Ch.B, Topic 2: Maintain Independence and Objectivity Flashcards
Internal auditors are responsible for assuring that…
the controls in place are adequate to mitigate the risks to achieve the organization’s objective.
Independence (std)
“the freedom from conditions that threaten the ability of the internal audit activity to carry out internal audit responsibilities in an unbiased manner.
Objectivity (std)
“an unbiased mental attitude that allows internal auditors to perform engagements in such a manner that they believe in their work product and that no significant quality compromises are made. Objectivity requires that internal auditors do not subordinate their judgment on audit matters to others.”
Attribute Standard 1100 Independence and Objectivity
IA activity MUST be independent, and internal auditor’s MUST be objective in performing their work.
Attribute standard 1110 Organizational Independence
The CAE MUST report to a level within the organization that allows the internal audit activity to fulfill its responsibilities. The chief audit executive MUST confirm to the board, at least annually, the organizational Independence of the internal audit activity.
Implementation Standard 1110.AI (Assurance Engagements)
IA activity MUST be free from interference in determining the scope of internal auditing, performing works, and communicating results.
Attribute Standard 1111 “Direct Interaction With the Board”
The Chief audit executive MUST communicate and interact directly with the Board.
Attribute Standard 1120 Individual Objectivity
Internal auditor’s MUST have an impartial, unbiased attitude and avoid any conflict of interest.
Attribute Standard 1130 Impairment to Independence or Objectivity
If independence of objectivity is impaired in fact or appearance, the details of the impairment MUST be disclosed to appropriate parties. The nature of the disclosure will depend on the impairment.
Implementation standard 1130.A1 (Assurance Engagement)
Internal auditor’s MUST refrain from assessing specific operations for which they were previously responsible. Objectivity is presumed to be impaired if an internal auditor provides assurance services for an activity for which the internal auditor had responsibility for within the previous year.
Implementation Standard 1130.A2 (Assurance Engagement)
Assurance engagements for functions over which the CAE has responsibility must be overseen by a party outside the internal audit activity.
Implementation Standards 1130.C2 (Consulting Engagements)
If Internal auditors have potential impairments to independence or objectivity relating to proposed consulting services, disclosure MUST be made to the engagement PRIOR to accepting the engagement.
CAE Dual Reporting Relationship
Functionally to the Board
Administratively (directly) to organizational senior management
Functionally to the audit committee or its equivalent
Functional reporting
Provides ultimate source of independence and authority. Organizational independence effectively achieved when CAE reports functionally to the board.
Examples: approving the 1) IA charter, 2) risk based IA plan, 3) IA budget and resources plan. Receiving communications from CAE on IA activity’s performance relative to plan. Approve decisions to appoint or remove CAE. Approving salary of CAE. Make appropriate inquiries of mgmt and CAE to determine whether there are INAPPROPRIATE scope or resource limits.
Administrative Reporting
facilitates the day to day operations of the IA functions.
Budgeting and mgmt accounting, HR administration inc. personnel evaluations and compensation. IA communications and information flows. Administration of the IA activity’s policies and procedures.
Reporting Relationships
The CAE SHOULD monitor reporting relationship. Any situation that impedes independence and effective operations of the IA function should be brought to the attention of the audit committee or it’s equivalent.
Because all organizations are different sizes, types etc… there is no one size fits all for reporting relationships.
To ensure the IA activity is properly aligned to achieve organizational independence, CAE can:
Have regular and direct communication with the Board.
DC: occurs when CAE regularly attends and participates in board meetings related to auditing, financial reporting, organizational governance, and control.
CAE SHOULD meet privately with board at least annually.
the individual the CAE reports to at SR mgmt level SHOULD have
sufficient authority and stature to ensure the effectiveness of the IA function. Appropriate control and governance mindset to assist the CAE in his or her role. Should understand the nature of the functional relationship and support it.
Three ways CAE can ensure IA activity is properly aligned to achieve organizational independence:
- Have regular and direct communications with the board.
- Report to an individual at the SR mgmt level with sufficient authority to promote independence and ensure broad audit coverage.
- Report directly to the audit committee or equivalent.
Internal Auditors should have no Personal or Professional involvement with or allegiance to:
the area being audited and should maintain an unbiased and impartial mindset in regard to all engagements. (objectivity)
Ways to promote objectivity through policies:
1) IA shouldn’t have operational responsibility or assurance review of activity they had responsibility for in last 12 months or for a significant period of time.
2) IA shouldn’t let others opinions be more important than their judgment on audit matters.
3) IA should perform engagements in a way that they honestly believe no significant quality compromises were made.
4) IA shouldn’t be in a position feeling like they are unable to make objective professional judgments.
5) staff assignments should be made so potential and actual conflicts of I are avoided.
6) Someone independent of the engagement should review results of engagement prior to communications.
Ongoing Assessment of Individual Objectivity:
policies can’t provide TOTAL reassurance of objectivity. Ongoing assessment can help to ensure objectivity hasn’t been compromised during engagement.
Best Practice to confirm work has been done objectively: CAE or other supervisory individual to review results of IA work before related engagement comms are released.
Best practices for perpetuating individual objectivity include:
1) CAE should periodically query the iA staff about potential conflicts of I and bias.
2) IA staff assignments should rotate periodically whenever practical.
3) IA shound’t accept a fee, gift or entertainment from ee, cliient, customer, supplier, or business associate.
Objectivity must be maintained in both
fact and appearance. promo items with insignificant value are ok. lunch paid by someone else is ok too. has to be reasonable.