The Institute of Internal Auditors has put into place a set of norms that auditors must follow when reviewing companies' financial reports and policies. These principles also enable auditors to ensure that a firm's internal controls are adequate and effective. Controls are directives that top leadership sets to prevent losses in operating activities.

Managing the Internal Auditing Activity

A company's chief auditor must administer the internal audit function to ensure that it adds value to the organization. In other words, the audit department head must make sure audit results meet goals included in the internal audit charter.


Planning activities require that auditors possess analytical dexterity and the ability to efficiently perform multiple tasks. Consequently, auditors-in-charge must ensure that planning procedures are in line with corporate decision-making processes.

Communication and Approval

An audit chief must communicate to corporate leadership auditing plans and resource requirements for an upcoming period, such as a fiscal year. Senior management and the board of directors must then approve the annual audit plan.

Resource Management

Resource management requires effective communication skills and complex problem-solving ability. The auditor-in-charge must ensure that audit resources are appropriate, sufficient and available to achieve the approved plan.

Policies and Procedures

Companies must ensure that the policies and procedures applicable to internal audits are in line with industry practices and regulatory guidelines. These standards include rules that the U.S. Public Company Accounting Oversight Board and Securities and Exchange Commission promulgate on a regular basis.


Coordination is a key auditing principle as it reduces duplication of efforts. By sharing important audit findings with external auditors and regulators, internal reviewers ensure that companies focus on high-risk areas. In auditing terminology, risk rating depends on loss expectation.

Reporting to Senior Management and the Board

A company's audit department head must periodically inform top leadership and the board about important developments in corporate operations. The reporting frequency is usually quarterly but may be shorter based on circumstances. Internal audit reports may cover significant risk exposures, such as fraud risks and governance issues.

Nature of the Work

Auditing attempts to prevent operating losses that may result from dysfunctional corporate systems and ineffective controls. To perform tasks satisfactorily, auditors apply regulatory guidelines, such as generally accepted auditing standards.


Auditing procedures help companies evaluate their decision-making mechanisms and establish effective procedures for long-term growth. Governance-related policies include the promotion of appropriate ethics and values within a company, the training and coaching of subordinates, and the communication of risk and control information to appropriate segments of the company.

Risk Management

Risk management principles allow auditors to pore over a company's operating data and determine factors that may derail corporate progress. These principles are important because they help top leadership make well-informed decisions and provide corrective measures for high-risk activities.