Beruflich Dokumente
Kultur Dokumente
Internal auditors may not be practitioners in the terms of the amended Assurance
Framework or ISAE 3000 (revised), and management may be the single user of their
services, but we shall find that internal auditors provide assurance to management
on a range of matters of interest to the company. In addition, because their work
frequently covers areas of interest to external auditors, the latter may use their
work in achieving their own objectives.
An important feature of internal audit is their independence from day-to-day
management. We shall now turn to a discussion of the work of internal auditors and
why it might be appropriate for auditors to rely on the function. Here is the
definition of internal auditing issued by the Chartered Institute of Internal Auditors:
Internal auditing is an independent, objective assurance and consulting activity
designed to add value and improve an organizations operations. It helps an
organization accomplish its objectives by bringing a systematic, disciplined
approach to evaluate and improve the effectiveness of risk management, control,
and governance processes.
This definition has some common elements with external auditing. Thus, there is a
reference to independence and also to assurance, risk and governance, all terms of
significance to external auditing. However, the definition would seem to suggest two
major differences between internal and external audit:
1. The internal audit function, as its name suggests, is established within the
organization and reports to the board and senior management who are within
the organizations governance structure. Its independence should be judged
with this in mind.
2. A prime objective is to improve an organizations operations.
External auditors do, as we have seen, often provide services to management
designed to improve the organizations operations in the context of the business
risk approach, but this is as a by-product of the audit process rather than a main
objective.
The aim of statutory auditing is to establish whether financial statements have been
drawn up in compliance with regulatory requirements, some of them legal, others
professional and others required by regulatory bodies such as the Stock Exchange.
For this reason the statutory audit process is sometimes described as compliance
auditing. Internal auditing, however, although still concerning itself with compliance
auditing, is moving into other fields where it acts as an arm of management in
obtaining greater efficiency and effectiveness in all operations of the organization.
Potential objectives of the internal audit function within organizations are detailed in
ISA 610 Using the work of internal auditors, although you should note that
organizations with internal audit functions vary greatly in size and in the ways in
which management and those charged with governance use internal audit.
Potential objectives of the internal audit function
1. Monitoring of internal control
The internal audit function is in a good position to monitor internal controls
and to make recommendations for their improvement.
2. Examination of financial and operating information
Internal audit may also be responsible for ensuring that financial and
operating information used for internal and external reporting has been
properly prepared. The function may also be required to examine individual
items in depth.
3. Review of operating activities
Internal audit is often used to review the economy, efficiency and
effectiveness (value for money) of operating activities, including non-financial
activities.
4. Review of compliance with laws and regulations
Internal audit may be used to review compliance with external laws and
regulations (particularly important when the sector is highly regulated). It
may also be used to ensure that managements internal policies, directives
and requirements are being adhered to.
5. Risk management
Risk management is an important responsibility of management and those
charged with governance. Internal audit may assist the organization by
identifying and evaluating significant exposures to risk and recommending
improvement to risk management and related control systems.
6. Governance
Good governance is very important and internal audit can play an important
role in ensuring that the governance process achieves objectives on ethics,
the accountability of management and establishing proper communication
throughout the organization. It is also vital that good communication lines are
established between those charged with governance, internal and external
audit and management.
7. Evaluation