Module 5 Flashcards
Internal auditing
Independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations
Internal audit function exists for one of three reasons
- Statutory requirement
- Regulatory requirement
- Management requirement
Regulatory requirements 3 sources
- Committee of Public Accounts
- Directives by Secretary of State
- Recommendations from public investigations
Management requirement
Set up by the board to gain assurance that management and control of the organisation is robust
Board requires assurance that
Risk management procedures and internal controls are effective, if gaps are identified these should be addressed
Audit committee > if internal audit function
Monitor and review effectiveness
Audit committee > if no internal audit function
Should consider whether there is a need for one
Effectiveness of internal audit acronym
PARISS
P >
Process
Internal audit plan (overall strategy) should include (4)
- Risk analysis
- Resource availability
- Management concerns
- External audit concerns
Process stages (4)
1) Plan collated into audit strategy memorandum
2) Fieldwork - samples, CAATs etc
3) Work adequately documented and reviewed
4) Findings and conclusions agreed with appropriate members of staff before released to management
Reporting format (4)
- Description of finding or weakness
- Effect (impact) of finding
- Recommendation for improvement
Followed by management comment - whether they accept and time frame for implementation
Internal audit reports distributed to (4)
- Auditees
- Senior members of organisation
- Audit committee
- External audit
Follow up actions
Final step to ensure remedial action is taken. IA should indicate importance and urgency. Can perform follow up audit to verify action has been taken if necessary
A >
(Role of) Audit Committee
AC should consider 4 factors that may increase risks faced by company
- Changes in organisational structure, reporting processes or underlying info systems
- Changes in key risks arising
- Adverse trends
- Increased incidence of unexpected or unacceptable results
To ensure effectiveness of IA function, AC should (5)
- Review and improve IA remit
- Review findings
- Assess independence
- Ensure function has necessary resources
- Ensure appropriate professional standards are met
R >
Resource and competence
Resource and competence (2)
- Should be sufficient resources
- Sufficiently competent individuals (manager member of Institute of Internal Auditors)
I >
Independence
Independence
IA’s must be independent of activities they examine to enable impartial and unbiased judgements
Independence depends on (5)
- Reporting to the audit committee
- Audit plan approval
- Appointment of internal audit manager
- Setting salaries and performance assessment
- Self-review
S 1 >
Status of IA
Status important because
Otherwise recommendations are disregarded and therefore objectives not met and is ineffective
S 2>
Standards
Internal auditing standards (4)
Institute of Internal Auditors:
- Guides adherence to mandatory elements
- Provides framework
- Establishes basis for evaluation of IA performance
- Fosters improved organisation processes and operations
IIA Attribute Standard 1312
Suggests IA function should be subject to external independent review once every five years
FRC guidance on risk management 2014 - key findings in relation to IA’s changing role (6)
- Facilitate workshops
- Provides comfort and assurance - NOT reducing fraud
- Educational role
- Training ground for new staff
- Strong relationship with AC
- Communication
Outsourcing IA
Economical for small companies
SOx required directors to
Produce internal control report
