Internal Audit Key Terms

Key terms you'll need to know as you explore the topic of internal audit

By Ann Starr

Internal audits are essential if you want to make sure your business is functioning properly. Contrary to popular belief, internal audits can analyze more than just financials and can include virtually every aspect of a business.

Large companies usually have an internal audit function that reports regularly to the company’s board of directors. Small to medium sized businesses can contract with a consulting company to perform this function for them. In any case, an internal auditor certification is your best guarantee that the person doing your auditing has the proper amount of training and expertise to do the job properly. As you investigate this topic, you should familiarize yourself with some key terms.

Enterprise risk management

Enterprise risk management (ERM) refers to the processes and methods that an organization uses to manage the risks associated with achieving its objectives. It involves identifying risks and opportunities, assessing the likelihood or magnitude of impact, identifying a response and then monitoring progress. ERM typically includes internal audit and operations management in a collaborative effort to create and protect value for all the stakeholders in the organization.
Try: TechTarget explains enterprise risk management in detail.

Certified internal auditor

Certified internal auditor is a designation offered by the Institute of Internal Auditors (IIA) and is a globally recognized certification for internal auditors. In order to be certified, the individual must demonstrate their competency and professionalism as an auditor, have a college degree, pass a four hour exam and complete 24 months as an auditor.
Try: Find more information at The Institute of Internal Auditors.

Audit committee

In a publicly-held company the audit committee is an operating committee that is part of the board of directors and is responsible for the oversight of financial reporting and disclosure. Members are drawn from the board of directors and there is a chairperson selected from among the members, one of whom is typically an expert in finance. The company's internal audit department works closely with the audit committee.
Try: See AllBusiness.com for a complete definition of an audit committee.

Sarbanes-Oxley

Sarbanes-Oxley, commonly called Sarbox or SOX, was enacted in 2002 after numerous major accounting and corporate scandals cost investors billions of dollars when the companies involved collapsed. Internal audit departments are familiar with this law and are charged with ensuring that the company follows all of its regulations.
Try: Soxlaw.com contains a good summary of Sarbanes-Oxley.

GAAS

GAAS or generally accepted auditing standards are the ten standards developed by the American Institute of Certified Public Accountants and consist of general standards, field work standards and standards of reporting and interpretations. GAAS are used routinely by internal auditors.
Try: Go to BusinessDictionary.com to find out more about GAAS standards.

Auditable activities

Auditable activities are those subjects or systems that are usually able to be defined and evaluated by an internal audit department. They include: policies, procedures and practices, general ledge account balances, information systems and major contracts and programs to name a few.
Try: Indiana University defines Auditable activities in a glossary. Just scroll down to the term.