Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Internal auditing is a catalyst for improving an organization's effectiveness an efficiency by providing insight and recommendations based on analyses and assessments of data and business processes. Internal auditing activity is primarily directed at improving internal control. Under the COSO Framework, internal control is broadly defined as a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following internal control categories:
1. Effectiveness and efficiency of operations 2. Reliability of financial reporting 3. Compliance with laws and regulations
Management is responsible for internal control. Managers establish and processes to help the organization achieve specific objectives in each of these categories. Internal auditors perform audits to evaluate whether the policies and processes are designed and operating effectively and provide recommendations for improvement.
To perform their role effectively, internal auditors require organizational independence from management, to enable unrestricted evaluation of management activities and personnel. Although internal auditors are part of company management and paid by the company, the primary customer of internal audit activity is the entity charged with oversight of management activities. This is typically the Audit Committee, a sub-committee of the Board of Directors. To provide independence, the Director of Internal Audit reports to the Audit Committee, with administrative reporting to the Rector of IIUM or the Chief Executive Officer.
