Free internal auditor job description templates with duties, salary, FLSA, and a hire-vs-outsource guide. Staff, senior, manager, and financial versions.
6 templates, plus a hire-vs-outsource guide. Download as DOCX.
An internal auditor evaluates a company's internal controls, risk, and governance from the inside, running the full audit cycle and recommending improvements. It is an important role, but it is also a specific one: internal audit is usually a governance-driven hire at regulated, public, or mid-market companies, not an early hire at a small business. The most useful thing a job description page can do is help you write a strong posting and tell you honestly whether you should be hiring at all.
At FirstHR, we build practical hiring templates, and this page does both. Below are six internal auditor templates by level and focus, each with the FLSA classification and an independence note built in, plus a hire-vs-outsource guide for the many companies that need controls help but not a full-time auditor. Fill in the brackets and post, and the guide to writing a job description covers the fundamentals.
TL;DR
Six free internal auditor job description templates: Standard, Staff/Junior, Senior, Audit Manager, Financial, and Small/Regulated Business. The honest part most templates skip: internal audit is a governance-driven hire, so many smaller companies should outsource or co-source instead. Internal auditors are exempt and report independently to the audit committee or board. Pay anchor: $81,680 median for accountants and auditors (BLS, May 2024).
What Is an Internal Auditor?
An internal auditor is employed by the organization they audit and works to evaluate and improve its internal controls, risk management, and governance. They run the audit cycle, planning, fieldwork, control testing, reporting, and remediation tracking, across financial, operational, compliance, and sometimes IT areas. Internal auditors map to accountants and auditors (SOC 13-2011), the broader occupation that covers in-house audit roles.
The key thing for an employer writing this posting is that internal audit is a governance-driven function: it exists because a regulator, board, or investor requires controls assurance, which is why it is concentrated in larger and regulated organizations. The six templates split by level and focus, and the next section helps you decide whether to hire at all.
Should You Hire an Internal Auditor or Outsource?
This is the question most template pages skip, and it is the most important one for a smaller company. A dedicated internal auditor is a real cost, and for many businesses the same need is better met by outsourcing, co-sourcing, or an adjacent finance role. Use these signals to decide.
You have a regulatory or board mandate
A regulator, audit committee, lender, or investor requires an in-house internal audit function or ongoing controls testing.
Lean hire
You are public or approaching a transaction
You are an SEC filer, preparing for an IPO or sale, or are PE-backed with governance requirements that demand internal controls.
Lean hire
Audit work is occasional or project-based
You need a one-time controls review, a single compliance audit, or seasonal support rather than year-round audit work.
Outsource / co-source
You are a small company without a mandate
You are a 5 to 50 person business with no regulator, board, or investor requiring internal audit. A bookkeeper, controller, or fractional CFO usually covers the real need.
Outsource / co-source
The Honest Default for Small Companies
If no regulator, lender, audit committee, board, or investor is requiring in-house internal audit, a company in the 5 to 50 employee range usually does not need a full-time auditor. A controller, a fractional CFO, or an outside CPA engagement typically covers the real need at lower cost. Use the templates below if you are in the minority that genuinely needs the hire, usually a regulated or transaction-driven business.
Internal Auditor Duties and Responsibilities
Internal auditor duties center on the audit cycle, controls and compliance, reporting and follow-up, and risk and improvement. The emphasis shifts by level and focus, more leadership at the manager level, more financial-reporting depth in a financial auditor role, but these four areas hold across the function. These are the duties grouped the way the templates use them.
Audit cycle
Plan audits and assess risk
Perform fieldwork and test controls
Document workpapers and evidence
Controls and compliance
Evaluate internal control design
Test SOX/COSO controls where applicable
Check compliance with policy and regulation
Reporting and follow-up
Report findings and recommendations
Track remediation to closure
Support external auditors and regulators
Risk and improvement
Identify operational and financial risk
Recommend control improvements
Help detect fraud and inefficiency
A strong posting grounds these in your specifics: your industry, your regulatory drivers, the frameworks you follow, and the systems the auditor will review. For a structured way to scope any role before posting, the guide to defining job responsibilities walks through the process.
Which Template Should You Use?
Pick the template by level and focus. The audit core runs through all six, but the seniority and scope differ enough that the matched version reads more credibly. Use this guide to choose.
Standard Internal Auditor
The core template
The universal baseline: full audit cycle, control testing, risk assessment, and reporting. Start here for most internal audit hires.
Staff / Junior
Entry-level, learning the cycle
For an entry-level auditor supporting fieldwork and documentation under senior guidance, while learning the full audit cycle.
Senior Internal Auditor
Leads audits, mentors staff
For an experienced auditor who leads audits end to end, reviews staff work, presents findings, and mentors junior auditors.
Internal Audit Manager
Owns the audit function
For the leader who builds the annual audit plan, manages the team, and reports to leadership and the audit committee.
Financial Internal Auditor
Financial reporting and controls
For a focus on financial reporting integrity: testing financial controls, reviewing reconciliations, and ICFR or SOX work.
Small / Regulated Business
Hands-on, builds structure
For a regulated or investor-backed smaller company that genuinely needs the hire: a broad role that builds controls from scratch.
Match the Template to the Role
Entry-level fieldwork: Staff. Leading audits: Senior. Owning the function: Manager. Financial-reporting focus: Financial. A regulated smaller company's first hire: Small / Regulated Business. Start from the closest level. Every version is exempt and should report independently to the audit committee, board, or owner.
6 Free Internal Auditor Job Description Templates
Download all six as a single Word document or copy individual templates. Each follows the same structure: company and role summary, key responsibilities, required and preferred qualifications, an independence and reporting note, the exempt classification, pay, and how to apply, with an EEO statement. Fill in the brackets and post.
Download All 6 Job Description Templates
Standard, staff, senior, manager, financial, and small/regulated business. All in one DOCX.
Template 1: Standard Internal Auditor
The universal baseline: full audit cycle, control testing, risk assessment, and reporting. Start here for most internal audit hires.
Internal Auditor Job Description (Standard)
INTERNAL AUDITOR JOB DESCRIPTION
Company: __ ([City, State])
Department: Internal Audit
Reports to: [Audit Committee / CFO / Owner]
Employment type: Full-time
FLSA status: Exempt
Salary range: $_ - $_
ABOUT [COMPANY NAME]
[One or two sentences: what you do, your industry, and why you need
A bachelor's in accounting, finance, or business is the standard baseline, but certifications and demonstrated control knowledge carry real weight in this field. List what is truly required separately from what is preferred.
Type
What to look for
Education
Bachelor's in accounting, finance, or business
Certifications
CIA, CPA, CISA, CFE, or CRMA
Knowledge
Internal controls, audit standards, SOX/COSO
Skills
Excel, audit software, analysis, clear writing
The CIA is the certification designed specifically for internal auditors, while CPA, CISA, CFE, and CRMA add depth in accounting, IT audit, fraud, and risk. Keep the language neutral and job-related, since the EEOC prohibits job advertisements that show a preference based on protected characteristics, and for the credential itself see the IIA's Certified Internal Auditor page. For a fuller framework on structuring the posting, the SHRM guide to writing a job description covers the standard sections.
FLSA: Are Internal Auditors Exempt or Non-Exempt?
Internal auditors are almost always exempt from overtime, generally on the strength of their professional or administrative duties. Exempt status still depends on actual duties and salary rather than the title, so classify by the real role.
Exempt: Learned Professional or Administrative
Internal auditors typically qualify for the learned professional exemption, since accounting is a recognized field of advanced learning, and many also qualify under the administrative exemption, which federal guidance explicitly lists auditing among its covered functional areas. The role must meet the duties test and the $684 per week ($35,568 per year) salary threshold; senior auditors above the higher highly-compensated-employee threshold can qualify on that basis. Review DOL Fact Sheet 17D (professional) and 17C (administrative).
Classify each role on its actual duties and salary. For the underlying rules, the exempt vs non-exempt guide and the Fair Labor Standards Act guide explain the tests. This is general information, not legal advice; confirm with an employment attorney, since some states set a higher salary floor than the federal level.
Internal Auditor Pay
Internal auditor pay rises with seniority, certification, industry, and region. Because internal auditors fall under the broader accountants and auditors occupation, the data anchor comes from there.
Internal Auditor Pay Anchor (BLS)
Accountants and auditors had a median annual wage of $81,680 in May 2024, with the lowest 10 percent under $52,780 and the highest 10 percent over $141,420 (U.S. Bureau of Labor Statistics). Internal-audit-specific pay for senior auditors, managers, and directors runs well above the overall median, with leadership roles commonly reaching six figures.
A CIA or CPA generally correlates with higher pay. Set your range using current market data for the specific level, certification, and region rather than the occupation-wide median, and remember that for an exempt role the salary must also meet the FLSA threshold to keep the exemption valid.
An Honest Note on Outlook
The broader accountants and auditors occupation is projected to grow about 5 percent from 2024 to 2034, faster than average, with roughly 124,200 openings a year and about 1.6 million people employed. Demand for internal audit specifically tends to track regulation and governance requirements rather than general headcount growth.
The Small Business Reality
For a small business, the honest starting point is that you may not need this hire at all, and if you do, two compliance details shape how you structure it. Here is the reality most templates leave out.
Most small businesses should outsource internal audit, not hire one
A dedicated internal auditor is a governance-driven hire, not an early one. The typical finance hiring path at a growing company runs bookkeeper, then controller, then a fractional or full CFO; internal audit usually arrives later, after a company has outgrown the small-business stage, and almost always because a regulator, board, or investor requires it. For most companies in the 5 to 50 employee range, there is no such mandate, and the practical answer is to outsource or co-source audit work to a CPA firm or fractional specialist rather than carry a full-time auditor. So before you post this role, be honest about the trigger: if no regulator, lender, audit committee, or investor is requiring in-house internal audit, you probably need a controller, a fractional CFO, or an outside audit engagement instead. The hire-vs-outsource section on this page lays out the signals. The minority of smaller companies that genuinely need the hire are usually regulated or transaction-driven, and that is who the small-business template is written for.
Internal auditors are exempt, and independence shapes the reporting line
Two compliance points matter when you do make this hire. First, an internal auditor is almost always exempt from overtime. The role usually qualifies under the learned professional exemption, since accounting is a recognized field of advanced learning, and it can also qualify under the administrative exemption, which federal guidance explicitly lists auditing among the functional areas it covers. As long as the role meets the duties test and the salary threshold of $684 per week ($35,568 per year), classify it as exempt; senior auditors earning above the higher highly-compensated-employee threshold can qualify on that basis too. Second, independence is structural: to keep the auditor objective, the role typically reports functionally to the audit committee, board, or owner rather than only to the finance function it reviews, and the auditor should not review work they personally performed. Build that reporting line into the offer and the org chart from day one. This is general information, not legal advice, so confirm classification and governance with counsel.
Once you hire, onboarding sets up independence, access, and documentation
If your company is one that genuinely needs in-house audit, the onboarding should establish the role's independence and access cleanly. Plan the basics before day one: the offer letter stating the exempt classification, salary, and reporting line, the I-9 and tax forms, and signed confidentiality and ethics policies, which matter more than usual for an audit role. Then set up access to the systems, records, and prior audit documentation the auditor needs, and place them in the org chart with the right functional reporting line to protect objectivity. Because even a regulated smaller company often runs HR on the side, a repeatable process keeps it clean. FirstHR fits the people side: e-signature for the offer letter and policy acknowledgments, document management to store signed ethics and confidentiality policies and audit-related records, task workflows and an AI onboarding wizard for the first-week and 90-day plan, and an HRIS with an org chart that reflects the independent reporting line. FirstHR does not run payroll or administer benefits, so pair it with your payroll and benefits providers. Applicant tracking is coming soon to FirstHR.
After You Hire: Onboarding an Internal Auditor
If your company genuinely needs in-house audit, the job description is step one, and onboarding should establish the role's independence and access. Start with the basics before day one: send the offer letter stating the exempt classification, salary, and the reporting line that protects independence, collect the signed offer, complete Form I-9 and tax forms as part of the new hire paperwork, and have the auditor sign confidentiality and ethics policies.
Then set up access to the systems and records the auditor needs and place them in the org chart with the right functional reporting line. The documents follow the usual sequence: the offer letter template for the terms and the onboarding checklist template for the first days, with signed onboarding documents kept in one place.
FirstHR fits the people side of this: e-signature for the offer letter and policy acknowledgments, document management to store signed ethics and confidentiality policies and audit-related records, task workflows and an AI onboarding wizard to build the first-week and 90-day plan, and an HRIS with an org chart that reflects the independent reporting line, all of which help a smaller regulated company handle the hire cleanly. FirstHR does not run payroll or administer benefits, so connect your payroll and benefits providers for those functions. Applicant tracking is coming soon to FirstHR.
Key Takeaways
An internal auditor evaluates internal controls, risk, and governance from inside the company, running the full audit cycle.
It is a governance-driven hire: most small businesses without a regulatory or board mandate should outsource or co-source instead.
The typical small-business finance path is bookkeeper, then controller, then a fractional CFO; internal audit arrives later.
Internal auditors are exempt, usually under the learned professional or administrative exemption, above the $684/week salary threshold.
Independence is structural: the auditor reports functionally to the audit committee, board, or owner, not only to the finance function.
Pay anchor: accountants and auditors had a median of $81,680 in May 2024, with internal-audit leadership roles running higher.
Frequently Asked Questions
What does an internal auditor do?
An internal auditor evaluates and improves an organization's internal controls, risk management, and governance from the inside. Unlike an external auditor, who is independent of the company and focuses on the financial statements, an internal auditor is employed by the organization they audit and looks across financial, operational, compliance, and sometimes IT areas. The core work is the audit cycle: planning audits based on risk, performing fieldwork and testing controls, documenting workpapers and evidence, reporting findings and practical recommendations to leadership, and tracking remediation until issues are resolved. Internal auditors also support external auditors and regulators and help detect fraud, waste, and inefficiency. The scope and seniority vary, from a staff auditor doing fieldwork to an audit manager owning the whole function, which is why the templates on this page split by level. Importantly, internal audit is usually a governance-driven role found at regulated, public, or mid-market companies rather than an early hire at a small business.
Should a small business hire an internal auditor or outsource?
Most small businesses should outsource or co-source rather than hire a full-time internal auditor. A dedicated in-house internal auditor is a governance-driven hire that becomes financially realistic mainly at public companies, regulated institutions, and mid-market firms with audit committees or investor requirements. For a typical company in the 5 to 50 employee range without such a mandate, the real need is usually met by a bookkeeper, a controller, a fractional CFO, or an outside CPA engagement for a specific audit. The honest test is whether something is actually requiring in-house internal audit: a regulator, a lender, an audit committee, a board, or an investor. If yes, especially for a regulated or transaction-driven smaller company, the hire can make sense, and the small-business template here is written for that case. If no, you almost certainly want outsourcing or an adjacent finance role instead, which is both cheaper and a better fit for the actual work. The hire-vs-outsource section on this page lays out the signals in detail.
Are internal auditors exempt or non-exempt under the FLSA?
Internal auditors are almost always exempt from overtime. The primary path is the learned professional exemption, because accounting is a recognized field of advanced learning acquired through specialized study, and courts have affirmed that audit professionals can qualify on that basis. Many internal audit roles also qualify under the administrative exemption, and federal guidance explicitly lists auditing among the functional areas that count as work directly related to general business operations. To be exempt, the role must meet the relevant duties test and be paid on a salary basis of at least $684 per week ($35,568 per year); senior auditors and managers who earn above the higher highly-compensated-employee threshold can also qualify on that basis. Because exempt status depends on actual duties and salary rather than the job title, classify each role on its real responsibilities, and confirm with counsel. This is general information, not legal advice, and some states apply higher salary thresholds than the federal level.
What qualifications and certifications does an internal auditor need?
Most internal auditor roles require a bachelor's degree in accounting, finance, or business, and federal occupational data shows a bachelor's is standard for accountants and auditors. Beyond the degree, certifications carry real weight in this field. The CIA, or Certified Internal Auditor, is the credential designed specifically for the role and is the globally recognized certification for internal auditors. Other valuable certifications include the CPA for accounting depth, the CISA for IT and systems audit, the CFE for fraud examination, and the CRMA for risk-management assurance. For a staff or junior role, a degree plus progress toward a certification is usually enough; for senior and manager roles, a completed CIA or CPA and several years of audit experience are common expectations. Beyond credentials, the skills that matter are analytical thinking, knowledge of internal controls and audit standards, strong Excel and audit-software ability, and clear written communication, since the auditor has to explain findings and recommendations to non-auditors.
What is the difference between an internal auditor and an external auditor?
The core difference is independence and focus. An external auditor works for an outside firm, is independent of the company, and primarily expresses an opinion on whether the financial statements are fairly stated, often to satisfy investors, lenders, or regulators. An internal auditor is employed by the organization they audit and works year-round on a broader mandate: evaluating and improving internal controls, risk management, and governance across financial, operational, compliance, and IT areas, not just the financial statements. External audits are typically annual and statement-focused; internal audit is ongoing and improvement-focused. The two work together, internal auditors often support the external audit, but they answer to different stakeholders. To protect objectivity, internal auditors typically report functionally to the audit committee or board rather than only to the management whose areas they review. For a small business, an external CPA engagement usually covers the occasional need, which is why internal audit is more often an in-house function at larger or regulated organizations.
How much does an internal auditor make?
Internal auditors fall under the broader accountants and auditors occupation, which had a median annual wage of $81,680 in May 2024 according to the Bureau of Labor Statistics, with the lowest 10 percent earning under $52,780 and the highest 10 percent over $141,420. Internal-audit-specific pay tends to rise with seniority and certification: market data for senior auditors, audit and assurance managers, and audit directors runs well above the overall median, with manager and director roles commonly reaching six figures and chief audit executives higher still. Pay also varies by industry, region, company size, and whether the person holds a CIA or CPA, which generally correlates with higher compensation. For a job posting, set your range using current market data for the specific level, certification, and region rather than the single occupation-wide median, and post an honest range, since a growing number of states require one.
Who does an internal auditor report to?
To stay objective, an internal auditor usually has a dual reporting line. Functionally, they report to the audit committee of the board, or to the owner or board at a smaller company, which protects their independence and lets them raise issues without pressure from the people whose areas they audit. Administratively, they often report to the CFO or finance lead for day-to-day matters like resources and logistics. This structure matters because the whole value of internal audit depends on the auditor being free to review any area honestly, including finance itself, so they should not report solely to a function they audit, and they should never audit work they personally performed. At a small or regulated business making its first internal audit hire, build this reporting line into the offer and the org chart from the start. The job description templates on this page include an independence and reporting note you can adapt to your governance structure.
What happens after I hire an internal auditor?
Once you hire, onboarding should set up the role's independence, access, and documentation cleanly. Start with the basics before day one: send the offer letter stating the exempt classification, salary, and the reporting line that protects independence, collect the signed offer, complete Form I-9 and tax forms, and have the auditor sign confidentiality and ethics policies, which matter more than usual for this role. Then set up access to the systems, financial records, and any prior audit documentation they will need, and place them in the org chart with the correct functional reporting line to the audit committee, board, or owner. Because even a regulated smaller company often runs HR on the side, a repeatable process keeps it clean. FirstHR handles that people side, from the e-signed offer letter and stored ethics and confidentiality policies to the onboarding workflow, first-90-days plan, and an HRIS org chart that reflects the independent reporting line. FirstHR does not run payroll or administer benefits, so connect those providers separately. Applicant tracking is coming soon to FirstHR.
