top of page

Why Internal Audit is an Essential Function

1. Why it is essential;

Today, the Internal Audit Units (Departments or Divisions) of organisations or companies are called upon to perform a mission that is nothing short of miraculous. On one hand they are understaffed for cost reduction purposes, on the other hand their Managements expect them to uncover weaknesses in the way their company operates, as well as any shortcomings and errors within the hundreds of processes and millions of transactions carried out in the work - business activities. It is also not uncommon for Internal Audit to be expected to perform "police" functions and to investigate or attempt to uncover things and events that are within the scope of the criminal code! One realises that the Internal Audit can very easily fail in its task if it is not clear what its role is. Furthermore, it can fail if it is not "equipped" with technological tools that allow it to do more work, in less time and with less staff.

At the same time all types of risks are increased. The chances of errors or omissions are greater than ever before because processes and systems have become very complex, due to developments in applications for customer and general public transactions, markets and the interconnections between organisations, businesses, banks, customers and suppliers. But also because every organisation is now wide open to its greater environment.

Transactions with the public in the form of e-citizen, e-taxpayer, e-business, e-shops, e-procurement, e-billing, e-banking, outsourcing, etc. are now commonplace for almost all businesses and the public sector. Particularly during the Covid-19 pandemic, the bet of Governments was and is to automate transactions with Citizens and perform almost all actions "remotely" rather than in the premises of Public Services and Organizations.

The need to upgrade the tools to support controls is urgent. All these issues, and especially the risks that they present, are far from easy to be successfully handled by 1-2 "brains" (internal auditors), based on excel tools.

2. Internal audit in Central Government

Internal audit is a cornerstone of good public sector governance. It ensures impartial treatment of citizen interfaces and objective assessment of whether public resources are managed responsibly and effectively. To achieve the intended results, auditors help public sector organisations achieve accountability and integrity, improve operations and encourage trust between citizens and public officers.

The role of the public sector auditor supports three principles, Supervision, Review and Prudence.

  • Supervision examines whether public sector entities are doing what they are supposed to do according to the law and serves to identify and prevent public corruption.

  • Review assists decision-makers by providing an independent assessment of the public sector on programs, policies, operations and results.

  • Prudence identifies potential trends and emerging challenges.

Auditors use tools such as financial audits, performance audits, investigations, and consulting services to fulfill each of these roles.

Specific areas of interest for the Internal Audit of a public service may include the following:

  • Digital Services

  • Licences - Grant of Royalties

  • Infrastructure Management

  • Innovation

  • Open Government

  • Policies for the Environment and Sustainable Development

  • Public Procurement

  • Regulatory policy

  • Climate Change - contingency plan

3. How an IT system can help

It is not without thought that we named our ERM system RIBIA - Risk Based Internal Audit. This is because we wanted to add a special dimension to the internal audit processes, i.e. the dimension of the audit based on the identification, measurement, weighting of potential risks and, further, the formulation of the audit work according to the findings and the prioritization of potential risks.

This is an entirely innovative view, compared to traditional audit work approaches.


  1. Helps cover a larger part of audit work with the support of an information system, in a way and at times that human effort cannot achieve. It significantly increases auditor productivity.

  2. Correlates control techniques (computerised or conventional) with potential operational risks so as to more easily and quickly identify the areas of highest risk. Risk = Amount of damage OR the likelihood of it occurring. Scores and weighs the findings. Enables objective prioritisation of audit work.

  3. Presents plans with great precision for the areas where significant audit work needs to be performed by internal audit staff. The valuable "few" audit officers do not waste their time in low risk areas.

  4. Documents reliably the whole process. It integrates the whole organization into the logic of "risk management". Eliminates the element of subjectivity in the auditors' judgement.

  5. It never forgets! Each audit finding is tracked as a "ticket", i.e. it is not eliminated or deleted from the RIBIA system, unless when the finding has been resolved, the risk has been prevented and the audit reaches positive conclusions.


bottom of page