Russell Bedford International
Home Features & Analysis Outsourcing internal auditing – the benefits

Feed Display

Social Media

Forum of Firms

Features & Analysis

Outsourcing internal auditing – the benefits

By necessity internal auditing has to be independent and objective to achieve its goal of making your business more efficient.
Pablo Moyal, Montevideo, Uruguay


The role of the internal auditor

Your internal auditor must take a systematic and risk-based approach to evaluation to:

  • meet your strategic business goals
  • ensure the integrity of financial and operational information
  • protect your assets
  • comply with local laws and regulations
  • assess any risk of fraud.

The case for outsourcing

While there is a clear need for internal audit, you need to decide whether to create your own internal audit function or use the services of an external consultancy.

For the typical small and medium-sized enterprise there are clear benefits to outsourcing.

  • You can focus your attention on your core business activities – the activities that make you money.
  • You will find it easier to buy in the services of an expert than it is to recruit and employ an expert.
  • Specialist consultancy firms can give you the range of skills that you won’t find in one person. For example, you may not only need an accountant but also an information technology or human resources expert.
  • When you employ a specialist you create a reliance on that person. When that person leaves, you suffer disruption to your business while you try to replace that expertise. This is not an issue when you outsource as each consultant works to a common process.
  • Employing someone with the experience and qualifications to perform an internal audit role is expensive. If you try to recruit cheaply you will get someone who is poorly qualified; this may cost you in the future. There is a clear cost-benefit argument for outsourcing.
  • When you outsource you ensure independence and objectivity.
  • You can monitor easily your relationship with your consultant through confidentiality and service-level agreements.

Development of standards

Standard-setting has developed at a pace in recent years and will no doubt continue to do so in the future.

The Institute of Internal Auditors (IIA) – the international professional body – laid down the first standards in 1978. These were reviewed and updated in 1998. In doing so, the IIA redefined the role of an internal auditor, introduced a code of ethics, created international standards and incorporated earlier guidelines.

You can expect the internal audit arena to continue to develop and evolve in the future. This strengthens further the case for outsourcing as you can be confident you are using up-to-date expertise.


Financial scandals such as Enron increased the need for robust regulation. One of the most important developments was the Sarbanes-Oxley Act, the requirements of which all companies listed on the US stock exchange have to meet.

This US law was designed to protect stakeholders in listed companies by improving the accuracy of corporate disclosures and deterring corporate and accounting fraud.

Among other things, the Act introduced the idea of the audit committee to oversee corporate financial reporting, established mandatory registration of auditors of listed companies, defined conflicts of interest, prohibited external auditors from providing certain services, and introduced a system of periodic rotation of auditors.

The Act also imposed on management the legal responsibility for the content of the financial report and for maintaining a system of controls to discourage fraud.

Although Sarbanes-Oxley only applies to companies listed on the US stock exchange, many companies are adopting its requirements in the spirit of good governance. Several countries around the world have developed legislation that has its roots in Sarbanes-Oxley.

Information technology (IT) risk

In recent decades, business reliance on IT has increased out of all proportion. It is essential that your corporate governance addresses and manages your IT risk, and there are steps you can take to do this.

  • Review your IT service level agreement and check that it meets the needs of your business.
  • Ensure your IT operates in a secure area, is reliable, and confidentiality and integrity are not compromised.
  • Make sure you provide adequate training and support to users.
  • React to issues and solve them as they arise.
  • Review your business continuity and other contingency plans to ensure they are robust and up to date.

The IIA’s international standards contain specific guidance on evaluating IT risk and provide a methodical approach to doing so.

In summary, outsourcing your internal audit provides you with a highly specialised, systematic approach to a task that carries the utmost importance to the success of your business. For the small and medium-sized enterprise there is also a clear cost-benefit advantage to outsourcing.




The views expressed in the articles in this website are those of the authors and do not necessarily reflect the opinions or policies of Russell Bedford International or its member firms. The information contained in this website is provided for general purposes only and does not constitute professional accounting, tax, business or legal advice. It may not be applicable to specific circumstances. Laws and regulations change rapidly, so information contained herein may not be complete or up-to-date. Please contact your professional adviser before taking any any action based on this information.