What is the role of internal auditors in financial auditing?
Internal Auditing The New York Stock Exchange requires its registrants to have an internal audit function.
Internal Auditing It is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
What about Sarbox? • Does Sarbanes-Oxley add “legitimacy” to the IA function? • Where were the internal auditors at Enron? • WorldCom … Waste Management … etc…
Institute of Internal Auditors Ethical Principles Integrity Objectivity Confidentiality Competency
Integrity • Internal auditors: • 1.1. Shall perform their work with honesty, diligence, and responsibility. • 1.2. Shall observe the law and make disclosures expected by the law and the profession. • 1.3. Shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or to the organization. • 1.4. Shall respect and contribute to the legitimate and ethical objectives of the organization.
Objectivity • Internal auditors: • 2.1. Shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those activities or relationships that may be in conflict with the interests of the organization. • 2.2 Shall not accept anything that may impair or be presumed to impair their professional judgment. • 2.3 Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review.
Confidentiality • Internal auditors: • 3.1 Shall be prudent in the use and protection of information acquired in the course of their duties. • 3.2 Shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization.
Competency • Internal auditors: • 4.1. Shall engage only in those services for which they have the necessary knowledge, skills, and experience. • 4.2 Shall perform internal auditing services in accordance with the InternationalStandards for the Professional Practice of Internal Auditing. • 4.3 Shall continually improve their proficiency and the effectiveness and quality of their services.
Relationship of Internaland External Auditors Differences The external auditor is responsible to financial statement users. The internal auditor is responsible to management.
Relationship of Internaland External Auditors Similarities Competency Objectivity Methodology Audit risk model
Governmental Financial Auditing The primary source of authoritative literature for performance of government audits is Government Auditing Standards, which is issued by the GAO. Because of the color of the cover, it is usually referred to as the “Yellow Book.”
Governmental Financial Auditing The Yellow Book standards are often called generally accepted government auditing standards (GAGAS or GAS).
Financial Audit and Reporting Requirements – Yellow Book • Materiality and significance • Quality control • Compliance auditing • Reporting • Audit files
Audit and Reporting – Single AuditAct and OMB Circular A-133 The threshold for requiring a single audit was raised from $100,000 to $300,000 to exempt many smaller entities from single audit requirements. The OMB increased the single audit threshold to $500,000 beginning in 2004.
Audit and Reporting – Single AuditAct and OMB Circular A-133 The office of Management and Budget issued a revised Circular A-133, Audits of States, Local Governments, and Non-Profit Organizations, to provide administrative guidance for implementing the single audit requirements.
Audit Requirements The audit should be in accordance with generally accepted government auditing standards (GAGAS). The auditor must obtain an understanding of internal control over federal programs sufficient to support a low assessed level of control risk for major programs.
Audit Requirements The auditor should determine whether the client had complied with laws, regulations, and the provisions of contracts or grant agreements that may have a direct and material effect on each of its major programs.
Reporting Requirements • an opinion on whether the financial statements are in accordance with GAAP, and an opinion as to whether the schedule of federal awards is presented fairly in all material respects in relation to the financial statements as a whole
Reporting Requirements • a report on internal control related to the financial statements and major programs • a report on compliance with laws, regulations, and the provisions of contracts or grant agreements • a schedule of findings and questioned costs
Reporting Requirements • reasonable (positive) assurance related to items tested • limited (negative) assurance related to items not tested (usually includes “nonmajor” programs)
Operational Auditing The purpose of operational auditing is to determine the efficiency and effectiveness of any part of an organization.
Differences between Operationaland Financial Auditing Purpose of the audit Distribution of the reports Inclusion of nonfinancial areas
Effectiveness Versus Efficiency Effectiveness refers to the accomplishment of objectives. Efficiency refers to the resources used to accomplish those objectives.
Raw materials are not available when needed. An assembly line was shut down for lack of materials. A duplication of effort by employees exists. Production and accounting keep identical records. Effectiveness Versus Efficiency Types of inefficiency Example Acquisition of goods and services is excessively costly. Bids for purchases of materials are not required.
Effectiveness • Can a process be “effective” if it is inefficient?
Relationship between OperationalAuditing and Internal Controls Reliability of financial reporting Efficiency and effectiveness of operations Compliance with applicable laws and regulations
Types of Operational Audits Functional Organizational Special assignments
Who PerformsOperational Audits Internal auditors Government auditors CPA firms
Independence and Competence of Operational Auditors The two most important qualities for an operational auditor are: Independence Competence
Independence • Is this the same kind of “independence” that financial auditors have? How can an operational auditor be independent?
Specific Criteria for Evaluating Efficiency and Effectiveness Example: Were all plant layoutsapproved by home office engineering at the time of original design? Has home office engineering done a reevaluation study of plant layout in the past five years?
Specific Criteria for Evaluating Efficiency and Effectiveness Is each piece of equipment operating at 60% of capacity or more for at least three months each year? Does layout facilitate the movement of newmaterials to the production floor? Does layout facilitate the production of finished goods?
Specific Criteria for Evaluating Efficiency and Effectiveness Does layout facilitate the movement of finished goods to distribution centers? Does the plant layout effectively use existing equipment? Is the safety of employees endangered by the plant layout?
Sources of Criteria Historical performance Benchmarking Engineers standards Discussion and agreement
Phases in Operational Auditing Planning Evidence accumulation and evaluation Reporting and follow-up
Planning • Scope of engagement • Staffing • Background information • Understand internal control • Decide on appropriate evidence
Evidence Accumulationand Evaluation • Documentation • Client • Observation
Reporting Follow-up • Report usually sent to management • Tailored reports • Follow-up on recommendations • with management
Examples of OperationalAudit Findings (from text) • Outside janitorial firm saves $160,000 • More timely credit memo processing • Use the right tool • Computer programs save manual labor