The two major categories of services that the internal audit function undertakes are:

Assurance Services: These services involve an objective examination of evidence to provide an independent assessment on risk management, control, and governance processes. Examples include financial performance audits, compliance audits, and systems security reviews. The primary goal is to give assurance that the company’s processes are effective and aligned with its objectives.

Consulting Services: These are advisory and related services, the nature and scope of which are agreed upon with management, and are designed to improve the organization’s operations. Consulting services may include counsel, advice, facilitation, and training, aimed at enhancing risk management and control without assuming management’s responsibilities.

(5 marks)

ii)
The scope of the internal audit function typically includes the following areas:

Risk Management: Evaluating whether the organization’s risk management processes are adequate and functioning as intended, ensuring that risks are appropriately identified and managed.
Governance Processes: Ensuring that interactions with governance bodies are effective and that the organization complies with applicable laws, regulations, and internal policies.
Accuracy of Financial and Operational Information: Verifying that financial and operational data is accurate, reliable, and timely.
Resource Management: Assessing whether the organization’s resources are acquired and used economically, efficiently, and are adequately protected from misuse or loss.
Achievement of Objectives: Reviewing whether programs, plans, and objectives are achieved, and fostering continuous improvement in operations.
(5 marks)