The Board of Directors of the Institute of Internal Auditors defines internal auditing as follows:
Internal auditing is an independent, objective assurance and consulting activity designed to add value to and improve an organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluating and improving the effectiveness of risk management, control and governance.
We bring the required skills, experience, acumen and capacity to clients’ internal audit functions, thereby adding value. Internal audit is a core resource in the governance process, and we draw on our firm-wide specialist skills to bring a comprehensive solution to our clients, as well as providing independent assurance on critical business processes.
Full outsourcing includes the performance of all internal audit activities – including risk assessment, audit planning and execution, performance information audits, communication/ reporting – on a recurring basis. The client may have or may choose not to have a Chief Audit Executive.
Co-sourcing is when we assist the client’s in-house internal audit function in the execution of internal audit plans, due to a shortage of capacity or expertise in certain areas. Quality Assessment Reviews: in our quality assessment process, ORCA performs a comprehensive review of the overall effectiveness of a client’s internal audit function.
- Compliance to international professional standards
- The effectiveness and efficiency of function activities
- Organisation, resource and skill capabilities
- Evaluation of stakeholder needs and fulfilment of those needs, and
- Identification of strengths and improvement opportunities that strategically position the internal audit function for on-going success.
By improving the use of technology in the audit process, continuous auditing and continuous monitoring become reality. Better use of technology and the data in existing systems can drive more use of monitoring in the business and more preventative, automated controls (Protiviti, 2012).