Overview of Internal Audit

Internal Auditing – Defined

Is an independent, objective assurance and consulting activity designed to add value and
improve an organization’s operations. It helps an organization accomplish its objectives by
bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk
management, control and governance processes.

Definition Digest:
o Internal Auditing - The service is provided within the organization and is distinct from
the external audit role.
o Independent’ - Internal auditing works under the principle of objectivity. Activities must
be carried out in and unbiased manner and free from the influences of management.
o Assurance and Consulting Activity - Is an additional consultancy arm of the company
which provides and assistance to management on how to manage risks, control and
governance issues.
o Designed to add value - Audit activities are client-based and are responsive to the
needs of the organization. Benefits are aligned to the company’s overall goals.
o Improve an organization’s operations - The end goal of internal auditing is to bring
continuous improvement to the organization and offer alternative solutions to better the
conduct and business thus achieve operational success.
o Systematic, disciplined approach - It has a clear set of professional standards and
guidance on policies and procedures in order to deliver quality service.
o Evaluate and Improve - What is found during the audit should be presented and
evaluated against company policies and standards. Evaluation tools and techniques
must be applied in a professional and impartial manner to give reliable results.
o Effectiveness - The principal motive of audit is to ensure the link between controls and
objectives. Audit works to achieve effectiveness in its operation system and strategies.
o Risk management, control and governance processes - The internal audit activity
must evaluate the effectiveness and contribute to the improvement of risk management
processes

Four Elements of Internal Audit Activity

Reliability and Integrity of Financial and

Reliability and Operational Information
Effectiveness and Internal auditors review the reliability
integrity of
efficiency of and integrity of financial and operating
financial and
operations information and the means used to identify,
operational measure, classify and report such
information information.

Effectiveness and Efficiency of

Compliance with Operations
Safeguarding of laws, regulations Internal auditors appraise the economy and
assets and contracts efficiency with which resources are
employed.

Page 1 of 6
“Unauthorized reproduction of this file exclusively for the CIAS Certification program
is strictly prohibited”
Overview of Internal Audit

Safeguarding of Assets
Internal auditors review the means of safeguarding and, as appropriate, verifying the existence
of such assets.

Compliance with laws, regulations and contract

Internal auditors review the system established to ensure compliance with those policies, plans,
procedures, laws, regulations and important contract which could have a significant impact on
operations and reports; and should determine whether the organizations is in compliance.

Internal Audit versus External Audit

FACTORS INTERNAL AUDIT EXTERNAL AUDIT

FS are fairly stated in

Sounds risk management
Objectives accordance to applicable
and controls
financial framework

Overall systems. VFM fraud

Scope FS and Financial systems
MIS and compliance

From operations by
Independence Auditor, firm, network, firm
professionalism and status

CAE, managers, seniors and

Structure
assistants

Managing an Internal Audit Function

The internal audit director needs to comply with the IIA’s Attributes Standards, which say that
the chief audit executive (CAE) is responsible for properly managing the department so that:

1. Audit work fulfills the general purposes and responsibilities approved by senior management
and accepted by the board,
2. resource of the internal auditing(IA) department are efficiently and effectively employed, and
3. audit work conforms to the Standards.

Mission & Purpose of the IA Department

• Review organization’s activities to determine whether it is efficiently and effectively

carrying with management’s instructions, policies, and procedures.
• Determine the adequacy and effectiveness of the system internal controls in all areas of
activity.
• Review the reliability and integrity of financial information and the means used to
identify, measure, classify, and report such information.
• Review the means of safeguarding assets and, as appropriate, verify the existence of
such assets.

Page 2 of 6
“Unauthorized reproduction of this file exclusively for the CIAS Certification program
is strictly prohibited”
Overview of Internal Audit

• Appraise the economy and efficiency with which resources are employed, identify
opportunities to improve operating performance, and recommend solutions to problems
where appropriate
• Review operations and plans to ascertain whether results are consistent with established
objectives and goals, and whether the operations and plans are being carried out as
intended.
• Coordinate audit efforts, where appropriate, with those of the external auditors.
• Review the planning design, development, implementation, and operation of relevant
computer – based systems to determine whether
(a) adequate controls are incorporated in the systems;
(b) through system testing is performed at appropriate stages;
(c) system documentation is complete and accurate; and
(d) needs of the users are met.
• Conduct periodic audits of computer centers and make post installation evaluations of
relevant data processing systems to determine whether those systems meet their-
intended purposes and objectives
• Participate in the planning and performance of audits of acquisitions. Follow up to
ensure the proper accomplishment of the audit.
• Report to those members of management who should be informed, or who should take
corrective action, the results of the audit examinations, the audit opinions formed, and
the recommendations made.
• Evaluate the plans or actions taken to correct reported conditions for satisfactory
disposition of audit findings. If corrective action is considered unsatisfactory, hold further
discussions to achieve acceptable disposition.
• Provide adequate follow – up to ensure that proper corrective action is taken and that it
is effective.

International Standards for the Professional Practice of Internal Auditing

Internal Auditing Standards (IAS) are fundamental principles and procedures that make internal
auditing a unique, disciplined and systematic activity.
Purposes;
• Delineate basic principles that represent the practice of internal auditing as it should be.
• Establish the basis for the measurement of internal audit performance.
• Provide a framework for performing a broad range of value-added internal audit
activities.
• Foster improved organizational processes and operations.

IIA’s Attribute and Performance Standards

The The Performance Standards

Attribute Standards address the describe the nature of internal
characteristics of organizations audit activities and provide
and parties performing internal quality criteria against which
audit activities. the performance of these
services can be evaluated.
Page 3 of 6
“Unauthorized reproduction of this file exclusively for the CIAS Certification program
is strictly prohibited”
Overview of Internal Audit

Audit Professionalism

Corporate Governance
✓ The system of stewardship and control to guide organizations in fulfilling their long term
economic, moral, legal and social

Four Core Principles of Corporate Governance

1. Fairness
2. Responsibility
3. Accountability
4. Transparency

Establishing Clear Roles and Responsibilities of the Board

1. To act on a fully informed basis in good faith, with due diligence and care, and in the best
interest of the company and all shareholders/members.
2. To oversee the development of and approve the company’s business objectives and
strategy and monitor their implementation, in order to sustain the company’s long-term
viability and strength
3. To ensure and adopt an effective succession planning program for directors, key officers,
and management
4. To align the remuneration of key officers and directors with the long term interest of the
company/organization
5. To develop a policy on board nomination and election
6. To ensure proper implementation of the policy and system governing related party
transactions and other unusual or infrequently occurring transactions
7. Responsible for approving the selection and assessing the performance of the management
8. To establish an effective performance management framework
9. To oversee that an appropriate internal control system is in place
10. To oversee that a sound enterprise risk management framework is in place.

IIA’s CODE OF ETHICS

Promotes an ethical culture in the profession of internal auditing
1. Principles
o Relevant to the profession and practice internal auditing

2. Rules of Conduct
o Describes behavior norms expected of internal auditors

PRINCIPLES
Integrity
• Establishes trust and thus provides the basis for reliance on their judgement.

Objectivity
• Makes a balanced assessment of all the relevant circumstances and are not influenced
by their own interest or by other in forming judgement.

Confidentially
• Respect the value and ownership of information they receive and do not disclose
information without appropriate authority.

Page 4 of 6
“Unauthorized reproduction of this file exclusively for the CIAS Certification program
is strictly prohibited”
Overview of Internal Audit

Competency
• Applies the knowledge, skills and experience needed in the performance of internal audit
services.

RULES OF CONDUCT

Integrity
• Shall perform their work with honesty, diligence, and responsibility.
• Shall observe the law and make disclosures expected by the law and profession.
• Shall not knowingly be a party to any illegal activity, or engage in acts that are
discreditable to the profession of internal auditing or to the organization,
• Shall respect and contribute to the legitimate and ethical objectives of the organization.

Objectivity
• Shall not participate in any activity or relationship that may impair or be presumed to
impair their unbiased assessment.
• Shall not accept anything that may impair or be presumed to impair their professional
judgement,
• Shall disclose all materials facts known to them that, if not disclosed, may distort the
reporting of activities under review.

Confidentiality
• Shall be prudent in the use and protection of information acquired in the course of their
duties.
• Shall not use information for any personal gain or in any manner that would be contrary
to law or detrimental to the legitimate and ethical objectives of the organization.

Competency
• Shall engage only in those services for which they have the necessary knowledge, skills,
and experience.
• Shall perform internal audit services in accordance with the international Standards for
the Professional Practice of Internal Auditing.
• Shall continually improve their proficiency and the effectiveness and quality of their
service

Ethical Dilemma
✓ Chief Audit Executive (CAE) and Internal Audit Staff have a responsibility to always
behave professionally and ethically and will have a particularly important role to play in
creating, promoting, and maintaining an ethical culture within the practice and, possibly,
among the clients of the practice

Ethical Threats to Internal Auditor Independence

1. Familiarity
✓ The threat that due to a long or close relationship with someone, you will be too
sympathetic to that person’s interests, or too accepting of their work

2. Intimidation
✓ The threat that you will be deterred from acting objectively because of actual or
perceived pressures

Page 5 of 6
“Unauthorized reproduction of this file exclusively for the CIAS Certification program
is strictly prohibited”
Overview of Internal Audit

3. Self-Interest
✓ The threat that a financial or other interest will inappropriately influence your judgement r
behavior

4. Self-Review
✓ The threat that you will not properly evaluate the results of a previous judgement made
or service performed by you when forming a judgement as part of providing current
service

5. Advocacy
✓ The threat that you will promote a position to the point that your objectivity is
compromised.

Page 6 of 6
“Unauthorized reproduction of this file exclusively for the CIAS Certification program
is strictly prohibited”