Internal Audit – Where do you start?

Management & Growth, Security,

We looked previously at how beneficial internal audit can be for small businesses but where do you start?

Clue: It doesn’t have to be an overly complicated process, and can actually be pretty simple if you follow the steps through.

Let’s take a look:

Step 1: Planning the Audit

What is your objective? Define the scope and objectives of the audit.


1. Identify Audit Areas: Decide which areas of the business to audit. For a small service business, this might include financial processes, customer service, operational efficiency, and compliance with regulations.

2. Set Objectives: Determine what you aim to achieve with the audit. This could be verifying financial accuracy, assessing customer satisfaction, or ensuring compliance with industry standards.

3. Create an Audit Plan: Develop a plan that outlines the audit’s scope, timeline, resources needed, and specific tasks to be performed. This could be as simple as saying that next week, Sarah is going to spend a day looking at how Tim carries out the billing process, looking particularly at accuracy and timeliness.

Step 2: Gathering information

Objective: Collect relevant data and documents.


1. Review Documents: Collect and review relevant documents such as financial records, customer feedback, service agreements, and compliance reports.

2. Conduct Interviews: Talk to employees and management to understand their processes and gather insights.

3. Observe Processes: Observe daily operations to understand how tasks are performed and identify any discrepancies.

In our earlier example, where an internal audit was being conducted into the finance function of a business, this could be a review of invoices, payment records, and customer contracts to understand the billing process and ensure all services billed are correctly recorded.

Step 3: Evaluating Internal Controls

Objective: Assess the effectiveness of internal controls.


1. Identify Key Controls: Determine the key controls in place for each process being audited. For financial processes, this could include authorisation controls, segregation of duties, and reconciliation procedures. (What should be happening? Who should be authorising or checking accuracy of processes?)

2. Test Controls: Perform tests to evaluate whether these controls are working as intended. This might involve verifying that only authorized personnel can approve expenditures or ensuring that reconciliations are performed regularly. (Does the reality differ to the theory?)

In our example, the audit should look at whether there is a segregation of duties in the billing process to prevent errors or fraud, such as having different employees responsible for creating invoices and processing payments.

Step 4: Analysing Findings

Objective: Analyse the data collected and identify any issues or areas for improvement.


1. Compare Against Standards: Compare your findings against company policies, industry standards, and best practices.

2. Identify Issues: Highlight any discrepancies, inefficiencies, or areas of non-compliance.

3. Assess Risks: Evaluate the potential risks associated with the identified issues and their impact on the business.

In our example, the auditor may find that invoices are often sent late, and from there, should look at the impact this has on cash flow and customer satisfaction.

Step 5: Reporting Results

Objective: Communicate the findings and recommendations to the business owner.


1. Prepare a Report: Compile a report that includes an overview of the audit scope, methodology, findings, and recommendations. Again, this doesn’t need to be overly formal or lengthy. It simply needs to be a summary of the different areas.

2. Use Clear Language: Ensure the report is written in clear, non-technical language to be easily understood by all stakeholders.

3. Suggest Improvements: Provide actionable recommendations to address any identified issues or improve processes. This may be left for the business owner to consider following the results of the audit.

It may be necessary, in our example, to consider using repeating invoices in Xero as a simple way to automate the billing process, which could reduce errors and ensure timely invoicing.

Step 6: Follow-up

Objective: Ensure that recommendations are implemented and effective.


1. Develop an Action Plan: Work with the business owner and relevant employees to develop an action plan for resolving any issues identified.

2. Monitor Progress: Regularly check the progress of the action plan and ensure that improvements are being made.

3. Re-Audit if necessary: Conduct follow-up audits to verify that issues have been resolved and controls are now effective.

In our example, after implementing the new billing software, a repeat audit six months later could check that invoices are now being sent on time and the error rate has decreased.

By following these relatively simple steps, a thorough and effective internal audit could provide valuable insights and recommendations to help the business improve and reduce risk.

As ever, if you’d like any help with working out which areas should be priority for your business, or the process to follow for each area, please get in touch. We’d be very happy to help!

Business News

We send regular updates that keep clients aware of changes and suggestions on a wide range of subjects; if you’d like to receive those too, just add your details below and we’ll do the rest! We promise not to bombard you and you can unsubscribe at any time.

  • This field is for validation purposes and should be left unchanged.
If you've found this post helpful, please share it with others…