"Internal audits are not just a box ticking exercise, for any company; they should be a regular part of the annual business performance and planning cycle," say David Goodall and Carmen Bennett, Audit Specialists at Baker Tilly Staples Rodway’s Taranaki Firm.

Having the auditors in can sometimes sound daunting, but is no more difficult than taking the car for a Warrant of Fitness (WOF). Making sure your business is running to plan is a core part of business resilience. Even the ‘big end of town’ operators like the banks have recently been reminded of the value of a core internal auditing practice, as was seen when the Australian-owned Westpac bank was formally warned for failing to comply with Anti-Money Laundering legislation.

With so many risks and issues to manage, even the best business operator can miss a glaring business performance issue, or a gap in their fraud protection processes. And not many small businesses undertake regular, annual audits, a relatively straightforward process which will spotlight areas of concern.

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

Risk, systems and governance. Let’s investigate further¦

What is an internal audit and why is it different to an external audit?

Put simply, an internal audit is an assessment of how a business’s internal procedures and policies are working. It really is like a WOF for your business, a check to make sure important internal controls are in place and operating as they should.

To be able to accurately undertake that WOF, the auditor must gain a good understanding of the systems of your business and how it’s run. Some internal auditors are already based in the business, giving them a good understanding of the overall workings of the day-to-day operation. Even so they will still need to check a sample of invoices or receipts, contact third parties who work with the business, observe business operations and spend time with employees.

Within Baker Tilly’s own national network of seven Member Firms, our internal audits are undertaken by auditors who work in other Firms, making sure that they bring a fresh set of eyes to the local business operation.

Once all the data is collated, interviews and meetings complete, the auditors will prepare an internal audit report, summarising whether the business meets the expected standards, and highlighting any improvements required. This report can be presented and discussed at Board or Executive meetings, as part of the core governance processes.

What does an internal audit report achieve?

An internal audit report, just like a WOF, gives business owners peace of mind about their financial and operating performance. It highlights areas which need improvement, where work is being done well, and will often also improve efficiencies and free up staff time.

The thoroughness involved in conducting an internal audit will give business leaders the chance to amend the error before significant problems occur.

Audits are a great way to highlight a small issue before it grows into a more significant one. Reviews can help uncover major risks, including a business’s susceptibility to fraud. In some cases, an internal audit can uncover a fraud that has already happened. The Serious Fraud Office regularly publicises cases which have made their way to the courts, where ‘trusted employees’ have been skimming money out of business accounts. These are often frauds which were not discovered until an internal audit was undertaken.

Crucially, as well as showing historic weaknesses or losses, audits also protect organisations from incurring additional penalties or costs through failure to meet accounting standards or other compliance requirements.

When should I get an internal audit?

An annual review of financial systems is typically a good approach. Another option is to implement a strategy for conducting internal reviews at regular cyclical intervals, such as reviewing payroll functions every two years. Businesses have different needs, so it’s always best to consult with a financial professional.

In our experience, errors usually happen when change occurs within a business. This is often an exciting time for a business owner as they explore expansion, upscaling or a new product launch but these changes also come with new compliance standards and often require tweaks to financial systems.

As a general rule of thumb, if any part of a business’s financial handling is causing lost sleep, it’s probably time for an audit.

Do small businesses require internal audits?

Just as all vehicles (no matter their size) need to be serviced, all businesses need to be audited. The scale and process may change but having compliant and effective financial frameworks in place is key to a business’s success. With many regulatory changes, high profile data breaches and other issues affecting businesses in recent months, having peace of mind that your business is secure and meets the latest standards is especially valuable.

Larger businesses typically have advantages in this regard, with departments dedicated to meeting compliance standards, compared with smaller businesses whose workers often have multiple duties. That’s why small businesses benefit equally from internal audits.

They’re also a valuable exercise in building trust, giving business owners faith in their internal systems and teams, as well as ensuring private customer data and funds are well protected and managed. Loss of reputation can be even more damaging and lasting than the immediate loss of money when it comes to fraud or cyber attacks. The FMA has recently highlighted a range of scams where individuals and businesses were targeted by cyber-criminals. An internal audit focused on IT systems and controls would help you understand whether you have adequate protection in place to avoid being the next ‘Waikato DHB’.

Heading back to the WOF analogy; yes, getting a WOF is a cost, but you do it to ensure your vehicle will get you from A to B safely, that it retains its resale value, to protect those within it and ensure they are safe on the roads no matter how bad the weather. And when you get the WOF report which tells you that your tyres are unsafe, you replace them. Just like a WOF an internal audit provides insights and guidance to ensure your business is functioning at it’s very best and is a fundamental part of doing good business.

Contact your Baker Tilly Staples Rodway adviser for more information.