Internal Control is part of the first line of defense because it is the responsibility of Operational Management, which itself is accountable to Senior Management. Internal Audit is part of the third line of defense. It even assesses the effectiveness of the first (Operational Management functions) and second (Risk and Compliance Management functions) lines of defense. Moreover, unlike Internal Control, Internal Audit may report directly to the Board of Directors and specifically the Audit Committee, in order to maintain a certain independence and objectivity when assessing other functions in the company that operate at the first two lines of defense.
Although there is a strong and mutual relationship between them, internal control and internal audit are two different concepts. The importance of internal control and internal audit, which is a part of it, in achieving the objectives of the administrations, in the fulfillment of their activities more effectively and efficiently, in the reliability of the financial reports presented to the public, is a reality accepted by everyone. In this sense, it is very important to raise awareness about internal control in administrations.
Internal control is the creation and implementation of the necessary control systems and methods to reduce the impact of possible risks. It is the management’s responsibility to establish an effective internal control system, to operate and monitor this system as required.
Internal auditing is an important but different dimension of internal control. Managers obtain information about the nature of internal controls from the reports of the internal audit function created as part of the internal control structure. Internal audit units examine whether the internal control systems installed in the administrations work properly and report to the senior management. In other words, internal audit units provide information to management regarding internal controls, make evaluations and make proposals. The internal audit activity helps the organization have effective controls by evaluating the effectiveness and efficiency of controls and encouraging continuous improvement.
Despite his duties and powers, the internal auditor is not responsible for the dysfunctional financial management and the effectiveness of the internal control environment and management. The internal auditor is only responsible for the success of the internal audit. Managers are responsible for the success of internal control.
Internal audit provides information, evaluations, and recommendations to management regarding internal controls. However, no matter how valuable information internal audit provides to management, it should not be seen as a substitute for an effective internal control system. On the other hand, an effective and strong internal control structure reduces the work of internal audit as well as management, allowing these functions to deal with more important issues.
Although internal control activities operate as an uninterrupted process, the internal audit function begins to work after the activities are carried out and evaluates the events after they occur.
Internal control is a process that ensures the accuracy and reliability of the activities, and internal audit tests and reports the accuracy and reliability of the activities.
Internal auditing is a service for management. Examining and evaluating internal control and providing assurance to the top management are within the scope of internal audit functions. Internal audit itself is part of the organization’s internal control system and includes all aspects of internal control, not just financial control.
It is essential that internal audit maintains its distance from management control. Thus, the institution will be aware of its responsibility for management control and will strive to carry out internal control effectively. The internal auditor is only responsible for the success of the internal audit. Managers are responsible for the success of internal control.
Internal audit should help the organisation have effective controls by evaluating the effectiveness and efficiency of operations and encouraging continuous change.
Article by :