Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 14 Internal auditing

Published byBlaze Ramsey Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 14 Internal auditing"— Presentation transcript:

1 Chapter 14 Internal auditing
Internal audit has recently been in a state of transition, with a general move away from a traditional view of service to management (primarily on the basis of controls review) to a view of adding value to the client. This shift has given internal audit much more of a business risk assessment focus (which we call the new internal audit), consistent with the move that we have seen with external audit. We first examine traditional views of internal auditing, and then look at how internal auditing has evolved, and what is involved in the new internal auditing. Copyright © 2012 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia 5e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett

2 Learning objectives 14.1 Understand the evolving nature of internal auditing. 14.2 Appreciate the professional standards developed for internal auditing. 14.3 Understand what internal auditors do in practice. 14.4 Gain an appreciation of the issues that may face the internal audit profession in the future. 14.5 Appreciate the approaches to assessing risk management, control and governance processes. Copyright © 2012 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia 5e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett

3 Learning objective 14.1 The evolving nature of internal auditing (IA)
The traditional view of internal auditing is that it is an independent appraisal function evaluating the adequacy and effectiveness of other controls within an organisation (controls orientation). (Refer AUASB Glossary). This view is evolving in many organisations so that internal audit is now seen as a service that promotes understanding and provides confidence to an organisation about risk exposures and control strategies (risk orientation). The traditional view of internal auditing is that it is an independent appraisal function, established within an entity as a service to the organisation. This view, however, is evolving. This section helps students contrast the traditional view of internal auditing with the more current or ‘new’ view as defined by the Institute of Internal Auditors (IIA). The ‘new’ definition of internal auditing is provided on slide Terms to emphasise in this new definition are assurance and consulting, and adding value. Students can also be guided through a brief history of the IIA, while gaining some insights into its current roles. They can also be stepped through what needs to be done to gain the CIA qualification. Copyright © 2012 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia 5e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett

4 IIA definition of internal auditing
Definition of internal auditing on the Institute of Internal Auditors (IIA) website ‘Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.’ Copyright © 2012 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia 5e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett

5 Institute of Internal Auditors (IIA)
Professional organisation, representing more than members in more than 165 countries. Aim is to represent, promote and develop professional practice of internal auditing. First established in Australia in 1952. Copyright © 2012 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia 5e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett

6 Certified Internal Auditor (CIA)
The IIA professional recognition is its Certified Internal Auditor (CIA) qualification. To be able to sit the CIA exam, a candidate must: be a member of IIA hold a bachelor’s degree or equivalent exhibit high moral and professional character complete 24 months of internal audit experience keep the contents of the exam confidential. The CIA examination covers: internal audit’s role in governance, risk and control conducting the internal audit engagement business analysis and information technology, and business management skills. Copyright © 2012 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia 5e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett

7 Learning objective 14.2 Current standards for internal auditor (issued by IIA)
The IIA is the global standard setter for internal auditing. The International Professional Practices Framework (IPPF) is issued by IIA. Purposes: delineate basic principles provide a framework for performing and promoting IA activities establish the basis for the measurement of IA performance foster improved organisational processes and operations. The first slide provided for this section outlines the purposes of the IIA standards, while slide 14.8 outlines the recently developed International Professional Practices Framework (IPPF).  It is advisable for instructors to elaborate using subsequent slides, which distinguish between Attribute Standards and Performance Standards. The four categories of attribute standards are outlined in the textbook. The slides, however, only cover two categories; independence and proficiency and due professional care. Copyright © 2012 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia 5e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett

8 International Professional Practices Framework (IPPF)
Copyright © 2012 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia 5e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett

9 Attribute and performance standards
The International IIA Standards consist of: Attribute standards (the 1000 Series): address characteristics of organisations and individuals performing IA activities. Performance standards (the 2000 Series): describe the nature of IA activities and provide criteria against which performance of these services can be measured. Copyright © 2012 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia 5e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett

10 Current attribute and performance standards of the IIA
Attribute standards Performance standards Purpose, authority, and responsibility Managing the internal audit activity Independence and objectivity Nature of work Proficiency and due professional care Engagement planning Requirements of the quality assurance and improvement program Performing the engagement Communicating results Monitoring process Resolution of senior management’s acceptance of risks Copyright © 2012 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia 5e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett

11 Internal audit charter
Attribute standard 1000 outlines that the purpose, authority and responsibility of the internal audit activity should be formally defined and set out in an internal audit charter. The internal audit charter should: establish IA’s position within the organisation establish access to records, personnel and physical properties relevant to the performance of engagements, and define the scope of internal audit activities. This charter should be approved by the board of directors. Copyright © 2012 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia 5e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett

12 Independence and objectivity (IIA standard 1100)
Essential that IA is, and is seen to be, independent of the area being audited. IA department should report to board of directors or audit committee. Head of IA should have direct access to board of directors. Board should approve appointment or removal of head of IA. Management and Board should be aware of work schedules, staff requirements and budgets of IA department. Copyright © 2012 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia 5e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett

13 Independence and objectivity (cont.)
Organisational independence is aided by: reporting to a level that allows IA to fulfill its responsibilities head of IA having direct access to the board the board concurring with appointment or removal of head of IA management and the board being kept informed. Individual objectivity is aided by: audit staff assignments should be made to prevent possible bias IAs immediately reporting any conflicts of interest staff assignments being periodically rotated IAs not assuming operating responsibilities persons should not audit those activities they previously carried out until a reasonable period of time has elapsed. Copyright © 2012 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia 5e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett

14 Proficiency and due professional care
IIA Standard 1220 outlines that it is the internal audit department’s responsibility to assign staff to each audit who collectively possess the knowledge, skills and other competencies needed to conduct the audit. The audit planning process should include a strategic audit plan and a tactical audit plan. In undertaking their planning, the auditor should consider the audit universe, which is an inventory of audit areas that is compiled and maintained to identify areas for audit during the audit planning process. Copyright © 2012 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia 5e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett

15 Performance standards
Require IAs to plan each audit; collect, analyse, interpret and document information to support results; report results; and take appropriate follow up action. Should also be a periodic report to the board on IA’s purpose, authority, responsibility and performance relative to its plan. Require IA to consider: 2000: Management of the IA department 2100: Evolving nature of IA work 2200: Engagement planning 2300: Performing the engagement 2400: Communicating results : Monitoring progress and management’s acceptance of risks. Copyright © 2012 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia 5e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett

16 Learning objective 14.3 The practice of internal audit
The responses to the 2011 PricewaterhouseCoopers survey of the current scope of IA work being undertaken in the US, showed the most common practices (in order) were traditional IA practices: financial audit operational audit compliance audit IT audit While 92% of Western European CEOs expect to expand their businesses in Asia, the 2011 survey shows that most IA is only marginally involved in assessing risks associated with cross-border acquisitions, and new joint ventures and strategic alliances. This covers the scope of internal audit work as determined by a survey undertaken in 2009, showing that most current practices are traditional functions. Copyright © 2012 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia 5e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett

17 The practice of internal audit (cont.)
Business risk assessment as a part of IA is slowly growing. The Leung, Cooper and Perera (2011) Australian survey found that IA’s spend their time as follows: internal control evaluation (21%) management and operations audit (15%) systems assurance (10%) business strategic risk assessment (9%) and internal consultancy (8%) It was however notable that corporate governance, social and environmental issues did not rank highly as internal audit objectives Copyright © 2012 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia 5e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett

18 Learning objective 15.4 The future of internal audit
Major issues confronting IA include: outsourcing of IA, especially to Big Four (Note that a client cannot outsource IA to their external auditor in the USA under the Sarbanes-Oxley Act) difficulty in changing profile of the IIA, so that members are seen to be more value adding than checking expectations gap between chief executive officers and internal audit managers development of specialised IA groups; e.g. quality and environmental auditors, and whether IIA can adequately cater for these groups. As individuals potentially entering the internal audit profession, students need to be made aware of key issues that are likely to arise. These slides provide a list of major issues, which can be expanded on by the instructor. The section also identifies the driving factors of change. Slides detail risk-related tasks and control-related tasks that are considered important in internal auditing. Finally, the slides look at the future of the internal and external auditor relationships. Copyright © 2012 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia 5e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett

19 Factors driving change
Ability of IA to show that it adds value. Benchmarking of IA departments as a means of assessing quality. Greater emphasis on corporate governance and risk management in current environment and IA’s increasing role in these areas: IA becoming more heavily involved in business strategic risk assessment but corporate governance and social and environmental issues still not ranking highly as IA objectives. Copyright © 2012 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia 5e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett

20 Expected future relationship with external auditors
As both groups of auditors move to the risk analysis approach, greater co-ordination between IA and EA can be expected. Co-ordination aided by recent developments in corporate governance, with audit committee playing key co-ordination role. Copyright © 2012 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia 5e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett

21 Learning objective 14.5 Approaches to assessing risk management, control and governance processes
IA assesses the effectiveness of risk management process by examining whether: an appropriate risk management framework exists; appropriate risk responses are selected by management and the board; and relevant risk information is communicated across the entity. IA focuses on how controls ensure: the effectiveness and efficiency of operations; the reliability and integrity of financial/operational information; the safeguarding of assets; and compliance with laws, regulations, and contracts. IA is a critical part of the corporate governance process. These slides gives an overview of the Australian risk management standard and the COSO Enterprise Risk Management (ERM) framework that are both commonly used in practice. Copyright © 2012 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia 5e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett

22 Approaches to assessing risk management, control and governance processes
IA is expected to use similar approaches to assessing risk management, control and governance processes to those used by EA in evaluating business risk. There are two major frameworks that are used in practice to guide this analysis: in Australia and New Zealand, the framework outlined under the standard AS/NZS ISO Risk Management, and internationally, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Enterprise Risk Management (ERM) framework. Copyright © 2012 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia 5e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett

23 AS/NZS ISO 31000 Risk Management
The emphasis in AS/NZS ISO is on business risk management. The main elements of the risk-management process are as follows: establishing the context identity risk analyse risk evaluate risk treat risks monitor and review record For each stage of the process adequate records should be kept, sufficient to satisfy independent audit. Copyright © 2012 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia 5e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett

24 COSO Enterprise Risk Management (ERM) framework
Another framework for assessing risk and quality control is the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Enterprise Risk Management (ERM) framework. Enterprise risk management (ERM) is a process designed to identify potential events that may affect the entity, to manage risks within the entity’s risk ‘appetite’ and to provide reasonable assurance regarding the achievement of the entity’s objectives. There is a direct relationship between the entity’s objectives and the ERM components, which represent what is required in order to achieve those objectives. Copyright © 2012 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia 5e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett

25 The relationship of objectives and components of COSO ERM framework
Copyright © 2012 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia 5e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett

26 Summary IA is a significant part of the auditing profession.
The IIA has an important role to play in its promotion and development. Performance standards for IA include the auditing standards of the AUASB/IAASB (for CPA, ICAA, IPA) and the International Standards of the IIA. IA has traditionally been an important part of the monitoring mechanism of internal control, but it can also be used to improve managerial performance. Today IA is increasingly being used to evaluate and improve the effectiveness of risk management, control and governance processes. Copyright © 2012 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia 5e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett

Download ppt "Chapter 14 Internal auditing"

Similar presentations

. . . a step-by-step guide to world-class internal auditing

. . . a step-by-step guide to world-class internal auditing
PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.

PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.
Auditing, Assurance and Governance in Local Government

Auditing, Assurance and Governance in Local Government
A Consultative Approach to Auditing

A Consultative Approach to Auditing
Control and Accounting Information Systems

Control and Accounting Information Systems
©2010 Prentice Hall Business Publishing, Auditing 13/e, Arens/Elder/Beasley 2 - 1 The CPA Profession Chapter 2.

©2010 Prentice Hall Business Publishing, Auditing 13/e, Arens/Elder/Beasley The CPA Profession Chapter 2.
Development of internal control: methodology and responsibility

Development of internal control: methodology and responsibility
QUALITY ASSURANCE AND IMPROVEMENT PROGRAM (QAIP)

QUALITY ASSURANCE AND IMPROVEMENT PROGRAM (QAIP)
Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.

Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Institute of Municipal Finance Officers & Related Professions

Institute of Municipal Finance Officers & Related Professions
Operational Auditing--Fall 2010 1 Operational Auditing Fall 2010 Professor Bill O’Brien.

Operational Auditing--Fall Operational Auditing Fall 2010 Professor Bill O’Brien.
IS Audit Function Knowledge

IS Audit Function Knowledge
Operational Auditing--Fall 2009 1 Operational Auditing Fall 2009 Professor Bill O’Brien.

Operational Auditing--Fall Operational Auditing Fall 2009 Professor Bill O’Brien.
1 Pertemuan 9 Department Organization Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.

1 Pertemuan 9 Department Organization Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
Copyright  2003 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett Slides prepared by Roger Simnett.

Copyright  2003 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett Slides prepared by Roger Simnett.
Purpose of the Standards

Purpose of the Standards
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.

Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.

Similar presentations

Ads by Google