In today’s competition driven world, businesses and companies need to make sure no stone is left unturned in ensuring their company remains at the top. Among several external processes employed to ensure this such as offers, discounts and other incentives for the buyer or client, there are certain internal processes too that are equally important because an internally sound organization can reflect its strength on the outside. Internal audit serves this purpose. This process is an assurance and checking activity whose key goal is to systemize an organization’s internal processes to strengthen the risk management, control, and governance. In the UAE, the need for internal audits is greater since the country has countless businesses flourishing daily. These companies require audits to analyze their performance and gain insight into their progress. Each emirate follows its own rules and appoints approved auditors to conduct the process. For instance, the Ras Al-Khaimah emirate has a detailed list of auditors in RAKEZ who are licensed to provide their services in the area, while there are separate DMCC approved auditors for DMCC. Auditing firms in UAE achieve their targets by providing detailed insight into company’s operations and presenting recommendations to improve processes. Organizations hire professional Auditors to conduct internal audits and compile their finding.
Internal audits tend to gauge the compliance of company performance and its records with laws and regulations of a specific area. It also serves as a means to identify fraud and also investigates post fraud scenarios and identifies breach and breakdown points in the system. These fraud investigations enable organizations to modify their internal control systems to avoid future fraudulent activities. Internal auditors do not carry out the organization’s activities, but provide the management with direction and advice on improving and strengthening their control and channeling their efforts. Internal auditors are highly qualified, complemented by a rich field experience providing them with a healthy exposure to deal with different situations they have to deal with.
Internal Audit Process
The key processes involved in an internal audits process are:
1. Planning
The first step is planning and notification. The auditors notify the client organization of the audit process, its scope and basic objectives in a formal meeting. Auditors gather vital information like administration records, processes, and basic financials of the organization. A complete audit is planned only after all necessary information is gathered. Particularly in the UAE, only registered auditors can be a part of the process.
2. Announcement and Initial Meeting
A formal engagement letter issued by the auditors to the organization officially commences the process. This letter outlines the scope of the audit, the areas or departments it shall cover, and the duration of the process. This formal announcement is then followed by an initial meeting with the client, where the client describes the units and systems to be reviewed. The client communicates information regarding its resources, including facilities, personnel, types of equipment, funds, etc. The auditor meets with the department’s management that seeks audit; in this meeting, the auditor explains the audit scope and demands certain information ready for the auditor when the audit begins. Also, the management highlights the areas of their concern and discusses the improvements they need recommendations upon.
3. Preliminary Survey
The auditor in this phase gathers general information from the people working the unit regarding the processes, operations, reviews reports, files, and other material to find out what the specific team under audit is all about.
4. Review of the Internal Control
This audit process is time-consuming; the auditor reviews the internal control mechanism, an analysis is carried out by employing different auditing tools and methodologies. This exercise on the auditor’s part leads him to highlight risk areas and design tests that need to be performed to gauge the specific unit’s performance.
5. Audit Program
The preparation of the audit program begins once the preliminary phase is over, the audit program highlights the necessary fieldwork required to meet the audit objective.
6. Fieldwork
The phase mainly involves extensive tests on the transactions and informal meetings with the people working in the unit. The fieldwork serves as a gauge for the controls identified in the preliminary review and if they are properly operational as described by the client. This stage ends with a list of findings of the auditor that are drafted in the audit report.
7. Testing the Transactions
Sampling techniques are employed, and random transactions are scrutinized for their authenticity and to judge whether they were carried out in the prescribed manner. They are free of any anomalies and errors. If fictitious transactions are found, they are further investigated to highlight the problem areas. The auditor also suggests a remedy to avoid their occurrence in the future in the final audit report.
8. Informal Communications and Advice
The significant findings by the auditor are discussed with the client; these discussions tend to offer an insight to the auditor to work out the best solution to the problem or issue. These informal communications, usually verbal but under complex scenarios, can be through memos or emails.
9. Audit Summary
Once the auditor is through with the fieldwork, a summary of the audit findings is compiled by the auditor comprising of recommendations and changes suggested.
10. Final Report
The auditors compile and present a formal audit report on the units audited to the management comprising the abnormalities found and their suggested solutions. Based on the submitted information, the client organization gives their formal feedback. Either accept the submitted report or communicate their concern on the claims made by the auditing team.
