0% found this document useful (0 votes)
96 views8 pages

Audits, Internal: Ads by Google

Download as docx, pdf, or txt
Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1/ 8

AUDITS, INTERNAL

Ads by Google
Accelerating Productivity - Book for improving employee productivity through empowerment -
pothi.com
Investor Relations - Access company financial reports and create custom analyis for free -
www.mashiq.com
ISO 9001 Certification - Grow your Business with affordable Fast Easy Process Call
9650399490 - eqfscertification.com/iso/punjab
Small Business Accounting - Apply for Small Business Accounting! Submit Resume Now &
Get Hired - TimesJobs.com

Internal auditing is an independent appraisal function that is performed in a wide variety of


companies, institutions, and governments. What distinguishes internal auditors from
governmental auditors and public accountants is the fact that they are employees of the same
organizations they audit. Their allegiance is to their organization, not to an external authority.
Because internal auditing has evolved only within the last few decades, the roles and
responsibilities of internal auditors vary greatly from one organization to another. Internal audit
functions have been structured based on the differing perceptions and objectives of owners,
directors, and managers.

While some companies have very sophisticated internal audit functions providing a broad array
of services, other organizations have only one or two internal auditors performing routine
inspections. "The scope and emphasis [of internal auditing practices] depend to a great extent on
the size of company, type of business, philosophy of management, and interest or concern of the
chief executive and the board of directors," summarized Nicholas C. Gilles in What Every
Manager Needs to Know About Finance. "In a very small business, the owner-manager, to a
limited extent, performs the role of internal auditor through continuing surveillance of all
activities." Similarly, employees who fulfill internal auditing functions are known by a wide
variety of titles—control analysts, systems analysts, business analysts, internal consultants,
evaluators, and operations analysts—depending on the organization in which they function.

The Institute of Internal Auditors (IIA) is an international governing body for internal auditors
that brings some uniformity and consistency to the practice. The IIA provides general standards
for performing internal audits and serves as a source for education and information. In its
Standards for the Professional Practice of Internal Auditing , the IIA defines the internal
auditing function as "an independent appraisal function established within an organization to
examine and evaluate its activities as a service to the organization. The objective of internal
auditing is to assist members of the organization in the effective discharge of their
responsibilities. To this end, internal auditing furnishes them analysis, appraisals,
recommendations, counsel, and information concerning activities reviewed."

There is theoretically no restriction on what internal auditors can review and report about within
an organization. In practice, internal auditors work within the parameters of the company's overal
strategic plan, performing internal auditing functions so that they are coordinated with the larger
goals and objectives of the organization. Internal auditors perform a variety of audits, including
compliance audits, operational audits, program audits, financial audits, and information systems
audits. Internal audit reports provide management with advice and information for making
decisions or improving operations. When problems are discovered, the internal auditor serves the
organization by finding ways to prevent them from recurring. Internal audits can also be used in
a preventative fashion. For example, if the internal auditor communicates potential problems and
risks in business operations during his/her review, management can take preemptive action to
prevent the potential problem from developing.

DEVELOPMENT AND CURRENT STATUS OF


INTERNAL AUDITING PRACTICES
Prior to the twentieth century, companies and other institutions relied on external auditing
practices for financial and other information on their operations. The growing complexity of
American companies after World War I, however, required better techniques for planning,
directing, and evaluating business activities. These needs, coupled with the stock market crash of
1929 and increased evidence of questionable accounting practices by corporations, led to the
creation of the Securities Exchange Act of 1934. This legislation established the Securities and
Exchange Commission (SEC) as a monitor of corporate financial reporting. In the wake of these
developments, wrote Gilles, "the new thrust for internal auditing was the verification of financial
statements, as well as the continued testing of transactions. World War II led internal auditors
into the assurance of compliance with government regulations. The boom that followed, with the
growth of conglomerates and international subsidiaries, required auditors to review the adequacy
of corporate procedures and practices in operational evaluations, along with performing the
financial audit."

The importance of quality internal auditing was further underlined with the passage of the
Foreign Corrupt Practices Act and the establishment of the Financial Accounting Standards
Board. While these developments did not specifically call for an internal auditing function,
internal auditors were poised to help management fulfill the additional requirements implicit
therein. In the 1980s, highly publicized business failures and fraudulent financial statements that
went undetected by external auditing firms gave further merit to the concept of internal auditing.
Today, supported by a variety of private sector accounting organizations, including the American
Institute of Certified Public Accountants (AICPA), the American Accounting Association
(AAA), the Financial Executives Institute (FEI), the Institute of Internal Auditors (IIA), and the
National Association of Accountants (NAA), internal audit functions have become an important
component of many business's operations management system.

INTERNAL AUDITING AND INTERNAL CONTROL


The manner in which internal auditing has evolved has linked it directly to the concepts and
objectives of internal control. The IIA clearly advocates an internal control focus when it defines
the scope of internal auditing: "The scope of internal auditing should encompass the examination
and evaluation of the adequacy and effectiveness of the organization's system of internal control
and the quality of performance in carrying out assigned responsibilities." At the most basic level,
internal controls can be identified as individual preventive, detective, corrective, or directive
actions that keep operations functioning as intended. These basic controls are aggregated to
create whole networks and systems of control procedures which are known as the organization's
overall system of internal control.

The IIA's Standards of Professional Practice outlines five key objectives for an organization's
system of internal control: 1) reliability and integrity of information; 2) compliance with policies,
plans, procedures, laws and regulations; 3) safeguarding of assets; 4) economical and efficient
use of resources; and5) accomplishment of established objectives and goals for operations or
programs. It is these five internal control objectives that provide the internal auditing function
with its conceptual foundation and focus for evaluating an organization's diverse operations and
programs.

KEY ASSUMPTIONS ABOUT THE INTERNAL AUDIT


FUNCTION
There are three important assumptions implicit in the definition, objectives, and scope of internal
auditing: Independence, competence, and confidentiality.

INDEPENDENCE Internal auditors have to be independent from the activities they audit so that
they can evaluate them objectively. Internal auditing is an advisory function, not an operational
one. Therefore, internal auditors should not be given responsibility or authority over any
activities they audit. They should not be positioned in the organization where they would be
subject to political or monetary pressures that could inhibit their audit process, sway their
opinions, or compromise their recommendations. Independence and objectivity of internal
auditors must exist in both appearance and in fact; otherwise the credibility of the internal
auditing work product is jeopardized.

Related to independence is the assumption that internal auditors have unrestricted access to
whatever they might need to complete an appraisal. That includes unrestricted access to plans,
forecasts, people, data, products, facilities, and records necessary to perform their independent
evaluations.

COMPETENCE A business's internal auditors have to be people who possess the necessary
education, experience, and proficiency to complete their work competently, in accordance with
accepted internal auditing standards. An understanding of good business practices is essential for
internal auditors. They must have the capability to apply broad knowledge to new situations, to
recognize and evaluate the impact of actual or potential problems, and to perform adequate
research as a basis for judgments. They must also be skilled communicators and be able to deal
with people at various levels throughout the organization.

CONFIDENTIALITY Evaluations and conclusions contained in internal auditing reports are


directed internally to management and the board, not to stockholders, regulators, or the public.
Presumably, management and the board can resolve issues that have surfaced through internal
auditing and implement solutions privately, before problems get out of hand. Management is
expected to acknowledge facts as stated in reports, but has no obligation to agree with an internal
auditor's evaluations, conclusions, or recommendations. After internal auditors report their
conclusions, management and the board have responsibility for subsequent operating decisions—
to act or not to act. If action is taken, management has the responsibility to ensure that
satisfactory progress is made and internal auditors later can determine whether the actions taken
have the desired results. If no action is taken, internal auditors have the responsibility to
determine that management and the board understand and have assumed any risks of inaction.
Under all circumstances, internal auditors have the direct responsibility to apprise management
and the board of any significant developments that the auditors believe warrant
ownership/management consideration or action.

It should be noted, however, that the "confidential" aspect of the internal audit function is not
absolute. According to the Securities and Exchange Commission (SEC), internal audit reports
must be made available for review in case of regulatory inquiries. Business owners dislike this
state of affairs because of an understandable reluctance to divulge sensitive business information.
But the SEC cites Section 21 of the Securities and Exchange Act, which grants the agency the
power to subpoena financial records as part of investigations. The United States' major stock
exchanges, NASDAQ and the New York Stock Exchange (NYSE), have adopted similar
positions regarding their own inquiries into alleged misdeeds, seeing internal audits as key
indicators of supervision, policies, and controls within the firm in question. These exchanges
generally regard failure to produce internal audit reports or other records when demanded as
violations of their basic tenets.

Under some circumstances, however, experts contend that a firm may be able to claim a legal
foundation for withholding particular internal audit reports. According to Compliance Reporter,
"If a specific report has been prepared under the supervision of legal counsel and for the purpose
of providing legal advice to the firm and not for more routine business purposes, or the report has
been specifically prepared at the direction of attorneys in anticipation of threatened litigation,
then the report may be protected by either the attorney-client privilege or the attorney work
product doctrine."

DIFFERENCES BETWEEN INTERNAL AND


EXTERNAL AUDITING
Internal auditors and external auditors both audit, but have different objectives and a different
focus. Internal auditors generally consider operations as a whole with respect to the five key
internal control objectives, not just the financial aspects. External auditors focus primarily on
financial control systems that have a direct, significant effect on the figures reported in financial
statements. Internal auditors are generally concerned with even small incidents of fraud, waste,
and abuse as symptoms of underlying operational issues. But the external auditor may not be
concerned if the incidents do not materially affect the financial statements—which is reasonable
given the fact that external auditors are engaged to form an opinion only of the organization's
financial statements. Lawrence B. Sawyer summarized the differences in focus succinctly and
emphatically in his Sawyer's Internal Auditing : "Management controls over financial activities
have been greatly strengthened throughout the years. The same cannot always be said of controls
elsewhere in the enterprise. Embezzlement can hurt a corporation; the poor management of
resources can bankrupt it. Therein lies the basic difference between external auditing and modern
internal auditing; the first is narrowly focused and the second is comprehensive in scope." The
external auditor does perform services for management, including making recommendations for
improvement in systems and controls. By and large, however, these are financially oriented, and
often are not based on the same level of understanding of an organization's systems, people, and
objectives that an internal auditor would have. It should be recognized, however, that the
traditionally limited role of the external auditor has broadened in recent years to include an
increased operational review facet.

This comparison of internal auditing to external auditing considers only the external auditors'
traditional role of attesting to financial statements. During the 1990s a number of the large public
accounting firms began establishing divisions offering "internal auditing" services in additional
to existing tax, actuarial, external auditing, and management consulting services. Predictably, the
event has caused a flurry of debate among auditors about independence, objectivity, depth of
organizational knowledge, operational effectiveness, and true costs to the organization.

One option available to small business enterprises is to investigate the possibility of "co-
sourcing" its internal audit functions with an outside vendor. "Co-sourcing arrangements with
outside vendors allow the in-house auditors to retain responsibility for the internal audit process
while relying on the outside entity for specialized technical skills and personnel," wrote C.
William Thomas and John T. Parish in Journal of Accountancy . "By contract, a company that
outsources loses day-to-day control over its activities to the vendor—usually a professional
service firm."

As Thomas and Parish note, the relative autonomy of the internal audit function makes it an ideal
candidate for co-sourcing. Under such an arrangement, the outside vendor can attend to
specialized elements of the internal audit function, such as "reconciliation of specialized
accounts; valuation, disclosure and Environmental Protection Agency compliance issues for
certain types of inventory; and reconciliation of foreign accounts where busienss customs pose
review problems." In return, the company saves expenses on permanent staff, gains greater in-
house flexibility in evaluating projects and practices, and garners the ability to maximize its
access to specialized knowledge by selecting vendors for each functional area.

There are potential drawbacks to the co-sourcing arrangement, however. Thomas and Parish cite
staff worries over long-term job security, the possibility of "turf battles" between in-house
auditors and vendors, and loss of in-house focus on "big picture" issues of company-wide
profitability and efficiency as stumbling blocks. But they charge that "a cost-conscious, proactive
internal audit group with custom-designed co-sourcing programs retains the advantages of
outsourcing along with the benefits of having an in-house internal audit staff, such as knowledge
of management methods, accessibility, responsiveness, loyalty, and a shared vision for the
organization's strategic business goals."

TYPES OF INTERNAL AUDITS


Various types of audits are used to achieve particular objectives. The types of audits briefly
described below illustrate a few approaches internal auditing may take.

OPERATIONAL AUDIT An operational audit is a systematic review and evaluation of an


organizational unit to determine whether it is functioning effectively and efficiently, whether it is
accomplishing established objectives and goals, and whether it is using all of its resources
appropriately. Resources in this context include funds, personnel, property, equipment, materials,
information, space, and whatever else may be used by that unit. Operational audits can include
evaluations of the work flow and propriety of performance measurements. These audits are
tailored to fit the nature of the operations being reviewed. "Carefully done, operational auditing
is a cost-effective way of getting a higher return from the audit function by making it helpful to
operating management," wrote Hubert D. Vos in What Every Manager Needs to Know About
Finance.

SYSTEM AUDIT A system analysis and internal control review is an analysis of systems and
procedures for an entire function such as information services or purchasing.

ETHICAL PRACTICES AUDIT An ethical business practices audit assesses the extent to which a
company and its employees follow established codes of conduct, policies, and standards of
ethical practices. Policies that may fall within the scope of such an audit include adherence to
specified guidelines in such areas as procurement, conflicts of interest, gifts and gratuities,
entertainment, political lobbying, ownership of patents and licenses, use of organization name,
speaking engagements, fair trade practices, and environmentally sensitive practices.

COMPLIANCE AUDIT A compliance audit determines whether the organizational unit or function
is following particular rules or directives. Such rules or directives can originate internally or
externally and can include one or more of the following: organizational policies; performance
plans; established procedures; required authorizations; applicable external regulations; relevant
contractual provisions; and federal, state, and local laws.

FINANCIAL AUDIT A financial audit is an examination of the financial planning and reporting
process, the conduct of financial operations, the reliability and integrity of financial records, and
the preparation of financial statements. Such a review includes an appraisal of the system of
internal controls related to financial functions.

INFORMATION SYSTEMS AUDIT A systems development and life cycle review is a unique type
of information systems audit conducted in partnership with operating personnel who are
designing and installing new information systems. The objective is to appraise the new system
from an internal control perspective and independently test the system at various stages
throughout its design, development, and implementation. This approach intends to identify and
correct internal control problems before systems are actually put in place because modifications
made during the developmental stages are less costly. Sometimes problems can be avoided
altogether. There is risk in this approach that the internal auditor could lose objectivity and
independence with considerable participation in the design and installation process.
PROGRAM AUDIT A program audit evaluates whether the stated goals or objectives of a certain
program or project have been achieved. It may include an appraisal of whether an alternative
approach can achieve the desired results at a lower cost. These types of audits are also called
performance audits, project audits, or management audits.

FRAUD AUDIT A fraud audit investigates whether the organization has suffered a loss through
misappropriation of assets, manipulation of data, omission of information, or any illegal or
irregular acts. It assumes that intentional deception has occurred.

PARTICIPATIVE AUDIT A participative audit enlists the auditee to perform a self-assessment and
otherwise assist in the audit process. In effect this become a problem-solving partnership
between the internal auditor and auditee. This can be cost-effective but is not without risk. The
internal auditor must retain the right to independently test any positions taken by the auditee.

INTERNAL AUDIT PLANNING


Business consultants strongly encourage small business owners to establish self-auditing
practices. "Not many years ago a company measured its success by how much of its product it
was able to sell," stated Jeffrey Davidson and Charles Dean in Cash Traps: Small Business
Secrets for Reducing Costs and Improving Cash Flow. "Today success is heavily influenced by
the ability to keep costs under control and, of course, to maintain a healthy cash flow. Volatile
interest rates, shrinking profit margins, and increasing operational costs are causing many
businesses to reassess and upgrade their internal control procedures."

For a small business owner, knowing what areas to audit and where to commit resources is an
integral part of the internal audit function. A long-range audit plan provides a complete view of
audit strategy and coverage in relation to the relative significance of functions to be audited. The
goal is to plan an audit strategy that is cost-effective and emphasizes audit projects that have high
impact or address areas of significant risk. An in-depth understanding of the organization and
how it operates is a prerequisite for the audit planning process. Developing the plan first requires
identifying and listing all auditable units or functions. (This is frequently called the "audit
universe.") Next, a rational system must be devised to assign significance and risk to each
auditable unit or function. Based on perceived significance and estimated risk, the audit priorities
and strategies are documented in the audit plan.

Business owners and managers, however, should recognize that the internal audit process is not a
static one. Its character and emphasis should adapt to the changes that take place in the
organization over time. Departure of key people, changes in markets, new demographics, new
competitors, and other factors can dramatically affect the operations of small businesses and
other organizations. Organizational processes and existing internal control systems may become
obsolete with new technology. Legal and regulatory environments change with the political
winds. Consequently, risks and significance rankings, the audit universe, and audit strategies will
change. The successful small business owner, though, will learn to anticipate such changes, and
adjust his or her internal auditing strategies accordingly.
Read more: Audits, Internal - type, benefits, cost, Development and current status of internal
auditing practices, Internal auditing and internal control
http://www.referenceforbusiness.com/small/A-Bo/Audits-Internal.html#ixzz15TA1TrDQ

You might also like