10. Introduction to Internal Auditing

Question 1

what may include internal audit responsibilities?

Answer 1

– performing procedures and evaluating the results to provide assurance to management regarding the design and effectiveness of risk management, internal control and governance processes
– However, internal auditing may be focused on evaluating the economy, efficiency and effectiveness of operations and, if so, its work may not directly relate to the entity’s financial reporting

Question 2

what are the objectives of the external auditor when he wants to use inernal auditors work or direct assistance?

Answer 2

– To determine whether the work of the internal audit function or direct assistance from internal auditors can be used, and if so, in which areas and to what extent
– To determine whether that work is adequate for purposes of the audit
– If using internal auditors to provide direct assistance, to appropriately direct, supervise and review their work

Question 3

What are the external auditors responsibilities for the audit?

Answer 3

The external auditor has sole responsibility for the audit opinion expressed. That responsibility is not reduced by the external auditor’s use of the work of the
internal audit function or internal auditors to provide direct assistance

Question 4

To determine if the auditor can use internal audit work what does he have to evauate?

Answer 4

• Organizational status and relevant policies and procedures that support the objectivity of the
  internal auditors
• The level of competence of the internal audit function
• Whether the internal audit function applies a systematic and disciplined approach, including
  quality control

Question 5

Using the work of internal auditing (a lot of shit.. Don’t panic VIKI)

Answer 5

– The external auditor discusses the planned use of internal auditing’s work with the
function as a basis for coordinating their respective activities (610.21)
– The external auditor obtains an understanding of the nature and extent of audit
procedures internal auditing performed and the related findings (610.22)
– The external auditor performs sufficient audit procedures on the work of internal
auditing, to determine its adequacy for purposes of the audit, including: (610.23)
 Whether it had been properly planned, performed, supervised, reviewed and documented
 Sufficient appropriate evidence had been obtained
 Conclusions reached are appropriate and reports are consistent with the results
– The nature and extent of the external auditor’s audit procedures shall be responsive
to the external auditor’s evaluation of: (610.24)
 The amount of judgment involved
 The assessed risk of material misstatement
 The extent to which the internal auditing’s organizational status and relevant policies and
procedures support the objectivity of the internal auditors
 The level of competence of the function
Including reperformance of some work

Question 6

Determine whether internal auditors can be used to provide direct assistance or purposes of the audit

Answer 6

– The external auditor may be prohibited by law or regulation from obtaining direct assistance from internal auditors. If so, the following does not apply (610.26)

– If direct assistance is not prohibited, the external auditor evaluates the existence and significance of threats to objectivity and the level of competence of the internal auditors. This includes inquiry of the internal auditors regarding interests and relationships that may create a threat to their objectivity (610.27)

Question 7

how to determine the nature and extent of work that can be assigned to internal auditors providing direct assistance

Answer 7

• The amount of judgment involved in planning and performing relevant audit procedures and
  in evaluating the audit evidence gathered
• The assessed risk of material misstatement
• The external auditor’s evaluation of the existence and significance of threats to the objectivity and level of competence of the internal auditors

Question 8

Definition of Internal Auditing IA

Answer 8

“Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization‘s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”

Question 9

schematic definition of IA

Answer 9

• Independence and Objectivity
• Assurance and Consulting Services
• Value Added
• Improvement of the organization’s operations
• Support the achievement of the organization’s objectives
• Governance, risk management, and control processes

Question 10

Explain Independence and Objectivity of internal auditor

Answer 10

• Independence
– Organizational position
– The chief audit executive must report to a level within the organization that allows the internal audit activity to fulfill its responsibilities (e.g. board of audit committee)
–> The internal audit activity must be free from interference in determining:
– The scope of internal auditing
– Performing work
– Communicating results

• Objectivity
– Impartial, unbiased attitude of internal auditors(no quaity compromises are made)
– Don’t subordinate judgement on audit matters to others
– Avoid any conflict of interest
– Disclosure of material facts, that might influence the internal auditor’s final communication of engagement results

Question 11

Internal Auditor conflict of interest can be caused by:

Answer 11

– Incentives
 The internal auditor has an economic interest
 The internal auditor is offered a position in the audited business unit
– Personal relationships
 The internal auditor is related to a close friend with an employee of the audited business unit
– Auditing of own work

Question 12

IA provide assurance services.. Explain better

Answer 12

An objective examination of evidence for the purpose of providing an independent assessment on governance, risk management, and control processes for the organization.

Question 13

IA consulting services

Answer 13

Advisory and related client service activities, the nature and scope of which are agreed with the client, are intended to add value and improve an organization’s governance, risk management, and control processes without the internal auditor assuming management
responsibility.

Question 14

Explain how IA adds value!!

Answer 14

– Internal auditors obtain insight into the organization’s activities, processes and structures
– The knowledge acquired enables internal auditors to identify operational deficiencies and potential for improvement
– Internal auditors may present effective and useful approaches for optimization to senior management and the board of directors
– By generating added value, the existence of an internal audit activity is legitimated

Question 15

How can IA improve Operations?

Answer 15

By evaluating the organization’s processes and procedures and indicating deficiencies and potential for optimization, internal auditing contributes to the continuous advancement of the organization

Question 16

IA roles in risk mgmt processes and control processes

Answer 16

Risk management processes
– The internal audit activity must evaluate the effectiveness and contribute to the improvement of risk management processes

Control processes
– The internal audit activity must assist the organization in maintaining effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement

Both regards:

• Achievement of the organization’s strategic objectives;
• Reliability and integrity of financial and operational information;
• Effectiveness and efficiency of operations and programs;
• Safeguarding of assets; and
• Compliance with laws, regulations, policies, procedures, and contracts.

Question 17

International Professional Practices Framework
(IPPF)
Two types of guidance:

Answer 17

--  Mandatory guidance
      Definition of Internal Auditing
      Core Principles
      Code of Ethics
      IIA Standards 
          - Members of the IIA and its national representatives (e.g., the IIA Switzerland, IIAS), as well as candidates for and owners of IIA certifications must comply with these parts of the IPPF

– Recommended guidance
 Implementation Guides
 Supplemental Guides

Question 18

Mission of IA (IPPF)

Answer 18

To enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight.

Question 19

Implication of failing any Core Principle of IPPF

Answer 19

Failure to achieve any of the Principles would imply that an internal audit activity was not as effective as it could be in achieving internal audit’s mission

Question 20

List of Core Principles of the Professional Practice of Internal Auditing

Answer 20

1. Demonstrates integrity.
2. Demonstrates competence and due professional care.
3. Is objective and free from undue influence (independent)
4. Aligns with the strategies, objectives, and risks of the organization.
5. Is appropriately positioned and adequately resourced.
6. Demonstrates quality and continuous improvement.
7. Communicates effectively.
8. Provides risk-based assurance.
9. Is insightful, proactive, and future-oriented.
10. Promotes organizational improvement.

Question 21

Principles of the Code of ethics of IPPF

Answer 21

The Code of Ethics consists of four principles:
– Integrity
The integrity of internal auditors establishes trust
and thus provides the basis for reliance on their judgment
– Objectivity
Internal auditors exhibit the highest level of professional
objectivity in gathering, evaluating, and communicating
information about the activity or process being examined. Internal auditors make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others in forming judgments
– Confidentiality
Internal auditors respect the value and ownership of information they receive and do not disclose information without appropriate authority
unless there is a legal or professional obligation to do so
– Competency
Internal auditors apply the knowledge, skills, and experience needed in the performance of internal audit services

Question 22

What are attribute stardards (IPPF)

Answer 22

They describe the characteristics of people and
organizations that perform internal audit
services

– Purpose, Authority, and Responsibility
– Independence and Objectivity
– Proficiency and Due Professional Care
– Quality Assurance and Improvement Program

Question 23

What are performance standards? (IPPF)

Answer 23

• They describe the responsibilities of internal
auditing and provide quality criteria to assess
the work of an internal audit activity

•    Performance standards consist of:
–   Managing the Internal Audit Activity
–   Nature of Work 
–   Engagement Planning 
–   Performing the Engagement 
–   Communicating Results  
–   Monitoring Progress
–   Communicating the Acceptance of Risk

Question 24

tell me the 3 macro phases of IA process

Answer 24

• Engagement Planning
• Performing the engagement
• Reporting and completing the engagement

more details slide 37 VL10
kristoffer gayguy

Question 25

The Chief Audit Executive (CAE) establish procedures to monitor the disposition of engagement result that include:

Answer 25

– The timeframe within which management’s response to the engagement observations and recommendations is required
– Evaluation of management’s response
– Verification of the response (if appropriate)
– Performance of a follow-up engagement (if appropriate)
– A communications process that escalates unsatisfactory responses/actions, including the assumption of risk, to the appropriate levels of senior
management or the board

Question 26

What are the CAE responsibilities in order to monitor progress of engagement

Answer 26

– The chief audit executive must establish and maintain a system to monitor the disposition of results communicated to management.

– The chief audit executive must establish a follow-up process to monitor and ensure that management actions have been effectively implemented or that senior management has accepted the risk of not taking action

Question 27

What does the CAE do when management has

accepted a level of risk that may be unacceptable to the organization?

Answer 27

The chief audit executive must discuss the matter with senior management. If the chief audit executive determines that the matter has not been resolved, the chief audit executive must communicate the
matter to the board