Public companies are subject to all types of audits—especially when it comes to their financial record keeping. There are external audits of financial documents, as well as internal audits of the controls behind financial reporting. While the former involves external third-party accountants, an internal audit is performed by an entity’s own accountants. Together, they’re two sides of the same coin: one focused on transparency. 

Internal audits became an important staple for public companies after the passage of the Sarbanes-Oxley Act of 2002. This piece of legislation holds managers legally responsible for the accuracy of a company’s financial statements. As a result, it’s in the best interest of the company to maintain transparent, accountable, controlled standards—and have documentation to back them up. 

The process of an internal audit

What do Internal Audits Look at?

Internal audits look at the processes and controls for financial reporting, to ensure they’re traceable and compliant with IRS and SEC standards. They’re designed to be comprehensive, spanning every part of the reporting process. In general, a good audit will seek to verify several key objectives: 

  • Certify the integrity of financial information
  • Promote accountability within financial reporting
  • Reduce opportunities for fraud or noncompliance
  • Ensure compliance standards and best practices
  • Risk management and quality control in accounting

Companies tend to engage in many different types of audits, targeted at specific facets of its accounting practices. Some are more intensive than others. For example, a company might audit its ledger entries weekly and choose to do a full audit of its report generation process every quarter. 

How Can Companies Learn From Audits?

Beyond engaging in audits, companies need to learn from them and incorporate findings in a positive way. The simplest way to improve is to recognize shortcomings in the accounting or reporting process and bring them up to standard. To do this, companies may need to reevaluate internal standards. For example, some of the ways companies can assess improvements to their practices include:

  • Reevaluating and improving processes and procedures
  • Introducing better internal controls
  • Segregation of duties to prevent ethical dilemmas
  • Authorization standards and delegation of duties
  • Creating and following documentation requirements

Turning up inefficiencies or opportunities for improvement during an internal audit isn’t a bad thing. Failing to correct them or sweeping them under the rug is where companies run into trouble.

Who Performs an Internal Audit?

As the name implies, an internal audit happens within the company. Typically, it’s performed by a qualified Internal Auditor (IA). This is an accountant or other financial services expert trained to look at current standards and practices through a critical lens. Their job is to uncover and help correct malfeasance before it becomes a matter for the IRS or SEC. Specifically, an IA has three objectives:

  • Assess the internal controls within a company;
  • Ensure the company is in compliance with federal and state laws and regulations; and
  • Recommend a course of action to rectify any issues identified during the audit.

To achieve these goals and meet the expectations of the company, IAs need to have a keen understanding of IRS and SEC standards, as well as thorough understanding of accounting and bookkeeping best practices. Many companies also mandate that their IAs get certified by the Institute of Internal Auditors (IIA)

Internal Auditors vs. External Auditors

The biggest difference between internal auditors and external auditors is who appoints them. IAs are appointed by the company to undertake a willing audit of practices and protocols. External auditors may engage in the same duties, but they’re appointed by shareholders via a vote.

Internal Audit Reports

The result of an internal audit is an internal audit report. This document is a summary of the findings of the audit, along with any recommendations the auditor may have to correct issues uncovered. While reports vary depending on the type of audit and the scope of the discoveries, they tend to cover five core elements:

  • Condition. What is the nature of the problem?
  • Criteria. What standard isn’t currently met?
  • Cause. How did the problem come to occur?
  • Consequence. How will the business suffer?
  • Corrective action. How can the company correct the problem?

A well-written and well-delivered report will answer these questions in-depth, to provide the basis for corrective action. Reports should be objective, clear, accurate, succinct and timely. 

Audits Go Beyond Accounting

While the primary motivation for many audits is to ensure proper and transparent accounting and financial reporting, audits can span any facet of operations. Many companies audit processes and controls to improve operational efficiency, reduce liability, protect assets or improve productivity. These primary benefits give way to the secondary benefit of clear and present accountability when it comes to bookkeeping. 

For example, a company may audit its cybersecurity practices. In doing so, it enhances its data archival practices to better-protect customer financial data. Doing so raises its standard for compliance with SEC cybersecurity guidelines. In the event of a cyberattack, the company will have the proper controls in place to prevent a larger debacle, which could help it avoid fines or expensive remediation efforts. 

Internal Audits are Standard Practice

Every public company practices internal auditing as a rule. Internal audits help ensure outward compliance by keeping a company on its toes. As standards and practices change and expectations for transparency and compliance grow more stringent, internal audits are a company’s first line of defense against fines, penalties and investigations. With responsibility falling to internal stakeholders to uphold accounting and financial reporting best practices, it’s in every company’s best interest to be its own biggest critic.

In fact, this is just as important for investors. You need to take the time to analyze your investments’ financial reports. To learn more, sign up for the Profit Trends e-letter below. You can expand your investment knowledge and discover expert stock tips and trends in the process!