Primary navigation:

QFINANCE Quick Links
QFINANCE Reference

Home > Auditing Checklists > Internal Auditing for Financial Firms

Auditing Checklists

Internal Auditing for Financial Firms


In view of the recent global recession of 2009–10, when investments made by banks and financial institutions proved unsafe and almost triggered a financial meltdown that required strong input and investment by most democratic governments, the need for internationally regulated and well-audited financial institutions is greater than ever. Therefore, financial institutions have started to concentrate on rigorous internal audit processes undertaken by an internal audit team that conducts regular control self-assessments. This is a process in which management and staff analyze their roles and activities, and assess how efficient and effective their internal control procedures are.

Financial institutions should have an internal audit team that has a dual role of assessing whether the risks taken are appropriately managed and of making recommendations to consolidate the institution’s controls. The internal audit team should be independent in its evaluation of the control systems within the organization.

The internal audit team must also assess and report on management’s performance, analyzing and reporting on whether it has performed appropriately, effectively, and efficiently. The internal audit team needs to ensure that the financial institution has complied with all the procedures, standards, and policies imposed by the applicable laws and regulations. This is no mean task as the financial sector is complex and highly regulated.

The nature of the role means that internal auditors will not only gather and provide information, but that they will also help in the assessment and interpretation of that information as it pertains to the overall compliance and security of the organization, including the procedures that are in place to manage and control risk. The actual control of risk will in all probability be in the hands of specific risk managers, but the internal audit team will want to report on the effectiveness of the procedures involved and on executive management’s relationship with the risk managers. One of the problems of the crash was the way in which the concerns of risk managers were sidelined by managements intent on boosting profits without regard, or without sufficient regard, to the risks that were being assumed.

Back to top


  • Internal auditing of financial institutions improves their productivity.

  • It should provide an insight into the performance of an institution and provide constructive criticism on what should be changed and how.

  • It can help to prevent fraud and mismanagement.

Back to top


  • Regulations and laws are increasingly stringent and the cost of compliance is now a significant factor.

  • Trained staff are required and this requires a substantial investment. An internal audit department is a pure “cost” to the company. However, not having a strong internal audit function exposes the company to fraud and to failures of control and compliance that could ultimately cost it everything—as spectacular cases such as Enron demonstrate.

  • Line management can be resentful of the “braking” effect of a rigorous internal audit policy and an active internal audit department, blaming the latter for “undue caution” and for implementing time-consuming control procedures. This is a factor that requires handling by senior management.

  • The internal audit function can only be as effective as it is allowed to be. It requires board-level support to be effective.

Back to top

Action Checklist

  • Study the relevant laws carefully. Compliance with regulations for the internal audit of financial firms is closely monitored.

  • Ensure that the board of directors has reviewed the control systems and capital assessment procedures of the bank or financial institution.

  • Ensure that the internal auditors have examined and evaluated the effectiveness of the internal control systems.

  • See that the internal auditors have assessed the means of safeguarding assets.

  • Review the internal audit analysis of operational efficiency.

  • Ensure that the members of the internal audit team have no connection or conflict of interest with the financial sector they will investigate.

Back to top

Dos and Don'ts


  • Appoint the best possible team of internal auditors, ensuring that they have the capability and authority required to assess the financial state of the firm.

  • Provide board-level support for the function to enable it to gain access to everything it requires to fulfill its role.

  • Comply with all the laws and regulations governing the assessment and operation of financial institutions.

  • Ensure that the integrity of the internal audit function is maintained at all times.


  • Don’t ignore any constructive criticism made by the internal audit team.

  • Don’t cut costs by appointing low-caliber internal auditors—it could turn out to be a very expensive economy.

  • Don’t appoint auditors that have connections with personnel in the departments to be examined by the internal audit function.

Back to top

Further reading


  • Bainbridge, Stephen M. The Complete Guide to Sarbanes–Oxley: Understanding How Sarbanes–Oxley Affects Your Business. Avon, MA: Adams Media, 2007.
  • Pickett, K. H. Spencer. The Essential Handbook of Internal Auditing. Chichester, UK: Wiley, 2005.
  • Regulatory Compliance Associates Inc. Bank Internal Audit: A Working Guide to Regulatory Compliance. Austin, TX: Sheshunoff. Periodic updates via subscription.


  • Cahill, Edward. “Audit committee and internal audit effectiveness in a multinational bank subsidiary: A case study.” Journal of Banking Regulation 7:1 (February 2006): 160–179. Online at:


Back to top

Share this page

  • Facebook
  • Twitter
  • LinkedIn
  • Bookmark and Share