Chapter 7 - Internal Audit Flashcards
What is internal audit?
Independent appraisal activity established within an organisation as a service to it. It is a control which functions by examining and evaluating the adequacy and effectiveness of other controls
What is the role of internal audit?
Testing and evaluating controls
Special investigations as directed by management
Support and assist senior management in projects, some outside risk management arena
Contribute to risk identification
What is the role of risk management?
Own entire risk management process
Maintain risk register
Lead in developing risk response strategy
Provide training and development in risk management manners
What are the factors that affect the need for internal audit?
Scale, diversity and complexity of the company’s activities
Number of employees
cost/benefit
Changes in organisation structures, reporting processes or underlying MIS
Changes in key risks
Problems with existing internal control systems
Increased number of unexplained or unacceptable events
What is the scope of internal audit?
Review accounting and internal control systems
Sample testing
Compliance with law, regulations or internal policies
Special investigations
Assist in carrying out external audit procedures
Minimise risks
Economy, efficiency and effectiveness review of operations
What are the attribute standards of internal audit work?
Independence - auditors should be independent of executive management
Objectivity - auditors should be objective and avoid conflicts of interest
Professional care
What are the performance standards of internal audit work?
Managing internal audit
Risk management
Control
Governance
Internal audit work
Communicating results
What are the advantages of outsorcing internal audit?
Greater focus on cost and efficiency
Expertise
Risks of staff turnover is passed over
Specialist skills
Costs of employing permanent staff are avoided
Improve independence
Access to new market place technologies
Reduced management time
What are the disadvantages of outsourcing internal audit?
Conflict of interest
Pressure on the independence
Risk of lack of knowledge of organisation
Effectiveness
Flexibility and availability may not be as high
Lack of control
Blurring of roles
What should external auditors take into account when planning their audit?
Status of internal audit within organisation
Scope of internal audit function
Whether management act on recommendations of internal audit
Technical competence of internal auditors
Objectives of internal audit
Due professional care demonstrated in internal audit work
What are some types of audit?
Compliance audit
Transactions audit
Risk based audit
Quality audit
Post-completion audit
Value for money audit
Environmental audit
Social audit
Management audit
Systems-based audit
What is the audit process?
Agree objectives of the audit
Plan audit
Find out about systems and controls
Confirm the operation of system
Assess if controls are adequate
Test compliance with controls
Test application of controls
Review, report and recommend
What is the audit risk?
Inherent risk - amount in financial statements might be stated as a materially incorrect amount
Control risk - existing controls are not sufficient
Detection risk - auditors test will not reveal a materially incorrect amount
What are some types of audit testing?
Compliance testing
Substantive testing
Analytical testing
What is included in the audit report?
Objectives of audit work
Summary of process undertaken by auditor
Results of tests carried out
Audit opinion
Recommendations for action
What are the problems of auditing computer systems?
Concentration of controls in IT department
Lack of primary records
Encoded data
Loss of audit trail
Overwriting of data
Program controls
