INTERNAL AUDIT

OUTLINE
• discuss the factors to be taken into account when assessing the need for internal audit
• discuss the elements of best practice in the structure and operations of internal audit
• compare and contrast the role of external and internal audit
• discuss the scope of internal audit and the limitations of the internal audit function
• explain outsourcing and the associated advantages and disadvantages of outsourcing
the internal audit function
• discuss the nature and purpose of internal audit assignments including value for
money, IT, financial, regulatory compliance, fraud investigations and customer
experience
• discuss the nature and purpose of operational internal audit assignments
• describe the format and content of audit review reports and make appropriate
recommendations to management and those charged with governance
 Internal audit
• Internal audit is an independent, objective assurance and consulting activity
designed to add value and improve an organisation’s operations.
• A company must create a strong system of internal control in order to fulfil its
responsibilities.
• All systems need some form of monitoring and feedback. This is the role of
internal audit.
• an internal audit department is not required by law but considered to be best
practice
 Internal audit
An internal audit department can be expensive to set up and run therefore the
need for one will depend on:
• Scale and diversity of activities
• Complexity of operations
• Number of employees
• Cost/benefit considerations
• The desire of senior management to have assurance and advice on risk and
control
• Current control environment – history of fraud or control deficiencies
The difference between internal and external auditors
 The role of Internal audit function
• Assessing whether the company is demonstrating best practice in corporate
governance.
• Evaluating the company's risk identification and management processes.
• Testing the effectiveness of internal controls.
• Assessing the reliability of financial and operating information.
• Assessing the economy, efficiency and effectiveness of operating activities (value
for money).
• Assessing compliance with laws and regulations.
• Providing recommendations on the prevention and detection of fraud.
 The role of Internal audit function
Additional roles
internal audit will carry out ad hoc assignments, as required by management. For
example:
• Fraud investigations
• IT systems reviews – performing a review of the computer environment and
controls.
• Mystery shopper visits
• Contract audits – making sure there is compliance and to protect the organisation
appropriately
• Asset verification
• Providing direct assistance to the external audit
 Qualities of an effective internal audit function
• Sufficiently resourced, both financially and in terms of qualified, experienced
staff.
• Well organised, so that it has well developed work practices.
• Independent and objective to provide an unbiased view of the organisation’s
operations.
• The chief internal auditor should be appointed by the audit committee to
reduce management bias.
• The department should have no operational responsibilities to reduce the
threat of self-review.
• The audit committee should set the plan of work.
• There should be no limitation on the scope of their work i.e. full access to every
part of the organisation.
 Limitations of internal audit
• Internal auditors may be employees of the company they are reporting on and therefore may
not wish to raise issues in case they lose their job.
• In smaller organisations, internal audit may be managed as part of the finance function. They
will therefore have to report on the effectiveness of financial systems of which they form a
part and may be reluctant to say their department (and manager) has deficiencies.
• If the internal audit staff have worked in the organisation for a long time, there may be a
familiarity threat as they will be auditing the work of long standing colleagues and friends.
acceptable levels of independence can be achieved through one, or more, of the following
strategies:
• Reporting channels separate from the management of the main financial reporting function.
• Reviews of internal audit work by managers independent of the function under scrutiny.
• Outsourcing the internal audit function to a professional third party
 internal audit assignments
Internal auditors perform many different types of assignment. Common examples
include:
• Value for money assignments
• Operational audits
• The audit of IT systems
• Financial audit.
 internal audit assignments
Value for money
Value for money (VFM) is concerned with obtaining the best possible combination of
services for the least resources. It is often referred to as a review of the three Es:
• Economy – obtaining the best quality of resources for the minimum cost.
• Efficiency – obtaining the maximum departmental/organisational outputs with the
minimum use of resources.
• Effectiveness – achievement of goals and targets (departmental/organisational etc).
Operational audit
• An operational audit is a systematic review of the efficiency and effectiveness of
operations within the organisation.
• The focus of the audit is on the processes which take place within the organisation to
identify if they can be streamlined and performed more efficiently. The more efficient
a process is, the more profitable the organisation should be.
 internal audit assignments
Audit of the IT systems
In addition to consideration of whether the IT systems provide a reliable basis for the
preparation of financial information, internal audit will also consider whether:
• the company is getting value for money from its IT system.
• the procurement process for the IT system was effective.
• the ongoing management/maintenance of the system is appropriate.
Financial audit
The main aim of internal financial audits is to ensure that the information produced is reliable
and produced in an efficient and timely manner. If not, executive decisions may be based on
unreliable information.
A financial audit may also ensure mechanisms are in place for the early identification of
financial risk, such as:
• Adverse currency fluctuations
• Adverse interest rate fluctuations
• Cost price inflation.
 Reporting
The internal audit report does not have a formal reporting structure and will
generally be for internal use only.
A typical report will include:
• Terms of reference – the requirements of the assignment.
• Executive summary – the key risks and recommendations that are described
more fully in the body of the report.
• Body of the report – a detailed description of the work performed and the
results of that work.
• Appendix – containing any additional information that doesn't belong in the
body of the report but which is relevant to the assignment.
 Assessments by external auditors
Where the external auditors wish to rely on the work of the internal auditors, then
the external auditors must assess the internal audit function.
• Organisational status -Internal audit's specific status in the organisation and the
effect this has on its ability to be objective. External auditors should consider any
constraints or restrictions placed on internal audit.
• Scope of function - The nature and extent of the assignments which internal
audit performs. External auditors should also consider whether management and
the directors act on internal audit recommendations and how this is evidenced.
• Technical competence - Whether internal audit work is performed by persons
having adequate technical training and proficiency as internal auditors. External
auditors may review the policies for hiring and professional qualifications and
also how work is assigned, delegated and reviewed.
• Due professional care - Whether internal audit work is properly planned,
supervised, reviewed and documented.
THANK YOU