Topic 7 PDF

7
INTRODUCTION TO
INTERNAL AUDITING
Learning Outcomes
After studying this chapter, you should be able to:

 Describe the International Professional Practices
Framework
 Describe the development of internal audit
 Explain the changing roles and values brought about
by internal audit
 Explain the similarities and differences between
internal and external auditors
 Describe operational and compliance audit
FUNDAMENTALS OF AUDITING All Rights Reserved

© Oxford Fajar Sdn. Bhd. (008974-T), 2017 1– 3
Introduction
 Internal auditing is defined by The Institute of

Internal Auditors North America (IIA) as follows:
Internal auditing is an independent, objective
assurance and consulting activity designed to add
value and improve an organization’s operations. It
helps an organization accomplish its objectives by
bringing a systematic, disciplined approach to
evaluate and improve the effectiveness of risk
management, control, and governance process.

Introduction (cont.)
 Is an appraisal activity established within an entity

as a service to the entity
 It is expected to improve the effectiveness of
management in managing risk, and controlling and
monitoring the process of governance
 It helps to fulfill three main functions, which are:
– effectiveness
– efficiency and
– economy

International Professional
Practices Framework
 International Professional Practices Framework

(IPPF) is the conceptual framework that organizes
authoritative guidance promulgated by the IIA.
 The IPPF is divided into three main components:
the mission of internal audit, mandatory guidance
and recommended guidance

Practices Framework (cont.)
(a)Mission of Internal Audit
(b)Mandatory Guidance:
i. Core Principles for the
Professional Practice of
Internal Auditing
ii. Definition of Internal
Auditing
iii. Code of Ethics
iv. International Standards for
the Processional Practice
of Internal Auditing
(c) Recommended Guidance:
i. Implementation Guidance
ii. Supplemental Guidance
Mission Enhance and protect organizational value by providing
risk-based and objective assurance, advice, and
insight.
Mandatory Comprise of 10 core principles as follows:
Guidance 1. Demonstrates integrity
2. Demonstrates competence and due professional care
3. Is objective and free from undue influence( independent)
4. Aligns with the strategies, objectives and risks of the
organization
5. Is appropriately positioned and adequately resourced
6. Demonstrates quality and continuous improvement
7. Communicates effectively
8. Provides risk-based assurance
9. Is insightful, proactive, and future-focused
10.Promotes organizational improvement
 Recommended guidance is endorsed by the IIA

through a formal approval process.
 It describes practices for effective implementation of
the IIA's core principles, definition of internal auditing,
code of ethics, and standards which comprise:
• The implementation guidance, which assists internal
auditors in applying the standards and the
• supplemental guidance (practice guides), which
provides detailed processes and procedures for
internal audit practitioners

Code of Ethics
 Aims to provide a statement of principles and

expectations governing the behaviour of individuals
and organizations in the conduct of internal auditing
and it describes the minimum requirements for
conduct and behavioural expectations rather than
specific activities.
 The four principles of the Code of Ethics are (a)
integrity; (b) objectivity; (c) confidentiality and (d)
competency

Code of Ethics (cont.)
Integrity
The IIA's
Competency Code Objectivity
Ethics
Confident
iality

© Oxford Fajar Sdn. Bhd. (008974-T), 2017
111– 11
Code of Ethics (cont.)
• The internal auditor should have knowledge of the

requirements for the Code of Ethics and perform
Integrity all activities according to the Code. Integrity
includes honesty, diligence and responsibility,
• The internal auditor should not perform audits

Objectivity where the assessment would be biased or
professional judgment may be impaired.
• Information obtained while performing an audit

Confidentially must be protected and used only as
appropriate in the engagement.
• The necessary knowledge, skills, and

Competency experience are important requirements for
providing internal auditing services.All Rights Reserved
FUNDAMENTALS OF AUDITING
121– 12
International Standards for the
Professional Practice of
Internal Auditing (ISPPIA)
Three Categories of Standards:

 Attribute Standards
 Performance Standards
 Implementation Standards

131– 13
Attribute Standards
Addresses the characteristics of organizations and

parties performing internal audit activities.
- Applies to all internal audit services and internal auditors
individually
- Example Standard 1000 – Purpose, Authority, and
Responsibility
“The purpose, authority and responsibility of the IA
activity must be formally defined in an IA charter,
consistent with the Definition of IA, the Code of Ethics,
and the Standards. The CAE must periodically review
the IA charter and present it to senior management
and the board for approval.”
141– 14
Performance Standards
Describes the nature of internal audit activities

and provides criteria against which the
performance of these services can be evaluated.
– Applies to all audit services and internal auditors
– Example Standard 2000 – Managing the IA
Activity
“The CAE must effectively manage the IA
activity to ensure it adds value to the
organization”

151– 15
Implementation Standards
Expounds the attributes and performance

standards and how they apply to specific types of
assurance or consulting engagements.
- Engagement refers to a specific internal audit
assignment, task or review activity, such as
internal audit, control self-assessment review,
fraud examination, or consultancy.
- An engagement may include multiple
tasks/activities designed to accomplish a
specific set of related objectives.

161– 16
Assurance Engagement
 Assurance engagement, another name for auditing,

is an objective examination of evidence to provide
an independent assessment on risk management,
control, or governance processes for the
organization.
 Examples of the types of engagements that would
be considered assurance engagements include
financial, performance, compliance, system
security, and due diligence audits.

Assurance Engagement (cont.)



Evolution of Internal Audit

Institute of Internal Audit
Malaysia (IIAM)
 IIAM is a non-profit professional organization

established in 1977 as a chapter of the IIA in the US.
 In 1988, the IIA Malaysia became a National
Institute.
 The code of conduct and practices of the internal
audit profession in Malaysia is fully governed by the
IPPF

Objectives, Scope And
Responsibilities Of Internal
Auditors
 The function of the internal auditor is to provide an
independent, objective assurance and consulting
activity designed to add value and improve an
organization’s operations
 The internal auditor’s work scope can be
summarized as below:
(a) Ensuring an adequate internal control, reliable
accounting data and records, and
(b) Preventing and detecting errors and frauds.

Auditors (cont.)
 The Malaysian Code of Corporate Governance,
2007 has mandated all public listed companies to
have an internal audit function.

Auditors (cont.)

Auditors (cont.)

Auditors (cont.)
 The changing value of internal audit to an
organization can be seen in figure 20.6.

Internal and External Audit

Internal and External Audit
(cont.)

Internal and External Audit (cont.)
Preliminary assessment of the internal audit function:

Organizational Status The internal auditor who reports to the audit
committee is seen to be more independent than
those reporting to the head of department
Scope of Function the nature and extent of internal auditing

assignments performed and whether
management acts on it
Technical Competence `whether internal auditing is performed by

persons having adequate technical training and
proficiency
Due Professional Care whether internal auditing is properly planned,
supervised, reviewed and documented.

Internal and External Audit (cont.)

Operational Audit and
Compliance Audit
 Operational audit is a type of audit which refers to the
assessment of an operation of a branch, a department
or organization. Types include:
(a) Functional Audits –audit based on functions
(b) Organisational Audits- audit of the entire organisation
or department
(c) Special Assignments- audit based on request by
management
 Primary objective is to assess the quality of operations
and whether it is in line with the company’s prescribed
polices/plans and to identify areas for improvement.
Compliance Audit (cont.)
Phases in operational audit

 Planning- agreed by all parties especially with
respect to criterias agreed upon
 Evidence accumulation and evaluation
 Reporting and follow up

Compliance Audit
 Compliance audit focuses on the procedures used
by a branch or department
 Compliance audit also refers to a contract or an
agreement, in which the parties concerned must
comply with all the terms of the agreement.
 Compliance audits attest to the fairness of the
information versus given standards, example
financial statements with generally accepted
accounting principles.

 In compliance auditing the responsibility of the

auditor is to identify the elements of the audit,
assess whether a subject matter is compliant with
the established criteria and issue a compliance
audit report.


Topic 7 PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Topic 7 PDF

Uploaded by

Copyright:

Available Formats

7

After studying this chapter, you should be able to:

FUNDAMENTALS OF AUDITING All Rights Reserved

 Internal auditing is defined by The Institute of

FUNDAMENTALS OF AUDITING All Rights Reserved

 Is an appraisal activity established within an entity

FUNDAMENTALS OF AUDITING All Rights Reserved

 International Professional Practices Framework

FUNDAMENTALS OF AUDITING All Rights Reserved

 Recommended guidance is endorsed by the IIA

FUNDAMENTALS OF AUDITING All Rights Reserved

 Aims to provide a statement of principles and

FUNDAMENTALS OF AUDITING All Rights Reserved

FUNDAMENTALS OF AUDITING All Rights Reserved

• The internal auditor should have knowledge of the

• The internal auditor should not perform audits

• Information obtained while performing an audit

• The necessary knowledge, skills, and

Three Categories of Standards:

FUNDAMENTALS OF AUDITING All Rights Reserved

Addresses the characteristics of organizations and

Describes the nature of internal audit activities

FUNDAMENTALS OF AUDITING All Rights Reserved

Expounds the attributes and performance

FUNDAMENTALS OF AUDITING All Rights Reserved

 Assurance engagement, another name for auditing,

FUNDAMENTALS OF AUDITING All Rights Reserved

FUNDAMENTALS OF AUDITING All Rights Reserved

FUNDAMENTALS OF AUDITING All Rights Reserved

FUNDAMENTALS OF AUDITING All Rights Reserved

FUNDAMENTALS OF AUDITING All Rights Reserved

 IIAM is a non-profit professional organization

FUNDAMENTALS OF AUDITING All Rights Reserved

FUNDAMENTALS OF AUDITING All Rights Reserved

FUNDAMENTALS OF AUDITING All Rights Reserved

FUNDAMENTALS OF AUDITING All Rights Reserved

FUNDAMENTALS OF AUDITING All Rights Reserved

FUNDAMENTALS OF AUDITING All Rights Reserved

FUNDAMENTALS OF AUDITING All Rights Reserved

FUNDAMENTALS OF AUDITING All Rights Reserved

Preliminary assessment of the internal audit function:

Scope of Function the nature and extent of internal auditing

Technical Competence `whether internal auditing is performed by

FUNDAMENTALS OF AUDITING All Rights Reserved

FUNDAMENTALS OF AUDITING All Rights Reserved

Phases in operational audit

FUNDAMENTALS OF AUDITING All Rights Reserved

FUNDAMENTALS OF AUDITING All Rights Reserved

 In compliance auditing the responsibility of the

FUNDAMENTALS OF AUDITING All Rights Reserved

You might also like