Conducting an internal audit: Best practices
Internal audits can be daunting, but there are resources to make it easier on you. Here are our best practices for conducting your first internal audit.Audits sound scary. Even the word brings fears of the IRS knocking down your door and demanding money you didn’t know you owed. But, audits aren’t just about your taxes, they and won’t result in your door being kicked in. Probably.
An internal audit is defined by the ASQ (American Society for Quality) as “the on-site verification activity, such as inspection or examination, of a process or quality system, to ensure compliance to requirements.”
Of course, as professionals do, big confusing sentences are used to make sure we’re all aware that audits are terrifying and so are the people who conduct them. But, what all of that really means is that auditors are trying to get people and businesses to follow the rules that keep them safe while saving as much money and time as possible.
See? Not so scary. Plus, as a business owner, you have to do it. To get you started, here are the best practices for conducting your first internal audit.
1. Assess risk first
When it’s your first time, it can be tempting to jump right into full-on audit mode. But before you dive right in, be sure to assess the risk across your organization first.
That might sound like a no-brainer, but there are a few reasons why this is an important point to make off the top. You might think you know everything about your organization and what needs to be assessed. But the truth is, there are things you probably don’t know about, as much as you wish you did.
Not to condescend, but this is true: For Dummies has some great resources for anyone doing their first internal audit. Seriously.
Assessing risk may be the most tedious part of the auditing process, but it makes everything else more efficient by saving your time, saving your money, and minimizing mistakes.
2. Train staff
After you’ve assessed risk, you’ll probably want to come up with policies and procedures to ensure that high-risk activity and areas of improvement don’t take a step backward. Fair warning: Your staff might hate you for making them learn about risk mitigation and the auditing process. But, once it’s done, it’s done — until you have another audit.
So, given that this isn’t the most fun experience, maybe make it as enjoyable as possible. Order lunch for the team, make an event out of it, or make the presentation as fun and interactive as you can. Keeping your team involved and engaged will make this process easier in the future, again, saving your time and money.
3. Use technology where you can
Assessing risk and acting on it isn’t just time consuming for your team — it takes a lot of your energy as well. Though you’re probably the one starting the audit process, you aren’t super thrilled about having to actually do it either.
So, where you can, it’s important to automate these processes, or at least take advantage of the technology and services available to you.
Forbes has a great article on the future of auditing and what technologies may have a stark impact on the process going forward. But right now, you’re not going to use “predictive analysis” to get your audits done faster.
For the citizens of today, some great companies are actually working with tomorrow’s tech.
Mindbridge.AI utilizes machine learning and artificial intelligence to make accounting, bookkeeping, and financial tasks easier. How? Check out their website to find out.
Keep your eye out for new and exciting innovations, though. Ernst and Young have created a great blog series on this exact topic that you should definitely check out.
4. Collaborate and communicate
We all have the image of the accountant working in isolation, surrounded by stacks of paper and calculators working their fingers to the bone. While you may want to isolate from your coworkers sometimes, best practice would be to communicate as much as possible.
Keep in mind, though, that these are sensitive, often financial documents. Simply sharing them over email isn’t good enough, and even if you’re in the office, collaborating on one computer or redlining a piece of paper is going to take you exponentially more time than it should.
For that, there’s DocSend.
DocSend is the file sharing and collaboration tool for finance professionals. Upload your documents to DocSend’s secure sharing platform, collaborate with as many or as few team members as you want with multi-level access controls, and even track the analytics of each document in real time.
Don’t audit on your own. Start a free trial of DocSend.
5. Look ahead, not behind
Once you’ve started your audit, you may start to find some issues that, in hindsight, never should have happened. Supporting documentation that should’ve been there but wasn’t, no policies and directives, and a lack of formally documented approvals are some of the most common things that internal audits generally find.
It’s easy to get down on yourself at times like this. But first and foremost, it’s important to point out that you recognized the need for an audit in the first place. That’s the first step in making your organization compliant, efficient, and cost effective. Pat yourself on the back.
Look forward to the things you’ve found and the things you can do to change them.