Internal audit is a function within a business, independent of the operations it reviews, that evaluates the effectiveness of internal controls, risk management and governance. Unlike an external audit, it does not give an opinion on the financial statements - it reports to management and the board on where controls are weak.
What it means
Internal audit works on a rolling plan covering different areas of the business over time, testing whether processes operate as designed and recommending fixes where they do not. Its findings feed into the external auditor's own risk assessment but serve a separate purpose.
Where it fits in
Internal audit commonly reviews payroll controls - segregation of duties between who sets up an employee and who approves their pay, whether terminated employees are removed promptly, and whether statutory deductions reconcile to what was paid over to SARS.
Key rules
- An independent in-house function reviewing controls, risk and governance.
- Does not opine on the financial statements; that is external audit's role.
- Works to a rolling plan across different business areas.
- Frequently reviews payroll segregation of duties and termination controls.
