Jobs: Internal Auditor

Internal Auditor

When I tell people that I am an internal auditor, the first reaction that I often get is one of shock. Then, I begin to receive sharp and whispered comments similar to the lines of “the auditor is here” or my personal favorite, “watch out, they’re out to get you.” There is a common thought amongst those unfamiliar with internal auditing that auditors are the police officers of the company, out to look for suspicious behavior and punish people for mistakes made.

An important distinction that people fail to make is the difference between an internal auditor and an external auditor. External auditors fall under the previous descriptions stated above: usually belonging to an accounting firm, they are required by the government to find anything suspicious or off and report it back to upper management. If a company is in the wrong, the punishments are extremely severe, often ranging from a heavy fine to a long jail sentence.

An internal auditor, on the other hand, is the company’s first line of defense against the external auditor. We check all the financial statements and processes before the external auditors come in; if we find anything wrong, we let the managers in charge of the process know and advise them on how to fix the problem. I think that the internal auditor can be best summed up in 3 ways:

1.     As a detective

2.     As an antivirus

3.     And as a teaching assistant

DETECTIVE
Being an internal auditor is like being a detective because

1.     When a problem is identified, a case is created

2.     We come up with solutions to the case

3.     We connect the solutions together to “solve our case”

For example: as an auditor, we do a lot of walkthroughs of the various processes that form up a large, publically owned company. For the most part, they go smoothly but there are certain instances of which a problem is identified as a security or financial error and requires immediate attention before the external auditors can include the flaw in their testing report. In order to stay one step ahead, we hunt for clues in the process that lead to the original error: for example, an outdated security program or an incorrectly generated excel model. We then come up with solutions to these clues, and finally combine these clues together in our written recommendation on how to solve the case.

ANTIVIRUS

As an antivirus, the internal auditor

1.     Runs quarterly checks on firm processes to look for problems

2.     Identifies these problems and fixes them

3.     Asks questions and requires confirmation before approving a new process

Even if there is a high chance that most processes within the company are running smoothly, we still check them 2-4 times a year to ensure that nothing suspicious comes up that would be problematic. As covered in the detective section, we also identify problems and fix them. Like the prompts that often come up on the screen every time a new app is added to your computer, we require approval from a director or above in order to carry forward with our recommendations.

TEACHING ASSISTANT

As a teaching assistant, the internal auditor

1.     Runs walkthroughs by asking questions to those in charge of the processes

2.     Gains an understanding of the process and its purpose

3.     Watches the person in charge run the process for accuracy

In this example, it may be helpful for you to consider the following analogies:

1.     Teaching Assistant = Internal Auditor

2.     Class Material = Process

3.     Assignments and Quizzes = Testing Walkthroughs

4.     Students = Process Owners

5.     Professors = External Auditors

For example, we are required to schedule walkthroughs with process owners as part of the checking process described in antivirus and detective. First, we ask questions to understand the process and its purpose within the big picture. Then, we ask clarifying questions about specific aspects of the process that we think external auditors will find interesting as part of their independent testing. Then, we require the process owner to run the process one time, to ensure that the process owner is saying the truth! Finally, with approval from the external auditors, the walkthrough is passed and the course is complete.

Readability Statistics

Flesch Reading Ease- 46

Flesch-Kincaid Grade Level- 12.9

Passive Sentences- 25%