Documente Academic
Documente Profesional
Documente Cultură
Prepared by:
DAVID , Kim Carlo G.
MANDAP, Rosette M.
PAMINTUAN, Nicholane C.
PINEDA, Czimuelle Gryan J.
SAMPANG, Judy Anne V.
VALDEZ, Marilou T.
BSACT 4-1
Submitted to:
Henry D. Rufino, CPA
Table Of Contents
CHAPTER 1
OVERVIEW OF INTERNAL AUDITING FUNCTIONS AND ACTIVITIES
pages 3-5
Organization
Internal Auditing (Roles of Internal Audit)
Purpose of Internal Auditing
Internal Auditors
Institute of Internal Auditors
Internal Audit Activities
Audit Process Model
CHAPTER 2
HISTORY AND DEVELOPMENT OF THE INTERNAL AUDITING PROFESSION
5-9
pages
Chapter 1
Overview of Internal Auditing
Internal Auditors - they advise Management and Board of Directors (or other
oversight body) regarding how to better execute their responsibilities. As a result of
their broad scope of involvement, internal auditors may have a variety of higher
educational and professional backgrounds.
Institute of Internal Auditors - is the recognized international standard setting
body for the internal audit profession.
4
Internal Audit Activities
8. Coordination of Audits and Reviews conducted by External AgenciesThe Audit Coordinator acts as liaison between external auditors and the
Department. The main tasks include ensuring the appropriate department
staff is notified of the audit or review, coordinating the Departments
response to the audit findings and tracking status reports.
INPUTS
PROCESSES
OUTPUTS
OUTCOMES
Internal Audit
Knowledge
and Skills
Computers,
Software and
IIA Standards
Time and
Money
Internal Audit
Practices and
Procedures
Analyses,
Appraisals,
Recommendations,
Counsel and
Information
Promote the
Effective use of
Internal Control
Supporting the
Organization in
the Discharge of
their
Responsibilities
Reputation
for Integrity
and Fairness
Chapter 2
History & Development of the
Internal Auditing Profession
HISTORY OF INTERNAL AUDITING PROFESSION
o
The origin of auditing goes back to times scarcely less remote than
that of accountingWhenever the advance of civilization brought
about the necessity of one man being entrusted to some extent with
the property of another, the advisability of some kind of check upon
the fidelity of the former would become apparent.
The word audit comes from the Latin word audire, meaning to
hear. According to Flint (1988), audit is a social phenomenon which
1941
The Institute of Internal Auditors (IIA) was founded on December 9, 1941, in New
York by a small group of practicing internal auditors. The group recognized that they
had many commonalities in the way they worked despite the fact that they worked
in different businesses and industries. They agreed that merely applying external
auditing techniques internally was not sufficient. They felt the need for a formal
approach to sharing and organizing their body of knowledge and their mutual
concerns. They began the long process of achieving an identity for internal auditing
as a distinct profession concerned with providing independent appraisals for all
activities within an organization. This includes the gradual expansion of the scope of
internal audit activities and of the professionalization of the practice of internal
auditing. The first textbook for the practice, Brinks Internal Auditing was published
in this year.
1943
A technical journal for the field, Internal Auditor, distributed its first issue.
1947
The Institute developed the first version of a Statement of Responsibilities
and has continued to revise it as internal auditing practices matured. The Institute
of Internal Auditors (IIA), operates to bring uniformity and consistency to the
practice of internal auditing.
Statement of Responsibilities
1. Reviewing and appraising the soundness, adequacy, and application of
accounting, financial, and operating controls.
2. Ascertaining the extent of compliance with established policies, plans, and
procedures.
3. Ascertaining the extent to which company assets are accounted for, and
safeguarded from, losses of all kinds.
4. Ascertaining the reliability of accounting and other data developed within the
organization.
7
5. .Appraising the
responsibilities.
6.
quality
of
performance
in
carrying
out
assigned
1968
The Code of Ethics was issued. Its purpose is to promote an ethical culture in
the profession of internal auditing.
1974
The Institute began a certification programCertified Internal Auditor (CIA).
The credential requires a combination of education and work experience with
successful completion of a four-part comprehensive exam which tests: Internal Audit
Process; Internal Audit Skills; Management, Control and Information Technology;
and, Audit Environment.
1978
The IIA published the Standards for Professional Practice to serve as the
primary source of reference for directing an internal audit function.
Standards for the Professional Practice of Internal Auditing
1. Assist in communicating to others the role, scope, performance, and
objectives of internal auditing.
2. Unify internal auditing throughout the world.
3. Encourage improved internal auditing.
4. Establish basis for consistent measurement of internal auditing operations.
5. Provide a vehicle by which internal auditing can be fully recognized as a
profession.
After the World War II, different management philosophy were evolved as growth
and expansion was continuously increasing making the business process more
complex and fast changing. This made it increasingly difficult for organizations to
maintain control and operational efficiency. The shift to a war economy further
expanded organizations' responsibilities for scheduling, availability of materials and
laborers, compliance with government regulations, and an increased emphasis on
cost finding. The Internal Auditing profession evolved steadily with the progress of
management science after World War II. It is conceptually similar in many ways to
financial auditing by public accounting firms, quality assurance and banking
compliance activities. Much of the theory underlying internal auditing is derived
from management consulting and public accounting professions.
Management
found it impossible to visually observe all of the operating areas in their respective
areas of responsibility or to have sufficient personal contact with individuals who
directly or indirectly reported to them. In seeking ways to deal with these new
problems, management appointed special staff people to review and report on what
was happening and to probe for the why. These people came to be known as
"internal auditors." The internal audit function varied greatly as to the number of
people assigned to perform it and in the scope and nature of the work being done.
In some organizations, internal auditors were used to check on routine financial and
operational activities with a heavy emphasis on compliance, security, and detection
of fraud. In others, internal auditors were given higher levels of status and were
asked to analyze and appraise more substantive financial and operational activities.
As the profession evolved, a number of internal auditors began pushing vigorously
for greater understanding and recognition of their function, and began to develop
contacts and relationships with professionals in other organizations in an attempt to
share problems and to advance their common interests. With the implementation in
the United States of the Sarbanes-Oxley Act of 2002, the profession's growth
accelerated, as many internal auditors possess the skills required to help companies
meet the requirements of the law.
9
o
o
1920s
o
o
o
to 1960s
Investment had grew rapidly
Companies grew in size
The separation of the ownership & management function became more
evident.
o The Audit function was mainly to provide CREDIBILITY to the financial
statements prepared by the company managers and shareholders.
1960s to 1990s
o New
York
Times
(April
06,
1975)
The
New
York
Times
Company, major newspaper publisher and media company.
The said
company described the role of an auditor. Affirm the truthfulness of the
financial statements and assure that financial statements are fairly
presented.
o Risk-Based Auditing (early 1980) Is an audit approach where an auditor
will focus on those areas which are most likely to contain errors.
o Most of companies this period had introduced COMPUTER SYSTEMS to
process their financial and other data, and to perform, monitor and control
many at their operational and administrative processes, also auditors at
the same time were providing ADVISORY SERVICES to audit clients.
1990s to present
o Presently, the ultimate of objective of auditing is to lend CREDIBILITY to
FINANCIAL & NON-FINANCIAL information provided by management in
annual reports; however, audit firms have been largely providing
consultancy services to businesses.
o By 2000, consultancy revenues exceeded auditing revenues in all major
auditing firms in the USA.
o Revelations regarding the accuracy of financial statements issued by
corporations and the integrity of the independent public accounting firms
that audit these financial statements. The best known of these cases
involved the Enron Corporation and the Arthur Andersen LLP accounting
firm. Enron, an energy company that traded in derivatives, engaged in a
series of money-losing partnership transactions that were not reflected in
its financial statements. Arthur Andersen, one of the nations largest
accounting firms and Enrons auditor, overlooked these questionable
accounting practices, providing credibility to Enrons misleading financial
statements. The losses were finally revealed in the fall of 2001 when
Enron officials admitted that the companys net worth had been
overstated by more than $1 billion. With the revelations the price of Enron
stock fell from $83 per share in December 2000 to less than $1 per share
in December 2001. Arthur Andersen was convicted of obstruction of
justice charges in June 2002 in connection with its Enron activities. The
loss of its reputation as an independent auditor was even more telling,
causing Arthur Andersen to discontinue much of its auditing activity. At
the same time that the Enron scandal was being reported, similar
problems with financial statements were reported at a number of other
companies including WorldCom, Inc. and Global Crossing. The accounting
fraud uncovered at WorldCom proved to be the largest in U.S. history. The
company overstated its earnings by $11 billion, and its subsequent
bankruptcy cost investors an estimated $200 billion. The United States
Department of Justice brought criminal charges against WorldComs
former chief financial officer, and the SEC filed civil lawsuits against four
former WorldCom executives. One result of these revelations of
accounting and financial irregularities was the passage of the Accounting
Reform and Investor Protection Act of 2002, often referred to as the
Sarbanes-Oxley Act of 2002 for the legislators who sponsored it. The
legislation sought to improve the accuracy of financial statements and to
ensure full disclosure of information in these statements. It also created
10
Chapter 3
Internal Auditing vs.
External Auditing
FINANCIAL STATEMENTS AUDIT
A financial statements audit is the
examination of the financial statements of an
organization as presented by the board of
directors by someone independent of the
organization, example an external auditor.
This type of audit usually overs the basic set
of financial statements (Balance Sheet,
Income Statement, Statement of Cash Flows,
Statement of Changes in Equity and notes to
the financial statements)
A financial
determine:
statements
audit
seeks
to
Whether the financial statements give a true and fair view of the state of the
companys affairs as at the year-end and of its results of operation and cash
flows for the year.
OPERATIONAL AUDIT
An operational audit involves a systematic review of an organizations activities,
or a part of them, in relation to the efficient and effective use of resources. The
purpose of an operational audit is.
To assess performance,
Develop recommendations.
11
financial statements audits or compliance audits because it can be very difficult to
identify objective, measurable criteria that can be used to assess effectiveness and
efficiency.
Operational auditing has increased in importance in recent years, and it is
likely that this trend will continue. With entities restructuring and downsizing, most
facets of the entity are being evaluated. An example from the private sector would
be when an entity employs auditors to assess the efficiency and effectiveness of the
entitys use of computer resources.
COMPLIANCE AUDIT
A compliance audit determines the extent to which rules, policies, laws
covenants, or governmental regulations are followed by the entity being audited.
For example, a company may be audited to determine whether corporate rules and
policies are being followed by departments within the organization. The corporate
rules and policies serve as the criteria for measuring the departments compliance.
Another example is examination of tax returns of individuals and companies by the
Internal Revenue Service for compliance with the tax laws. In this example, the
Income tax laws provide the criteria for measuring compliance.
Audit reports are the end product of the work and must be completed to the
highest standard. They are governed by the 1985 Companies Act as amended by
the Companies Act 1989 and 2006 and also by the international auditing standard
ISA 700, The Auditors Report on Financial Statements. The 1985 Act places a duty
on auditors to examine the financial statements and to express an opinion on
whether they show a true and fair view at the year end. The auditor should not
express an opinion on the statements until they have been approved by the
directors and the auditors have considered all available evidence.
The management letter
12
Management letters are private communications which the board may well
delegate to the Audit Committee. They are considered by all parties to be important
and fundamentally useful.
Consultancy
13
During the course of their planning, the external auditors should perform a
preliminary assessment of the internal audit function, when it appears that certain
internal audit work is relevant to their external audit. A favorable assessment might
allow the external auditors to modify the nature, timing and extent of external audit
procedures. External auditors may make use of the work of internal audit in forming
their opinion. During the course of their work they will want to measure the
effectiveness of internal audit. They do this against the Internal Audit Guidelines
approved by the Auditing Practices Board (APB) in 1990. However, it must be stated
that external auditors have sole responsibility for their statutory responsibility to
provide an audit opinion.
Internal Auditing
Definition of Internal Audit, prior to 1990:
Internal auditing is an independent appraisal function established within an
organization to examine and evaluate its activities as a service to the organization.
The objective of internal auditing is to assist members of the organization in in the
effective discharge of their responsibilities. To this end, it furnishes them with
analysis, appraisals, recommendations, counsel and information concerning the
activities reviewed. The audit objective includes promoting effective control at
reasonable cost.
New definition of internal audit provided by IIA (Institute of Internal Auditors):
Internal audit is an independent, objective assurance and consulting activity
designed to add value and improve the organizations operations. It helps an
organization accomplish its objectives by bringing a systematic, disciplined
approach to evaluate and improve the effectiveness of risk management control
and governance processes.
To review the adequacy of the controls in place to protect it from those risks
14
Effectiveness and efficiency of operations.
Safeguarding of assets.
Compliance with laws, regulations, and contracts.
International Standards
Internal Auditing
for
the
Professional
Practice
of
In order to ensure that the internal audit function meets international best
practice, it is necessary to adopt the International Standards for the Professional
Practice of Internal Auditing issued by the Institute of Internal Auditors.
15
1130. A2 Assurance engagements for functions over which the chief audit
executive has responsibility must be overseen by a party outside the internal audit
activity.
1130. C1 Internal auditors may provide consulting services relating to operations
for which they had previous responsibilities.
1130. C2 If internal auditors have potential impairments to independence or
objectivity relating to proposed consulting services, disclosure must be made to the
engagement client prior to accepting the engagement.
1200 Proficiency and Due Professional Care
Engagements must be performed with proficiency and due professional care.
1210 Proficiency Internal auditors must possess the knowledge, skills,
and
other
competencies
needed
to
perform
their
individual
responsibilities.
The internal audit activity collectively must possess or obtain the knowledge, skills,
and other competencies needed to perform its responsibilities.
1210. A1 The chief audit executive must obtain competent advice and assistance
if the internal auditors lack the knowledge, skills, or other competencies needed to
perform all or part of the engagement.
1210.A2 Internal auditors must have sufficient knowledge to evaluate the risk of
fraud and the manner in which it is managed by the organization, but are not
expected to have the expertise of a person whose primary responsibility is detecting
and investigating fraud.
1210. A3 Internal auditors must have sufficient knowledge of key information
technology risks and controls and available technology-based audit techniques to
perform their assigned work. However, not all internal auditors are expected to have
the expertise of an internal auditor whose primary responsibility is information
technology auditing.
1210. C1 The chief audit executive must decline the consulting engagement or
obtain competent advice and assistance if the internal auditors lack the knowledge,
skills, or other competencies needed to perform all or part of the engagement.
1220 Due Professional Care
Internal auditors must apply the care and skill expected of a reasonably prudent and
competent internal auditor. Due professional care does not imply infallibility.
1220. A1 Internal auditors must exercise due professional care by considering
the: Extent of work needed to achieve the engagements objectives;
Relative complexity, materiality, or significance of matters to which
assurance procedures are applied;
1220. A2 In exercising due professional care internal auditors must consider the
use of technology-based audit and other data analysis techniques.
1220. A3 Internal auditors must be alert to the significant risks that might affect
objectives, operations, or resources. However, assurance procedures alone, even
when performed with due professional care, do not guarantee that all significant
risks will be identified.
1220. C1 Internal auditors must exercise due professional care during a
consulting engagement by considering the:
Needs and expectations of clients, including the nature, timing, and
communication of engagement results;
16
and
effect
of
errors
and
INTERNAL AUDITING
To consider if business
practices are helping the
business manage its risk
and meet its strategic
objectives- it can cover
operational as well as
financial matters.
Internal auditors can be
employed by the business
or outsourced. While
accounting background is
common they can also
come from other relevant
backgrounds.
Internally in the light of
businesss risk and
objectives.
Management, the Audit
Committee (if there is
one) or the Board
Tailored report on how the
risk and objectives are
being managed. There is
a focus on helping the
business move forwardso expect there to be
recommendations for
improvement.
EXTERNAL AUDITING
To consider whether the
annual accounts give a
true and fair view and
are in accordance with
legal requirements.
An outside firm of
accountants who are
Registered Auditors (not
all accountancy firms are)
17
8. Do we have to have
an audit?
9. Responsibility for
Improvement
Improvement is
fundamental to the
purpose of Internal
Auditing. But it is done by
advising, coaching and
facilitating in order not to
undermine the
responsibility of the
management.
Broad based assurance
program set with the
Board and Senior
Management, this usually
include the adequacy of
the companys risk
management framework,
operational performance
of business units,
integrity of management
reporting and other areas
as requested by the
Board and the Senior
Management.
Primarily responsibility to
the Board via the audit
committee. Works closely
with the management,
with the aim of providing
independent insight to
the senior management,
the CEO and the Board
Audit Committee.
Organization wide- all
areas, all departments, all
10.
Mandate
11.
Reporting
Relationships
12.
Areas of Focus
should be brought to
managements attention,
the will be reported in a
management letter.
There is no follow up
requirement, until next
years audit; when n
planning the audit past
issues should be
considered.
YES, the main report on
the account is publicly
available. Management
letters are not publicly
available.
It depends, legal
requirements vary;
although the trend has
been towards more
organizations being
exempted from statutory
audit. However
stakeholders such as the
bank or investors may
require you to have your
accounts audited.
None, however there is a
duty to report problems.
Statutory opinions to
shareholders on the
accuracy of the
companys annual report
and financial statements.
Primarily responsibility to
shareholders via the audit
committee and Chief
Financial Officer
18
13.
Approach
14.
Independence
15.
Risk and Control
16.
Driving Results
functions.
Sufficient work
undertaken to provide
insight and give an
informed independent
view to the board and
senior management.
Part of the organization
but independent of the
management.
Provides and independent
view on the organizations
risk management, risk
assessment and
governance processes.
Reviews the adequacy of
control design to ensure
that risks are effectively
managed, and then tests
operation of key controls
to ensure they are
operating as intended
therefore are effective in
managing the companys
risk.
Makes recommendations
to improve the internal
control environment and
to improve the
performance of the
organization. Also
required by the IIAs
standards to ensure that
a follow up process is put
in place to drive results
and make sure that
agreed recommendations
are done.
Is external to the
organization.
Identifies risks and
assesses controls over
financial reporting and
places reliance on
controls to the extent
practicable. Emphasis is
on gaining sufficient audit
evidence to conclude that
the financial statements
present a true and fair
view.
Makes recommendations
to improve the internal
control environment.