Abstract
According to the Institute of Internal Auditors, Internal Auditing could be defined as "an independent, objective assurance and consulting activity designed to add value and improve an organisation's operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes". Internal auditing, which is therefore a process, usually involves three distinct identities: "the process owner" (who owns the company), "the internal auditor" (the person who is delivering his evaluation), "the user" (who is going to use the evaluation). The goal of an operational auditing is to ensure that financial reporting complies with the accounting principles broadly accepted. Compliance is therefore a key concept in operational auditing. "Audits based on compliance focus on the adequacy and effectiveness of management controls governing adherence to external laws and regulations" (definition of compliance given by COSO, The Committee of Sponsoring Organizations of the Treadway Commission).
