This page is designed to help new professionals in the internal audit and risk management industry understand the field and start their careers.
What is Internal Audit?
What is an audit? An "audit" is defined as a formal review of a person or company's financial records by professional accountants. Internal audit is a profession common to consulting firms such as Protiviti. Internal auditors assist organizations in implementing and improving compliance, governance, and risk management-related processes and controls. Many companies also have their own internal audit team in-house. The internal audit team within a company can range from one to hundreds of auditors, depending on the company's size. These organizations may also partner with outside consulting firms on big projects or if they need more expertise.
Internal audit can help with nearly any aspect of a business, from choosing new technology to implementing a new company culture. Auditors go in to analyze and document the current processes in place, usually through interviewing key personnel, and come up with recommendations to help the company achieve efficiency and effectiveness.
Suggested Resource: Guide to Internal Audit
This internal audit guide addresses common questions concerning the NYSE listing requirements that mandate the creation of an effective internal audit function. The questions and answers will assist those planning to develop a function. The booklet provides guidance on issues ranging from roles and reporting structures to audit risk assessments, as well as management’s responsibilities. Ten appendices include samples and additional information. This guide has now been updated to reflect the SEC’s approval of PCAOB Auditing Standard No. 2 and other regulations in the U.S. and Canada.
What is Risk Management?
The objective of risk management is to help identify and document the organization's risks in critical business processes and the internal controls within each process to mitigate those risks.
For all businesses, risks exist and need to be identified and addressed to prevent or minimize losses. Risk is the threat that an event, action or non-action will adversely affect an organization’s ability to achieve its business objectives and execute its strategies successfully. It is measured in terms of consequences and likelihood.
Risk management must control identified risks to help the company achieve its performance and profitability targets, prevent resource loss, ensure reliable financial reporting, and ensure compliance with laws and regulations, avoiding damage to its reputation and other consequences.
Suggested Resource: Guide to Enterprise Risk Management
In today’s challenging global economy, there is a need to identify, assess, manage, and monitor an organization’s business opportunities and audit risks. The concept of enterprise risk management (ERM) helps elevate the focus of risk management from the tactical to the strategic level. The purpose of this publication is to address some of the most commonly asked questions with respect to ERM. It offers ideas, suggestions and insights to executives responsible for ERM implementation.
Suggested Resource: Assessing Risks and Internal Controls Guide
For all businesses, some risks exist and need to be identified and addressed in order to prevent or minimize losses. As part of their Sarbanes-Oxley compliance efforts or enterprise risk management programs, many internal auditors train process owners to assess risks and take responsibility for managing internal controls. In this effort, it is important to acknowledge the process owner’s responsibility for the design, implementation and maintenance of the control structure within assigned business processes. Process owners are also expected to contribute direction to identify, prioritize and review risks and controls; remove obstacles for compliance; remedy control deficiencies; and continue or begin a program of self-assessment and testing to monitor the controls within your processes. This guide was developed to help with this training activity.
Suggested Resource: Protiviti Risk Model
The Protiviti Risk Model is a comprehensive organizing framework for defining and understanding potential business risks. The model categorizes business risk into three main areas: Environment Risk, Process Risk and Information for Decision-Making Risk.