Nature of Internal Auditing

The IIA defines internal auditing as

follows:

 An independent, objective assurance and consulting

activity designed to add value and improve an
organization’s operations.

 It helps an organization accomplish its objectives by

bringing a systematic, disciplines approach to
evaluate and improve the effectiveness of risk
management, control, and governance processes.

1
Nature of Internal Auditing
Public policy considerations have also contributed to the
improved status and broadened scope of internal
auditing:

Under the Foreign Corrupt Practices Act “ organizations

are expected to maintain reasonable detailed and
accurate accounting records and a reasonably effective
system of internal auditing control”.

Moreover, public companies should preferable have an

internal audit activity and an audit committee
composed of non-management directors.

2
 Internal Audit Function
 Modern internal auditing evolved to assist the
organization regarding the following, among
other things:
 Identifying and evaluating significant exposures to risk and
contributing to the improvement of risk management and
control systems
 Evaluating the adequacy and effectiveness of controls
encompassing the organization’s governance, operations,
and information systems and the promotion of their
continuous improvement (assurance that there is reasonable
controls over day to day operations)
 Evaluation (not assuring) the reliability and integrity of
financial and operational information

3
 Internal Audit Function
 Evaluating the effectiveness and efficiency of operation
 Evaluating risk exposures relating to governance , operations
and information systems regarding the Safeguarding of
assets (But not safeguarding, internal auditor does not
perform but only evaluate)
 Evaluating (not assuring) compliance with laws,
regulations, and contracts
 Determining the extent to which operating and program
objectives and goals have been established in conformity
with those of the organization
 Reviewing operations and programs to determine whether
results are consistent with objective and goals

4
 Internal Audit Function
 Ascertaining whether management has
established adequate control criteria to evaluate
the accomplishment of objectives and goals
 Contributing to the governance process by
evaluating and improving the process by which
values and goals are established and
communicated, accomplishment of goals is
monitored, accountability is ensured, and values are
preserved
 Communicating engagement results promptly and
monitoring the disposition of those results

5
 Internal Audit Function
 Preventing and detecting fraud but not
assuring that fraudulent activities will be
detected
 Coordinating activities and sharing
information with other internal and external
providers of assurance and consulting
services, such as the external auditor

6
 Independence and Objectivity

Internal auditing serve as an independent, objective assurance

and consulting activity that adds value to operations

7
 Independence
 Internal auditors are independent when:

 they can carry out their work freely and

objectively
 Independence permits internal auditors to
render impartial and unbiased judgments
and is achieved through organizational
status and objectivity

8
 Independence

 According to Standard 1170, the chief

audit executive (CAE) should report to a
level within the organization that allows
the IAA to fulfill its responsibilities.

9
 Independence
 Internal auditors should have the support of
senior management and of the board so that
they can gain the cooperation of engagement
clients and perform their work free from
interference.
 The CAE should be responsible to an individual
in the organization with sufficient authority to
promote independence and to ensure broad
engagement coverage, adequate consideration
of engagement communications, and appropriate
action on engagement recommendations.

10
 Independence
 Ideally, the CAE should report functionally to the
audit committee, board of directors, or other
appropriate governing authority, and administratively
to the chief executive officer of the organization.
 The CAE should have direct communication with the
board, etc. Regular communication helps assure
independence and provides a means for the board
and the CAE to keep each other informed on matters
of mutual interest.
 Independence is enhanced when the board concurs
in the appointment or removal of the CAE.

11
 Independence
 Independence is not impaired by internal auditor’s:
• Reduction of the scope of an engagement due to budget
restrictions
• Participation on a task force that recommends standards for
control of a new distribution system
• Review of a purchasing agent’s contract drafts prior to their
execution
• Recommending standards of control for a new information
system application
• Performing reviews (not drafting) of procedures for a new
computer application before it is installed

12
 Objectivity
 Is an independent mental attitude that
internal auditors should maintain in
performing engagements.
 Internal auditors are not to subordinate
their judgment on engagement matters to
that of others.

13
 Objectivity
• Objectivity requires internal auditors to perform engagement
in such a manner that they have an honest belief in their work
product and that no significant quality compromises are
made.
• Internal auditors are not to be placed in situations in which
they feel unable to make objective professional judgments.
• Staff assignments should be made so that potential and actual
conflicts of interest and bias are avoided. The chief audit
executive should periodically obtain from the internal
auditing staff information concerning potential conflicts of
interest and bias. Staff assignments of internal auditors
should be rotated periodically whenever it is practicable to do
so.

14
 Objectivity
• The results of internal auditing work should be
reviewed before the related engagement
communications are released to provide
reasonable assurance that the work was performed
objectively
• It is unethical for an internal auditor to accept a
fee or gift from an employee, client, customer,
supplier, or business associate

15
 Objectivity
 Internal auditors should not assess specific
operations for which they were previously
responsible.
 Objectivity is presumed to be impaired if an
auditor provides assurance services for an activity
for which they had responsibility within the
previous year.

16
 Objectivity
• Internal auditors should not assume operating
responsibilities. If senior management directors
internal auditors to perform non-audit work, they are
not functioning as internal auditors.
• At any time that assigned activities involve the
assumption of operating authority, objectivity is
presumed to be impaired with respect to that activity.

17
 Objectivity
• Persons transferred to or temporarily engaged by the
IAA should not be assigned to audit those activities
they previously performed until a reasonable period of
time (at least one year) has elapsed. Such assignments
are presumed to impair objectivity
• The internal auditor’s objectivity is not adversely
affected when the auditor recommends standards of
control for systems or reviews procedures before they
are implemented.
• The auditor’s objectivity is considered to be impaired if
the auditor designs, installs, drafts procedures for, or
operates such system.

18
 Objectivity
• The occasional performance of nonaudit work by the
internal auditor, with full disclosure in the reporting
process, does not necessarily impair independence.
• However, careful consideration is required by
management and the internal auditor to avoid adversely
affecting the internal auditor’s objectivity

19
 The Charter
• The purpose, authority, and responsibility of the IAA
should be defined in a written charter.
• The CAE should seek approval of the charter by senior
management as well as acceptance by the board, audit
committee, or appropriate governing authority (this is
the most effective way to assure the freedom of
internal audit activity).
• The charter should:
– establish the IAA’s position within the organizations;
– authorize access to records, personnel, and physical
properties relevant to the performance of enjoyments; and
– define the scope of internal audit activities

20
 Types of Services
 Internal auditors provide an expanding
array of assurance and consulting
services.
 The remainder of this subunit describes
some of these services.

21
 Types of Services

Categories of Internal Audit Services

Financial Compliance Operational

22
 Types of Services

Financial

The analysis of the economic activity

of an entity
as measured and reported by
accounting methods

23
 Types of Services

Compliance

The review of both

financial and operating controls and transactions
to see how well they conform with
established laws, standards, regulations, and procedures

24
 Types of Services

Operational

The comprehensive review of

the varied functions within an enterprise to
appraise the
efficiency and economy of
operations and
the effectiveness with
which those functions achieve their objectives

25
 Types of Engagements

Engagements

Engagements Engagements Engagements

at the at the at the
Organizational Functional Cycle
level level level

26