Ch.A, Topic 1: Define and Break Down the Definition of Internal Auditing Flashcards
Definition of Internal Auditing
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization to accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
Internal Audit Activity Defined (standards glossary)
a department, division, team of consultants, or other practitioners that provides independent, objective assurance and consulting services designed to add value and improve an organization’s operations
Internal auditing activities are often referred to with the acronym
GRC (governance, risk, and control)
Effective internal auditors serve as an organization’s…
corporate conscience and advisers for operational efficiency, internal control, and risk management.
Effective internal auditors educate and make recommendations to…
management and the board of directors (&/or other governance oversight bodies) to support the organization in meeting its goals and objectives.
To be effective, internal auditors must demonstrate the following characteristics:
Professionalism Objectivity Knowledge Integrity Leadership
All stakeholder confidence in auditors’ work rests on this foundation:
Organizational independence and individual objectivity. These form the foundation of internal auditing.
Chief Audit Executive (standards glossary)
“a person in a senior position responsible for effectively managing the internal audit activity in accordance with the internal audit charter and the Definition of Internal Auditing, the Code of Ethics, and the Standards.”
Organizational Independence Exists if the CAE:
- Reports FUNCTIONALLY to the board
- Has direct and unrestricted access to the board.
- Reports ADMINISTRATIVELY to the CEO or similar head of the organization or to some other organizational level so long as the IA activity controls the scope of work, the performance of the work, and the reporting of results without interference.
Stakeholders need to know internal auditors can review:
any area of the organization without being biased themselves or unduly influenced by others.
Objectivity requires internal auditors to:
avoid a conflict of interest of the appearance thereof.
Consulting expands the role of Internal Auditing into areas of:
Value added advice and suggestions related to future-oriented decisions.
What would compromise auditors independence when providing advice or suggestions in consulting engagement:
If the auditor had the power to make any decisions themselves or the appearance of having the power to make decisions themselves.
Governance (standards glossary)
“combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization toward the achievement of its objectives.”
Internal Auditor’s can help ensure organization has 3 things:
- Proper “tone at the top.”
- Proper management and operating methodology
- ethics and integrity
Internal Auditor’s can ensure risk taking is truly
within the organization’s risk appetite in the organization’s ability to take risks (sufficient cash reserves and flow) and boards stated willingness to assume risks in specific areas.
What are 3 interconnected activities for an enterprise:
Risk, Control, and Governance (RCG). Successful organizations don’t choose one over another. Recognize powerful interplay and benefits of the 3.
Risk Control and Governance Determine an organizations…. activities support
ability to succeed in its marketplace…..healthy interactions with stakeholders.
Risk, Control, and Governance activities require that an internal auditor is
proficient in each of the three activities. Must evaluate and contribute to the improvement of risk management, control, and governance systems.
IIA is committed to a broad view of IA that includes
consulting as well as assurance and that focuses on helping management meeting organizational objectives rather than only traditional attestation of FC statements. ~ Value Added Activities.
IIA Standard 1110 states that the CAE must
confirm to the board, at least annually, the organizational independence of the internal audit activity.
Internal auditors must be proficient in each of the three activities….
Managing risk
Maintaining effective internal controls
Assess and make recommendations for improving governance in accomplishing it’s objectives.
Help an Organization Manage Risk by (3):
- Identify & evaluate significant exposure to risk
- contribute to improvement of risk mgmt and control systems.
- Monitor and evaluate the risk mgmt system
IA Activity MUSTS determine the best way to accomplish the activities in these 3 areas.
Help organization maintain effective internal controls by (2):
- Evaluate the effectiveness and efficiency of controls.
2. Promote the continuous improvement of the control environment.
