1 / 35

Internal Auditors’ Roles and Responsibilities

Internal Auditors’ Roles and Responsibilities . Chapter VIII. Chapter Objectives: . • Understand the importance and value-added nature of the internal audit function. • Review the qualities of an effective internal audit department.

crescent
Download Presentation

Internal Auditors’ Roles and Responsibilities

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internal Auditors’ Roles and Responsibilities Chapter VIII

  2. Chapter Objectives: • Understand the importance and value-added nature of the internal audit function. • Review the qualities of an effective internal audit department. • Discuss the role of internal auditors as assurance providers and consultants. • Review the trends of the internal auditing profession. • Discuss the relationship of internal audits and the audit committee. • Analyze the determinants of an effective internal audit. • Discuss the professional practices framework (PPF) adopted by The Institute of Internal Auditors (IIA). • Promote the best practices and internal audit framework.

  3. Key Terms Chief audit executive (CAE) Committee of Sponsoring Organizations of the Treadway Commission (COSO) Foreign Corrupt Practices Act (FCPA) of 1977 Institute of Internal Auditors (IIA) Standards for the Professional Practice of Internal Auditing (SPPIA) Video ( VIDEO)

  4. Changing Definitions of Internal Auditing • Internal auditors have made an impressive progress during the past several decades. To gain an appreciation of this progress, let’s compare definitions of internal auditing as provided by the IIA initially in 1947, and subsequently in 1981 and 1999.

  5. Changing Definitions of Internal Auditing (cont.)

  6. Important Improvements in the Definition of Internal Auditing • The term “service” implies that internal auditing is a staff rather than a line activity within the organization. • There is a shift from “serving management” to “serving the organization” to finally “an integral component of corporate governance as a separate value-added function”. • The focus of internal auditing has shifted away from appraisal and compliance activity toward objective assurance and consulting activities. • The role of internal auditors has changed from providing management with input and objective feedback to directly participating in decision-making. • These definitions view internal auditing as an “activity,” which implies it can be performed either within the organization or outsourced to external auditors.

  7. Reasons for Change I suggest the IIA revise the latest definition and now view internal auditing as a function for several reasons: • The Sarbanes-Oxley Act prohibited outside auditors to perform internal auditing services simultaneously with audit service. • Listing standards (e.g., NYSE) require listed companies to establish in-house internal audit function. • Corporate governance reforms of other countries (e.g., Singapore) require companies to establish an independent audit function. • As a service activity, internal auditors would have limited authority, resources, independence, and would be viewed as assistants to management (eyes and ears of management). • As a separate internal audit function, internal auditors would have more authority, resources, and be viewed as the eyes and ears of the audit committee. • The PCAOB, in its Auditing Standards No. 2, indirectly encourages a separate internal audit function to assist outside auditors with Section 404 compliance.

  8. Internal Auditors as Assurance Providers Assurance reports on these measures are currently voluntary, except for the audit report on economic measures (four basis financial statements), but internal auditors are well-trained and positioned to provide numerous assurance services. Internal auditors, in addition to these voluntary assurance services, can assist external auditors in their integrated audit of internal controls and financial statements (PCAOB Auditing Standard (AS) No. 2, superseded by AS No. 5). Internal auditors may assist management in complying with Section 302 and 404 requirements of SOX by reviewing management’s certifications on internal controls and financial statements or providing some type of assurance on the accuracy of those certifications.

  9. Internal Auditors as Consultants Internal auditors can provide a variety of consulting services to the company’s board of directors, the audit committee, management, and other personnel at all levels. Consulting services to the board of directors and audit committee Consulting services to management Internal auditor training services

  10. Trend and Relevance of Internal Auditors The Foreign Corrupt Practices Act (FCPA) 1977 COSO Report of the National Commission on Fraudulent Financial Reporting (1987) The IIA redefined internal auditing in 1999 SOX Sections 302 and 404(Keep in mind that SOX does not directly address internal auditor responsibilities or internal audit function.) The PCAOB in its AS No. 2

  11. Authorities and Responsibilities of Internal Auditors The internal audit function should have (1) full and free access to the company’s audit committee; (2) unrestricted access to the company’s records, documents, property, and personnel; and (3) authority to discuss initiatives, policies, and procedures regarding risk assessment, internal controls, compliance, financial reporting, and governance processes with management and other corporate governance participants.

  12. Internal Auditing Function and Corporate Governance Comparison of Internal Audit (Pre- and Postcorporate Governance Reforms)

  13. Internal Audit Department at WorldCom • Director reported to the company’s CFO rather than to the audit committee. • No executive sessions between audit committee and internal auditors • Internal audit’s budgets, staffing, compensation, and bonuses were controlled by Ebbers. • Internal audit department failed to review and monitor ICFR. • Focused primarily on operation and efficiency audits of cost savings and finding additional revenues to gain management acceptance.

  14. Video http://video.google.com/videosearch?hl=en&source=hp&q=worldcom%20video&um=1&ie=UTF-8&sa=N&tab=wv#

  15. To achieve the effectiveness of internal and oversight function, the audit committee should: • Hire, compensate, evaluate performance, and fire the company’s chief audit executive (CAE, the director of the internal audit department) and oversee the appointment, performance, and termination of other key internal audit personnel. • Review and approve the company’s internal audit charter including its role, responsibilities, resources, independence, and competence to ensure the charter is in compliance with the guidance and standards of the Institute of Internal Auditors (IIA). • Review and approve the budget and staffing for the company’s internal audit department. • Oversee the cooperation and coordination of audit work between the internal auditor and the independent auditor, particularly in the area of internal control and risk assessment as suggested in the PCAOB Auditing Standard Nos. 2and 5. • Review the annual evaluation of the company’s internal audit function including its reports, assessment, promotion, and rewards.

  16. The audit committee can contribute to the success of internal auditors and the achievement of their value-added activities by ensuring that they have: 1. Sufficient independence from management by reporting to and being held accountable to the audit committee 2. Adequate resources, competence, and focus to assess the company’s operational efficiency, internal control effectiveness, ERM, and reliability of financial reports 3. Proper knowledge of the company’s corporate governance, internal control, financial reporting, and audit activities 4. The mechanisms and confidence to bring forward controversial financial reporting issues 5. A process for communicating directly with the company’s audit committee on a regular and timely basis 6. Access to the audit committee to discuss concerns related to management activities, financial reporting risk, and fraudulent financial reporting 7. Audit committee approval of the budget and staffing of the internal audit function Audit Committee Relationship with Internal Audit

  17. Internal auditors’ close working relationship with the audit committee enables them to: • Gain a better recognition and greater cooperation from management; • Safeguard their independence; and • Receive adequate authority and resources to fulfill their assigned responsibilities. This relationship assists the audit committee to assess: • The company’s enterprise risk management pertaining to internal controls, financial reporting, and operations; • Cooperation and coordination of audit activities between internal auditors and external auditors; and • Unusual and risky transactions and events.

  18. PWC Survey Findings Source: http://www.pwc.com/outsourcing/

  19. The decision of whether to establish and maintain an internal audit function or outsource the function should be made by the company’s board of directors and its representatives. The SEC rule permits internal audit outsourcing to the client’s independent auditor in the following areas: 1. Operational internal audits that are not related to internal accounting controls, financial systems, or financial statements 2. Nonrecurring assessment of discrete items or other programs unrelated to outsourcing of the internal audit function Internal Audit Outsourcing

  20. Internal Auditor’s Role in Internal Control Section 404 Compliance

  21. Institute of Internal Auditors IIA’s Attribute Standard

  22. Institute of Internal Auditors IIA’s Performance Standards

  23. Internal Audit Performance Four-phase plan suggested by PCW: Phase 1: Project planning consisting of establishing specific internal audit objectives in line with stakeholder expectations Phase 2: Value-driver identification, including gathering information about value drivers of internal audit Phase 3: Current state assessment consisting of reviews and analysis of internal audit core processes, benchmarks, and best practices Phase 4: Solution development of preparing report findings, observations, and recommendations for improvement in performance

  24. Institute of Internal Auditors Code of Ethics

  25. Institute of Internal Auditors

  26. Determinants of the Effective Internal Auditor Internal Auditors are striving to fulfill their responsibilities by using the best practices. PricewaterhouseCoopers suggests that internal auditors’ best practices should include the following: Build an adequate internal audit staff to support the needs of business. Structure the internal audit function on a fluid and flexible framework. Design an enterprise wide risk-based audit program. Broaden audit scope to address third-party and vendor risk. Combat fraud by advocating ethical conduct throughout the organization. Manage information systems risk proactively.

  27. Internal Audit Framework

  28. Internal Auditing Education The Institute of Internal Auditors Research Foundation (IIARF) is in the process of establishing the Common Body of Knowledge (CBOK) for internal auditors. The IIA has established the Internal Auditing Education Partnership (IAEP) program to promote internal auditing in colleges and universities in educating the next generation of auditors.

  29. Form an opinion (IIA April 2009) • Relevance • Planning • Evidence gathering • Reporting

  30. Relevance • A good guidance for internal auditors, board of directors, executive and operating management, regulatory bodies and other assurance provider whoever has an obligation to form, review, or assess the opinion on an organization’s governance, risk management and internal control systems. • Internal Audit opinions are very important, because they are aimed to address stakeholders’ concerns (if there are any). Those opinions are likely to be disclosed to the public making those opinions a crucial channel of the communication. • Applicable criteria used in expressing an opinion would be a good example of the opinion expression which has to be communicated to the stakeholders.

  31. Planning • There are certain factors that need to be considered when planning for the opinion: • -Assess whether it will be a macro-level opinion (based on the results of the multiple audit projects) or micro-level opinion (single or series of short-term audit projects). • - If the opinion is positive, then more evidence and a broader scope of work is required. • - Figure out what kind of evidence will be needed to prove that the opinion is correct. • - Agreement on the criteria that will be used in forming the opinion is very important. • - Time issue and the scope of the coverage should be carefully considered. • - Ensure that the proper support from management on the internal audit plan is received.

  32. Evidence Gathering • When expressing macro level opinions it is crucial to: • - specify the purpose for which opinion will be used • - denote whether opinion will be used • - determine how risk averse particular organization is • - identify the criteria for satisfactory performance • Limited macro opinion is possible if auditors were unable to collect sufficient evidence; however, the potential of limited opinion should be recognized in advance during the planning process. All the appropriate methodologies should be established in advance. • When expressing micro level opinions, the following things are crucial: • -audit-organizations have to establish clear criteria framework against which to draw conclusions • Using a grading –scale on any level requires a well-defined evaluation structure and the consistency of the grading scales over the course of years the audit was conducted

  33. Reporting • The chief assurance executive is the best individual who can provide assurance on a macro-level. • -Positive assurance implies a lot of responsibility and should be used with caution and consideration. • -Grading or color coding is used in an appropriate way. • -Grades used in expressing opinion should be agreed upon. • -Ideally, prior recommendations should also be included. • - The opinion may be qualified, which means that it is overall satisfying, but there are some red flags to watch for. • When the results are ready for the evaluation the following elements should be considered: • -Materiality (residual risk that the business objective will not be achieved should be assessed) • - Impact (It is very important to understand what kind of impact on the business the internal auditors’ opinion will have. The scope of the issues is also important.) Internal auditors should comply with the local laws and regulations.

  34. Conclusion The internal audit function of corporate governance provides objective and independent assurance and consulting services designed to add value and improve the company’s sustainable performance in the areas of operations, risk management, internal controls, financial reporting, and government processes. Internal auditors are well trained and positioned to provide numerous assurance services to their organization. The emerging trend toward more emphasis on MBL of governance, economic, ethical, social, and environmental performance requires organizations to provide assurance on a variety of their performance measures and achievements. SOX does not directly address internal auditor responsibilities or internal audit function. The internal audit function should have (1) full and free access to the company’s audit committee; (2) unrestricted access to the company’s records, documents, property, and personnel; and (3) authority to discuss initiatives, policies, and procedures regarding risk assessment, internal controls, compliance, financial reporting, and governance processes with management and other corporate governance participants.

  35. Conclusion A close working relationship between the audit committee and internal auditors can improve the effectiveness of corporate governance. Internal auditors, as an integral component of the organization’s governance, should continue to improve their internal audit quality and effectiveness to secure their position in the corporate governance continuum. The IIA has promoted the role of internal auditors in corporate governance as providing objective and independent assurance and consulting services to their organizations. The IIA has established a PPF, which provides a definition of internal audits, its code of ethics, SPPIA, and development and practice aids.

More Related