IA topic 1

avatar
Created by
Eunice Lim

Cards (39)

  • Adding value means improving performance through better use of resources or reducing waste. It also means providing insight into how things are done and suggesting improvements where possible.
  • "add value to improve an organisation's operations", mentioning that it is not only about compliance but effectiveness achieving goals, efficiency minimizing resources, and getting resources with competitive costs.
  • The difference between independence and objectivity is that independence is talking about mindset and objectivity is you report what you see.
  • Independence and objectivity. Independence refers to the organisational status of the internal audit function. Objectivity refers to the mental attitute of individual internal auditors. Both talking about unbiased mindset.
  • It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.
  • Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations.
  • An organisation's objective defines what the organisation wants to achieve, and its ongoing success depends on the accomplishment of its objectives (strategic, reporting, compliance, and operational)
  • Internal audit is not compulsary but external audit is compulsary. Internal audit tell you how much profit you should make, external audit only tell you how much profit you have in a period.
  • External audit are required by law whereas internal audit is optional
  • Without effective risk management, control and governance processes, an organisation cannot achieve its objectives and sustain success.
  • Internal auditors is not responsible to design internal controls, they only access to internal controls and recommend methods to improve the control. Design internal control is depends on manager or each department.
  • A profession requires:
    • A theoretical body of knowledge
    • Relative independent in decision-making in practice
    • Specialize education
    • A code of ethics for behaviour of its members
    Internal audit have all. Therefore, is a profession.
    • Internal auditing have the International Professional Practice Framework (IPPF).
    • Internal auditors perform their work by using consistent practice aligned with professional standards contained in the IPPF.
    • Internal auditing have specialized education and examinations, for example Certified Internal Auditor (CIA).
    • Internal auditing have its own Code of Ethics.
  • Internal Audit is a professional activity which helps organisation to achieve their stated objectives by:
    • Analyzing key processes, procedures & operations
    • Identifying key controls in each such operation, procedure & process
    • Evaluating the adequacy of these controls
    • Testing compliance of sample transactions against these controls
    • Reporting results of the evaluation of controls and compliance testing of transactions
    • Recommending stronger controls whenever necessary
    • Suggesting methods to improve compliance with key controls
    • Follow up action taken on recommendations made in previous reports
  • Main objective of internal audit are:
    • To provide assurance on the adequacy of the whole control environment
    • advise at an early stage in the implementation of any system developments or amendments to processes, development and implementation of organizational policies.
  • Internal audit
    • provide assurance that the organization's values are met and the law and regulations are complied with
    • ensures that financial statements and other published information are accurate and reliable
    • human, financial and other resources are managed efficiently and effectively
    • Also, forms part of the wider anti-fraud and anti-corruption framework of a company
  • Internal audit's objectives:
    • assess if decisions are properly authorised
    • assess reliability and integrity of information
    • assess compliance with laws, regulations, policies and contracts
    • assess efficiency, effectiveness, economy and ethical conduct of business activity
    • review achievement of organisation objectives
    • review that assets are safeguarded
    • consider fraud risks scenarios
    • follow-up previous audits to assess if the remedial action has been effectively implemented
    • look for business improvements and better ways of doing things
  • IA vs EA
    • status: employees in company VS from outside the organisation
    • objectives: varies according to the audit VS true and fair view of FS
    • report goes to: Management and Audit Committee VS shareholders, BOD and Audit Committee
    • focus: Future-looking VS historical
    • standard: IA standard VS EA standard
    • qualifications: not mandatory VS mandatory
  • Manager does not have control over external auditors, external auditors only responsible to shareholders. However, no matter internal auditors are employees in the company or outsource IA, they are controlled by manager.
  • Relationship between IA and EA
    • Internal audit also provide financial reporting assurance services. The primary difference is the audience. They provide the service primarily for the benefit of the management and BOD.
    • Independent audit firms (EA) provide assurance services on financial reporting primarily for the benefit of third parties. These third parties trust the firm's independent evaluations when making financial decisions about the organization.
  • Performance audit
    To ensure the efficient use of resources to obtain the objectives of a company
  • Compliance audit
    To ensure compliance with rules, laws, and regulations applicable to a company
  • Environmental audit
    To ensure compliance with the environmental laws and regulations
  • Information system audit
    To ensure proper functioning of the information system throughout the life of a business
  • Special assignments
    Relate to the investigations on fraud and corruption, or any other special service with the approval of the board
  • Operational audit
    To ensure efficient and effective conduct of operations of a company
  • Types of objectives:
    • compliance
    • operational
    • strategic
    • reporting
  • Consulting services

    • Services that the customer agrees upon, meant to enhance an organization's governance, risk management, and control processes
    • Giving advice, facilitating discussions, and providing training, without the internal auditor taking on management duties
  • Assurance services
    • Independent review of evidence
    • Assess the organization's governance, risk management, and control processes
    • Can cover areas like finances, performance, compliance, system security, and due diligence
  • Internal audit engagement
    Assurance services and consulting services
  • Assurance services - hv 3 parties, internal auditor (make the independent assessment) to user (rely on the independent assessment) to auditee (involved in process, system)
    Consulting services - hv 2 parties, internal auditor (offering the advice) to customer (receiving the advice)
  • Assurance engagement
    -assess the design adequacy and operating effectiveness of
    • entitiy-level controls
    • information technology controls
    • business process controls
    • -direct assess business performance objectives
  • Types of consulting engagement
    • Advisory Consulting Engagement - advisory in nature
    • Facilitative Consulting Engagement - facilitative in nature
    • Training Consulting Engagement - educational in nature
  • IA Code of Ethics - 4 principles
    • Integrity - integrity establish trust and so provides the basis of reliance on their judgment
    • Objectivity - not unduly influenced by their own interest or others in forming judgments
    • Confidentiality - respect the value of info they receive and do not disclose info without appropriate authority unless there is legal or professional obligation to do so
    • Competency - apply skills, knowledge and experience needed
  • Compliance and advisory roles
    • primary role - improving internal control, accuracy, reliability & integrity of info including financial and operational reporting
    • monitoring & evaluation of effectiveness of risk management processes
    • corporate oversight, safeguarding of assets, economical & efficient use of resources, compliance with laws & regulations, deffering fraud
    • does not perform management activities or responsibilities becoz these include establishing internal controls
  • Role in internal control
    • compliance audit - checking financial and operational controls and transactions to ensure they follow laws, regulations, and procedures
    • operational audit - review of various functions within project to evaluate efficiency, effectiveness and economy
  • Role in risk management
    • focus on risk occurrence that could prevent the project from achieving its goals
    • many types of risks - strategic, operational, financial reporting, legal/regulatory, fraud, ineffective/inefficient use of resources, technological, human capital, credibility and more
    • focus on areas with high risks and high probability that controls are
    • don't forget positive risks - opportunities
  • IA role in corporate oversight
    • have 4 pillars - IA, executive management, external audit, and BOD/steering committee
    • A combination of methods and structures set up by management to guide, oversee, and monitor a project's resources, strategies, and policies toward reaching its goals
    • public sector governance principles - transparency, integrity, accountability
    • may include review of sufficiency of human resources, training needs, policies and etc
  • Nature of Internal Audit activity
    • establish scope & activities for audit to management
    • describe key risks
    • idenfity control procedures
    • develop & execute risk based sampling
    • report issues / make recommendations / negotiate action plans with management
    • follow up on reported findings periodically
  • IA Proactive Role
    • Identify risks
    • find better ways and best practices
    • partner with management to find solutions
    • prevent problems
    • provide training
    • respond to policy & technical accounting questions
    • offer suggestions for improvement
    • advisory role