The Institute of Internal Auditors (IIA) defines internal auditing as “an independent objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance process.
Because of the unique mix of products and services, management style, and policies and procedures in place, each organization will have a different degree of risk tolerance and methods for addressing the risks it believes are warranted. In addition, an institution's system of internal control plays an important part in risk management. An internal control system should provide reasonable assurance regarding the effectiveness and efficiency of operations, the reliability of financial reporting, compliance with applicable laws and regulations, and the safeguarding of assets. Lastly, Management’s ability to effectively monitor its process of identifying and addressing risk will determine the adequacy of your risk management system.
Nearman, Maynard, Vallez, CPAs, P.A. takes a risk-based approach to the internal audit process. We work with Management and the Supervisory/Audit Committee to anticipate and address risks early on by performing a risk assessment as the first step in developing an internal audit plan for your institution.
This risk-based approach is dynamic. The audit plan changes from year to year as the risk factors in your environment change, your operations change, and new products and services are added. Our approach is also flexible – you determine the number of visits each year based on your budget and the results of the risk assessment.
Perhaps you have an internal audit department or one full time internal auditor, but staff may not have the time to complete parts of their audit plan, want to add areas not previously covered, or bring expertise to a particular audit and prefer to co-source specific projects with our team. The internal audit co-sourcing provides additional internal audit coverage on a regular basis without the expense of hiring an additional staff member.
As an alternative to the risk assessment, we can also perform agreed-upon procedures where the Supervisory/Audit Committee or Management specifies certain procedures important in evaluating and monitoring the internal controls over sensitive areas of credit union operations. These areas can be tailored to meet your specific needs and requirements.