Internal Auditing - Intro to Internal Auditing

Independent, objective assurance and consulting activity to add value to company

by improving opportunities to achieve objectives, id op improvements ad or reduce risk exposure through assurance and consulting services

• Assurance
• Insight
• Objectivity

• Governance
• Risk 
• Control

to achieve strategic, operational and compliance objectives

• Catalyst 
• Analyses 
• Assessments

Improve org effectiveness by providing insight and recommendations based on analyses of data and business processes

• Integrity
• Accountability
• Independence

objective source of independent advice

• Help org achieve objectives
• Evaluate/improve risk mgmt, control, governance
• Assurance and Consulting Activity
• Independence and objectivity
• Assurance and consulting services

• Strategic
• Operational
• Reporting
• Compliance

value creation choices mgmt makes on behalf of stakeholders

ex:grow org mrkt share by acquiring complent business

Pertain to effectiveness and efficiency of org operations

ex: ship all orders no later than 24 hrs aft reciept

pertain to the reliability of internal and external reporting of financial and nonfinancial information

ex: record only valid transactions

adherence to applicable laws and regulations

ex: comply with OSHA

• Governance 
• Risk Management
• Control

• process conducted by the board of directors to
• authorize, direct and oversee management toward the achievement of the organization’s objectives

process conducted by management to understand and deal with uncertainties (risk and opportunities) that could affect the organization’s ability to achieve its objectives

process conducted by management to mitigate risks

Internal Assurance: Assess evidence relevant to subject matter of interest and provide conclusions

Internal Consulting: Provide advice and other assistance

IND: Org status of IA function, CAE report to level within org that has sufficient authority

OBJ: mental attitude of indv internal auditors, auditor able to make impartial unbiased judgements, not to be involved in day to day operations

• Planning
• Performing 
• Communicating outcomes

• Reviewing evidence gathered during the engagement
• Researching logical conclusions
• If consulting, formulating practical advice based on evidence

Collection, classification summarzation and communication of financial data

Measurement and communication of business events and conditions

Reduce detailed info to manageable and understandable proportions

Does not have the task of measuring or communicating business events and conditions, but rather to review

Emphasizes proof, the support for financial statements and data

Sarbanes Oxley requires a U.S. public company’s internal auditors to also attest to the effectiveness of the company’s internal control over financial reporting as of a balance sheet date

CPA’s audit opinion is based on a recognized framework such as COSO 

Both reports are public documents

Benefits provided primarily for the benefit of third party

Third parties rely on this information when making financial decisions about an rganization

Also provides financial reporting assurance services

• Primary difference is the audience; internal auditors provide their services primarily
• for the benefit of management and the board of directors

• Sarb-Ox requires the CEO and CFO to certify quarterly and annual filings and requires management to assess and report on the effectiveness of internal control over financial
• reporting

• Management relies on the IA function to provide them with confidence regarding the
• truthfulness of their financial reporting assertions

Institute of internal auditors

provided by IIA in IPPF (International Professional Practices Framework)

• Mandatory 
• Strongly Recommended

• 3 elements
• 1) Internal Audit Definition
• 2) Code of Ethics
• 3) Standards

• Includes:
• Practice Advisories
• Position Papers
• Practice Guides