Internal Audit Service

Internal Audit Service in Sudan

Internal Audit Service is an independent, objective assurance and consulting activity intended to add value and develop an organization’s operations. Internal Audit helps business to achieve its objectives by bringing a methodical, meticulous and disciplined approach to assess and enhance the effectiveness of risk management, control, and governance processes.

Internal Auditing is an activity carried on by the internal auditor to meet the management requirements of information. It is an independent appraisal activity within an organization for the review of operations as a service to the organization.

Role of an Internal Auditor

Internal Auditor’s role is to provide Management with independent assurance on the organization’s internal controls, risk management strategies and governance are operating effectively. Internal Auditors’ function includes supervising, evaluating, investigating and analyzing the risks & controls; checking and ensuring information and compliance with policies, procedures, and laws. Internal Auditor will assess the achievement of goals and objectives set by the Senior management. In the case of short of stated goals, the auditor will identify process gaps and make suggestions for improvement for bridging the same.

The objectives of Internal Audit:

The objective of Internal Audit is to evaluate and improve the effectiveness of governance, risk management and control process. The overall objective of internal auditing is to assist all members of the management in exuding their responsibilities. Also, to help them with objective analysis, recommendations and relevant comments concerning with any phase of business activity wherein they can be of service to management. In short, Internal Audit will help the management for:

  • Assessing the Risk involved
  • Assisting management in the evaluation of internal controls
  • To bridge the gaps by strengthening the internal controls and to accomplish organizational objectives
  • Evaluating process performance and managing risk effectively
  • Help to find the deviations from KPI and to get proper recommendation/ suggestion for improvement
  • To verify THE fulfilment of plans and sound business requirements and also to focus on objectives
  • To evaluate evidence in connection with the situation and issues

Methodology Used in Internal Audit:

1. Defining the Scope of Internal Audit
  • Risk Rating
  • Risk Nature
  • Audit Areas
2. Drafting the Risk Assessment Matrix

Risk Assessment Matrix (RAM) is used to define the risk category of each process and sub-processes or areas under the scope of Audit. The level of risk is defined considering the likelihood or probability against the category of consequence severity.

3. Risk-based Internal Audit Plan

A detailed Audit plan will be drafted in discussion with the Management and areas to be prioritized depending upon the risk category & also the nature of the function. Broad areas to be Covered (Can vary depending on the industry and choice of Management)

  • Revenue
  • Procurement of Goods/ Services
  • Inventory
  • Logistics
  • Information Technology Infrastructure.
  • Finance
  • Fixed Assets
  • Statutory Compliance
  • Admin & general Operations, etc.
4. Execution of the approved Internal Audit Plan

On Approval of Audit plan, fieldwork is executed by performing walk-through, enquiry, questionnaire etc. Clients are kept informed of the audit process and the status of the audit.

5. Submission of Draft/ Final Reports to highlight the issues with risk rating and reporting to the management

Once the execution stage is completed, all the observations are collated in a draft report. The risk rating is allotted to all observations with the responsibility of the concerned function. This report is discussed with the Management or Authorised personnel to highlight the issues, concerns and deviations.

6. Follow-up and Action Taken Report

As it will be a continuous process, the scope does not end with the submission of reports. The follow-up action taken report (ATR) will be represented to the management on the status of observations and its closure status. Any long-pending observations critical to the business will be bought to the notice of the management to set a further course of actions.

Independent review and appraisal of the organization’s financial and relevant operational activities will be better when the internal auditor is not part of the organization and is independent.