Chapter 1: Internal Auditing

Definition and Overview

Jovit G. Cain, CPA

 Specific Learning Outcomes:
 To define internal audit
 To discuss the scope, importance and elements of
internal audit
 To differentiate internal audit from external audit.
 To describe the different activities and functions of
internal auditor in the organization.
 To demonstrate appreciation of the profession in the
business community.
 To discuss the hallmarks of audit professionalism and
how it helps in the development of internal auditing as a
professional discipline.
Internal auditing - Defined
 Internal Auditing – Defined
“Internal auditing is an independent, objective
assurance and consulting activity designed
to add value and improve an organization's
operations. It helps an organization
accomplish its objectives by bringing a
systematic, disciplined approach to evaluate
and improve the effectiveness of risk
management, control, and governance
processes. ” The Institute of Internal Auditors
“Independent”

Internal auditing works under the

principle of objectivity. Activities must be
carried out in an unbiased manner and
free from the influences of management.
“Assurance and Consulting
Activity”

Is an additional consultancy arm of the

company which provides advice and
assistance to management on how to
manage risks, control and governance
issues.
“Designed to add value”

Audit activities are client-based and are

responsive to the needs of the
organization. Benefits are aligned to the
company’s overall goals.
“Improve an organization’s
operations”

The end goal of internal auditing is to

bring continuous improvement to the
organization and offer alternative
solutions for better conduct of business
thus achieve operational success.
“Systematic, disciplined
approach”

It has a clear set of professional

standards and guidance on policies and
procedures in order to deliver quality
service.
“Evaluate and Improve”

What is found during the audit be

presented and evaluated against
company policies and standards.
Evaluation tolls and techniques must be
applied in a professional and impartial
manner to give reliable results.
“Effectiveness”

The principal motive of audit is to ensure

the link between controls and objectives.
Audit works to achieve effectiveness in
its operations systems and strategies.
“Risk management, control
and governance process”

The internal audit activity must evaluate

the effectiveness and contribute to the
improvement of risk management
processes.
Audit Professionalism
Internal Audit, as a professional discipline,
works and is guided by a set of standards to
ensure credibility, reliability and quality of
internal audit practitioners and their work.
Hallmarks of Professionalism
1. Training Programme.
2. Common body of knowledge.
3. Code of Ethics
4. Sanctions
5. Control over Services
6. Qualified Practitioners
7. Morality
8. Technical Difficulty
9. Examinations
10. Journals
11. Professional Body
12. Compliance with rules
13. Service to society
Four-Elements of Internal Audit
Activity

Reliability and
Effectiveness and
Integrity of financial
efficiency of
and operational
operations
information

Compliance with
Safeguarding of
laws, regulations
assets
and contracts
 INTERNAL AUDIT VERSUS
EXTERNAL AUDIT
Factors Internal Audit External Audit
Objective Sound risk management FS are fairly stated
and controls in accord to
applicable financial
framework
Scope Overall systems, VFM, FS and financial
fraud, MIS and systems
compliance
Independence From operations by Auditor, firm,
professionalism and status network firm
Structure CAE, managers, seniors
and assistants
 INTERNAL AUDIT VERSUS
EXTERNAL AUDIT
Factors Internal Audit External Audit
Objective Sound risk management FS are fairly stated
and controls in accord to
applicable financial
framework
Scope Overall systems, VFM, FS and financial
fraud, MIS and systems
compliance
Independence From operations by Auditor, firm,
professionalism and status network firm
Structure CAE, managers, seniors
and assistants
 INTERNAL AUDIT VERSUS
EXTERNAL AUDIT
Factors Internal Audit External Audit
Objective Sound risk management FS are fairly stated
and controls in accord to
applicable financial
framework
Scope Overall systems, VFM, FS and financial
fraud, MIS and systems
compliance
Independence From operations by Auditor, firm,
professionalism and status network firm
Structure CAE, managers, seniors
and assistants
 INTERNAL AUDIT VERSUS
EXTERNAL AUDIT
Factors Internal Audit External Audit
Objective Sound risk management FS are fairly stated
and controls in accord to
applicable financial
framework
Scope Overall systems, VFM, FS and financial
fraud, MIS and systems
compliance
Independence From operations by Auditor, firm,
professionalism and status network firm
Structure CAE, managers, seniors
and assistants
MANAGING an INTERNAL
AUDIT FUNCTION
Chief Audit Executive (CAE)
CAE is responsible for properly managing the
department so that:
1.Audit work fulfills the general purposes and
responsibilities approved by senior
management and accepted by the board,
2.Resources of the internal auditing (IA)
department are efficiently and effectively
employed, and
3.Audit work confirms to the Standards.
Mission and Purpose of the IA
Department
Review organization’s activities to determine
whether it is efficiently and effectively carrying
out its functions of controlling in accordance
with management’s instructions, policies, and
procedures.
Mission and Purpose of the IA
Department (cont.)
Determine the adequacy and effectiveness of
the system of internal controls in all areas of
activity
Mission and Purpose of the IA
Department (cont.)
Review the reliability and integrity of financial
information and the means used to identify,
measure, classify, and report such information.
Mission and Purpose of the IA
Department (cont.)
Review the means of safeguarding assets and,
as appropriate, verify the existence of such
assets.
Mission and Purpose of the IA
Department (cont.)
Appraise the economy and efficiency with
which resources are employed, identify
opportunities to improve operating
performance, and recommend solutions to
problems where appropriate.
Mission and Purpose of the IA
Department (cont.)
Review operations and plans to ascertain
whether results are consistent with established
objectives and goals, and whether the
operations and plans are being carried out as
intended.
Mission and Purpose of the IA
Department (cont.)
Coordinate audit efforts, where appropriate,
with those of the external auditors.
Mission and Purpose of the IA
Department (cont.)
Review the planning, design, development,
implementation, and operation of relevant computer –
based systems to determine whether
a.Adequate controls are incorporated in the systems;

b.Thorough system testing is performed at appropriate

stages;
c.System documentation is complete and accurate; and

d.Needs of the users are met.

Mission and Purpose of the IA
Department (cont.)
Conduct periodic audits of computer centers
and make post installation evaluations of
relevant data processing systems to determine
whether those systems meet their intended
purposes and objectives.
Mission and Purpose of the IA
Department (cont.)
Participate in the planning and performance of
audits of acquisitions. Follow up to ensure the
proper accomplishment of the audit.
Mission and Purpose of the IA
Department (cont.)
Report to those members of management who
should be informed, or who should take
corrective action, the results of audit
examinations, the audit opinions formed, and
the recommendations made.
Mission and Purpose of the IA
Department (cont.)
Evaluate the plans or actions taken to correct
reported conditions for satisfactory disposition
of audit findings. If corrective actions is
considered unsatisfactory, hold further
discussions to achieve acceptable disposition.
Mission and Purpose of the IA
Department (cont.)
Provide adequate follow-up to ensure that
proper corrective action is taken and that it is
effective.
Internal Audit Charter
Internal Audit Charter
 Basic policy statement under which the
internal auditing (IA) department operates.
 Establishes the IA department’s position in
the organization’s hierarchy.
 IA department operates independently of all
other departments in the organization
Internal Audit Charter (cont.)
 Describes the organizational status that the director
of internal auditing should report to the CEO but
have access to the board of directors. A dual
reporting relationship exist here: reporting
administratively to the president or CEO, and
reporting functionally to the audit committee of the
board of directors.
 Describes the purpose, authority, and responsibility
of the IA department.
Authority & Responsibility
Authority
The IA department will have full, free, and
unrestricted access to records, personnel, and
physical properties relevant to the performance
of an audit. Internal auditors have neither
authority over nor responsibility for the
activities they audit. Audit director should have
direct access to the audit committee since it
tends to enhance IA’s independence and
objectivity.
Responsibility
The IA department accomplishes its purpose of
assisting management by reviewing,
examining, and evaluating activities, furnishing
analyses and appraisals, and reporting findings
and recommendations. This audit responsibility
cannot relieve any operating manager of the
requirement for ensuring proper control within
his or her area of concern.
Responsibility (cont.)
The IA department also has the responsibility
to perform audit work with due professional
care and with appropriate education,
experience, certification, professional image
and attitude, and personal integrity.