1

Tarlac State University

College of Business and Accountancy

Overview of Internal Auditing

Functions and Activities, History
& Development of the
Internal Auditing Profession, and
Internal Auditing vs.
External Auditing

Prepared by:
DAVID , Kim Carlo G.
MANDAP, Rosette M.
PAMINTUAN, Nicholane C.
PINEDA, Czimuelle Gryan J.
SAMPANG, Judy Anne V.
VALDEZ, Marilou T.
BSACT 4-1
Submitted to:
Henry D. Rufino, CPA

Table Of Contents
CHAPTER 1
OVERVIEW OF INTERNAL AUDITING FUNCTIONS AND ACTIVITIES

pages 3-5

Organization
Internal Auditing (Roles of Internal Audit)
Purpose of Internal Auditing
Internal Auditors
Institute of Internal Auditors
Internal Audit Activities
Audit Process Model
CHAPTER 2
HISTORY AND DEVELOPMENT OF THE INTERNAL AUDITING PROFESSION
5-9

pages

History of the Internal Auditing Profession

Statement of Responsibilities
Standards for the Professional Practice of Internal Auditing
Lawrence B. Sawyer
Development of Auditing Practices
5 chronological periods (Prior to 1840s, 1840 to 1920s, 1920s to 1960s,
1960s to 1990s, 1990s to present)
CHAPTER 3
INTERNAL AUDITING VS. EXTERNAL AUDITING
pages 10-16
Financial Statements Audit
Operational Audit
Compliance Audit
External Auditing
Aspects of External Auditing
Objectives of External Auditing
Internal Auditing
Tasks of Internal Auditing
Quality of Internal Audit Report
Scope of Internal Audit
International Standards for the Professional Practice of Internal Auditing
Similarities of Internal Auditing and External Auditing
Internal Auditing vs. External Auditing

Chapter 1
Overview of Internal Auditing

Functions and Activities

Organization
Stakeholders; they are the people who are interested in what it
delivers. They may be investors, owners, suppliers, customers
and employees.
Governing board; these are the people responsible for
delivering what the stakeholders want. They may be directors,
trustees and partners.
Stakeholders have objectives which they expect the governing
board to deliver. Example of these objectives may be to increase
profit, deliver food to famine area or recruit more students.
Unfortunately the achievement of these objectives is threatened
by circumstances called risks.These risks require responses to
mitigate them to a level which enable them to a level which
should enable the objectives to be achieved.
How do the stakeholders and governing board know that their
objectives will be achieved because the responses are sufficient
and operating? Their worries are much reduced because the
organization has an Internal Audit Department.
What is Internal Auditing?
Internal Auditing - an independent, objective assurance and consulting
activity designed to add value and improve an organizations operations. It helps an
organization accomplish its objectives by bringing a systematic, disciplined
approach to evaluate and improve the effectiveness of risk management, control
and governance processes.
The two roles of internal audit:
1. To provide an independent assurance service to the board, audit committee
and management, focusing on reviewing the effectiveness of the governance,
risk management and control processes that management has put into place.
2. To provide advice to management on governance risk and controls, for
example, the controls that will be needed when undertaking new business
ventures.
Purpose of Internal Auditing

Internal auditing is an independent appraisal function established within an

organization to examine and evaluate its activities as a service to the
organization.

The objective of internal auditing is to assist members of the organization in

the effective discharge of their responsibilities.

The audit objective includes promoting control at a reasonable cost.

To provide an independent and objective opinion to an organizations

management as to whether risks are being managed to acceptable levels.

Internal Auditors - they advise Management and Board of Directors (or other
oversight body) regarding how to better execute their responsibilities. As a result of
their broad scope of involvement, internal auditors may have a variety of higher
educational and professional backgrounds.
Institute of Internal Auditors - is the recognized international standard setting
body for the internal audit profession.

4
Internal Audit Activities

Internal Control Reviews

It evaluates the adequacy of segregation of duties, transfer of accountability,
supervisory reviews and approvals, reconciliations, physical safeguards over cash,
checks and critical forms and existence written procedures.

Activities in Internal Control Reviews (Types of Internal Auditing)

1. Operational Reviews An operational review examines the use of
resources available to the organization and evaluates whether those
resources are being used in the most efficient and effective ways to meet the
stated missions and objectives. The accomplishment of goals and objectives
is a major consideration of our operational reviews.
2. Financial Reviews A financial review evaluates the accuracy and
correctness of accounting transactions and reports. The purpose of this type
of review is to verify that the financial activity of a unit is accurately reflected
in financial report and the accounting records and financial document support
the financial report.
3. Compliance Reviews A compliance review determines the degree of
adherence to laws, regulations, and internal and external policies and
procedures.
4. Information System Reviews address the internal control environment of
automated information and transaction processing system and how people
use these systems.
5. Procurement Reviews- Procurement reviews are designed to evaluate
independence, objectivity and fairness of Department procurements.

6. Advisory and Consultant Services- Provide management with in-house

consultant and advice on internal control procedures, accounting systems
and issues pertaining to employee improprieties.

7. Investigations-Investigation reviews focus on alleged civil or criminal

violations of state or federal laws and violation of policies and procedures the
may result in prosecution or disciplinary actions.

8. Coordination of Audits and Reviews conducted by External AgenciesThe Audit Coordinator acts as liaison between external auditors and the
Department. The main tasks include ensuring the appropriate department
staff is notified of the audit or review, coordinating the Departments
response to the audit findings and tracking status reports.

Audit Process Model

INPUTS

PROCESSES

OUTPUTS

OUTCOMES

Internal Audit
Knowledge
and Skills

Computers,
Software and
IIA Standards

Time and
Money

Internal Audit
Practices and
Procedures

Analyses,
Appraisals,
Recommendations,
Counsel and
Information

Promote the
Effective use of
Internal Control

Supporting the
Organization in
the Discharge of
their
Responsibilities

Reputation
for Integrity
and Fairness

Chapter 2
History & Development of the
Internal Auditing Profession
HISTORY OF INTERNAL AUDITING PROFESSION
o

The roots of auditing, in general, are intuitively described by

accounting historian Richard Brown (1905, quoted in Mautz & Sharaf,
1961) as follows:

The origin of auditing goes back to times scarcely less remote than
that of accountingWhenever the advance of civilization brought
about the necessity of one man being entrusted to some extent with
the property of another, the advisability of some kind of check upon
the fidelity of the former would become apparent.

The word audit comes from the Latin word audire, meaning to
hear. According to Flint (1988), audit is a social phenomenon which

serves no purpose or value except of its practical usefulness and its

existence is wholly utilitarian. Flint (1988) further explains, the audit
function has evolved in response to a perceived need of individuals or
groups in society who seek information or reassurance about the
conduct or performance of others in which they have an acknowledged
and legitimate interest. Flint (1998) argues that audit exists because
interested individuals or groups are unable for one or more reasons to
obtain for themselves the information or reassurance they require.
Hence, an audit function can be observed as a means of social control
because it serves as a mechanism to monitor conduct and
performance, and to secure or enforce accountability.
Mackenzie in the foreword to The Accountability and Audit of
Governments made the following remark: Without audit, no control;
and if there is no control, where is the seat of power? All in all, an
audit function plays a critical role in maintaining the welfare and
stability of the society. Many auditors concur with Flint (1988) that the
aim of an audit has always been a dynamic rather than a static one.
Brown (1962) asserts that the objective and techniques of auditing
have changed during the four hundred years of recognizable existence
of auditing to suit the changing needs and expectations of society. It
can be observed that the changes in needs and expectations of society
are highly influenced by the factors contextual to the economic,
political and sociological environment at a particular point of time.
Therefore, the review of the historical development of auditing enables
one to understand, analyze and interpret the evolution of auditing due
to the change in expectations of the society.

1941
The Institute of Internal Auditors (IIA) was founded on December 9, 1941, in New
York by a small group of practicing internal auditors. The group recognized that they
had many commonalities in the way they worked despite the fact that they worked
in different businesses and industries. They agreed that merely applying external
auditing techniques internally was not sufficient. They felt the need for a formal
approach to sharing and organizing their body of knowledge and their mutual
concerns. They began the long process of achieving an identity for internal auditing
as a distinct profession concerned with providing independent appraisals for all
activities within an organization. This includes the gradual expansion of the scope of
internal audit activities and of the professionalization of the practice of internal
auditing. The first textbook for the practice, Brinks Internal Auditing was published
in this year.
1943
A technical journal for the field, Internal Auditor, distributed its first issue.

1947
The Institute developed the first version of a Statement of Responsibilities
and has continued to revise it as internal auditing practices matured. The Institute
of Internal Auditors (IIA), operates to bring uniformity and consistency to the
practice of internal auditing.
Statement of Responsibilities
1. Reviewing and appraising the soundness, adequacy, and application of
accounting, financial, and operating controls.
2. Ascertaining the extent of compliance with established policies, plans, and
procedures.
3. Ascertaining the extent to which company assets are accounted for, and
safeguarded from, losses of all kinds.
4. Ascertaining the reliability of accounting and other data developed within the
organization.

7
5. .Appraising the
responsibilities.
6.

quality

of

performance

in

carrying

out

assigned

Research opportunities in Internal Auditing.

1968
The Code of Ethics was issued. Its purpose is to promote an ethical culture in
the profession of internal auditing.
1974
The Institute began a certification programCertified Internal Auditor (CIA).
The credential requires a combination of education and work experience with
successful completion of a four-part comprehensive exam which tests: Internal Audit
Process; Internal Audit Skills; Management, Control and Information Technology;
and, Audit Environment.
1978
The IIA published the Standards for Professional Practice to serve as the
primary source of reference for directing an internal audit function.
Standards for the Professional Practice of Internal Auditing
1. Assist in communicating to others the role, scope, performance, and
objectives of internal auditing.
2. Unify internal auditing throughout the world.
3. Encourage improved internal auditing.
4. Establish basis for consistent measurement of internal auditing operations.
5. Provide a vehicle by which internal auditing can be fully recognized as a
profession.
After the World War II, different management philosophy were evolved as growth
and expansion was continuously increasing making the business process more
complex and fast changing. This made it increasingly difficult for organizations to
maintain control and operational efficiency. The shift to a war economy further
expanded organizations' responsibilities for scheduling, availability of materials and
laborers, compliance with government regulations, and an increased emphasis on
cost finding. The Internal Auditing profession evolved steadily with the progress of
management science after World War II. It is conceptually similar in many ways to
financial auditing by public accounting firms, quality assurance and banking
compliance activities. Much of the theory underlying internal auditing is derived
from management consulting and public accounting professions.
Management
found it impossible to visually observe all of the operating areas in their respective
areas of responsibility or to have sufficient personal contact with individuals who
directly or indirectly reported to them. In seeking ways to deal with these new
problems, management appointed special staff people to review and report on what
was happening and to probe for the why. These people came to be known as
"internal auditors." The internal audit function varied greatly as to the number of
people assigned to perform it and in the scope and nature of the work being done.
In some organizations, internal auditors were used to check on routine financial and
operational activities with a heavy emphasis on compliance, security, and detection
of fraud. In others, internal auditors were given higher levels of status and were
asked to analyze and appraise more substantive financial and operational activities.
As the profession evolved, a number of internal auditors began pushing vigorously
for greater understanding and recognition of their function, and began to develop
contacts and relationships with professionals in other organizations in an attempt to
share problems and to advance their common interests. With the implementation in
the United States of the Sarbanes-Oxley Act of 2002, the profession's growth
accelerated, as many internal auditors possess the skills required to help companies
meet the requirements of the law.

Lawrence B. Sawyer (1911-2002)

The Father of Modern Internal Auditing
He was active in the Institute of Internal Auditors as a member for forty-five years
serving as chapter president, and on the local board of governors
served as chair of the International Research Committee, and as a member of the
professional standards subcommittee.
Other national appointments included Director-at-Large and member of the Board
of Regents.
has given more than 100 speeches, conducted 186 seminars, authored or
coauthored 11 books, two video series, and over 40 journal articles on internal
auditing.
Won the IIA's annual Thurston Award for writing excellence four times and the
Outstanding Contributor three times for his articles.
Other awards for his contributions include the Bradford Cadmus Memorial Award,
the Victor Z. Brink Award, and the Lifetime Achievement Award.
published in the 1970's called "The Grandfather Dialogues". Each article consisted
of a conversation between a grandfather and grandson about internal auditing.
Sawyer's other writings are categorized by subject as relating to the practice,
politics, philosophy, and the profession of internal auditing. The writings are
summarized and analyzed for consistency. Inconsistencies are explained by changes
in the environment or the profession. Comparison to an internal auditing
professional timeline indicated that Sawyer's ideas were rarely original or new. He
wrote about topics that were being practiced by the leaders in the profession at the
time. Sawyer provided expanded coverage of topics that brought information
together from other sources into one useful resource, his book. Many of his writings
are still relevant to today's internal auditing profession including internal control and
fraud prevention.
Development of Auditing Practices
5 chronological periods
Prior to 1840s
o not well documented
o Auditing in the form of checking activities was found in China, Egypt and
Greece.
o Found in ancient Exchequer in England which was established during the
reign of Henry.
o Found in the Italian City States and City of Pirsa in 1394
o Merchants of Florence, Geneo and Venice used auditor to help them verify the
riches brought by Captain of sailing ships returning from the old world bound
for the European Continent
o Industries during this period were mainly concerned with cottages and small
mills.
o Audit objective was primarily designed to verify the honesty of person
charged with fiscal responsibilities
1840 to 1920s
o Large factories and machined based production were established.
o Emergence of Middle class during Industrial Revolution period provide
funds for the establishment of large Industrial and commercial
undertakings.
o Share markets are highly unregulated and speculative
o Rate of financial failure and liabilities was not limited.
o Joint Stock companies Act (1844) directors shall cause the books of
company to be balanced and a full and fair balance sheet to be made up

9
o
o

Companies act 1862 (1900) annual presentation of balance sheet to

shareholders and the requirement of statutory audit were only made
compulsory.
The role of auditors was mainly on FRAUD , DETECTION and portrayal of
the companys SOVENCY ( INSOVENCY) in the balance sheet.

1920s
o
o
o

to 1960s
Investment had grew rapidly
Companies grew in size
The separation of the ownership & management function became more
evident.
o The Audit function was mainly to provide CREDIBILITY to the financial
statements prepared by the company managers and shareholders.

1960s to 1990s
o New
York
Times
(April
06,
1975)
The
New
York
Times
Company, major newspaper publisher and media company.
The said
company described the role of an auditor. Affirm the truthfulness of the
financial statements and assure that financial statements are fairly
presented.
o Risk-Based Auditing (early 1980) Is an audit approach where an auditor
will focus on those areas which are most likely to contain errors.
o Most of companies this period had introduced COMPUTER SYSTEMS to
process their financial and other data, and to perform, monitor and control
many at their operational and administrative processes, also auditors at
the same time were providing ADVISORY SERVICES to audit clients.
1990s to present
o Presently, the ultimate of objective of auditing is to lend CREDIBILITY to
FINANCIAL & NON-FINANCIAL information provided by management in
annual reports; however, audit firms have been largely providing
consultancy services to businesses.
o By 2000, consultancy revenues exceeded auditing revenues in all major
auditing firms in the USA.
o Revelations regarding the accuracy of financial statements issued by
corporations and the integrity of the independent public accounting firms
that audit these financial statements. The best known of these cases
involved the Enron Corporation and the Arthur Andersen LLP accounting
firm. Enron, an energy company that traded in derivatives, engaged in a
series of money-losing partnership transactions that were not reflected in
its financial statements. Arthur Andersen, one of the nations largest
accounting firms and Enrons auditor, overlooked these questionable
accounting practices, providing credibility to Enrons misleading financial
statements. The losses were finally revealed in the fall of 2001 when
Enron officials admitted that the companys net worth had been
overstated by more than $1 billion. With the revelations the price of Enron
stock fell from $83 per share in December 2000 to less than $1 per share
in December 2001. Arthur Andersen was convicted of obstruction of
justice charges in June 2002 in connection with its Enron activities. The
loss of its reputation as an independent auditor was even more telling,
causing Arthur Andersen to discontinue much of its auditing activity. At
the same time that the Enron scandal was being reported, similar
problems with financial statements were reported at a number of other
companies including WorldCom, Inc. and Global Crossing. The accounting
fraud uncovered at WorldCom proved to be the largest in U.S. history. The
company overstated its earnings by $11 billion, and its subsequent
bankruptcy cost investors an estimated $200 billion. The United States
Department of Justice brought criminal charges against WorldComs
former chief financial officer, and the SEC filed civil lawsuits against four
former WorldCom executives. One result of these revelations of
accounting and financial irregularities was the passage of the Accounting
Reform and Investor Protection Act of 2002, often referred to as the
Sarbanes-Oxley Act of 2002 for the legislators who sponsored it. The
legislation sought to improve the accuracy of financial statements and to
ensure full disclosure of information in these statements. It also created

10

an oversight board for accounting practices, strengthened the

independence of public accounting firms in their auditing activities,
increased corporate responsibility for the accuracy of financial statements,
and sought to protect the objectivity of securities analysts and to improve
the SECs resources and oversight functions.
Other spate radical reforms that were undertaken by other countries by
their accounting bodies, government and SEC to strengthen the audit
practice; *Sarbanes-oxley act of 2002 .(France, Japan, China, Canada, ),
Combined code of Conduct (UK and Cadbury), Germany's transparency of
two-tier system, Italy's Draghi law of 1998 and Preda Code of Conduct

Chapter 3
Internal Auditing vs.
External Auditing
FINANCIAL STATEMENTS AUDIT
A financial statements audit is the
examination of the financial statements of an
organization as presented by the board of
directors by someone independent of the
organization, example an external auditor.
This type of audit usually overs the basic set
of financial statements (Balance Sheet,
Income Statement, Statement of Cash Flows,
Statement of Changes in Equity and notes to
the financial statements)
A financial
determine:

statements

audit

seeks

to

Whether proper books have been kept

and the financial statements are in
agreement therewith

Whether the financial statements

comply with relevant legislation and accounting standards example IFRS.

Whether the financial statements give a true and fair view of the state of the
companys affairs as at the year-end and of its results of operation and cash
flows for the year.

OPERATIONAL AUDIT
An operational audit involves a systematic review of an organizations activities,
or a part of them, in relation to the efficient and effective use of resources. The
purpose of an operational audit is.

To assess performance,

Identify areas for improvement,

Develop recommendations.

Sometimes this type of audit is referred to as a performance audit or

management audit. Operational audits are generally more difficult to conduct than

11
financial statements audits or compliance audits because it can be very difficult to
identify objective, measurable criteria that can be used to assess effectiveness and
efficiency.
Operational auditing has increased in importance in recent years, and it is
likely that this trend will continue. With entities restructuring and downsizing, most
facets of the entity are being evaluated. An example from the private sector would
be when an entity employs auditors to assess the efficiency and effectiveness of the
entitys use of computer resources.

COMPLIANCE AUDIT
A compliance audit determines the extent to which rules, policies, laws
covenants, or governmental regulations are followed by the entity being audited.
For example, a company may be audited to determine whether corporate rules and
policies are being followed by departments within the organization. The corporate
rules and policies serve as the criteria for measuring the departments compliance.
Another example is examination of tax returns of individuals and companies by the
Internal Revenue Service for compliance with the tax laws. In this example, the
Income tax laws provide the criteria for measuring compliance.

INTERNAL & EXTERNAL AUDITING

External Auditing
External Audit is an periodic examination of the books of account and records
of an entity carried out by an independent third party (the auditor), to ensure that
they have been properly maintained, are accurate and comply with established
concepts, principles, accounting standards, legal requirements and give a true and
fair view of the financial state of the entity.
Accountancy bodies have a responsibility for inspecting and monitoring their
registered auditors on a regular basis. This is undertaken by the Professional
Oversight Boards Audit Inspection Unit. The following features should be
transparent in each accounting/audit practice:

recruitment of suitable staff;

proper training, both academically and on the job;

continuing professional development;

quality control and supervision of work;

proper planning and approach;

appropriate fee-charging policy, which is based either on an hourly rate or a

percentage of turnover;

a commitment to ethical guidelines;

Internal peer review at appropriate intervals.

Audit reports are the end product of the work and must be completed to the
highest standard. They are governed by the 1985 Companies Act as amended by
the Companies Act 1989 and 2006 and also by the international auditing standard
ISA 700, The Auditors Report on Financial Statements. The 1985 Act places a duty
on auditors to examine the financial statements and to express an opinion on
whether they show a true and fair view at the year end. The auditor should not
express an opinion on the statements until they have been approved by the
directors and the auditors have considered all available evidence.
The management letter

12

An effective written report to the board of directors preceded by an executive

summary is an essential part of communication. Auditors will report on matters that
have come to their attention during the course of the audit. These will include:

changes in risk assessment which are an issue;

weaknesses in internal controls;

weaknesses within management information systems;

comments on the work and reliance of internal audit;

issues that relate to the financial statements;

Recommendations for change.

Management letters are private communications which the board may well
delegate to the Audit Committee. They are considered by all parties to be important
and fundamentally useful.

ASPECTS OF EXTERNAL AUDIT:

Statutory audit

It has always been the traditional role of an external auditor. It covers

all external audit activities, to ensure that the entity complies with the
appropriate fiscal requirements, accounting standards, and other
legislation governing the financial records of the entity.

Management of audit activities

Management of an audit team or audit department at senior,

supervisory or management level is likely to reinforce the quality and
level of experience in other areas of external audit.

Consultancy

The recent growth of consultancy work in audit firms has been an

important development, and there is usually an accounting
connotation to this work. Although auditors sometimes undertake such
work, there are many firms in which specialist consultancy
departments (or even separate consultancy firms) have been set up.

OBJECTIVES OF EXTERNAL AUDITING

To identify and assess the risks of material misstatement of financial
statements due to fraud.
To obtain sufficient appropriate audit evidence regarding the assessed risks of
material misstatement due to fraud, through designing and implementing
appropriate responses.
To respond appropriately to fraud or suspected fraud identified during the
audit.

Relationship between External and Internal audit

13

During the course of their planning, the external auditors should perform a
preliminary assessment of the internal audit function, when it appears that certain
internal audit work is relevant to their external audit. A favorable assessment might
allow the external auditors to modify the nature, timing and extent of external audit
procedures. External auditors may make use of the work of internal audit in forming
their opinion. During the course of their work they will want to measure the
effectiveness of internal audit. They do this against the Internal Audit Guidelines
approved by the Auditing Practices Board (APB) in 1990. However, it must be stated
that external auditors have sole responsibility for their statutory responsibility to
provide an audit opinion.

Internal Auditing
Definition of Internal Audit, prior to 1990:
Internal auditing is an independent appraisal function established within an
organization to examine and evaluate its activities as a service to the organization.
The objective of internal auditing is to assist members of the organization in in the
effective discharge of their responsibilities. To this end, it furnishes them with
analysis, appraisals, recommendations, counsel and information concerning the
activities reviewed. The audit objective includes promoting effective control at
reasonable cost.
New definition of internal audit provided by IIA (Institute of Internal Auditors):
Internal audit is an independent, objective assurance and consulting activity
designed to add value and improve the organizations operations. It helps an
organization accomplish its objectives by bringing a systematic, disciplined
approach to evaluate and improve the effectiveness of risk management control
and governance processes.

Tasks of internal audit

To examine the risks that the organization faces.

To review the adequacy of the controls in place to protect it from those risks

To verify that the controls are working as intended

To add value and improve the organizations operations

Quality of Internal Audit Report

Objectivity - The comments and opinions expressed in the report should be

objective and unbiased.

Clarity - The language used should be simple and straightforward.

Accuracy - The information contained in the report should be accurate.

Brevity - The report should be concise.

Timeliness - The report should be released promptly immediately after the

audit is concluded, within a month.

Scope of Internal Audit

The internal audit activity should evaluate risk exposures relating to the
organizations governance, operations and information systems regarding the:
Reliability and integrity of financial and operational information.

14
Effectiveness and efficiency of operations.
Safeguarding of assets.
Compliance with laws, regulations, and contracts.

International Standards
Internal Auditing

for

the

Professional

Practice

of

In order to ensure that the internal audit function meets international best
practice, it is necessary to adopt the International Standards for the Professional
Practice of Internal Auditing issued by the Institute of Internal Auditors.

Internal Audit Standards:

Attribute Standards 1000 Purpose, Authority, and Responsibility
The purpose, authority, and responsibility of the internal audit activity must be
formally defined in an internal audit charter, consistent with the Definition of
Internal Auditing, the Code of Ethics, and the Standards. The chief audit executive
must periodically review the internal audit charter and present it to senior
management and the board for approval.
1000. A1 The nature of assurance services provided to the organization must be
defined in the internal audit charter. If assurances are to be provided to parties
outside the organization, the nature of these assurances must also be defined in the
internal audit charter.
1000. C1 The nature of consulting services must be defined in the internal audit
charter.
1010 Recognition of the Definition of Internal Auditing, the Code of
Ethics, and the Standards in the Internal Audit Charter
The mandatory nature of the Definition of Internal Auditing, the Code of Ethics, and
the Standards must be recognized in the internal audit charter. The chief audit
executive should discuss the Definition of Internal Auditing, the Code of Ethics, and
the Standards with senior management and the board.
1100 Independence and Objectivity
The internal audit activity must be independent, and internal auditors must be
objective in performing their work.
1110 Organizational Independence
The chief audit executive must report to a level within the organization that allows
the internal audit activity to fulfill its responsibilities. The chief audit executive must
confirm to the board, at least annually, the organizational independence of the
internal audit activity.
1110. A1 The internal audit activity must be free from interference in determining
the scope of internal auditing, performing work, and communicating results.
1111 Direct Interaction with the Board
The chief audit executive must communicate and interact directly with the board.
1120 Individual Objectivity
Internal auditors must have an impartial, unbiased attitude and avoid any conflict of
interest.
1130 Impairment to Independence or Objectivity
If independence or objectivity is impaired in fact or appearance, the details of the
impairment must be disclosed to appropriate parties. The nature of the disclosure
will depend upon the impairment.
1130. A1 Internal auditors must refrain from assessing specific operations for
which they were previously responsible. Objectivity is presumed to be impaired if an
internal auditor provides assurance services for an activity for which the internal
auditor had responsibility within the previous year.

15
1130. A2 Assurance engagements for functions over which the chief audit
executive has responsibility must be overseen by a party outside the internal audit
activity.
1130. C1 Internal auditors may provide consulting services relating to operations
for which they had previous responsibilities.
1130. C2 If internal auditors have potential impairments to independence or
objectivity relating to proposed consulting services, disclosure must be made to the
engagement client prior to accepting the engagement.
1200 Proficiency and Due Professional Care
Engagements must be performed with proficiency and due professional care.
1210 Proficiency Internal auditors must possess the knowledge, skills,
and
other
competencies
needed
to
perform
their
individual
responsibilities.
The internal audit activity collectively must possess or obtain the knowledge, skills,
and other competencies needed to perform its responsibilities.
1210. A1 The chief audit executive must obtain competent advice and assistance
if the internal auditors lack the knowledge, skills, or other competencies needed to
perform all or part of the engagement.
1210.A2 Internal auditors must have sufficient knowledge to evaluate the risk of
fraud and the manner in which it is managed by the organization, but are not
expected to have the expertise of a person whose primary responsibility is detecting
and investigating fraud.
1210. A3 Internal auditors must have sufficient knowledge of key information
technology risks and controls and available technology-based audit techniques to
perform their assigned work. However, not all internal auditors are expected to have
the expertise of an internal auditor whose primary responsibility is information
technology auditing.
1210. C1 The chief audit executive must decline the consulting engagement or
obtain competent advice and assistance if the internal auditors lack the knowledge,
skills, or other competencies needed to perform all or part of the engagement.
1220 Due Professional Care
Internal auditors must apply the care and skill expected of a reasonably prudent and
competent internal auditor. Due professional care does not imply infallibility.
1220. A1 Internal auditors must exercise due professional care by considering
the: Extent of work needed to achieve the engagements objectives;
Relative complexity, materiality, or significance of matters to which
assurance procedures are applied;

Adequacy and effectiveness of governance, risk management, and control

processes;

Probability of significant errors, fraud, or noncompliance; and

Cost of assurance in relation to potential benefits.

1220. A2 In exercising due professional care internal auditors must consider the
use of technology-based audit and other data analysis techniques.
1220. A3 Internal auditors must be alert to the significant risks that might affect
objectives, operations, or resources. However, assurance procedures alone, even
when performed with due professional care, do not guarantee that all significant
risks will be identified.
1220. C1 Internal auditors must exercise due professional care during a
consulting engagement by considering the:
Needs and expectations of clients, including the nature, timing, and
communication of engagement results;

Relative complexity and extent of work needed to achieve the engagements

objectives; and

16

Cost of the consulting engagement in relation to potential benefits.

Similarities of Internal & External Auditing

Both the external and internal auditor carry out testing routines and this may
involve
examining and analyzing many transactions.
Both the internal auditor and the external auditor will be worried if
procedures were very poor and/or there was a basic ignorance of the
importance of adhering to them.
Both tend to be deeply involved in information systems since this is a major
element of managerial control as well as being fundamental to the financial
reporting process.
Both are based in a professional discipline and operate to professional
standards.
Both seek active co-operation between the two functions.
Both are intimately tied up with the organizations systems of internal control.
Both are concerned with the occurrence
misstatement that affect the final accounts.

and

effect

of

errors

and

Both produce formal audit reports on their activities.

Internal Auditing VS External Auditing

1. Whats the purpose
of the audit?

2. Who are the

Auditors?

3. How is the audit

agenda?

4. Who does the

auditor repot to?

5. What sort of report

will they receive?

INTERNAL AUDITING
To consider if business
practices are helping the
business manage its risk
and meet its strategic
objectives- it can cover
operational as well as
financial matters.
Internal auditors can be
employed by the business
or outsourced. While
accounting background is
common they can also
come from other relevant
backgrounds.
Internally in the light of
businesss risk and
objectives.
Management, the Audit
Committee (if there is
one) or the Board
Tailored report on how the
risk and objectives are
being managed. There is
a focus on helping the
business move forwardso expect there to be
recommendations for
improvement.

EXTERNAL AUDITING
To consider whether the
annual accounts give a
true and fair view and
are in accordance with
legal requirements.
An outside firm of
accountants who are
Registered Auditors (not
all accountancy firms are)

By the audit firm based

on their assessment of
the risk of the
accountants being
materially misstated.
Primarily to the
shareholders or trustees
or members who are
outside the organizations
governance structure.
The main report is format
required by auditing
standards and focuses on
whether the accounts
give a true and fair view
and comply with the legal
requirements. If other
things come to light
which the auditors think

17

6. What happens after

the audit?

7. Are the auditors

report publicly
available?

Follow up to see whether

recommendations have
been implemented.
Consultative help to guide
managements
implementation of
recommendations.
NO. (at least in the UK
private or charity sectors)

8. Do we have to have
an audit?

NO, internal audit are

discretionary.

9. Responsibility for
Improvement

Improvement is
fundamental to the
purpose of Internal
Auditing. But it is done by
advising, coaching and
facilitating in order not to
undermine the
responsibility of the
management.
Broad based assurance
program set with the
Board and Senior
Management, this usually
include the adequacy of
the companys risk
management framework,
operational performance
of business units,
integrity of management
reporting and other areas
as requested by the
Board and the Senior
Management.
Primarily responsibility to
the Board via the audit
committee. Works closely
with the management,
with the aim of providing
independent insight to
the senior management,
the CEO and the Board
Audit Committee.
Organization wide- all
areas, all departments, all

10.
Mandate

11.
Reporting
Relationships

12.
Areas of Focus

should be brought to
managements attention,
the will be reported in a
management letter.
There is no follow up
requirement, until next
years audit; when n
planning the audit past
issues should be
considered.
YES, the main report on
the account is publicly
available. Management
letters are not publicly
available.
It depends, legal
requirements vary;
although the trend has
been towards more
organizations being
exempted from statutory
audit. However
stakeholders such as the
bank or investors may
require you to have your
accounts audited.
None, however there is a
duty to report problems.

Statutory opinions to
shareholders on the
accuracy of the
companys annual report
and financial statements.

Primarily responsibility to
shareholders via the audit
committee and Chief
Financial Officer

Finance and Accounting

18

13.
Approach

14.
Independence
15.
Risk and Control

16.
Driving Results

functions.
Sufficient work
undertaken to provide
insight and give an
informed independent
view to the board and
senior management.
Part of the organization
but independent of the
management.
Provides and independent
view on the organizations
risk management, risk
assessment and
governance processes.
Reviews the adequacy of
control design to ensure
that risks are effectively
managed, and then tests
operation of key controls
to ensure they are
operating as intended
therefore are effective in
managing the companys
risk.
Makes recommendations
to improve the internal
control environment and
to improve the
performance of the
organization. Also
required by the IIAs
standards to ensure that
a follow up process is put
in place to drive results
and make sure that
agreed recommendations
are done.

Sufficient work completed

to form an opinion on the
financial statements.

Is external to the
organization.
Identifies risks and
assesses controls over
financial reporting and
places reliance on
controls to the extent
practicable. Emphasis is
on gaining sufficient audit
evidence to conclude that
the financial statements
present a true and fair
view.

Makes recommendations
to improve the internal
control environment.