TOPIC 1 : Development of the Profession of Internal

Auditing

Internal auditing is an independent,

objective assurance and consulting
activity designed to add value and
improve an organization's operations. It
helps an organization accomplish its
objectives by bringing a systematic,
disciplined approach to evaluate and
improve the effectiveness
of risk
management, control, & governance
processes.
Internal auditing involves identifying
1) The risks that hinder an organisation from
achieving its goals
2) Making sure the organization management
know about these risks
3) Make recommendations for reducing the
risks

KEYWORDS TO REMEMBER!
Independent

Objective
Assurance

Consulting
Activity

Systematic
and disciplined
approach

Add value

Risk
management

Control

Governance

INDEPENDENCE and OBJECTIVITY

INDEPENDENCE - The freedom from
conditions that threaten objectivity
or the appearance of objectivity. Such
threats
to
objectivity
must
be
managed at the individual auditor,
engagement,
functional
and
organizational levels (i.e. state of
affairs)
OBJECTIVITY An unbiased mental
attitude that allows internal auditors
to perform engagements in such a
manner that they have an honest
belief in their work product and that
no significant quality compromises are
made (i.e. state of mind)
CONSULTING ACTIVITY

Advisory & related client service xtvts,

the nature and scope of which are
agreed w e client, are intended to add
value and improve an organisation's
governance, risk management and
control processes without the internal
auditor
assuming
management
responsibility.
Examples
include
counsel,
advice,
facilitation
and
training.

SYSTEMATIC and DISCIPLINE APPROACH

Adhere to e purpose, authority &
responsibility of the assurance &
consulting activity in a formal internal
audit charter.
ADD VALUE
e assurance & consulting services
provided by e internal auditors allow
improvements in e organizations
operational activities to achieve its
objectives & ensuring effective risk
mgmt system.
e internal audit activity adds value to
e organisation (and its stakeholders)
when it provides objective & relevant
assurance, & contributes to the
effectiveness
&
effeciency
of
governance, risk mgmt & control
processes.
RISK MANAGEMENT
A process to identify, assess, manage
& control potential events or situations
to provide reasonable assurance
regarding
e
achievement
of
e
organisation's objectives.
CONTROL

Any action taken by mgmt, e B.O.D &

other parties to manage risk and
increase e likelihood that established
objectives & goals will be achieved.
Mgmt plans, organises and directs the
performance of sufficient actions to
provide reasonable assurance that
objectives & goals will be achieved.
GOVERNANCE
The combination of processes &
structures implemented by e board to
inform, direct, manage and monitor e
xtvts of the organisation toward the
achievement of its objectives.

TYPES OF INTERNAL AUDIT

Financial Audit
Operational Audit
Management Audit
Compliance Audit
Information System/Information

Technology Audit
Fraud/Forensic Audit
Ethical business practices audit.

INTERNAL AUDITING VS EXTERNAL

AUDITING

Reporti
ng
respon
sibility
Status

1) FINANCIAL AUDIT

A financial audit is an independent,

objective
evaluation
of
an
organization's financial reports and
financial reporting processes.
The primary purpose for financial
audits
is
to
give
regulators,
investors,
directors,
&
managers reasonable
assurance that financial statements
are accurate & complete.

2) OPERATIONAL AUDIT

A review of how an organizations

mgmnt & its operating procedures
are functioning w respect to their
effectiveness and efficiency in
meeting stated objectives.

Stakeh
older

Indepe
ndent
status

3) MANAGEMENT AUDIT

An examination of organisation
structure,
operation
function,
analysing goals, plans, policies,
activities,
weaknesses
and
strengths.

Respon
sibility
toward
s fraud

4) COMPLIANCE AUDIT

An audit conducted to determine

whether a process or transaction
has or has not followed applicable
rules.
If rules are violated, e auditor
determines e cause & recommends
ways to prevent future deviations.

5) IT AUDIT

An information technology audit,

or information systems audit, is an
examination of e mgmt controls w/in
an Information
technology (IT)
infrastructure.

Scope
of work

INTERNAL
AUDITOR
Reports to e
audit
committee/BO
D
Most of e time
is
an
organizations
employee (at
times, it can
be
outsourced).
Is an
independent
contractor, 3rd
party who is
external to e
orgnztn.
Is independent
of the xtvts
audited, but is
ready
to
respond to e
needs
&
desires of all
elements
of
mgmnt.
Is
directly
involved with
e
prevention
and detection
of fraud in any
form or extent
in any activity
reviewed.

EXTERNAL
AUDITOR
Reports to e
s/holders

Is
an
independent
contractor, 3rd
party who is
external to e
orgnztn.
Is an
independent
contractor, 3rd
party who is
external to e
orgnztn.
Is independent
of mgmnt & e
BODs both in
fact & mental
attitude.

Is incidentally
concerned w e
prevention
&
detection
of
fraud
in
general, but is
directly
concerned
when financial
statements
may
be
materially
affected.
Evaluate
Review e fs to
governance,
ensure that e fs
control & risk are free from
mgmnt
material
processes
to misstatements
assure
e &
express
accomplishme opinion
nt of entity whether e fs

goals & objs.

Timing
and
freque
ncy of
audit

Profess
ional
qualific
ation

Reviews xtvts
continually by
focusing
on
future events

Not necessary,
but
may
acquire
Certified
Internal
Auditor (CIA)

present T & F
view
Reviews
records
supporting
fs
periodically
(usually once a
year) & focuses
on
the
accuracy
&
understandabili
ty of historical
events
as
expressed in fs.
Compulsory to
be a member
of
Malaysian
Institute
of
Accountants
(MIA)
&
be
granted
audit
license by e
Ministry
of
Finance (MoF)
before can be
recognized as
Chartered
Accountant
(CA)

The Rise of Internal Audit Profession

THEN
Concentrate on
attesting to the
accuracy of fin
matters

Function as junior
sibling to
independent
accounting
profession

NOW
Provide services that
include examination
& appraisal of
control and
performance of an
organization
Now, it established
itself as a distinctive
discipline

Once acted as
auditees adversary

Now, it has guide to

improve operations,
seeking to maintain
a coorperative
working relationship
w clients & auditees

Evaluation of IA in Msia
In 1970, Ministry of Defence set up
its internal audit unit.
In 1979, the Federal Government
issued a circular expanding e
establishment of IA to other
ministries w a broader role which
include operational audit.
In 1993, the Ministry of Fin
requested all government-owned
organizations to set up an audit
committee:
To protect e government
interest as a shareholder
To oversee e internal audit
function in these
organizations.
Internal auditing in private sector
Mainly focus on evaluating
e efficiency & effectiveness
of internal control systems
& compliance
Since 1993, it was
mandatory for all public
listed organizations to
establish audit committee
to monitor accountability,
governance, independence
& objectivity of e internal
audit department.
Bursa Malaysia Listing
Requirements, amended in
2008, mandated public
listed organizations to set
up internal audit function.

ROLE OF IIAM
Affiliated to The Institute of
Internal Auditors Inc. (USA)
Services provided:
Certification offering
certification for Certified

Internal Auditors (CIA),

Certification in Control SelfAssessment (CCSA), Certified
Financial Services Auditor
(CFSA), Certified Government
Auditing Professional (CGAP)
Professional development
providing quality and "value for
money" internal audit training
Guidance and advisory
providing research, technical
advisory & responding to
technical enquiries
Surveys conducting surveys
on various topics in
collaboration with, among
others, Bursa Malaysia, MICG,
KPMG and Ernst & Young.
Quality assurance services
providing assistance & expertise
for Quality Assurance &
Improvement Program (QAIP)
IIA Research Foundation
Research arm of e Institute of
Internal Auditors Inc. (USA)

Conducting research related to

IA
Disseminate info to internal
auditors in Malaysia to keep
abreast w latest news, best
practices & development of IA
in Malaysia & internationally

Factors Reimaging Internal Audit

Profession

Professional education and training

Professional discipline: The
Professional Practice Framework
Directing reporting channel to AC
Awakening shareholders activism
Support and recognition by the
regulators
Global audit scandals
Commitments of IIAM
Broad scope of IA function