-
Internal Audit
Independent, objective assurance and consulting activity to add value to company
-
How is value added
by improving opportunities to achieve objectives, id op improvements ad or reduce risk exposure through assurance and consulting services
-
Value Proposition OVERVIEW
- Assurance
- Insight
- Objectivity
-
Value Proposition - ASSURANCE
to achieve strategic, operational and compliance objectives
-
Value Proposition - INSIGHT
- Catalyst
- Analyses
- Assessments
Improve org effectiveness by providing insight and recommendations based on analyses of data and business processes
-
Value Proposition - OBJECTIVITY
- Integrity
- Accountability
- Independence
objective source of independent advice
-
Defining Internal Audit
- Help org achieve objectives
- Evaluate/improve risk mgmt, control, governance
- Assurance and Consulting Activity
- Independence and objectivity
- Assurance and consulting services
-
Objectives - OVERVIEW
- Strategic
- Operational
- Reporting
- Compliance
-
Objectives - STRATEGIC
value creation choices mgmt makes on behalf of stakeholders
ex:grow org mrkt share by acquiring complent business
-
Objectives - OPERATIONAL
Pertain to effectiveness and efficiency of org operations
ex: ship all orders no later than 24 hrs aft reciept
-
Objectives - REPORTING
pertain to the reliability of internal and external reporting of financial and nonfinancial information
ex: record only valid transactions
-
Objectives - COMPLIANCE
adherence to applicable laws and regulations
ex: comply with OSHA
-
Evaluating and Improving - OVERVIEW
- Governance
- Risk Management
- Control
-
Evaluating and Improving - GOVERNANCE
- process conducted by the board of directors to
- authorize, direct and oversee management toward the achievement of the organization’s objectives
-
Evaluating and Improving - RISK MANAGEMENT
process conducted by management to understand and deal with uncertainties (risk and opportunities) that could affect the organization’s ability to achieve its objectives
-
Evaluating and Improving - CONTROL
process conducted by management to mitigate risks
-
Assurance and Consulting Activity - OVERVIEW
Internal Assurance: Assess evidence relevant to subject matter of interest and provide conclusions
Internal Consulting: Provide advice and other assistance
-
Independence & Objectivity
IND: Org status of IA function, CAE report to level within org that has sufficient authority
OBJ: mental attitude of indv internal auditors, auditor able to make impartial unbiased judgements, not to be involved in day to day operations
-
Systematic and disciplined approach
3 fundamental phases in an interanal audit engagement
- Planning
- Performing
- Communicating outcomes
-
Evaluating engagement involves
- Reviewing evidence gathered during the engagement
- Researching logical conclusions
- If consulting, formulating practical advice based on evidence
-
Accounting
Collection, classification summarzation and communication of financial data
Measurement and communication of business events and conditions
Reduce detailed info to manageable and understandable proportions
-
Auditing
Does not have the task of measuring or communicating business events and conditions, but rather to review
Emphasizes proof, the support for financial statements and data
-
External Assurance Services
Sarbanes Oxley requires a U.S. public company’s internal auditors to also attest to the effectiveness of the company’s internal control over financial reporting as of a balance sheet date
CPA’s audit opinion is based on a recognized framework such as COSO
Both reports are public documents
Benefits provided primarily for the benefit of third party
Third parties rely on this information when making financial decisions about an rganization
-
Internal Assurance Services
Also provides financial reporting assurance services
- Primary difference is the audience; internal auditors provide their services primarily
- for the benefit of management and the board of directors
- Sarb-Ox requires the CEO and CFO to certify quarterly and annual filings and requires management to assess and report on the effectiveness of internal control over financial
- reporting
- Management relies on the IA function to provide them with confidence regarding the
- truthfulness of their financial reporting assertions
-
IIA
Institute of internal auditors
-
Professional guidance
provided by IIA in IPPF (International Professional Practices Framework)
- Mandatory
- Strongly Recommended
-
Mandatory Guidance
- 3 elements
- 1) Internal Audit Definition
- 2) Code of Ethics
- 3) Standards
-
Strongly Recommended Guidance
- Includes:
- Practice Advisories
- Position Papers
- Practice Guides
|
|