Chapter 8 - Internal auditors’ roles and responsibilities. After completing this chapter, students will be able to: Understand the importance and value-added nature of the internal audit function, review the qualities of an effective internal audit department, discuss the role of internal auditors as assurance providers and consultants,...
Trang 1Internal Auditors’ Roles and Responsibilities
Chapter VIII
Trang 2Chapter Objectives:
• Understand the importance and value-added nature of the internal audit function.
• Review the qualities of an effective internal audit department.
• Discuss the role of internal auditors as assurance providers and consultants.
• Review the trends of the internal auditing profession.
• Discuss the relationship of internal audits and the audit committee.
• Analyze the determinants of an effective internal audit.
• Discuss the professional practices framework (PPF) adopted by The Institute of Internal Auditors (IIA).
• Promote the best practices and internal audit framework.
Trang 3Key Terms
Chief audit executive (CAE)
Committee of Sponsoring Organizations of the Treadway Commission (COSO)
Foreign Corrupt Practices Act (FCPA) of 1977
Institute of Internal Auditors (IIA)
Standards for the Professional
Practice of Internal Auditing (SPPIA)
Trang 4Internal Auditing Function and
Corporate Governance
Comparison of Internal Audit (Pre- and Postcorporate Governance
Reforms)
Trang 5Internal Auditors as Assurance
Providers
Assurance reports on these measures are currently voluntary, except for the audit report on economic measures (four basis
financial statements), but internal auditors are well-trained and positioned
to provide numerous assurance services
Internal auditors, in addition to these voluntary assurance services, can assist external auditors in their integrated audit of internal controls and financial statements (PCAOB Auditing Standard (AS) No 2, superseded
Trang 6Internal Auditors as Consultants
Internal auditors can provide a variety of consulting services to the company’s board of directors, the audit committee, management, and other personnel at all levels
1) Consulting services to the board of directors and audit committee.
2) Consulting services to management.
3) Internal auditor training services.
Trang 7Trend and Relevance of Internal
Auditors
1. The Foreign Corrupt Practices Act (FCPA) 1977
2. COSO Report of the National Commission on Fraudulent Financial Reporting (1987)
3. The IIA redefined internal auditing in 1999
4. SOX Sections 302 and 404 (keep in mind that SOX does not directly address internal auditor responsibilities or internal audit function.)
5. The PCAOB in its AS No 2
Trang 8Authorities and Responsibilities of Internal Auditors
The internal audit function should have (1) full and free access to the company’s audit committee; (2) unrestricted access to the company’s records, documents, property, and personnel; and (3) authority to discuss initiatives, policies, and procedures regarding risk assessment, internal controls, compliance, financial reporting, and governance processes with management and other corporate governance participants
Trang 9Internal Audit Outsourcing
The decision of whether to establish and maintain an internal audit function
or outsource the function should be made by the company’s board of directors and its representatives
The SEC rule permits internal audit outsourcing to the client’s independent auditor in the following areas:
1 Operational internal audits that are not related to internal accounting controls, financial systems, or financial statements
2 Nonrecurring assessment of discrete items or other programs unrelated to outsourcing of the internal audit function
Trang 10Audit Committee Relationship
with Internal Audit
The audit committee can contribute to the success of internal auditors and the achievement of their value-added activities by ensuring that they have
1 Sufficient independence from management by reporting to and being held accountable to the audit committee
2 Adequate resources, competence, and focus to assess the company’s operational efficiency, internal control effectiveness, ERM, and reliability of financial reports
3 Proper knowledge of the company’s corporate governance, internal control, financial reporting, and audit activities
4 The mechanisms and confidence to bring forward controversial financial reporting issues
5 A process for communicating directly with the company’s audit committee on a regular and timely basis
6 Access to the audit committee to discuss concerns related to management activities, financial reporting risk, and fraudulent financial reporting
7 Audit committee approval of the budget and staffing of the internal audit function.
Trang 11Internal Auditor’s Role in Internal Control
Section 404 Compliance
Trang 12IIA’s Attribute Standard Institute of Internal Auditors
Trang 13IIA’s Performance Standards Institute of Internal Auditors
Trang 14Code of Ethics Institute of Internal Auditors
Trang 15Institute of Internal Auditors
Trang 16Determinants of the Effective
Internal Auditor
Internal Auditors are striving to fulfill their responsibilities by using the best practices PricewaterhouseCoopers suggests that internal auditors’ best practices should include the following:
• Build an adequate internal audit staff to support the needs of business
• Structure the internal audit function on a fluid and flexible framework
• Design an enterprise wide risk-based audit program
• Broaden audit scope to address third-party and vendor risk
• Combat fraud by advocating ethical conduct throughout the organization
• Manage information systems risk proactively
Trang 17Four-phase plan suggested by PCW:
Phase 1: Project planning consisting of establishing specific
internal audit objectives in line with stakeholder expectations.
Phase 2: Value-driver identification, including gathering information about value drivers of internal audit.
Phase 3: Current state assessment consisting of reviews and
analysis of internal audit core processes, benchmarks, and best
practices
Phase 4: Solution development of preparing report findings,
observations, and recommendations for improvement in performance
Trang 18Internal Audit Framework
Trang 19Internal Auditing Education
The Institute of Internal Auditors Research Foundation (IIARF) is in the process of establishing the Common Body of Knowledge (CBOK) for internal auditors
The IIA has established the Internal Auditing Education Partnership (IAEP) program to promote internal auditing in colleges and universities
in educating the next generation of auditors
Trang 20• The internal audit function of corporate governance provides objective and independent assurance and consulting services designed to add value and improve the company’s sustainable performance in the areas of operations, risk management, internal controls, financial reporting, and government processes.
• Internal auditors are well trained and positioned to provide numerous assurance services to their organization The emerging trend toward more emphasis on MBL of governance, economic, ethical, social, and environmental performance requires organizations to provide assurance on a variety of their performance measures and achievements.
• SOX does not directly address internal auditor responsibilities or internal audit function.
• The internal audit function should have (1) full and free access to the company’s audit committee; (2) unrestricted access to the company’s records, documents, property, and personnel; and (3) authority to discuss initiatives, policies, and procedures regarding risk assessment, internal controls, compliance, financial reporting, and governance processes with management and other corporate governance participants.
Conclusion
Trang 21• A close working relationship between the audit committee and internal auditors can improve the effectiveness of corporate governance.
• Internal auditors, as an integral component of the organization’s governance, should continue to improve their internal audit quality and effectiveness to secure their position in the corporate
governance continuum.
• The IIA has promoted the role of internal auditors in corporate governance
as providing objective and independent assurance and consulting services to their organizations.
• The IIA has established a PPF, which provides a definition of internal audits, its code of ethics, SPPIA, and development and practice aids.
Conclusion