Risk-Based Internal Audit—Scope, Rationale, and Function
24.1 INTERNAL AUDIT SCOPE AND RATIONALE
The internal audit function of a bank is an integral part of its internal control system. In June 1999 the board of directors of the Institute of Internal Auditors approved the following definition of internal audit:
Internal audit is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance process.
The scope of internal audit is vast, but according to the definition of the Institute of Internal Auditors, the focus is on risk management and corporate governance practices and procedures. In general, internal audit is concerned with the scrutiny of transactions, examination of business practices and procedures, verification of compliance with the rules and regulations, and evaluation of the internal control system.
The internal auditor is usually concerned with the following aspects of a bank's operation:
1. Whether business activities in different locations are conducted in accordance with prescribed procedures.
2. Whether all transactions are correctly executed and recorded.
3. Whether duties and responsibilities of officials are clearly demarcated and managerial and operational staff are working within their defined powers. ...