Internal Auditors operate inside the organisation – hence the name: “Internal Auditor”. And Internal Audit teams set out to be independent, objective assurance and consulting activities designed to add value and improve organisations’ operations. The first internal audit teams operated a long time ago – in the early 1900s – followed by the formation of a professional institute in 1941. See
The Institute of Internal Auditors.
Today Internal Auditors help an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. But the past was often different – in the early days internal audit teams were more aligned to ‘checking and approval functions’ as evidenced by records of audit teams from the 1950s where they describe ‘approving certain large value payment cheques’. The real change came with the growth of the number of transactions executed by organisations – whereby the audit team could no longer check each individual transaction. The caused the auditor’s role to change to examining overarching control structures rather than individual transactions. And the final shift to the current state of play took place around the 1990s when Risk Management finally matured and the auditors role shifted from a focus purely on control, to an examination of the balance between risk and control.
The Internal Auditor has finally come of age. It’s now widely acknowledged that it’s management’s role to determine risk, it’s management’s role to pair adequate, effective and efficient controls against evaluated risks that are beyond the organisation’s articulated risk appetite. And it’s Internal Audit’s role to see whether management are doing this effectively.
So it’s goodbye to the Internal Auditor as the inspector, and hello to your new trusted business advisor.