Ch.B, Topic 2: Maintain Independence and Objectivity

Question 1

Internal auditors are responsible for assuring that…

Answer 1

the controls in place are adequate to mitigate the risks to achieve the organization’s objective.

Question 2

Independence (std)

Answer 2

“the freedom from conditions that threaten the ability of the internal audit activity to carry out internal audit responsibilities in an unbiased manner.

Question 3

Objectivity (std)

Answer 3

“an unbiased mental attitude that allows internal auditors to perform engagements in such a manner that they believe in their work product and that no significant quality compromises are made. Objectivity requires that internal auditors do not subordinate their judgment on audit matters to others.”

Question 4

Attribute Standard 1100 Independence and Objectivity

Answer 4

IA activity MUST be independent, and internal auditor’s MUST be objective in performing their work.

Question 5

Attribute standard 1110 Organizational Independence

Answer 5

The CAE MUST report to a level within the organization that allows the internal audit activity to fulfill its responsibilities. The chief audit executive MUST confirm to the board, at least annually, the organizational Independence of the internal audit activity.

Question 6

Implementation Standard 1110.AI (Assurance Engagements)

Answer 6

IA activity MUST be free from interference in determining the scope of internal auditing, performing works, and communicating results.

Question 7

Attribute Standard 1111 “Direct Interaction With the Board”

Answer 7

The Chief audit executive MUST communicate and interact directly with the Board.

Question 8

Attribute Standard 1120 Individual Objectivity

Answer 8

Internal auditor’s MUST have an impartial, unbiased attitude and avoid any conflict of interest.

Question 9

Attribute Standard 1130 Impairment to Independence or Objectivity

Answer 9

If independence of objectivity is impaired in fact or appearance, the details of the impairment MUST be disclosed to appropriate parties. The nature of the disclosure will depend on the impairment.

Question 10

Implementation standard 1130.A1 (Assurance Engagement)

Answer 10

Internal auditor’s MUST refrain from assessing specific operations for which they were previously responsible. Objectivity is presumed to be impaired if an internal auditor provides assurance services for an activity for which the internal auditor had responsibility for within the previous year.

Question 11

Implementation Standard 1130.A2 (Assurance Engagement)

Answer 11

Assurance engagements for functions over which the CAE has responsibility must be overseen by a party outside the internal audit activity.

Question 12

Implementation Standards 1130.C2 (Consulting Engagements)

Answer 12

If Internal auditors have potential impairments to independence or objectivity relating to proposed consulting services, disclosure MUST be made to the engagement PRIOR to accepting the engagement.

Question 13

CAE Dual Reporting Relationship

Answer 13

Functionally to the Board
Administratively (directly) to organizational senior management
Functionally to the audit committee or its equivalent

Question 14

Functional reporting

Answer 14

Provides ultimate source of independence and authority. Organizational independence effectively achieved when CAE reports functionally to the board.

Examples: approving the 1) IA charter, 2) risk based IA plan, 3) IA budget and resources plan. Receiving communications from CAE on IA activity’s performance relative to plan. Approve decisions to appoint or remove CAE. Approving salary of CAE. Make appropriate inquiries of mgmt and CAE to determine whether there are INAPPROPRIATE scope or resource limits.

Question 15

Administrative Reporting

Answer 15

facilitates the day to day operations of the IA functions.

Budgeting and mgmt accounting, HR administration inc. personnel evaluations and compensation. IA communications and information flows. Administration of the IA activity’s policies and procedures.

Question 16

Reporting Relationships

Answer 16

The CAE SHOULD monitor reporting relationship. Any situation that impedes independence and effective operations of the IA function should be brought to the attention of the audit committee or it’s equivalent.

Because all organizations are different sizes, types etc… there is no one size fits all for reporting relationships.

Question 17

To ensure the IA activity is properly aligned to achieve organizational independence, CAE can:

Answer 17

Have regular and direct communication with the Board.

DC: occurs when CAE regularly attends and participates in board meetings related to auditing, financial reporting, organizational governance, and control.

CAE SHOULD meet privately with board at least annually.

Question 18

the individual the CAE reports to at SR mgmt level SHOULD have

Answer 18

sufficient authority and stature to ensure the effectiveness of the IA function. Appropriate control and governance mindset to assist the CAE in his or her role. Should understand the nature of the functional relationship and support it.

Question 19

Three ways CAE can ensure IA activity is properly aligned to achieve organizational independence:

Answer 19

1. Have regular and direct communications with the board.
2. Report to an individual at the SR mgmt level with sufficient authority to promote independence and ensure broad audit coverage.
3. Report directly to the audit committee or equivalent.

Question 20

Internal Auditors should have no Personal or Professional involvement with or allegiance to:

Answer 20

the area being audited and should maintain an unbiased and impartial mindset in regard to all engagements. (objectivity)

Question 21

Ways to promote objectivity through policies:

Answer 21

1) IA shouldn’t have operational responsibility or assurance review of activity they had responsibility for in last 12 months or for a significant period of time.
2) IA shouldn’t let others opinions be more important than their judgment on audit matters.
3) IA should perform engagements in a way that they honestly believe no significant quality compromises were made.
4) IA shouldn’t be in a position feeling like they are unable to make objective professional judgments.
5) staff assignments should be made so potential and actual conflicts of I are avoided.
6) Someone independent of the engagement should review results of engagement prior to communications.

Question 22

Ongoing Assessment of Individual Objectivity:

Answer 22

policies can’t provide TOTAL reassurance of objectivity. Ongoing assessment can help to ensure objectivity hasn’t been compromised during engagement.

Best Practice to confirm work has been done objectively: CAE or other supervisory individual to review results of IA work before related engagement comms are released.

Question 23

Best practices for perpetuating individual objectivity include:

Answer 23

1) CAE should periodically query the iA staff about potential conflicts of I and bias.
2) IA staff assignments should rotate periodically whenever practical.
3) IA shound’t accept a fee, gift or entertainment from ee, cliient, customer, supplier, or business associate.

Question 24

Objectivity must be maintained in both

Answer 24

fact and appearance. promo items with insignificant value are ok. lunch paid by someone else is ok too. has to be reasonable.

Question 25

“Conflict of Interest” is:

Answer 25

Any relationship that is, or appears to be, not in the best interest of the organization. A conflict of interest would prejudice an individual’s ability to perform his or her duties and responsibilities objectively.

Question 26

“Impairments to Organizational independence and individual objectivity may include…” (STDS)

Answer 26

personal conflict of interest, scope limitations, restrictions on access to records, personnel, and properties, and resource limitations (funding).

Question 27

Practice Advisory 1130-1 Impairment to independence and objectivity states:

Answer 27

IA are to report to the CAE any situations in which an actual or potential impairment to independence or objectivity may be reasonably inferred or if they have questions if a situation constitutes an impairment to objectivity or independence.. If CAE determines impairment exists or may be inferred, CAE needs to reassign the auditors.

Question 28

Scope Limitation:

Answer 28

A scope limitation is restriction placed on audit activity that precludes the activity from accomplishing it’s objectives and plans. May restrict the 1) scope identified in Internal Charter, 2) IA activity’s access to records, personnel, and physical properties relevant to completion of engagement 3) approved engagement work schedule 4) performance of necessary engagement procedures 5) Approved staffing plan and financial budget.

Scope limitation, along with potential effect, needs to be communicated (preferably in writing) to the Board.