Beruflich Dokumente
Kultur Dokumente
LEARNING OBJECTIVES
Introduction, 565
Assurance engagements, 565
After studying this chapter you should be*
Internal audit, 584
able to: , ,
How to make the internal audit function
Explain the nature and role of assurance effective, 591
engagements. Reliance on internal audit by the external
auditor, 594
Describe the characteristics that should Outsourcing of internal audit work, 596
be possessed by an assurance Auditing in the public sector, 599
engagement '. ^\; v y ^ . Summary, 603
Key points of the chapter, 603
Explain the degrees of assurance that Further reading, 605
ma^W^vetfMr7 different kinds of ~ Self-assessment questions (solutions available to
assurance engagement students), 605
Self-assessment questions (solutions available to
Describe typical work carried out by the ,
tutors), 607
~ iiiteiiiafau^^
Topics for class discussion without solutions, 608
564
Topics for class discussion without solutions 563
showing that a number of despatch years after the date of laying. Independent
notes could not be traced by company inspectors would determine if making good
officials. was best done by repair or replacement. On
(d) Note that arrangements should be the basis of past experience the company
made to discuss inventory taking proce expects that 3 per cent of sales will be the
dures with the company at an earlier subject of a claim for making good, of
date than in the year to 31 December which two-thirds will result in repairor
2011. replacement.
State whether you believe the above mat
(e) Results of the analytical review of the
company's draft financial statements at
ter would give rise to a provision under
31 December 2011.
FRS 12 and IAS 37, giving your reasons.
If a provision is recognized, what work
(f) Purchases systems notes prepared dur would the auditor perform to ensure that
ing the interim examination. it is the best estimate of costs to be
(g) Replies from credit customers circular incurred?
ized at the interim examination and at
31 December 2011.
14.7 Dunino Limited is a company manufactur Topics for class discussion without
ing, selling and laying carpet tiles, currently solutions
preparing financial statements at 31 De
cember 2011. Under the terms of sale, 14.8 The management letter of representation
Dunino gives a warranty, whereby it agrees is a key piece of audit evidence. Discuss.
to make good manufacturing or laying 14.9 Describe the key features of audit docu
defects that become apparent within three mentation.
Assurance engagements 565
INTRODUCTION
We have already shown that many external auditors are now using a business
risk approach, involving close contact with top management, with a twofold
purpose:
1 To enable them to determine where real risks lie that may affect the view
given by the financial statements.
2 To enable them to provide services to the company, aiding management in
the performance of their duties, and, in addition, providing another source
of income for the auditors themselves.
ASSURANCE ENGAGEMENTS
It is clear from our discussion so far that a statutory audit is about collecting
sufficient appropriate audit evidence to enable reasonable conclusions to be
drawn on which to base the audit opinion. We have not yet discussed audit
reporting but note at this stage that an audit opinion provides a reasonably
high level of assurance about the truth and fairness of the view given by the
financial statements, thus increasing their usefulness to readers of the state
ments. Clearly it would be possible to issue reports that give a level of assur
ance lower than 'reasonable assurance', such as those given in respect of The standard audit report
review, compilation and agreed upon procedures engagements, mentioned in uses the phrase 'reasonable
Chapter 6 (see page 232). We noted that such work does not normally assurance that the financial
include detailed tests of control or substantive tests of detail, such as obser statements are free from
vation of inventory counts, or detailed tests of transactions, but would nor material misstatement' See
mally involve analytical review of information, and in-depth discussions with Chapter 16.
management at various levels throughout the organization. Work of this na
ture would enable the practitioner to give 'negative assurance', which, We give an example of neg
although limited, can be useful to recipients of the report and be relied on ative assurance later in this
by them if the review has been carried out by a skilled and independent pro chapter. See page 574.
fessional. Both audits and reviews are sometimes called 'attestation services',
as the auditor or reviewer is attesting to the validity of information to one
degree or another.
566 Assurance engagements and internal audit
You will have noted from our comments in Chapter 6 that even the best
audit evidence is persuasive rather than absolute, so, although auditors may
possess a high degree of certainty that management assertions are valid and
that misstatements are unlikely, they can never be completely sure. This
means that the highest degree of assurance that they can give is 'reasonable
assurance'.
The kind and amount of evidence collected during a review engagement
does not allow reasonable assurance to be given, but the reporting accountants
will have satisfied themselves that, within the limitations of the evidence col
lected, the subject matter is plausible. So it is appropriate to apply the term
'limited assurance' to the assurance given. These terms are both suggested by
There is no standard compa the International Framework for Assurance Engagements, issued by IAASB
rable to ISAE 3000 in the (the Framework). IAASB also issued an international standard on assurance
UK and Ireland. ISAE 3000 engagements, ISAE 3000 -Assurance engagements other than audits or reviews
is to be read in the context ofhistoricalfinancial information in 2005.
of the Framework. This Framework defines an assurance engagement as:
An engagement in which a practitioner expresses a conclusion designed to
This text is an extract from
the International Framework
enhance the degree of confidence of the intended users other than the
for Assurance Engage responsible party about the outcome ofthe evaluation or measurement ofa
ments, of the IAASB, pub subject matter against criteria.
lished by the International The wording in italics is described in the Framework as 'subject matter infor
Federation of Accountants
mation' and may be regarded as the 'assertion' about the subject matter. Thus
(IFAC), published after Janu
ary 2005, and is used with
subject matter might be the timeliness of arrival of trains at their destination
permission of IFAC. and a statement by rail company management (the responsible party) that
trains arrive on time is an assertion that might be proven by measuring the times
We look at this example of that trains actually arrive. The Framework explains in paragraph 8 what is
trains arriving on time at meant by the various elements of the above definition by putting it into the con
greater length later. text of a set of financial statements (the authors have added bold emphasis):
The recognition, measurement, presentation and disclosure represented in
This text is an extract from
the financial statements (outcome) result from applying a financial
the International Framework
reporting framework for recognition, measurement, presentation and
for Assurance Engage
ments, of the IAASB, pub
disclosure, such as International Financial Reporting Standards, (criteria)
lished by the International to an entity's financial position, financial performance and cash flows
Federation of Accountants (subject matter).
(IFAC), published after Janu The Framework distinguishes between direct reporting engagements and
ary 2005, and is used with
assertion-based engagements, each of which have a responsible party and
permission of IFAC.
subject matter information upon which the practitioner reports to the
intended users in the assurance report. The main difference between an
assurance engagement and a direct reporting engagement is that in the
Assurance engagements 567
former a responsible party makes an assertion which is reported on by the
practitioner, whereas in the latter, the practitioner directly performs the eval
uation or measurement of the subject matter, and then reports on the mat
ter. An example of a direct reporting assignment might be where a potential
investor in a company wishes to receive some assurance about such matters
as its performance, actual or anticipated, about the risks facing the company
and key employees. The practitioner in this case might consider assertions by
management about such matters as the reliability of the financial information
provided, but would make a direct report to the potential investor (known as
the 'engaging party').
The Framework identifies five elements of an assurance engagement:
(1) a three-part relationship involving a practitioner, a responsible party and These elements are all to be
intended users. found in Figure 2.1. See
(2) an appropriate subject matter; page 37.
~, j../. j-^j
There are many kinds of matter that users might wish to rely on, other
than financial statements. We have already seen that auditors might be
required to report on local authorities' statements about the cleanliness of its
streets. In this case the subject matter information might be selected key per
KPI are clearlythose meas
formance indicators (KPI) used, such as the number of street cleaners
urements that provide users
with the means to evaluate
employed and number of times cleaned per month or number of complaints.
assertions about the subject We saw too in Chapter 5 that hotels use a number of performance indicators
matter.
as a measure of their success, such as usage of accommodation capacity, and
usage of restaurant tables. Companies might assess customer satisfaction by
the number of complaints received over a period of time, or the level of
repeat purchases by existing customers. Clearly all of these matters can be
examined by auditors to decide if they are a proper measure of performance.
Paragraph 31 of the frame
work gives examples of sub
For instance, is the number of street cleaners employed a good indicator of
ject matter and subject whether streets are clean or not?
matter information. Other subject matters that assurance engagements might address are sys
tems and processes (such as, efficacy of internal controls, and measures to
reduce risk in e-commerce) and organizational behaviour (for instance, the
degree to which companies address corporate governance issues, whether a
company is complying with regulations, such as those designed to reduce pol
This text is an extract from
lution, whether an organization is applying practices that conform to human
the International Framework
for Assurance Engage
rights legislation, whether a company is complying with contractual terms).
ments, of the IAASB, pub The subject matter information in these cases might be assertions by manage
lished by the International ment about effectiveness or compliance.
Federation of Accountants The Framework explains in paragraph 8 what is meant by the various ele
(IFAC), published after Janu ments of an assurance project on the efficacy of internal controls:
ary 2005, and is used with
permission of IFAC. An assertion about the effectiveness of internal control (outcome) results
from applying a framework for evaluating the effectiveness of internal
COSO = 'Internal Control -
control, such as COSO or CoCo (criteria) to internal control, a process
Integrated Framework' The (subject matter).
Committee of Sponsoring External auditors are not the only ones who could provide useful degrees
Organizations of the Tread-
of assurance to users. Apart from internal auditors providing a wide range of
way Commission; CoCo =
'Guidance on Assessing
services to management, other bodies or persons can add to the value of in
Control - The CoCo Princi
formation to users, provided that they possess the quality of independence.
ples' Criteria of Control In Scotland, for instance, the Scottish Environment Protection Agency
Board, The Canadian Insti (SEPA) is an independent body that reports on water quality at bathing
tute of Chartered Account beaches used by members of the public. Another example is the Consumers'
ants. Association, a not-for-profit organization, which has been researching and
campaigning on behalf of consumers since it was founded in 1957. One of its
publications is Which? magazine, giving independent advice on products and
services.
Assurance engagements 569
ACTIVITY 15.3
r Explain what is meant by the responsible party. Do you think that the
responsible party might be ohe of the intended users?
The responsible party is clearly the person(s) responsible for the subject
matter information and/or the subject matter. Responsible parties might be
those responsible for preparation of performance indicators, for assertions
that newly developed computer systems are suitable for use, for statements
on corporate governance, for statements that water quality is high. It is an
interesting idea that the responsible party might be one of the users, but this
might indeed be the case. For instance, top management of a company
engaged in e-commerce might want assurance that computer systems devel
oped by a lower level of management protect the identity of customers. In
this case both top management and the customers would be the intended
users. The senior executives of a local authority might want assurance that
performance indicators developed by their subordinates are suitable for pub
lication to users of the local authority's services. You should note though that
the framework states that although the responsible party can be one of the
intended users, it cannot be the only one, presumably because it would then
just be an internal report.
Let us turn now to the question of suitable criteria. In Chapter 2, we identi
fied a postulate that stated:
Standards of accountability, for example, conduct, performance,
achievement and quality of information, can be set for those who are
accountable: actual conduct, etc. can be measured and compared with
these standardsby reference to known criteria and the processof
measurement and comparison requires special skill and judgement.
We also saw, in the context of financial reporting, accounting standards, such
as FRSs and IASs, had been developed to enable accountability to be
achieved, that is, they are a means to enable accountants to measure financial
position and results and to allow auditors to form an opinion about position
and results.
One further point on criteria is that they can be specially developed for a
particular engagement or they may be established criteria embodied in laws or
regulations or issued by recognized bodies of experts. Thus, if auditors or
reviewers are asked to provide assurance that a new computer system is work
ing properly, it would be necessary for them to work together with manage
ment to establish criteria by which 'working properly' can be judged. It might
be necessary, for instance, to establish a desired speed of access to the system
and its files. Clearly, no one engaged in the provision of an assurance engage
ment will be able to report effectively if criteria have not been established
beforehand. This means that practitioners should not accept an assurance
engagement if suitable criteria are not available or cannot be established.
A corollary to this is that users of any assurance report must be aware of the
criteria used, either in the report or by other means.
Evidence-gathering procedures
We have already discussed audit evidence in Chapter 6 and have drawn the
distinction above between the kind of evidence required for an audit and that
required for a review. What is clear is that the amount and quality of evidence
obtained will determine the conclusions that practitioners can form and the
kind of report that they can issue in the light of the engagement risk they face.
The appendix to the Framework outlines the difference between reasonable
assurance engagements and limited assurance and we reproduce it in Table
15.1. As well as describing the evidence-gathering procedures, the appendix
also indicates the level of engagement risk, the kind of conclusion in the assur
ance report and the assurance obtained and conveyed.
When the criteria used to evaluate or measure the subject matter are
available only to specific intended users, or are relevantonly to a specific
purpose, a statement restricting the use of the assurance report to those
intended users or that purpose.
A statement to identify the responsible party and to describe the
responsible party's and practitioner's responsibilities.
You will see in Chapter 16
that a positive form of opin A statement that the engagement was performed in accordance with ISAEs
ion is given in the standard (International Standards on Assurance Engagements).
unqualified statutory audit A summary of the work performed.
report. When we introduce
you to the standard audit The practitioner's conclusion. Where appropriate the conclusion should
report, we suggest you inform the intended users of the context in which the practitioner's
compare it with the content conclusion is to be read. In a reasonable assurance engagement, the
of the limited assurance conclusion shouldbe couched in the positive form - 'In our opinion
report, described here. internal control is effective, in all material respects, based on XYZ criteria1
Assurance engagements 573
TAB LE 15.1 Differences between reasonable assurance engagements and limited assurance engagements
Type of Objective Evidence-gathering procedures The assurance
engagement report
rk&V?-
>-si^js
'-* ^ i^^rf<iftaarice,^naly4iG^I|i^^^$r
-* A '- ^^M'tow^iify. Su^TfL^Bier pr^^au^s
'- it
Before we leave this topic we give some examples in Table 15.2 of different
levels of assurance that may be given by practitioners. Certain of them do not
meet the definition of an assurance engagement and are not covered by the
Framework - agreed-upon procedures, compilation of financial and other in
formation, preparation of tax returns where no conclusion conveying assur
ance is expressed, and consulting engagements. The Framework does suggest,
however, that some consulting engagements may meet the definition of an
assurance engagement. Where an engagement does not meet the definition of
an assurance engagement the Framework makes clear that the practitioner
should avoid using certain wording that implies compliance with the Frame
work and certain other international standards.
ftfj MMctel5tetfFieri&.fi$ we
Levels Examples
Levels Examples
Protecting the environment in an area of scenic restrictions on the amount of money available for
beauty such a programme.
What kind of advice would you give to the local
You are the auditor of a local authority in an area of
authority? It is worth stating at the outset that audi
scenic beauty with a long coastline. The authority is
tors of local authorities have a duty to ensure that
keen to attract visitors, as it believes this will benefit
programmes of the authority give value for money. In
local traders, and has decided that it needs to take
advising the authority, therefore, costs and benefits
steps to protect the environment and to publicize the
of the programme should be considered.
steps that it has taken. In discussions with the chief
Youradvice might encompass the following matters:
executive of the authority it becomes clear that the
county's coastline is regarded as one of its most
The environmental problem
attractive features and that the authority is concerned
that the path along the coast has become overgrown Determine the extent and gravity of the problem. If
and that rubbish has collected in places - rubbish that the rubbish is non-toxic, it will be less serious than
is not only unsightly but may also be detrimental to toxic material. Some of it might have been dropped
the seabirds and waders that nest and feed in the byvisitors, whilesome might have been deposited on
area. Apart from these environmental matters you the coast from the sea. Your first piece of advice
learn that the authority wishes to make the coastal would be for a qualified environmental expert to walk
path more attractive to visitors, although there are the path and to determine the nature of the rubbish.
578 Assurance engagements and internal audit
Following the expert's report, the local authority ticular stretches are and whether the stretch is
would need to consider appropriate action. You easy or hard-going. As the path is currently over
should advise that any toxic waste discovered grown in places, grass and other vegetation
should be removed without delay. There might be should be cut before making decisions about ease
local authority or government regulations relating of access and passage. Some parts of the path
to the impact of toxic waste on the environment might cross land on which cattle are grazing, and
and you should discuss any such regulation with visitors should be made aware on which parts of
management. This might mean that some of the the path cattle might be encountered. Parents
scarce funds should be earmarked not only for should also be informed whether children should
clearing the waste immediately but to ensure also be accompanied or not.
that there are regular patrols to ensure that such In view of the large number of seabirds and
waste is identified quickly in future. You would waders that are to be seen along the path, the
advise the authority to detect the source of waste local authority might aid identification by putting
to prevent it in future, and to obtain compensa up pictures and descriptions of birds and their
tion, if possible. These steps are clearly necessary behaviour where they might be found.
as the public would be concerned about their own
personal safety and that of wildlife.
Ifthe rubbish is non-toxic, but merely unsightly, you In this part of the coastal path, the following birds
would advise regular patrols to clear it. The author are frequently to be seen: Cormorants and Shags (on
ity might contact local walking and bird-watching the rocks extending into the sea); Oystercatchers,
groups to see if they would participate in such Curlews, and Redshanks (in the shallow water
patrols and cleaning operations. One of the authors among the rocks at the sea edge); Sanderling (on the
occasionally meets a public spirited woman near long stretch of sand about quarter of a mile ahead -
at the water edge); Stonechats (on the hedges to the
where he lives who picks up any small-scale rubbish
left of the path); Dunlin in the fields to the left and
as she takes a walk along rural paths. Another use
among the rocks. Occasionally, Herons may be seen
ful action might be to ask visitors by means of occa standing on the rocksor in the fields. They nest in
sional notices to take care of the environment. the trees on the brow of the hill.
Showing the course of the path on publicity mate There might be other matters that you could con
rial and by placing of signs along the path. It sider, but these recommendations would form a use
would be useful for visitorsto know how long par ful basis for establishing a policy.
Assurance engagements 579
ACTIVITY 15.5
Assume that the local authority has decided to put the above recom
mendations into effect and that they now wish to issue a document
informing potential visitors of the existence of the path aiid its attrac
tions and stating that it is safe for use by the public, jpfcvided that
notice is taken of the information concerning the ease of use of the
path. The local authority has asked you to issue an assurance report
confirming that the document issued by the local authority is accepta
ble in all material respects.
Do you think that the engagement will meet the definition of an
L^sjur^^tpgagenieat? Is this, the sort ^tiepaigagementthat a practk
';> tidnei-tatfl^it be^fllidg* to undertake? What^ would be the issues that
youwould wish to consider? Do you think that you could give a posi-
, ,tive onnegative, form of conclusion? E^tei&yQur ans\^e%: Finally, if
you have been involved inadvising thelocal authority_abattheir.pol-
^icy in^e^ first place, do youthink thatyou would be# suitable person
>. to perform the assurance 6ngageMent?**vV ^v ^ * - - *-
It does seem that there is in this case (i) a practitioner (in this instance,
you); (ii) a responsible party (the local authority); (iii) intended users -
potential visitors to the coastal path. Whether you would accept the engage
ment depends on the factors that we discussed above:
Is the subject matter identifiable, capable of consistent evaluation or
measurement against identified, suitable criteria and in a form that can
be subjected to procedures for gathering evidence to support that
evaluationor measurement?The subjectmatter in this case is clearly the
document issued by the local authority informing potential visitors of the
path and its attractions and that it is safe to use provided that notice is
taken of the ease of use. The assertion about safety is clearly subject matter
information.
The criteria to be used are suitable and are available to intended users You
will remember that criteria should have the following characteristics-
relevance, completeness, reliability, neutrality and understandability.The
criteria could be quite subjective in some cases. That the path is well
marked and accurately delineated is a question of fact, as well as the
existence of the birds and other physical features. Whether the path is easy
to use is somewhat subjective but the question of safety may be
problematic. What does 'safe' mean in this context? You would have to
determine if this has been defined in the document. For instance, there
might be requirements that visitors keep to the delineated path, that
children below a specified age should be accompanied by an adult, that
livestock be treated with respect, that suitable footwear be worn over the
more difficult stretches and that such stretches are clearly indicated.
Sufficient appropriate evidence to support the practitioner's conclusion is
available. As suggested above, some of the statements in the document
might be quite easy to confirm. Visual inspection would be enough to prove
580 Assurance engagements and internal audit
that the path is clearly delineated, for instance. The birds might be more
difficult as they tend to fly around, but talking with local bird-watching
groups would confirm their existence and what times of the year they would
be best seen. The question of safety is more difficult to prove, particularly
as some times of the year might be safer than others. In the winter or any
rainy season or at times when tides are high, the path might be more
difficult to walk, and, if so, the document should state this fact. You might
be able to obtain sufficient evidence by visual inspection at different times
of the year or talking to local walking groups to prove that the subject
matter is generally valid.
Regarding the form of conclusion - positive or negative - this depends on
whether the evidence gathered was adequate or not. You might decide that
there are so many variable factors that you could only give a negative form of
opinion. The variable factors would include differing conditions at different
times of the year, the nearness to the sea, the fact that ease of access would
depend on the local authority keeping the path clear and that a continuous
eye has to be kept on material washed up from the sea. Your conclusion report
might describe the evidence that you had sought, but your conclusion on safety
might be along the lines of: 'Nothing has come to our attention that would
lead us to believe that the statements on safety made by the local authority in
the document are not reliable.'
The last question is about your ability to prepare an engagement report if
there were doubts about your independence of mind. This is a difficult ques
tion to answer. It depends on whether you had been involved in the detail of
creating the policy to the extent that you were exercising management func
tions. If this were the case, it would be difficult for you to prepare an independ
ent report. It might be advisable for you to pass the assurance engagement to a
fellow partner not involved in the advisory activity. At the extreme, another
firm might be better placed to cany out the assurance engagement. If, on the
other hand, you had not been involved in the detail of policy formulation, but
had confined yourself to broad issues such as adequate publicity, reducing envi
ronmental pollution and considering the safety of the path for all users, you
might be able to give an independent assurance report.
4^Expli *' - - *
iuld t)e^able t^giye a#^onabj^ gr limited
H'4^4
you should discuss this with management. You are told that the boat the
company wishes to acquire is similar to the existing boat and you will be
able to compare the projected figures with the actual figures for the
existing boat.
One important point that you should discuss with management is
v/hether the second boat will need any refurbishment to bringit up to the
standard required by the local authority and health and safety regulations.
You should ask the company to prepare a cash flow forecast to accompany
the forecast profit and loss account, as this might reveal that, initially at
least, the company might need to borrow more than 100000. On the basis
of the forecast profit and loss account, the company would seem to have a
projected positive operating cash flow in the year of 49000 (profit 44 000
plus depreciation 5000). You would need to review the projected costs
carefully to ensure none are missed, and in calculating cash flow, calculate
tax charge, the amounts that the directors' remuneration might be, and
dividends expected by shareholders. Particular attention should be paid to
annual refurbishment and certification. As the boats are no longer new,
annual refurbishment might include steps to reduce toxic emissions, and to
meet ever more stringent health and safety requirements.
It does seem to be an assurance engagement. Gilling Limited is the
responsible party. The bank is clearlythe prime.user, although there may
be other interested parties as well - the local authority, the health and
safety authorities, the public. The subject matter is the forecast profit and
loss account - and if you have your way - a forecast cash flow statement.
The subject matter information is the assertion by management that the
forecasts are a fair representation of anticipated profits and cash flows. The
criteria are those elements of the forecasts that will enable the bank (and
the other potential users if they get involved) to make soundly based
decisions, and they do have to have characteristics of relevance,
completeness, reliability, neutrality and understandability. We can agree
that the forecast profit and loss account and cash flow statements are
relevant. You might argue that completeness would be achieved by
inclusion in the subject matter of the major assumptions made by Gilling -
such as numbers likely to use the boat. Your report will have added a
degree of reliability and the use of known accounting principles consistent
with those used by the company in the past will add neutrality and
understandability. There is a practitioner - in this case you - and you have
collected evidence to enable you to prepare an assurance report
Forecast financial statements and cash flow statements are intended to
illuminate the future. The problem is uncertainty about the future.
Although the future is not clear, the practitioner can test the
reasonableness of the assumptions in determining income levels and costs,
and they can ensure that the accounting principles used are acceptable and
that calculations are accurate. In your report you can describe the criteria
and discuss important elements of the subject matter. You would explain
the nature of the evidence that you have examined, but it is doubtful that
you could give an audit-level opinion. In other words, for this kind of
engagement only limited assurance would be possible and you would give a
negative form of expression.
584 Assurance engagements and internal audit
INTERNAL AUDIT
From time to time we have mentioned internal audit and this is an appropriate
point to discuss its function and its work in greater detail. Internal auditors
may not be practitioners in the terms of the proposed international framework
we discussed above, and management may be the single user of their services,
but we shall find that internal auditors provide assurance to management on a
range of matters of interest to the company. In addition, because their work
frequently covers areas of interest to external auditors, the latter may use their
work in achieving their own objectives. We made the same point earlier with
See page 278 in Chapter 7. regard to the work of the quality standards function.
as the Stock Exchange. For this reason the statutory audit process is some
times described as 'compliance auditing'. Internal auditing, however, although
still concerning itself with compliance auditing, is moving into other fields
where it acts as an 'arm of management' in obtaining greater efficiency and
effectiveness in all operations of the organization. We shall see later that the
increasingly wide range of work performed by internal auditors has made
some commentators suggest that the internal audit function might play an im
portant role in the way that companies govern themselves. We discuss corporate gover
Because internal audit often directs its attention to the efficacy of internal nance in Chapter 18.
control systems it may be regarded by external auditors as an important part
of the control system itself. We shall find that external auditors assess the
quality and effectiveness of internal audit work and frequently use the work of
internal auditors in attaining their ends.
Greenburn Limited: fleet of vans the bounds of what is feasible. In Greenburn, the effi
ciency auditor would go beyond compliance auditing
The management of Greenburn Ltd, as part of its mar
and ask the question: 'Is the fleet of vans being oper
keting policy, operates a fleet of vans to distribute prod
ated as efficiently as possible?' Audit work might be
ucts to customers. The fleet consists of some 50 vehicles
directed towards establishing whether vans were
of varying sizewith an averagecost of some 30 000.
being regularly serviced to keep costs over time to
the minimum. The auditor might check whether van
Compliance auditing
routes were planned to reduce unnecessary mileage
Compliance auditing would be concerned with deter and to control distribution costs. In other words, the
mining: auditor would be more interested in determining
Whether the company's systems to control and whether costs were higher than they should have
been. This kind of audit would, however, not be
record distribution costs were operating as laid
directed towards determining whether a fleet of vans
down by management.
was the best way to meet company objectives.
Whether distribution cost had been properly deter
mined and disclosed in the financial statements.
Effectiveness auditing
A typical compliance audit aim would be to deter Effectiveness auditing determines whether resources
mine whether the costs of the fleet of vans were genu are being used to proper effect. Again taking the
ine and had been completelyand accurately recorded, Greenburn example, the auditor might go beyond
not whether the costs could have been lower or the efficiency auditing and ask the question: 'Is the
company's customers better satisfied. ownership of a fleet of vans by the company the best
way to achieve the objectives of the organization?'
Efficiency auditing This kind of auditing would consider the costs of
Efficiency auditing determines whether resources alternative distribution policies and the benefits to
(personnel, property, etc.) are used optimally within be derived from them. The auditor would consider
586 Assurance engagements and internal audit
whether reduced cost from using third-party distribu- The auditor might also consider the feasibility of ieas-
tors would be desirable, bearing in mind that custom- ing the motor vehicles instead of buyingthem or pur-
ers might be less well served or that the image of the chasing different kinds of vehicles,
company might suffer as a result of change in policy.
Several other terms are also used in the context of internal audit and these
we briefly describe below:
Operational auditingis a term used to show that modern internal auditing is
concerned with the whole organization and not merely with finance and
accounting; consequently it audits operations in general, including
production, personnel, advertising, and research and development.
Operational auditing encompasses both efficiency and effectiveness auditing.
Management auditing is another term used to describe audit work
performed by internal auditors. In many ways management auditing is
similar to effectiveness auditing in that the audit aim is to ascertain whether
management is acting effectively. Auditors direct attention to the
formulation of management objectives and to the extent to which they had
been met. The setting of objectives is in itself a means to improve
management and auditors would be concerned to see that the management
objective-setting process had been properly carried through. Some kinds of
management activity can be easily audited. For instance, if management has
prepared budgets to control activities the auditor can compare budgeted
and actual figures and enquire into the reasons for material differences. To
audit a management decision such as a decisionto run a loss-making railway
line in (say) the north of Scotland is much more difficult because of
intangible social and cultural factors that have to be considered.
In value for moneyauditing (VFM) auditors enquire into the economy,
efficiency and effectiveness of the organization and its component parts.
Efficiency and effectiveness we have exemplified above. By economy is
meant avoidance of unnecessarywaste, such as the use of protective
clothing for the van drivers instead of high-costuniforms. VFM auditing
goes far beyond the traditional compliance audit,which the majority of
See page 23in Chapter 1. statutory audits are. If you refer back to the suggested definition of auditing,
you will see that it is somewhat restrictive as we referred to the audit effort
being directed to establishing the reliability of information, whereas audit
objectives in economy, efficiency and effectiveness auditing maybe quite
different. In the public sector in the UK, including local authorities and the
National Health Service, both external and internal auditors are required to
address VFM issues and to report on them to certain stakeholders.
Evaluation as traditionally practised has developed along different lines
from auditing. Independence is not such an important feature and the
evaluator's role is to bring together a number of interested stakeholders to
a programme to which resources have been given in an attempt to find a
mutuallyacceptable solution to achieving success. Thus, a programme
examinedby the National Audit Office (NAO) was one designed to
increase the number of jobs in Wales, with a wide range of stakeholders,
including the Welsh Office, central government, political parties in Wales,
Internal audit 587
ring' betweenvarious stakeholders will be an important way forward for evaluation isone taken up
by Michaei Power in his vari
internal audit (and indeed external auditors in the publicsector). We shall
ous writings which we dis
say more about this when we discuss participative auditing below. cuss in Chapter 20.
Photocopy costs in an educational institution You discuss the question of delay with print room
You are internal auditor of an educational institution staff and are informed that at some times of the
and have been asked to carry out a value for money academic year, there is a flood of print requests,
audit of photocopying costs. Your initial enquiries normally at the start of each term. At other times
reveal the following: (in the summer term during the examination pe
riod, for instance) the print room can satisfy
Management informs you that photocopying in requests at very short notice.
the college is carried out on machines rented
from the manufacturer and that the cost of
A visit to one of the teaching departments reveals the fol
photocopying one sheet of A4 paper is 4p per lowing data. (Your request that you should watch the
sheet.
photocopying in progress for one dayisacceded to.)
The college also has a print room and official pol The department has purchased a photocopying
icy is for print runs of more than 20 sheets from a machine from its own budget. You are told bythe
single original to be undertaken by the print room, head of department that the machine had cost
as print room costs are lower when print runs 20000 and that it can copy in reduced and nor
above 20 are undertaken. This policy was intro mal size with facilities for collating and stapling
duced following a study carried out five years pre and with a variety of options including double-
viously. sided copying. The cost per sheet including depre
ciation is 2.5p per original sheet if normal size and
You decide initially to find out if this policy is being 1.25p per sheet if reduced. Costs are reduced if
adhered to and a visit to the print room during the copies are double sided.
spring term reveals the following:
During the day you noted that the average num
The print room records show that the average print ber of copies made of an original was 25 and that
run is 100 and that no run below 20 is accepted. approximately 40 per cent of these were reduced
A notice was displayed on the door to the print size print.
room stating that staff could expect a six-day delay On about ten occasions staff members copied
in the processing of print requests. more than 100 copies from one original.
588 Assurance engagements and interna! audit
We do acknowledge that Our intention in describing the different kinds of audit activity has been to
external auditors are broaden your perspective of auditing. We also want you to recognize that the
extending their work into external auditor must have an understanding of internal audit activity if reli
areas ether than compliance ance is to be placed upon internal audit work.
auditing. Note also our We will now take you through a Case study (Case study 15.5 Barnton pic)
comments on VFM auditing which will give us the opportunity to consider a number of important aspects
above.
of modern internal auditing.
between financial control systems and other control than merely assessing whether costs and benefits met
systems. The audit of financial systems at subsidiaries expectation, they are also assessing how effective the
would underpin the audit of the financial statements investment appraisal process has been with the objec
of those subsidiaries. The periodic joint audits of asso tive of improving it in the future. Internal auditors
ciated undertakings is of interest and it might be might wish to investigate whether there is a proper
legitimate to ask if the associated undertakings have system for ensuring that all potentially viable projects
their own internal audit departments and to whom are considered by senior management, rather than
each group of auditors report (see below). Regarding being filtered out at a lower level. Incidentally, it
post-completion audit of the major capital expendi appears that Barnton internal auditors carry out this
ture projects, typical work carried out by the internal work on their own, whereas some organizations put
auditors would include ascertaining that the actual together a composite team, comprising personnel
recorded income and expenditure figures were genu from head office (finance, production and marketing)
ine, accurate and complete, and also whether there and the original development team as well as internal
were any significant variations from expectation. audit. If this were to be the case the audit could be
Again this kind of audit could just as easily be classi classified as participative auditing (see below).
fied as compliance auditing.
Participative auditing, including audits of companies
prior to acquisition, leading to management
Management auditing, including efficiency and
decisions to proceed
effectiveness of information processing throughout
the group and the efficiency and effectiveness of A composite post-audit team would mean that the in
investment appraisal process in the company ternal auditor was participating in a management
process. At this point we are far removed from the
This kind of auditing is moving into more difficult
traditional view of audit, as the internal auditors could
areas of efficiency and effectiveness. To be success
hardly be regarded as totally independent, although if
ful these audits require measures of efficiency and
properly trained and provided the department takes a
effectiveness to be determined. Efficiency generally
strong ethical stance, they may add an element of ob
means that the auditor asks: 'Has this part of the
jectivity to the work of the post-audit team. The same
group achieved its objectives at minimum cost - or
applies to the audits of companies ear-marked for
alternatively - at this input cost have the outputs
possible acquisition. This kind of audit is about advis
been optimized?' Barnton appear to have many sub
ing management on whether they should buy a com
sidiaries and types of business and it might be possi
pany. Of particular interest would be audit work
ble for the auditors to compare unit costs of
designed to assess how the newly acquired company
different subsidiaries, provided that outputs are simi
would fit into the group and whether its costs and
lar. The auditors could then try to determine why
income might change as a result of change of owner
some parts of the group are low or high cost. Effec
ship. Similar audits might be carried out prior to dis
tiveness may be a more difficult matter and might
posal of part of the group that no longer meets group
mean that the auditors would have to determine
criteria. If the audit report is the basis of a manage
users' perceptions of the adequacy and speed of ment decision to buy (or not buy) or to sell (or not
data processing.
sell), internal auditors will be very close to acting as
The audit of the investment appraisal process is an
part of the management team.
interesting area. You will know from accounting stud
ies that investment appraisal involves estimating input
One-off audits, including audit of funds set up for
costs and output benefits of different investment proj
specific purposes, fraud investigations and other
ects and choosing projects with optimum results.
special reviews and projects
What many organizations fail to do is to audit the
projects after they have been put into operation (this Special audits all appear to be audits of special con
is why this kind of audit is known as post-audit) to dis cern to management and will tend to be one-off
cover if the projected costs and benefits, including audits such as investigation of potential or actual
allocation of overheads, met expectation. In perform fraud. Fraud audits might be instigated after concerns
ing post-audit engagements, auditors are doing more have been voiced by external auditors, on the initiative
590 Assurance engagements and internal audit
of the internal auditors themselves or by special to fraudulent behaviour. In other words the internal
request of senior management. As fraud investigations auditor (external auditor as well, for that matter) may
can be costly it might be appropriate for internal audi well serve to deter fraud as well as detecting it. In this
tors to performthis work ratherthan external auditors. connection, internal auditors may be able to show
One point worth mentioning is that the very presence management on a timely basis that controls in certain
of the internal auditors, knowing that they are likely to areas are weak and suggest additional controls to
examine your area of activity, may serve as a deterrent deter and detect fraud.
:-"\$H %&&:
Now that you have seen the kind of work carried out by the internal audi
tors at Barnton, we refer you to paragraph A3 of ISA 610 which sets out
objectives of the Internal Audit Function:
The objectives of internal audit functions vary widely and depend on the
size and structure of the entity and the requirements of management and,
where applicable, those charged with governance. The activities of the
internal audit function may include one or more of the following:
Monitoring of internal control. The internal audit function may be
assigned specific responsibility for reviewing controls, monitoring their
operation and recommending improvements thereto.
Examination of financial and operating information. The internal audit
function may be assigned to review the means used to identify, measure,
classify and report financial and operating information, and to make
specific inquiry into individual items, including detailed testing of
transactions, balances and procedures.
Review of operating activities. The internal audit function may be
assigned to review the economy, efficiency and effectiveness of
operating activities, including non-financial activities of an entity.
Review of compliance with laws and regulations. The internal audit
function may be assigned to review compliance with laws, regulations
and other external requirements and with management policies and
directives and other internal requirements.
Risk management The internalaudit function may assist the organization
by identifying and evaluating significant exposures to riskand contributing
to the improvement of risk management and control systems.
Governance. The internal audit function may assess the governance
process in its accomplishment of objectives on ethics and values,
performance management and accountability, communicating risk and
control information to appropriate areas of the organization and
effectiveness of communication among those charged with governance,
external and internal auditors, and management
We think that you will agree that the work carried out by internal auditors,
such as those at Barnton and suggested above, is very wide-ranging. Their
assurance and consulting activity, if properlyresourced and supported, is likely
to add value and improve an organization's operations. One important factor
in enabling them to do that is their independence and objectivity. We have
seen in Chapter 3 that independence and objectivity are prerequisites of an
How to make the internal audit function effective 591
effective audit process and we have seen too that these qualities must be fos
tered and encouraged.
Let us now look at measures designed to make the internal audit function
effective.
Barnton's internal auditors clearly have a wide and demanding remit. In this
section we consider how to make the internal audit department effective and
suggest that the following factors are important:
Support of top management. This would appear to be the case at Barnton, in
view of the large area of activity covered by the department and the value
apparently placed on their work. This support should include:
(a) the appointment of a good leader to the internal audit department,
responsible for ensuring that high standards are maintained.
(b) ensuring that the role of internal audit and its powers are well under
stood within the organization.
(c) ensuring that there is a strong ethical culture in the company and the We saw in Chapter 7, page
internal audit department. Clearly the head of internal audit would 247, that a strong ethical
play a vital role in this respect in both the wider company and the culture is a prerequisite of a
internal department itself. good system of internal
control.
(d) ensuring that there are good communication links with the external
auditors. This is an important factor as good communication links with
the external auditor can enhance the status of the internal audit func
tion. We shall see later that effective communication links will help the
external auditors to judge whether the work of the internal auditors is
likely to be adequate for the purposes of their external audit. Para
graph A4 of ISA 610 goes further and suggests that 'Communication
between the external auditor and the internal auditors may be most
effective when the internal auditors are free to communicate openly
with the external auditors'.
Internal audit is as useful as management allows it to be. Thus, if internal
audit issues reports critical of certain parts of the organization and
management takes no action for political reasons, this would tend to
undermine the function and reduce its effectiveness. Management may also
reduce the role of internal audit by restricting it to compliance auditing or
by involving it only in day-to-day checking procedures rather than
independent audit work. A decision to combine efficiency auditing,
effectiveness auditing and operational auditing generally with compliance
auditing would indicate a positive attitude by top management towards
internal audit. If internal auditors are able to initiate work without
reference to the person(s) to whom they are responsible, this would tend to
increase status and effectiveness. To the extent that their recommendations See paragraph A4 of ISA
are put into effect, there would be a similar effect. Important in this respect 610-bullet point 6.
is that it should be known within the entity that management has acted on
internal audit recommendations.
592 Assurance engagements and internal audit
The fact that senior management staff have come up through the internal
audit department does suggest that the department is staffed by high-quality
personnel. However, we have to ask whether Barnton is putting individuals
identified as potential top managers into the internal audit department for
them to learn how the business operates. If this is the case and after a rela
tivelyshort period of time they are moved into managerial roles, this may have
a detrimental effect on the internal audit department for at least two reasons:
They will only be a shorttime in the department beforemoving on and
internal audit may not receive much benefit from them, with a possible
adverse effect on remaining staff morale.
Short-stay staff, knowing that they will soon be part of the management
team, may feel that they should not offend future colleagues with a
detrimental effect on their independence.
This is the so-called 'short-stay syndrome' and is likely to weaken the inter
nal audit function because it is seen as a way of training managers rather than
seeing it as an important function in its own right. It is, however, important
that internal auditors are considered for promotion within the wider organiza
tion from a staff morale point of view. It should be made clear to the directors
though that individuals joining the internal audit department should prove
themselves in the audit function and stay long enough to make a good contri
bution to the function. While noting the possible detrimental effect of the
594 Assuranceengagements and internal audit
'short-stay syndrome', provided that it is known that staff must prove their
mettle in the department before being promoted elsewhere, the potential for
promotion will add to staff morale among internalauditors.
We have briefly described the sort of work carried out by internal audit and
the factors enhancing or detracting from its effectiveness, as we wished you to
understand the nature and role of the function before we considered the
extent to which external audit may rely upon it. You should refer to ISA 610 -
Using the workof internal auditors, as you read what we have to say here.
Extent of reliance
The auditor's decision as to whether reliance should be placed upon the work
of the internal auditor is a scope decision. An internal audit function lacking
independence or with staff of a low level of competence would represent a
weak element in the system of internal control. Less reliance would therefore
be placedupon it.
As a general rule the external auditor should audit all material matters in
the financial statements, particularly where there is significant risk of misstate
ment. This does not mean that no reliance should be placed on internal audit
in these circumstances, providing external auditor involvement is sufficient to
enable them to form conclusions with certainty. For instance, if a company
holds inventories in ten locations, internal audit staff might observe the count
in two locations, provided the external auditor observed sufficient inventory
counts in other locations.
Reliance on internal audit by the external auditor 595
of work the internal auditors were going to perform in the area, and the
degree of subjectivity involved in evaluating the audit evidence.
Let us consider two scenarios:
Wffim
Documentation of effectiveness
In Chapter 6 we discussed audit evidence at length. Naturally, if external audi-
See paragraph 13 of ISA tors decide to rely upon evidence collected by internal audit the assessment
610. and conclusions with regard to these matters should be fully documented in
the audit files.
A recent phenomenon has been the use of professional audit firms to perform
internal audit work, a form of outsourcing. Organizations might feel that the
cost of setting up and maintaining an internal audit function of high quality is
excessive. This is prompting some organizations to employ professional firms
who possess the necessary expertise and have the structures to provide an
audit function whether external or internal. Whether professional firms will be
effective in providing the wide range of services demanded of modern internal
auditors remains to be seen.
Apart from this latter point, you should note that the performance of inter
nal audit work by the external auditors is very controversial. In the United
States a list of services (issued by SEC) which cannot be provided by a com
pany's auditors includes internal audit functions. You should note too that the
ICAS Working Group on Non-Audit Services came to the conclusion that the
provision of internal audit services by external auditors to their listed clients
should be specially approved by the audit committee. Indeed, the Working
Group's report reproduced an extract from Tkylor Wimpey's 2008 report stat
ing that the audit committee had determined that internal audit outsourcing
services should not be undertaken by the (external) auditors
Outsourcing of internal audit work 597
For listed companies in the UK and Ireland, The Combined Code on Corpo We discuss the Combined
rate Governance', published bythe FRC) contains guidance to assist company Code on Corporate Gover
boards in making suitable arrangements for their audit committees. nance in detail in Chapter
Paragraph A6-1 concerns arrangements the external auditor should make 18.
when obtaining direct assistance from individuals from the internal audit
function. For instance, an internal auditor might take part in the inventory
count observation, reporting direct to the external auditor in charge of the
observation.
Internal audit at Troston pic committee in respect of new developments and sig
nificant changes to existing computer applications.
The company is already known to you from Activity
7.7 in Chapter 7. We set out below details of the Alex Gayle and Derek Carlton, two experienced
company's internal audit department. but professionally unqualified auditors, members
of the department for some eight years.
Staffing # Anthony Newby, a graduate of a North of England
university, two years with the company and one
Head of internal audit, John Hazely, is an ICAEW mem year with internal audit. He is shortly to join the
ber and has been head of department for some five production control department, as assistant to the
years. Prior to that he had been with a number of other head of that department. He isto be replaced by a
departments in the company, induding accounting and recently appointed graduate, Richard Watson.
finance. He has five staff members in his department:
Andrew Howgill, a recently qualified certified Reporting responsibility
accountant who joined the company three months John Hazely reports to the finance director who also
previously. has the financial accounting, management and cost
Janet Greensett, a computer expert who has been ing and finance departments under his control. Inter
in the department for some five years. She has nal audit reports are prepared at the end of each
been called on by Troston to give advice to the IT assignment. The report is reviewed in each case by
598 Assurance engagements and internal audit
FIGURE 15.1 Position of the Troston pic internal audit department within the organization
Managing 4
director
!
Board level Board of directors
Audit
4
committee
Senior ir i r i r
management 4
Internal
level (including Production Sales Finance
4
audit
individual 4 - 4
1
directors)
1
i r yr yr
1
John Hazely. Comments by the head of the depart (c) Purchase and related trade payables.
ment subject to audit are incorporated into the report (d) Non-current assets and depreciation.
in each case. Copies of reports are sent to each mem
ber of the board of directors and to the appropriate Production (at request of production director):
department head. (a) Efficiency of the production process.
Copies are also sent to the chairperson of the audit (b) Appropriateness of allocation of production
committee. The audit committee was formed three costs to products.
years ago and comprises three non-executive direc (c) Effectiveness of production control department.
tors, all of whom are executive directors of other com
Computer operations:
panies. It is normal practice for members of the audit
committee to meet the head of internal audit and (a) Review of systems with particular attention to
other audit staff to discuss reports that they believe completenessand adequacy of documenta
are of particular importance. The position in the orga tion of new developments.
nization of internal audit isshown in Figure 15.1. (b) Participation in newdevelopment of produc
tion wages system.
(c) Review of production costs system in conjunc
Audit task as planned
tion with production work above.
For the year to 30 June 2011 the internal audit head Personnel, including review of staff training and
has drawn up the following broad plan. (In practice, other measures to increase staffproductivity.
the plan would be detailed, showing allocation of
Sales and market research.
work to individual staff members and the dates on
which the work would be performed.) (a) Market research VFM study
(b) Validity of sales statistics (on initiative of inter
Accounting and finance:
nal audit).
(a) Productionwages.
(c) Sales department VFM study (completion of
(b) Sales and related trade receivables. work started lastyear).
Auditing in the public sector 599
WlT-
The public sector employs a large number of people throughout the world and
provides services of considerable significance. In the UK and Ireland there are
a number of bodies with specific responsibility for auditing in the public sec Other bodies responsible for
tor, including the National Audit Office (NAO), responsible for the audit of audit of the public sector in
central government bodies in the UK, The Audit Commission for Local the UK and Ireland include
Authorities and the National Health Service in England, Audit Scotland, pro The Wales Audit Office, The
Northern Ireland Audit
viding services to the Auditor General for Scotland, and the Accounts Com
Office, Office of The Comp
mission for Scotland (similar to the Audit Commission in England).
troller and Auditor General
These bodies may cany out audits on their own behalf but private sector (Republicof Ireland).and
firms are also engaged in public sector audit. The kind of work carried out by Local Government Audit
auditors of the public sector includes: Service(Republic of Ireland).
Financial audits, to determine if the published financial statements give a
true and fair view.
Legality audits, to determine if an authority is allowed to engage in a
particular activity. There have been cases, for instance, where local
authorities have engaged in interests rate swaps, subsequently found by the
court to be illegal.
Regularity audits, to determine if monies have been spent as elected
representatives intended. For instance, if councillors of local authorities
vote to expend funds on the provision of local sports facilities, have they
been so spent?
Systems examinations, to determine that an authority or National Health
Service body has good systems in place. This would be similar to the kind
of systems examination we have already discussed. The auditor would wish
to ascertain, among other things, that systems for recording transactions
and balances and for monitoring activities were adequate.
600 Assurance engagements and internal audit
Probity audits, to determine if public monies were well cared for and that
the possibility of fraud and otherirregularities wereminimized, that travel
claims, for instance were well supported, that purchasing officers' decisions
on placing of orderswere properly based and so on.
Value formoney audits. We mentioned above that in the local authorities
and the National Health Service, external auditors are required to address
In the Summer of 2010 the VFM issues and to report on them to certain stakeholders. Bodies
government announced controlling public sector audits such asThe Audit Commission in England
that the Audit Commission and Wales and Audit Scotland carry out VFM studies, the results of which
in England and Wales was are communicated to local authorities and their auditors with the objective
to be abolished. Students of makinggood practice more widely known. Basically VFM auditswould
should keep an eye open be directed to determining if resources are being used economically,
for developments in the
efficiently and effectively.
area.
Performance audits, directed to ascertaining whether authorities have
proper procedures for specifying and measuring their own performance.
For instance, are the published statements about the cleanliness of streets
and the measures adopted to keep them clean, valid?
Apart from external audit, internal auditors also have an important role in
the public sector and many of the audited bodies also have audit committees
with an interest in ensuring that the total audit function, internal and external,
is both efficient and effective.
It is worth noting at this point that neither external nor internal auditors
are allowed to question matters of policy. However, this is a very difficult area
and if a policy is patently not working, auditors may find themselves moving
dangerously close to criticizing policy.
'Local Government Man We might mention, however, that a study carried out by Bowerman and
agement Letters', ACCA Gray in 1999 concluded that management letters issued by external auditors
Occasional Research Paper of local authorities in England could be made more useful. A major conclu
No. 27, Bowerman and sion of the report was that the local authority management letter has the
Gray, 1999. potential to strengthen accountability to back-bench members and to the
Auditing in the public sector 601
public, but thatit would not do so if it was not made available to awider group
of interested parties.
r"- \ kff*
f%%^pvalukti^axDrine^yn^nt,|jf a, *i^rce ^pgag^rn^nts Kave a$stped prater ]m:
iecJ^Ubject matter infortnatlon) against ^poTtance; partly ais a result of the business risk
t,':*u#s>-* ' -* > - * t .H^y" * approadtto'Budfting.
apbroacrfto'Budftihq. -
Thfe*malrt^iffeteH^ between an assurance &nd a # An important future of internal audit is its inde
direct, rejwfting^rfgagement is that in the former a pendents frorp day-to-day management, but the
fe$f>oiasib|| pc$ty%iakes an assertion on which, Jh$ H aqditorhas to decide if jt istrulyindependent., *
practitid6%r ^repot^ whereas in the latter, the practi- # JnternaL$uditing is^n independent, objective assur
the evaluation or measure- ance and consulting activity designed to add value
gutter, andthen reports^ andimprove an organization^ operations, ithelps an
w> ingaggn^r\t^rev 9fflW&#ori#cq^^ brirjgic^
7te
. and efliJK^rie&puditin^;^
# Evaluafior&has developed .along dtffereqMti&*from
ISA^TOfes^atihV^bi^
'^functions v^^wrdefy^nd^yeffend jon*ite^a|ia(nd,
Parties bt^f^fc^em^ use- r structure of the entity snd the r^quirementsof man-
* ful degr^i^fj^itance&users. - >,I*.^ . >. / agement and those charged with' governance.
The respbnsibfe party is-thepersonfe) responsible for The activities of the internal audit function may
- .the sute&t1, ft&tter .information\andfar~the subject include: (a) monitqnng of internal control, (b^xami-
'(f)gdtefna
* Effectiveness of the internal audit fgnfctfbn depends
on (1) support of top management, including (a) the
appointment of a good internal audit leader; (b)
ensuring role of internal auditand its powers,arGVyelljc
understood within the organization, (c) ensuring
"^rfi^
**$taffehave in a professional way; (6) avoi&ncfe of*
$ho#^ syndrome. ,] ' , ,t, >
Jn, planning the extent of reliance on internal audit
tet@placd rditrie^prFMetv*
thpy jshould 4grep the^ timing a^ *
Self-assessment questions (solutions available to students) 605
The ISA in the area is ISA 610 - Using the work of inter
extentof^the ^nfeyyitj^ nal auditors.
and record the dedsion^ in tire Suidit
files. They should determine Whether theft wori^ is We have also referred in the text to the International
adequate for the purppsescrf^ audit. , Framework for Assurance Engagements and ISAE 3000
In using the work of internal auditors in respect of - Assurance engagements other than audits or reviews
specific assertions, external auditors consider the risks of historical financial information, issued by IAASB
of material misstatement at theassertion level. They There is currently no UK or Irish statement on assur
also consider the degree of subjectivity involved in ance engagements.
J.P. Percy saw assurance services as important to the
^feSeci *)y ^rfterrSPl^K^^"i^^m^rvt ihflcpnttu- future of the auditing profession in Percy, J.P. (1999)
sions shouldbe fully documented in the auditfiles.v . Assurance Services - Visions for the Future',
Reliance pn ioternaKaudi^dbfes not; takg * InternationalJournalofAuditing3: 81-7.
'Local Government Management Letters', ACCA
*"_;....__..', ._._,_. "..,_"" .pk Occasional Research Paper No. 27, Bowerman and
nai .atia(t?to?^^Ti^^uciftpi3.:fe^iS>ls fe^f|#ntrtH^ W Gray, 1999.
versiatehdjifrt^
UK m% Ir^dg^cbr^^ Selim, G. Woodward, S. and Allegrini, M. (2009)
'Internal Auditing and Consulting Practice: A
u'riifc^kii^^ Comparison between UK/Ireland and Italy', Journal
There- are jfnany cliffer^it bodies thrbtighp^ of InternationalAuditing 13(1): 9-25.
Spira, L.F. and Page, M. (2003) 'Risk management: The
ALditing in iK^^bSic ^ctojr 4nd^e^^napp^aud^,: ; reinvention of internal control and the changing role
legality audjts#^^ularity audit, systems examinations, J
probity-audits, value for money audits and perform of internal audit Accounting', Auditing and
anceaudits, v ;; - > -^,.,., ,., Accountability Journal 16(4):640-61.
Management letters issued byvexterhal au^ors ofV. 'The Provision of Non-Audit Services by Audit Firms to
public sector feodies, are more extensive than private their Listed Audit Clients, Report by a Working
sector/management letters, containing a wealth of Group established by the Institute of Chartered
detail about*the financial, state of 0n "authority on
hpwwelkthe jauthofity is^managfed cfrjd on. the audit ^ Accountants of Scotland ', ICAS, January 2010.
proc^j&elf.^ v3v %&4;m>^>! p K~
The mclfe.principleisirf aOdft committees in the public
sectdr^dthbritMs^Sef '1[i^nder^fnfeM 'as^ra.ncfe*bf *, Self-assessment questions (solutions
the adequacy.df the ri^ mahagerjjient f^m'ework
and available to students)
Further reading
minimummicrobiological standards Waterside Code. First Aid fadlrties are available from Billowness
the previous year. TheSeaside Award Tourist information Fife Coundl (no further informationgiven).
which is onlyvalid for one year
CommunityServices Hazards
recognizes two categories of beach: St Andrews
To keep yourfamily safe,follow the
Resort beaches WaterSafety Code:
have a range of fadlrties induding Regular feedback isvital to check and maintain Beware of the dangers - riptides, offshore
supervisors, first aid,toilets and easy standards.Please contact the beach operator
winds, breakwaters, pipes,rocks.
access for all. Theyrestrict dogs from immediately ifyou discover a problem. For Follow advice- lookout for signs and listento
further information about the Seaside Awards,
the main section of the beach duringthe the lifeguard.
season.Theflag isflown when all or to send yourcommentsabout thisbeach
Never swim alone or after food or alcohol.
29 of the criteriaare being met
please contact ENCAMS Seaside Awards Take note of the following hazards(None
office, Norwich.
listed).
Rural beaches
are quieter and are oftenmoreremotethan Managementand cleanliness Red:Danger no
resortbeaches.Theywill not havethe same Dogs bathing
rangeof fadlrties as resort beaches and may Dogsmaybe banned fromcertain areas
allow dogs.Theflag isflown when all13 of of this beach from May 1 to September 30. Orangeand Yellow
the criteriaare being met Special bins are provided for dog refuse on area patrolled by
alladjacent areas where dogs shouldbe
Billowness Anstruther kept on a leashat alltimes
Fife Coundl Darkgreen and
Litter
lightgreen: surfing
Litter bins are providedat regularintervals
area
Rural categorySeasideAward 2003 alongthe seafront PLEASE DISPOSE OFYOUR
This beach has reached the standards
necessary for this award of distinction.
Itfulfils 13 criteria under the following general
LITTER CAREFULLY.
Vehicles
a No inflatables
13 May 2003 Poor standard Excellent standard: the samplemet European Union Guideline
5 June 2003 Excellent standard Standards: lessor equal to 500 coirrforms per 100ml of water or
10 June 2003 Good standard 100 faecalcolliforms per 100ml of water.
18 June 2003 Excellent standard Good standard:the sample met European Mandatory
23 June 2003 Excellent standard Standards: less or equal to 10000 colliforms per 100ml of water or
2 July2003 Excellent standard 2 000 faecal colliforms per 100mlof water.
8 July2003 Excellent standard Poorstandard:the samplefailed to meet European Mandatory Standards.
11 July2003 Excellent standard
Year 2000 Excellent standard Excellent standard:At least 80% of sampleswere excellent and at least 90%
Year 2001 Excellent standard of samplesmet a standardof 100streptococd per 100ml.
Year 2002 Excellent standard Good standard:At least 95% of samples are good or excellent
Poor: The good or excellent yearly standardswere not met
Testsare performed bythe Scottish Environment Protection Agency (SEPA), Edinburgh Office, Clearwater House, Heriot WattResearch ferk, Riccarton,
Edinburgh. SEPA is an independent body responsible to the Scottish Executive (ofthe Scottish Parliament).
The map of Billowness indicates the position of toilets, life saving equipment disabled access, public telephone, litter bins, dog waste bins.
More information and historical data about this beach can be found at www5epa.org.uk
Self-assessment questions (solutions available to tutors) 607
(iii) the work carried out on systems Topics for class discussion without
of internal control and opera solutions
tions;
(iv) reporting responsibilities. 15.7 A properly constituted audit committee
(b) Explain what evidence you would seek enhances the role of both external and
as external auditor to satisfy yourself internal audit. Discucs.
that you can rely on the work of the in 15.8 Assurance services provided by the external
ternal auditors. auditor, other than the audit of financial
(c) Give three examples of internal audit statements, are far more useful than the
activity that might be used by the exter latter. Discuss.
nal auditor.