Skip to Content
three business men analyzing documents
Article

Optimize your internal audit function with a quality assurance review

July 31, 2023 / 4 min read

A quality assurance review of your internal control environment helps your organization align with IIA standards — and improve the productivity, expertise, and effectiveness of your internal audit function. Here’s how to add the most value to the process.

As a chief audit executive, you evaluate company performance and manage risk on a daily basis. Running an effective internal audit department relies on maintaining an independent, objective assurance and consulting function for your organization. A quality assurance review can help you be sure your internal audit activities drive real value for your organization.

IIA standards: What they mean for your internal audit function

Leading organizations put their internal audit function to the test by aligning audit activities with standards issued by the Institute of Internal Auditors (IIA), the International Standards for the Professional Practice of Internal Auditing . The standards are mandatory for organizations that claim to operate in conformance with IIA requirements. These principle-based standards, organized by 10 categories, provide a framework and means to measure how well departmental performance aligns with the practice of internal audits.

The Quality Assurance and Improvement Program (QAIP)

Of all of these categories, the Quality Assurance and Improvement Program (QAIP) is a key area of focus when performing a quality assurance review (QAR). The QAIP measures alignment with the categories above and allows internal audit departments to elicit valuable, constructive feedback through both internal and external assessments.

Internal assessments leverage the expertise of internal audit staff to perform a self-assessment of internal audit department activities. They also serve as a prudent — and typically very insightful — preparatory exercise for an independent, external assessment. Performing an initial self-assessment helps your internal audit department establish benchmarks and metrics that align with and meet the requirements of the standards.

External assessments, conducted by an independent peer internal auditor or a service provider, deliver value in several ways. First, external assessments provide an independent assessment on the degree of alignment and conformance with the standards. External assessments also offer a fresh-eyed view of the internal audit department itself. Independent external partners should bring a fresh perspective, innovative thinking, knowledge of industry trends and developments, as well as informative knowledge of cutting-edge internal audit practices and tools, such as data analytics and new visualization tools. This perspective can create value-added opportunities well beyond the standards, such as enhancements to your internal audit department’s productivity, self-worth, and overall efficacy.

Your internal audit department should obtain an independent external assessment at least every five years to maintain conformance with the standards — and to meet the expectations of your audit committee. Additionally, if your organization isn’t properly segregating duties, now’s the time to assess. Not only can segregation of duties help prevent fraud, it can help bridge the gap between the internal audit and other critical business functions, thereby contributing to a stronger, opportunity-rich risk management strategy for your organization.


Healthy business risk starts with proper segregation of duties.    

How to ensure an effective quality assurance review

An effective QAR demands several coordinated, well-executed activities. Here’s how you can best support the process.

Planning and coordination:

Assessment execution:

The assessment should typically take place at the central point of internal audit operations, and fieldwork should happen over the course of one to two weeks, based on management scheduling needs. Your independent QAR provider will want to interview key stakeholders and primary beneficiaries of internal audit, such as senior management, accounting leadership, and operational department heads.

Ensure that these key stakeholders understand the value proposition of the assessment and that candid and constructive feedback will benefit the internal audit function.

Collaborative feedback and next steps:

Your quality assurance review provider should deliver a QAR report, which includes an overall assessment of your organization’s conformity with the IIA’s Standards and Code of Ethics under the International Professional Practices Framework.

The report should also provide recommendations and observations of opportunities for internal audit improvement.

Share this report with your audit committee, along with an established action plan to address any identified improvement opportunities. Feedback should be summarized by internal audit leadership and shared with the department — with expectations for improvement action as a component of the QAIP.

A quality assurance review of your internal audit environment helps you optimize your operations with specific, actionable feedback on your internal audit personnel, processes, and technology.

Think of the independent QAR as a valuable tool to not only to meet IIA standards but also to improve the proficiency, expertise, and organizational knowledge of your internal audit function. Put simply, a QAR helps you to optimize the value your internal audit department brings to your organization and its stakeholders.

Related Thinking

Close up of a business professional's face as they read on their laptop about how to prepare their organization for AI.
August 20, 2024

Preparing your organization for AI: Opportunities, risks, and necessary governance

Webinar 1 hour watch
Two business professionals in casual clothing using a handheld tablet device together while standing.
June 18, 2024

Cybersecurity essentials for franchises: Prevent, respond, comply

Article 7 min read
Person holding telescope
May 28, 2024

How to spot a fraudster: Red flags that suggest occupational fraud

Article 4 min read