IS Audit Function Knowledge

IS Internal Audit Definition

Internal Audit is:
An independent, objective assurance and consulting activity
designed to:
Add value and
Improve an organizations operations
It helps an organization accomplish its objectives by:
Bringing a systematic, disciplined approach to
Evaluate and improve the effectiveness of:
Risk management
Control and
Governance processes.
Main Objectives
Express an opinion
Interpret factual evidence
Make constructive and cost-effective suggestions
Presented in a report
Additional objectives
Discovery of errors
Discovery of fraud
Scope of Internal Audit
Review reliability and integrity of financial and operating
information
Review means used to identify, measure, classify, and report
such information
Review systems to determine compliance with policies,
plans, procedures, laws, and regulations
Review the means of safeguarding assets
Appraise economy and efficiency of resource utilization
Review operations or programmes to ascertain
whether results are consistent with published objectives and
are being carried out
Target Areas (1)
Examine and appraise management aspects of the
organization
Independence required
Within the normal organizational structure
Examines management's:
Goals
Policies
Decisions
Standards
Procedures
Controls
Perform special assignments as requested
Report to management
Target Areas (2)
Examine and appraise the administrative and financial
aspects
Strengthening systems and controls
Adequacy
Application
Review reliability of records
Assist directly in uncovering fraud and errors
Assist indirectly in preventing fraud and errors
Ensure compliance with policies
Ensure compliance with statute
Ensure adequate reporting takes place
Why have Internal Audit?
Provides management with an independent opinion on the state of
Internal Control
Assures management that information presented to them is:
Consequent
Uniform
Standardized
Chances of detecting fraud and errors is increased
Enables management's evaluation of Internal Audit itself
Assists the auditee get better
Internal Audit is
Separate from normal operations
A staff (personnel) function
No line authority
Recommend not instruct
Objective due to distance from operations
Reporting to a high enough level to maintain independence
What and When to Audit?
Depends on Risk
Financial loss
Public embarrassment
Industrial Action
Fraud
Risk measurement
Cost of and event times likelihood of occurrence
May be mitigated by good internal control
May be exacerbated by poor internal control
Risk may be
Accepted
Reduced
Transferred
NOT ignored
Control Responsibility
Management's Job
Planning
Establishing objectives and goals
Choosing preferred methods of utilizing resources
Organizing
Gathering the required resources
Arranging them in such a way that the objectives may be
attained
Directing
Authorizing, instructing, and monitoring performance
Periodically comparing actual to planned performance
Leading
Control
Audit Responsibility
Evaluation of controls
Testing compliance with controls
Not
Designing controls
Implementing controls
Internal Audit Place, Role,
and Function
Place of the Internal Audit Function
Independence
Role and function of Internal Audit
Role of Audit Committees
Internal Audit Definitions
Place of the Internal Audit
Function
Organizational Status
Influenced by
Level of responsibility of work undertaken
Importance of work undertaken
Value attached by management
Level of Internal Audit Reporting
Accessibility to top management
Sufficient to promote independence
Ensure full scope auditing
Ensure adequate attention given to audit
reporting
Ensure appropriate action taken on findings
Place of the Internal Audit
Function
Organizational Plan
Grouping together by management of resources to achieve
a logical flow of action
To achieve audit independence
Audit grouped separately
Outside of the chain of command
Reporting independently
Audit Reporting
May be to
Top Executive Management
May lead to distrust by others
May lead to a lot of non-audit activities
Chief Executive Officer
Less threatening but good independence
Problems of access
Financial Director
Traditional reporting structure - can work well
May be a problem with other departments
Audit Committee
Audit Committee
Committee of persons with specialized knowledge
Link executive management / external audit / internal
audit
Should:
Consist of a majority of non-executive directors
Meet regularly - minimum four times a year
Not be chaired by the chief executive
Approves audit plans and receives audit reports
Recommended by all Corporate Governance studies
Not present in all companies
Dual Reporting
Common solution
Functional reporting to the Audit Committee
Administrative reporting to the Chief Executive
Possible problems
Being pulled in two directions
Possibly open to manipulation
Audit undertaking line functions