TUTORIAL 2

TEST NOVEMBER 2020

Answer:

QUESTION 1

i. Explain the independence requirement for the internal auditor.

- The freedom from conditions that threaten objectivity or the appearance of objectivity.
Such threats to objectivity must be managed at the individual auditor, engagement,
functional, and organizational levels. For the internal audit function to be independent,
the CAE must report to a level within the organization that has sufficient authority to
ensure broad engagement coverage, due consideration of engagement outcomes, and
appropriate responses objectivity to those outcomes. While the CAE often reports
administratively to the organization’s CEO, The IIA recommends that the CAE report
functionally to the organization’s board of directors.

ii. Explain the following in respect of internal audit function:

a. Consulting activity
- Internal consulting services or activity is to provide advice and other assistance,
generally at the specific request of engagement customers. The customer and the
internal audit function mutually agree on the nature and scope of consulting
engagements, which generally involve only two parties: the customer seeking and
receiving the advice, and the internal auditor offering and providing the advice.
b. Add value
- The internal audit can add value to the organization when it provides objectives and
relevant assurance and contributes to the effectiveness and efficiency of governance,
risk management, and control processes
c. Systematic and disciplined approach
- The internal audit uses a systematic and disciplined approach to evaluate and improve
the effectiveness of governance, risk management and control processes. Also requires
that internal auditors identify, analyze, evaluate and document information to support the
results of engagement and the internal auditors’ conclusions.

iii. Differentiate the internal auditor’s and external auditor’s responsibilities in terms of
their roles in detecting fraud in the organization.
- The external auditor is responsible for obtaining reasonable assurance that the financial
statements, taken as a whole, are free from material misstatement, whether caused by
fraud or error. Therefore, the external auditor has some responsibility for considering the
risk of material misstatement due to fraud. If the auditor identifies a fraud they should
communicate the matter on a timely basis to the appropriate level of management. If the
suspected fraud involves management the auditor shall communicate such matters to
those charged with governance. If the auditor has doubts about the integrity of those
 charged with governance they should seek legal advice regarding an appropriate course
of action.
- The internal auditor is responsible to support management's efforts to establish a culture
that embraces ethics, honesty, and integrity. They assist management with the
evaluation of internal controls used to detect or mitigate fraud, evaluate the
organization's assessment of fraud risk, and are involved in any fraud investigations. As
a part of their assurance activities, internal auditors watch for potential fraud risks,
assess the adequacy of related controls, and make recommendations for improvement.
This is because the internal auditors are exposed to key processes throughout the
organization and have open lines of communication with the executive board and staff,
they are able to play an important role in fraud detection.

iv. Elaborate three (3) benefits of establishing internal audit functions in the organization.
- Helping maintain organisational focus on achieving objectives - internal auditor function
will ensure its work is risk-based and aligned to its organisation’s strategic objectives.
- Minimise the risk of fraud - internal auditors have to make sure controls designed to
control fraud and risk are in place and operating effectively.
- Efficiency - internal audits spot redundancies in the organization practice and procedure
and governance process and come with recommendations.

QUESTION 2

i. Briefly explain the roles that should be played by the four (4) governance players in
Armada Bhd in upholding the company’s good corporate governance.
- External audit - the external auditors will promote corporate governance by making sure
the subject company's reports are accurate, true and an appropriately fair reflection of
the company's status. In the process, if anything is discovered that looks fraudulent, then
it is directed to management
- Internal audit - the internal auditor can ensure the internal audit charter, role and
activities are clearly understood and responsive to the needs of the board of directors.
- Board - the board of directors must ensure that the internal audit function is adequately
resourced and enjoys appropriate standing within the organisation.
- Management - Management develops and implements corporate strategy and operates
the company's business under the board's oversight, with the goal of producing
sustainable long-term value creation.

ii. Describe three (3) importance for the Chief Audit Executive(internal audit) to report
functionally to the audit committee.
- When the internal audit function reports to the audit committee, it allows the internal
auditors to remain structurally separate from management and enhances objectivity.
- Members of the audit committee should engage with the CAE regularly to maintain a
reporting relationship that is both substantive and communicative.
- The audit committee should understand and approve the annual internal audit plan and
determine if the CAE has a sufficient budget and resources to execute against it.
iii. Explain three (3) governance reforms as advocated by the Malaysian Code of
Corporate Governance.
- Fair treatment of all shareholders, particularly minority shareholders - All shareholders
should have the opportunity to obtain effective redress for violation of their rights.
- Accountability and independence of Board of Directors - Oversight the corporate
governance conducts of the Board and institute accountable attitudes towards their
performance and the performance of the Companies. For example, performance is
assessed objectively and appraised in accordance to benchmark.
- Promoting training and education to all levels - Minority shareholders must be educated
and well-informed on their rights for them to be heard and exert influence.

QUESTION 3
A.

i. Compare the ERM to previously conventional ways of managing risk in an organization.

- Enterprise risk management (ERM) has a broader scope, taking into consideration
financial risks, operational risks and strategic risks while the previously conventional
ways had a focus on pure risks only, things that could be insured.
- ERM is a risk-taking mindset while traditional risk management is a risk-averse mindset.

ii. Discuss two (2) roles that internal auditor could play in supporting an organization’s
risk management process.
- Evaluate the efficacy of risk management procedures that are currently in place and
provide recommendations.
- Providing assurance that the risk management and internal control framework is
operating effectively.

iii. Explain two (2) roles that internal auditor should not undertake in respect of risk
management.
- Management assurance on risk that is being the sole source management’s assurance
that risk are effectively managed, this would be considered performing a management
function
- The internal auditor should impose a risk management process because it empowers a
business with the necessary tools so that it can adequately identify and deal with
potential risk.
B.

i. Explain the relationship between ‘risk’ and ‘control’ by referring to the COSO
Framework.
According to the COSO, the risk is the possibility that events will occur and affect the
achievement of a strategy and objectives. While, the control is defined as a process, affected by
an entity’s board of directors, management, and other personnel, designed to provide a
reasonable assurance regarding the achievement of the objectives relating to operations,
reporting and compliance.
 The relationship between risk and control can be defined as a risk is an effect of
uncertainty on an objective with the effect having a positive or negative deviation from what is
expected. A control is a set of measures or actions taken to manage risk and increase the
likelihood that established objectives will be achieved.

ii. Discuss three (3) roles that internal auditor could undertake in strengthening control of
an organization.
- Internal auditor can provide an objective evaluation of the existing risk and internal
control framework.
- Internal auditors can provide feedback on adherence to the organization’s values and
code of conduct / code of ethics.
- Internal auditor can help keep the board of directors informed on any matters related to
the company’s interest.