporting relationship to management and the organization’s most senior oversight group. Specifically, the CAE should report to executive management for assistance in establishing direction, support, and administrative interface; and typically to the audit committee for strategic direction, reinforcement, and accountability.  The internal auditors should have access to records and personnel as necessary, and be allowed to employ appropriate probing techniques without impediment.

    Objectivity:  To maintain objectivity, internal auditors should have no personal or professional involvement with or allegiance to the area being audited; and should maintain an
    un-biased and impartial mindset in regard to all engagements.
     
  5. How do internal and external auditors differ and how should they relate?

    Although they are independent of the activities they audit, internal auditors are integral to the organization and provide ongoing monitoring and assessment of all activities. On the contrary, external auditors are independent of the organization and provide an annual opinion on the financial statements. The work of the internal and external auditors should be coordinated for optimal effectiveness and efficiency.
     
  6. What is Enterprise Risk Management (ERM) and what role in it does internal auditing play?

    Enterprise Risk Management is a structured and coordinated entity-wide governance approach to identify, quantify, respond to, and monitor the consequences of potential events. Implemented by management, ERM is evaluated by the internal auditors for effectiveness and efficiency.
     
  7. What is internal auditing’s role in preventing, detecting, and investigating fraud?

    Internal auditors support management's efforts to establish a culture that embraces ethics, honesty, and integrity. They assist management with the evaluation of internal controls used to detect or mitigate fraud, evaluate the organization's assessment of fraud risk, and are involved in any fraud investigations.
     
  8. What standards guide the work of internal audit professionals?

    As part of The IIA's Professional Practices Framework, the International Standards for the Professional Practice of Internal Auditing (Standards) outline the tenets of the internal audit profession. Other applicable guidance, pronouncements, and regulations also may have an impact on how internal auditing is performed; and may provide clarification and delineation of acceptable and recommended processes.
     
  9. How does the internal audit activity go about prioritizing its resources?

    Effective prioritization involves staying in sync with the organization's risk priorities and taking a risk-based approach to internal audit planning. By continuously monitoring organizational changes that might alter the plan, the CAE should be well equipped and positioned to make informed and educated recommendations to management and the board on the most effective use of internal audit resources.
  10. Where does the WSSC audit function fit in the Commission?

    In order to maintain objectivity and independence from the areas to be audited, the WSSC Internal Audit Office has a singular-reporting responsibility to the Board of Commissioners in its role as the Audit Committee. 

  11. Who audits the Internal Audit Office?

    According to the International Professional Practices Framework (IPPF) by the Institute of Internal Auditors (IIA) Practice Advisory 1312 “external assessments must be conducted at least once every five years by a qualified, independent reviewer or review team from outside the organization.”  The independent accounting firm concluded “that the internal audit activity generally conforms with the Standards and Code of Ethics.”  Please see the results of our 2016 external assessment.