Skip to main content

Internal Audit : Questions and Answers

What is an internal audit, and what does it do? What is its mission, and how is it carried out by whom? You can find the answers to these questions in our article below.

Today’s globally competitive environment requires institutions to take precautions by being aware of their weaknesses, strengthen the structures and structures of companies, and train their employees while also trying to make them more committed to their companies and improve their risk management, internal control, and internal audit capacities.

What is the Definition of internal audit?

It is an independent and objective assurance and consultancy activity that aims to improve and add value to an Institution’s activities.

Internal audit helps the organization achieve its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of its risk management, control, and governance processes.

What is the mission of internal audit?

The Mission of Internal Audit: To protect and improve organizational value by providing risk-based, objective assurance with advice and predictions.

What are the types of internal audits?

Different types of audits are available. Sometimes, it can be a combination of these.

  • System audit
  • Performance audit
  • Compliance audit
  • financial audit
  • Information technologies audit
  • Cheating and abuse auditing
  • mixed audit

What is a System Audit?

System audit is the testing of internal controls implemented by Management.

The activities and internal control system of the audited unit is to analyze the organizational structure with a contributing approach, identify its deficiencies, investigate its quality and suitability, and evaluate it by measuring the adequacy of the resources and applied methods.

What is a Performance Audit?

Performance auditing is the auditing of physical, financial, and human resources used in operational activities (processes) regarding performance criteria (economy, effectiveness, and efficiency) related to the processes.

It evaluates the effectiveness, economy, and efficiency in the planning, implementation, and control stages of activities and transactions carried out at all company levels. The purpose of a performance audit is to objectively examine and evaluate whether the allocated human, financial, and technological Company resources are used effectively, economically, and efficiently in accordance with their monetary values. In other words, it is to check whether the resources used comply with the goals and objectives of the audited unit and whether they are proportional to the outputs obtained.

What is a Compliance Audit?

A compliance audit examines the Company’s financial transactions and other activities to determine whether they comply with the established methods, rules, and legislation.

It checks whether the company’s activities and transactions comply with the relevant legal regulations.

What is a Financial Audit?

The financial audit checks the accuracy of the data in the Company’s financial statements according to generally accepted accounting principles.

It evaluates the accuracy of accounts and transactions regarding income, expenses, assets, and liabilities and the reliability of financial systems and statements. Within the framework of the results obtained within the scope of the financial audit, the effectiveness and adequacy of the internal controls established for the audited unit or process are also evaluated.

Information Technology

They are tools that enable and assist in the production, collection, accumulation, processing, retrieval, dissemination, and protection of information. Information Technology: It is a whole that covers the software and hardware technologies used to collect, process, store, and transmit information from one place to another through communication networks, to serve it to users, to manage, store, and ensure its security, and to determine the rules of access to information stored in these systems.

What is Information Technologies Audit?

Information Technologies audit evaluates whether the information systems of the audited unit are secure. This type of Audit is also used to evaluate the adequacy and accuracy of data and information stored in the information system being audited.

It is the evaluation of the continuity and reliability of the electronic information systems of the audited unit.

What is Fraud and Abuse Auditing?

Fraud and abuse auditing is the investigation of frauds and abuses revealed or reported during other audits and trying to find the perpetrators.


These illegal acts can be characterized as cheating, fraud, and security abuse. These acts do not depend solely on the threat of violence or the use of physical force. Abuses: These can be carried out by various parties and institutions to provide money, goods, or services, to avoid loss of service or payment, or to gain a personal or business advantage.


It refers to the deliberate omission or misrepresentation of important information in accounting records, financial statements, other reports, documents, or forms.

What is Hybrid Auditing?

Mixed audits fulfill the objectives of at least two of the other audits.

What are international internal audit standards?

International Internal Audit Standards: The International Institute of Internal Auditing (IIA) aims to define the basic principles of internal auditing, to express and promote its added value, to enable the evaluation of its performance to ensure that internal auditing is carried out in accordance with the definition of internal auditing, which is carried out in different industries and environments, in various legal regulations, institutional structures with different scales and characteristics. “International Internal Audit Standards” are standards developed by.

How are International Internal Audit Standards divided into?

StandardsIt consists of two basic categories: Qualification and Performance Standards.

  • Qualification Standards: It is aimed at the characteristics of institutions and individuals conducting internal audits.
  • Performance standards: it explains the nature of internal auditing and provides the quality criteria used to evaluate the performance of these services. Qualification and Performance Standards apply to all internal audit services.

What are the characteristics of an internal auditor?

Internal Audit Units and Internal Auditors in Institutions. It should have the following features:

  • He acts honestly and virtuously.
  • Competence and professional care
  • It is objective and not influenced (independent)
  • The organization’s strategies, objectives, and risks
  • Suitably located and adequately resourced
  • It is based on quality and continuous development.
  • Communicate effectively
  • Provides risk-based assurance.
  • He is insightful, proactive, and future-oriented.
  • It promotes institutional development.

What does internal audit assurance activity mean?

Assurance activities involve the internal auditor objectively evaluating available evidence to provide an independent opinion or opinion about an action, process, or project. The primary purpose of Assurance/Audit activities is to assess the issues within the scope of the audit within the framework of the internal audit methodology and to present the results of these evaluations to the Board of Directors/Audit Committee reporting to the Board of Directors.

What is reasonable assurance?

Assurance provided by internal audit-definite” is not an assurance; “reasonable” is an assurance. Reasonable assurance is achieved by an auditor with all the qualifications, technical knowledge, and experience required for a particular audit task under normal circumstances by showing all the care and attention required by the task in question and by following all the audit steps that must be followed. It forms his/her opinions based on relevant, reliable, and sufficient audit evidence. It is an assurance to be given and does not contain absolute infallibility.

What does internal audit consultancy activity mean?

As can be understood from the definition of Internal Audit, consultancy activities are among the duties of the internal auditor.

Consultancy Activity Evaluates and makes suggestions for developing the institution’s activities and transaction processes to achieve its goals. Consulting activities, carried out without assuming any administrative responsibility, are services provided to add value, facilitate, develop, and guide administrative activities such as opinions on executive matters, giving views on comprehensive legislative amendments/drafts, training, analysis, evaluation, determination of performance indicators, control self-evaluation, process design, and project tasks.

It is explained in UİDS as follows:

“Consulting services are advisory in nature and are generally performed at the specific request of the client requesting the assignment (the person or group requesting and receiving advice – consultancy service – client of the assignment). The nature and scope of consultancy services are between the client requesting the evaluation and the internal auditor. It is subject to the contract (memorandum of understanding). Consulting services generally have two parties: (1) The person or group giving advice (internal auditor) and (2) The person or group requesting and receiving advice (client of the assignment). 

While providing consulting services, the internal auditor maintains objectivity. And should not take administrative responsibility (UIDS).”

Those who request advice (consultancy service) in institutions: the board of directors, senior management, or managers.

Internal Evaluation

It is part of the quality assurance work. It includes continuous review of internal audit performance and periodic reviews conducted through self-assessment or by individuals familiar with internal audit practices and IAS within the organization.

External Evaluation

Internal audit activities: These refer to the studies that must be carried out at least once every five years by a team of qualified and independent external evaluation experts to be determined from outside the Company to assess its compliance with the UIDS and ethical rules, the level of use of successful application examples, and its effectiveness and efficiency.


It is a series of interconnected steps and processes that start with an input (such as manpower, machinery, material, or technology) and produce a specific output by adding value to this input. An activity that uses resources and is managed to transform information into results.

Management Activities

It covers audit management processes such as preparing internal audit plans and programs, coordinating audit activities, reviewing audit reports, internal evaluation studies, and all correspondence within the administration.

What are the internal audit processes?

Internal control: It consists of planning, execution, reporting, and monitoring processes.

  1. Planning: It consists of the stages of defining the audit universe, determining the audit areas, defining risk criteria and rating the risks, prioritizing the audit areas, allocating audit resources, and preparing and approving the plan.
  2. Execution: It is the process from forming the internal audit team to creating the audit opinion. 

It consists of the following sub-processes.

  • Establishing the Audit Team and Determining the Audit Supervision Officer
  • Assignment
  • Notification to the Audited Unit
  • Preliminary study
  • Creating an Audit Task Duration Plan
  • Determining the Audit Purpose
  • Opening Meeting
  • Risk assessment
  • Evaluation of Internal Controls
  • Completing the Risk Control Matrix
  • Preparation and Approval of the Work Plan (Task Plan)
  • Determination of Audit Tests
  • Application of Audit Tests – fieldwork –
  • Creating and Sharing Audit Findings
  • Holding a Closing Meeting
  • Evaluation of Findings
  • Deciding on the Findings to be Included in the Audit Report
  • Forming an Audit Opinion
  • Reporting

According to UIDS 2400, reporting of audit results is mandatory. However, the form and content of this report vary depending on the nature of the task.

The essential elements that should be included in the audit report are:

  • The purpose of the audit
  • The scope of the audit
  • Inspection method
  • Determinations (current situation)
  • Applicable recommendations
  • Action plan
  • A significant level of the finding
  • Good practices and successful performance


  • Monitoring

The ability of internal audit to add value to the Company’s activities depends on implementing the recommendations in the audit reports. For this reason, it is necessary to monitor the realization of the action plans presented by the units as a result of the audit activities according to the implementation schedule. This issue is clearly stated in the following international internal audit standards.

“UIDS 2500 – Monitoring Progress: The Internal Audit Manager must establish and implement a system to monitor the outcome of the results reported to management.

”2500. A1 – The Internal Audit Manager must establish a follow-up process to ensure that the measures taken by the management are effectively implemented or that the senior management accepts the risk of not taking the necessary steps and monitoring the developments.



  • IPPF (International Professional Practice Framework) – Standards, Practice Recommendations, Practice Guides)
  • Public Internal Audit Guide (Public Internal Audit Coordination Board Ankara September 2013)
  • İSMMMO-Practical Information for Internal Audit in SMEs 2013
  • Teolupus Internal Audit Guide Studies

Bu gönderi şu adreste de mevcuttur: Türkçe