1. WHAT IS INTERNAL AUDIT?
IIA DEFINITION
“Internal auditing is an independent appraisal
activity established within an organisation as
a service to the organisation. It is a control
which functions by examining and evaluating
the adequacy and effectiveness of other
controls.”
- IIA Statement of Responsibilities
2. SAS 500 (ISA 610)
CONSIDERING THE WORK OF
INTERNAL AUDIT
Definition. “An appraisal or monitoring activity
established by management and the directors for the
review of the accounting and internal control systems
as a service to the entity.
It functions by,amongst other
things,examining,evaluating and reporting to
management and the directors on the adequacy and
effectiveness of components of the accounting and
internal control systems”
dropped “independent”
added “accounting” to IIA definition.
3. FUNCTIONS OF INTERNAL AUDIT
Review and report upon:
Control environment as a whole
The process by which risks are identified,
analysed and managed
Controls over key processes / operational and
functional
The reliability and integrity of corporate
management info
The safeguarding of assets
Compliance with relevant legislation
4. DIFFERENCES INTERNAL / EXTERNAL
AUDITORS
Internal External
Scope – determined Scope – determined
by management by statute
Approach – ensure Approach – opinion
all systems efficient on financial
provide accurate statements
management info
Responsibility –to Responsibility - to
management shareholders
5. ASSESSMENT OF INTERNAL AUDIT
ISA 610
Factors to consider:
Organisational Status – reporting line/ no
operating responsibility? etc
Scope – terms of reference
Due professional care - work planned,
reviewed, working papers etc
Technical competence – previous experience,
quality of audit reports, qualifications etc.
6. INTERNAL AUDIT ROLE – CORPORATE
GOVERNANCE
Accountability & Audit
Reviewing internal control and monitoring
Risk -assist in identifying risks and developing
models to prioritize and manage them
Organisational control – review structure of
organisation – cost/benefits of change
7. RISK MANAGEMENT – ROLE OF
INTERNAL AUDIT
Types of Risk:
Business e.g competition
Financial e.g liquidity
Compliance e.g environmental regulations
Operational e.g poor service
Need to:
Identify- method/frequency?
Assess – High /Low etc
Deal with- accept,avoid etc
Monitor
8. RISK MANAGEMENT – ROLE OF
INTERNAL AUDIT
System of Internal Control requires proper
risk management and organisational
control. Internal audit assist by:
Objective assurance on adequacy of
RM/control
Improve identification / management of
risks
Strengthening control framework
10. SAS 480 (ISA 402) SERVICE
ORGANISATIONS
Main Proposals
Planning – are outsourced activities relevant?
Document contractual terms
Effect on IR,CR and DR
Evidence – review records held by client /
monitoring procedures
Relying on reports by service organisations
auditors – Design of system or effectiveness
too?
If insufficient – qualify re scope
11. EXPERTS OF USE TO AUDITORS
Surveyors – property valuation
Geologists/ Chemists – stock or oil / gas
reserves
Solicitors – pending litigation
Actuaries – pension fund valuations
12. ISA 620 USING THE WORK OF AN
EXPERT
Need for expert depends on:
Materiality of item
Risk of misstatement
Quality/quantity of other evidence
Scope and assessment of work
Assess competence e.g. qualifications
Scope agreed – objectives,info,report
Examine assumptions and methods used
Report – compatible with other evidence,
13. FACTORS TO CONSIDER RE EXTENT
OF RELIANCE ON INTERNAL AUDIT
Organisational status of internal audit
Scope of internal audit function
Technical competence
Materiality /Risk of areas involved
Level of judgement required
Sufficiency of complementary evidence
Specialist skills of internal audit
Due professional care
level of planning /supervision of internal audit work
review working papers
review previous audit reports
14. INTERNAL AUDIT & CORPORATE
GOVERNANCE
COMBINED CODE
Going Concern
Internal Control
Directors Remuneration
TURNBULL
Internal Control
Review effectiveness of internal control
Review regular reports on internal control
Risks
Identify
Control – training, avoidance measures
Monitor
15. EXTERNAL ASSISTANCE TO MANAGEMENT
Management letter
Offer other services e.g tax,consultancy
Wider expertise – other companies in same
industry
May adopt business risk approach that can
assist management with corporate
governance responsibilities.
16. INTERNAL AUDIT – USEFUL TO
MANAGEMENT
Internal focus on risks / controls
Assist management with corporate
governance responsibilities
May accept greater responsibility than
external re fraud detection
VFM / operational audits assist in improving
efficiency
Internal audit reports more timely than
external