Dear Friend, Internal audit organizations have been so consumed by SarbanesOxley [sic] that other priorities are falling by the wayside. Simply put, the legislation is diverting internal audit resources from risk-based auditing, creating the potential for dire consequences. That’s because a failure to address key strategic, operational and compliance risk areas in an internal audit program undermines the effectiveness of internal audit, diminishes its strategic value to key stakeholders, and exposes the enterprise to greater operational and financial risks in the future.”nternal processes are the activities that are defined from User to User and from Process to process. Any process that seems mundane like storing of records or production or maintenance falls under your Internal Control. Internal Audit is performed to check that all your "Internal Processes and Controls" are functioning properly and that there aren't any loopholes in the system.