(270) 506-5140 CONTACT US
Best Practices

8 Items You Should Be Reviewing During Your Internal Audit

Sep 18, 2018 by Branan Cooper

I often think of an internal audit as a helpful check-up – it's a great time to find areas that may be problematic before they become a big problem. Having had some very favorable internal audits and a couple of very bad ones, I’ve experienced a lot of different scenarios.

An internal audit of third party risk management is very important. I've seen organizations where the audit schedule does not include a review of third party risk management and I believe that’s an unfortunate oversight. While there’s certainly the need to focus on large operational areas and compliance with various laws and consumer protection regulations, there’s also a need to put some attention on third party risk management.

Why Do You Need to Perform an Internal Audit?

Undergoing an internal audit sounds like extra work. Here are a couple reasons why you need to do it though:

  • Third party risk management and cybersecurity are getting a lot of attention, putting even more focus on these areas during exams.
  • There’s an obligation to protect the organization and your customers and an audit is an opportunity to identify issues proactively.

8 Keys to Success During an Internal Audit

Here are 8 keys to help you with an internal audit:

  1. Make sure you understand the scope and purpose of the internal audit. If there are items you’re unsure of, be sure to clarify things prior to the opening meeting.

  2. Make sure prior audit recommendations and findings have been addressed. It can be very painful if you discover repeat issues.

  3. Communicate frequently with the audit team. Encourage the same open-door policy with members of your team in order to stay informed and abreast of any issues.

  4. Clarify any misunderstandings or areas where items may be open to interpretation. Sometimes auditors are looking for a strict interpretation.

  5. Be prompt and courteous. It can be a very difficult balance to manage running your daily business along with an ongoing audit but do your absolute best to treat the auditors as you want to be treated and set realistic expectations around response times.

  6. Be responsive to questions and issues as they arise.

  7. Insist on regular meetings and updates. It shouldn’t be just opening and closing meetings, but instead interim updates on a regular basis throughout.

  8. Finally, remember you're all on the same team and have the same goals in mind such as following the policy and guidance, protecting and improving the organization and its processes and delivering compliant products and services to your customers.

Audits, like an annual medical check-up, can be scary, but they are very necessary and can ultimately help address small issues before they become big problems.

If you do the above well, you’re putting your best foot forward come audit time. To help you through the process, download our helpful checklist now.

Regulatory Developments Impact Your Next Vendor Management Exam eBook

Branan Cooper

Written by Branan Cooper

Branan Cooper is the Chief Risk Officer at Venminder. Branan has nearly 30 years of experience in the financial services industry with a focus on the management of operational and regulatory processes and controls—most notably in the area of third party risk and operational compliance. Branan leads the Venminder delivery team as the third party risk management subject matter expert in residence. Branan also serves as an industry thought leader. He's a member of InfraGard and the Professional Risk Management Industry Association (PRMIA). And, he was selected in 2018 as an advisor to the Center for Financial Professionals (CEFPro) and board member for the Global Sourcing Resource Network (GSRN).

Follow Branan Cooper

Subscribe to the Venminder Blog