Internal Audit Flashcards
What is Internal Audit?
An independent and objective assurance and consulting activity, designed to add value and improve an organisation’s operations.
Corporate Governance requirements
- Have an IA department (not req.-but must review need annually)
- Have an Audit Committee or Board
- Sound system of IC
- Analyse business risks and implement controls to mitigate them
What is the role of the Audit Committee?
- monitor and asses the effectiveness of IA
- approve appointment/termination of head of IA
- review and assess the IA work plan
- Monitor management responsiveness to IA reports
- Meet head of IA at least once a year without management
Limitations of IA
Limitations could arise from the LACK of:
- independence from activities subject to audit
- independent reporting line
- objectivity
- skills
- ongoing training
actions taken in response to recommendations
Nature and purpose of IA assignements
- VFM audit - the 3 E’s (ec,, efficiency & effectiveness)
- Information technology audit
- Financial internal audit
- regulatory compliance audits
- Fraud investigations
- Customer experience
- Operational audits
Advantages of outsourcing IA
- no permanent costs/time commitment
- can buy in ad-hoc services
- increased independence
- relevant skills
- increased reliability
- no requirement to train
Disadvantages of outsourcing IA
- Costs
- Limited knowledge of specific entity (lack of KOB)
- requirement to allow access to data
- independence issues if provided by external audit firm
- increased time requirement on other staff
Comparison of internal and external audit
Objective
- EA - opinion on FS in terms of true and fair
- IA - wide ranging - up to employers
Report to:
EA - S/Hs
IA - management/directors
Status:
EA - independent
IA - employee of the company or contracted to comp
Qualification:
EA - required to have recognised qualification
IA -no requirements
Liability
EA - professional liability claim (req.to have PII)
IA - no risk
Are IAs responsible for prevention and detection of fraud and error?
- Directors are responsible for prevention and detection
- IA can assist directors by assessing the effectiveness of IC systems
- existence of IA may act as deterrent
- can contribute to detection by reporting suspicions
- may be called on to investigate suspected fraud
Are EAs responsible for prevention and detection of fraud and error?
- have no responsibility for prevention
- have a responsibility to consider the risk of material misstatement in the FS due to fraud and error
- provide reasonable assurance that the FS are free of material misstatement
- responsible to detect fraud and error which has a material impact on the FS
What 3 criteria must be met for an EA to use the work of the IA?
IA must be: 1. objective 2. Competent 3. Apply systematic and disciplined approach to - planning - performing - documenting its activities, including Quality Control (QC)
How is the need for IA assessed?
- Factors that suggest increased risk or issues with IC
- Perceived need
- Stakeholders pressure
- Cost
Is IA department required in listed companies?
No
IA is encouraged and the need for it has to be reviewed regularly - this is not mandatory.