The document discusses the roles and responsibilities of internal auditors and audit committees. It notes that internal auditors review controls, compliance, operations, and risks. They ensure controls are working properly and in accordance with laws and regulations. The audit committee oversees the internal audit function and monitors financial reporting, controls, and compliance. It reviews internal and external audit reports and the company's internal control statement. The committee helps provide assurance to shareholders that risks are adequately managed and controls are functioning effectively.

1. Audit & compliance

3. Role of internal auditorReview acs & I.C.SAssist with identification of significant risksReview 3 E’s of operations- VFM auditExamine financial & operating informationSpecial investigations , e.g suspected fraudReview compliance with laws & external regulations

4. Financial auditOperational auditProject auditVFM auditSocial & environmental auditMgmt auditI.A looks at controls - PAPAMOSSTypes of audit work

5. Need for I.AI.A is a mgmt control- PAPA(M)OSSI.A review effectiveness of other controls in the org.Ensure controls are working properlyI.A is also often a statutory requirementGood corporate governance may also suggest an I.A deptI.A is 100% audit – VFM auditChief internal auditor is in charge of the dept and reports to the audit committee.

6. Need for I.AFactors affecting the need for I.AScale & complex operationsNo of employeesCost benefit analysisChange in: org structure, reporting process or Mgmt.Info.SysChange in key risks- change in PESTEL factorsProblems with existing ICSUnexplained / doubtful txns

7. Need for I.APer Turnbull report:In absence of I.A function , mgmt needs to find other monitoring process.

8. To reassure the BOD that ICS are working properly

9. BOD will assess whether procedures provide sufficient & objective assurance.INDEPENDENCEAuditor independenceIndependent objective assurance activityEnsure activity is carried out objectivelyI.A must be independent and must be seen as independent Independence is achieved by having a structure within which I.A workIndependence assured by I.A following ethical & work stds

10. INDEPENDENCERisks if No IndependenceFailure to report control breachesAccepting info without checkingNo professional skepticismBlind on unethical mattersGive undeserved positive feedback

11. INDEPENDENCEThreats to independenceThreat to independence is when the opinion of the auditor is doubted.Threats can be either REAL or PERCEIVEDACCA code of ethics : Self interest Familiarity Advocacy Self review Intimidation

12. INDEPENDENCEOther measures to protect independenceAttribute standards :

13. Deal with characteristics of the org

14. Deal with parties performing Int Audit

15. Performance stds

16. Describe nature of Int Audit activities

17. Provide quality criteria for evaluating I.A servicesAttribute stds for internal auditIndependenceI.A should be independent .Head of I.A should be accountable to people who wont undermine his/her independenceThere should be no interference when deciding about scope of work, when performing the work & when reporting findings.ObjectivityI.A should be free from bias- objective – rely on facts only.Impartial attitude – avoid conflict of interests.Professional careProfessional care & competenceKnowledge of key IT risks & CAATs

18. Performance standards for internal auditManaging internal auditHead I.A manages IA activity to add value to the org

19. Head IA : establish risk based plans, decide on work priorities, is consistent with org’s objectives.

20. Review IA plan annually

21. Head I.A submit plans to senior mgmt & BOD for approval

22. No interference of senior mgmt in the work of I.ARisk managementI.A identify & evaluate significant risk exposure

23. I.A contribute to improvement of risk mgmt & ICS

24. Evaluate risk exposure relating to : governance , ops , information sys.