Internal audit function
a function of an entity that performs assurance and consulting activities designed to evaluate and improve the effectiveness of the entity’s governance, risk management and internal control processes
Types of audits that internal auditors perform
Operational audits
Customer experience audits
IT audits
Financial audits
Value for money audits
Fraud investigations
Compliance audits
IT audits
internal auditors may be asked to look specifically at controls over the accounting system or over other computer systems that supply data to the accounting system. eg calabash cove booking site is linked to the accounting system and is important in determining when revenue is recorded
Financial and operational audits
ensuring controls are operating effectively. Eg, inventory counting or cash counts. This would include observation of controls. Financial audits involve the internal audit function reviewing the financial information produced and gathering evidence to substantiate it. Operational audits aka management or efficiency audits and they involve the internal audit function monitoring managements performance to ensure company policy is adhered to
Compliance audits
internal auditors may assist with or review compliance with laws and regulations
Fraud investigations
Fraud can range from theft of assets to fraudulent financial reporting. Internal audit may be asked to investigate specificinstances of suspected fraud or to review and test controls to prevent or detect fraud
Value for money audits
they may be performed by the internal audit function and try to determine whether the optimal combination of goods/ services have been obtained for the lowest of resources. The focus on the three E’s.
The three E’S in VFM audits
Economy - buying the resources needed at the cheapest cost
Effectiveness - doing the right things and meeting the organisation’s objectives
Efficiency - using the resources purchased as widely as possible
Best value audits
Audits which are concerned solely with the economy objective
How can the internal audit function be provided?
internally by employees or outsourced externally
Difference between an external auditor and an internal auditor
Internal auditor assists the board in achieving its corporate objectives
External auditor has statutory duty to give an opinion as to whether the FS present fairly the activities of the business
It is conducted in accordance with ISA’s
An internal auditor’s responsibility for fraud and error
- Directors responsible for prevention and detection
- Internal audit can assist directors with the prevention of fraud and error by assessing the effectiveness of internal control systems
- Existence of IA department may act as a deterrent
- Can contribute to detection by reporting suspicions
- May be called on to investigate suspected fraud
An external auditor’s responsibility for fraud and error
no responsibility for prevention
responsibility to consider the risk of material misstatement in the FS due to fraud and error
provide reasonable assurance that FS are free from material misstatement
responsibility to detect fraud and error which has a material impact on the FS
An external auditor may rely on the work of an internal auditor so as to modify the timing, nature or reduce the extent of audit procedures to be performed directly by the external auditor
True
Objectives of an auditor when relying on the work of an internal auditor
- determine whether the work of the internal audit function or direct assistance from internal auditors can be used, in what areas and to what extent
- determine whether the work is appropriate for the audit
- if using internal auditors to provide direct assistance, to appropriately direct, supervise and review their work.
What should the board consider when considering the need for an internal audit function?
- Cost of setting up an internal audit department versus the predicted benefit
- Whether it is more cost effective or desirable to outsource
- Management’s need for assessing risk and internal control
- Complexity and scale of an organisation’s activities and the systems supporting those activities
- pressure from external stakeholders to establish an internal audit dept
Why get an external audit if i already have an internal audit department?
external audit is a statutory obligation in many jurisdictions
because it is independent and external auditors are regulated, it enhances the credibility of the underlying subject matter
internal audit presents to management, external audit presents to owners
Customer experience audits
internal auditors may be asked to assess the level of customer service. this could be done by phoning in or visiting stores, or reviewing and analysing the results of customer surveys
Where the internal audit function is outsourced to the company’s external auditor, there may be a self review threat to the auditor’s independence
True
IAS 38
Intangible assets
IAS 2
Inventory
IAS 16
PPE
Why is it the responsibility of the board to create an internal audit function?
As per the UK Corporate Governance code, the board is required to establish procedures to manage risk, oversee the internal control framework, and determine the nature and extent of the principal risks the company is willing to take in order to achieve its long term strategic objectives
Who has overall responsibility for the analysis of risk and implementation of internal controls?
the board
