Beruflich Dokumente
Kultur Dokumente
internal audit
The audit committee guide series
Effective audit
committees are critical
to the quality of financial
reporting and the proper
conduct of business. This
guide is one of a series
that is meant to help audit
committees meet their
oversight and fiduciary
responsibilities.
Trent Gazzaway, National Managing Partner
of Audit Services
Contents
2 Audit committee responsibility
4 Internal audit tests
6 Internal audit role for ERM
7 Audit committee responsibility
for ERM
8 Oversight and reporting
9 Grant Thorntons internal
audit services
12 Suggested reading
13 Offices of Grant Thornton LLP
The audit committee guide series has been adapted from The Audit Committee
Handbook, Fifth Edition, published by John Wiley & Sons and available for
purchase at www.GrantThornton.com/ACHandbook and through major
online booksellers and bookstores nationwide.
Although less clearly mandated than external audit supervision, the audit
committee does have responsibility for overseeing the planning, execution and
reporting process of the internal audit function.
Internal auditors work the middle ground between management, the audit
committee and the external auditor, maintaining objectivity in their review
of operations and of risk management, control, and governance processes.
According to the New York Stock Exchanges (NYSE) rules: Listed companies
must maintain an internal audit function to provide management and the audit
committee with ongoing assessments of the companys risk management processes
and system of internal control. A company may choose to outsource this function
to a third party service provider other than its independent auditor.1
See IIA, Audit Committee Briefing Internal Audit Standards: Why They Matter, 4. Available at www.theiia.org/
download.cfm?file=83632.
Internal audit plans typically cover financial reporting, operational efficiency and
compliance with laws, regulations and corporate policies. As business accelerates
and becomes more complex, internal auditors must be better able to identify and
address potential problems expeditiously. Regardless of the type of audit being
performed, good analytical tools, risk assessment methodologies, training and
planning are important to the internal audit function.
Financial reporting audits
Financial reporting audits test the efficacy of internal control over financial
reporting (ICFR). Internal auditors develop a testing plan in much the same
way external auditors do, by:3
assessing and prioritizing risks to financial reporting objectives;
understanding how the internal control systems address those risks,
and identifying key controls;
determining what information is necessary to conclude on the effectiveness
of those controls; and
designing and executing appropriate tests.
The audit committee (or management) may also request of internal auditors:
interim financial audits, distributed internally, for improving the reliability
of information used for decision making, and for identifying potentially
material problems early;
verification of digital tagging of financial statement items found in reports using
Extensible Business Reporting Language (XBRL); and
special assignments, such as improving internal control in a given area or
implementing a fraud prevention program.
3
See COSO, Guidance on Monitoring Internal Control Systems (2009), par. 42-53.
Operational audits
Operational audits evaluate and improve the efficiency and effectiveness of certain
functions, and often result in recommendations to management for operational
improvements.
Internal auditors may be asked to evaluate the performance of individual
managers, and may also be tasked with developing process improvements or
implementing fraud prevention measures.
The planning process for operational audits is similar to that of financial audits,
and involves:
assessing risks to operational objectives;
understanding how the organizations controls manage or mitigate the risks; and
assessing the effectiveness of those controls.
Compliance audits
4
5
Companies today face the pressure of doing more with fewer resources. Every
business function, including internal audit, is expected to bring value to the
organization. Whether its by reducing overall compliance costs or identifying
cost containment opportunities by process improvement initiatives, management
will look to internal audit to do their share. Grant Thornton understands these
demands. We can help you not only to create and implement internal controls that
safeguard your business assets, but also to increase the efficiency, effectiveness and
overall performance of the internal audit function.
Our internal audit professionals work with you to assess your corporate
level risk, identify the areas of greatest risk, and develop appropriate work plans
and audit programs to mitigate those risks. We help you assess your control
environment and establish your ongoing compliance plan, complementing your
existing independent audit relationships and enhancing the overall quality of your
corporate governance.
Grant Thorntons internal audit services include:
Full outsourcing of internal audit
Co-sourcing with the existing internal audit function
Internal audit transformation
Information technology auditing
Process mapping and process reviews
Internal controls documentation and testing
Operational audits
Quality assurance reviews
Bailey Jordan
Timely updates
Tailored to management, boards and audit committees of mid-cap public companies, these updates
help you stay abreast of issues that affect the marketplace and your business.
Boardroom awareness: Service organization reports in transition
to new U.S. and international standards
In this issue of CorporateGovernor newsletter, Grant Thornton advisory
professionals discuss the new service organization reporting standards that are
set to replace Statement on Auditing Standards No. 70 (SAS 70) by mid-2011.
Information overload: How to make data analytics work for the internal
audit function
Learn how your internal audit department can effectively use data analytics to
add value to your organization.
Suggested reading
National Office
175 West Jackson Boulevard
Chicago, IL 60604
312.856.0200
National Tax Office
1900 M Street, NW, Suite 300
Washington, DC 20036
202.296.7800
Arizona
Phoenix
California
Irvine
Los Angeles
Sacramento
San Diego
San Francisco
San Jose
Woodland Hills
Colorado
Denver
602.474.3400
949.553.1600
213.627.1717
916.449.3991
858.704.8000
415.986.3900
408.275.9000
818.936.5100
Kansas
Wichita
316.265.3231
Maryland
Baltimore
410.685.4000
Massachusetts
Boston
617.723.7900
954.768.9900
305.341.8040
407.481.5100
813.229.7201
Georgia
Atlanta
404.330.2000
Illinois
Chicago
312.856.0200
Oakbrook Terrace 630.873.2500
405.218.2800
918.877.0800
Oregon
Portland
503.222.3562
Pennsylvania
Philadelphia
215.561.4200
Michigan
Detroit
248.262.1950
Minnesota
Minneapolis
South Carolina
Columbia
803.231.3100
612.332.0001
Texas
Austin
Dallas
Houston
San Antonio
512.391.6821
214.561.2300
832.476.3600
210.881.1800
Utah
Salt Lake City
801.415.1000
Virginia
Alexandria
McLean
703.837.4400
703.847.7500
Washington
Seattle
206.623.1121
Missouri
Kansas City
St. Louis
816.412.2400
314.735.2200
Nevada
Reno
775.786.1520
New Jersey
Edison
732.516.5500
New York
Long Island
Downtown
Midtown
631.249.6001
212.422.1000
212.599.0100
303.813.4000
Florida
Fort Lauderdale
Miami
Orlando
Tampa
Oklahoma
Oklahoma City
Tulsa
North Carolina
Charlotte
704.632.3500
Greensboro
336.271.3900
Raleigh
919.881.2700
Ohio
Cincinnati
Cleveland
Washington, D.C.
Washington, D.C. 202.296.7800
Wisconsin
Appleton
Milwaukee
920.968.6700
414.289.8200
513.762.5000
216.771.1400