Internal auditing is an independent, objective assurance and consulting activity designed to add value to and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. Internal auditing achieves this by providing insight and recommendations based on analyses and assessments of data and business processes.


Internal audits are a key management control activity that ensures the internal business processes are consistent. An internal audit is a form of audit process that occurs within the organisation to assess the conformity of internal processes and systems.

Internal auditors typically issue reports at the end of each audit that summarize their findings, recommendations, and any responses or action plans from management. An audit report may have an executive summary—a body that includes the specific issues or findings identified and related recommendations or action plans, and appendix information such as detailed graphs and charts or process information. Each audit finding within the body of the report may contain five elements, sometimes called the "5 C's"

  • Condition: What is the particular problem identified?
  • Criteria: What is the standard that was not met? The standard may be a company policy or other benchmark.
  • Cause: Why did the problem occur?
  • Consequence: What is the risk/negative outcome (or opportunity foregone) because of the finding?
  • Corrective action: What should management do about the finding? What have they agreed to do and by when?