Audits, Internal: Ads by Google
Audits, Internal: Ads by Google
Audits, Internal: Ads by Google
Ads by Google
Accelerating Productivity - Book for improving employee productivity through empowerment -
pothi.com
Investor Relations - Access company financial reports and create custom analyis for free -
www.mashiq.com
ISO 9001 Certification - Grow your Business with affordable Fast Easy Process Call
9650399490 - eqfscertification.com/iso/punjab
Small Business Accounting - Apply for Small Business Accounting! Submit Resume Now &
Get Hired - TimesJobs.com
While some companies have very sophisticated internal audit functions providing a broad array
of services, other organizations have only one or two internal auditors performing routine
inspections. "The scope and emphasis [of internal auditing practices] depend to a great extent on
the size of company, type of business, philosophy of management, and interest or concern of the
chief executive and the board of directors," summarized Nicholas C. Gilles in What Every
Manager Needs to Know About Finance. "In a very small business, the owner-manager, to a
limited extent, performs the role of internal auditor through continuing surveillance of all
activities." Similarly, employees who fulfill internal auditing functions are known by a wide
variety of titles—control analysts, systems analysts, business analysts, internal consultants,
evaluators, and operations analysts—depending on the organization in which they function.
The Institute of Internal Auditors (IIA) is an international governing body for internal auditors
that brings some uniformity and consistency to the practice. The IIA provides general standards
for performing internal audits and serves as a source for education and information. In its
Standards for the Professional Practice of Internal Auditing , the IIA defines the internal
auditing function as "an independent appraisal function established within an organization to
examine and evaluate its activities as a service to the organization. The objective of internal
auditing is to assist members of the organization in the effective discharge of their
responsibilities. To this end, internal auditing furnishes them analysis, appraisals,
recommendations, counsel, and information concerning activities reviewed."
There is theoretically no restriction on what internal auditors can review and report about within
an organization. In practice, internal auditors work within the parameters of the company's overal
strategic plan, performing internal auditing functions so that they are coordinated with the larger
goals and objectives of the organization. Internal auditors perform a variety of audits, including
compliance audits, operational audits, program audits, financial audits, and information systems
audits. Internal audit reports provide management with advice and information for making
decisions or improving operations. When problems are discovered, the internal auditor serves the
organization by finding ways to prevent them from recurring. Internal audits can also be used in
a preventative fashion. For example, if the internal auditor communicates potential problems and
risks in business operations during his/her review, management can take preemptive action to
prevent the potential problem from developing.
The importance of quality internal auditing was further underlined with the passage of the
Foreign Corrupt Practices Act and the establishment of the Financial Accounting Standards
Board. While these developments did not specifically call for an internal auditing function,
internal auditors were poised to help management fulfill the additional requirements implicit
therein. In the 1980s, highly publicized business failures and fraudulent financial statements that
went undetected by external auditing firms gave further merit to the concept of internal auditing.
Today, supported by a variety of private sector accounting organizations, including the American
Institute of Certified Public Accountants (AICPA), the American Accounting Association
(AAA), the Financial Executives Institute (FEI), the Institute of Internal Auditors (IIA), and the
National Association of Accountants (NAA), internal audit functions have become an important
component of many business's operations management system.
The IIA's Standards of Professional Practice outlines five key objectives for an organization's
system of internal control: 1) reliability and integrity of information; 2) compliance with policies,
plans, procedures, laws and regulations; 3) safeguarding of assets; 4) economical and efficient
use of resources; and5) accomplishment of established objectives and goals for operations or
programs. It is these five internal control objectives that provide the internal auditing function
with its conceptual foundation and focus for evaluating an organization's diverse operations and
programs.
INDEPENDENCE Internal auditors have to be independent from the activities they audit so that
they can evaluate them objectively. Internal auditing is an advisory function, not an operational
one. Therefore, internal auditors should not be given responsibility or authority over any
activities they audit. They should not be positioned in the organization where they would be
subject to political or monetary pressures that could inhibit their audit process, sway their
opinions, or compromise their recommendations. Independence and objectivity of internal
auditors must exist in both appearance and in fact; otherwise the credibility of the internal
auditing work product is jeopardized.
Related to independence is the assumption that internal auditors have unrestricted access to
whatever they might need to complete an appraisal. That includes unrestricted access to plans,
forecasts, people, data, products, facilities, and records necessary to perform their independent
evaluations.
COMPETENCE A business's internal auditors have to be people who possess the necessary
education, experience, and proficiency to complete their work competently, in accordance with
accepted internal auditing standards. An understanding of good business practices is essential for
internal auditors. They must have the capability to apply broad knowledge to new situations, to
recognize and evaluate the impact of actual or potential problems, and to perform adequate
research as a basis for judgments. They must also be skilled communicators and be able to deal
with people at various levels throughout the organization.
It should be noted, however, that the "confidential" aspect of the internal audit function is not
absolute. According to the Securities and Exchange Commission (SEC), internal audit reports
must be made available for review in case of regulatory inquiries. Business owners dislike this
state of affairs because of an understandable reluctance to divulge sensitive business information.
But the SEC cites Section 21 of the Securities and Exchange Act, which grants the agency the
power to subpoena financial records as part of investigations. The United States' major stock
exchanges, NASDAQ and the New York Stock Exchange (NYSE), have adopted similar
positions regarding their own inquiries into alleged misdeeds, seeing internal audits as key
indicators of supervision, policies, and controls within the firm in question. These exchanges
generally regard failure to produce internal audit reports or other records when demanded as
violations of their basic tenets.
Under some circumstances, however, experts contend that a firm may be able to claim a legal
foundation for withholding particular internal audit reports. According to Compliance Reporter,
"If a specific report has been prepared under the supervision of legal counsel and for the purpose
of providing legal advice to the firm and not for more routine business purposes, or the report has
been specifically prepared at the direction of attorneys in anticipation of threatened litigation,
then the report may be protected by either the attorney-client privilege or the attorney work
product doctrine."
This comparison of internal auditing to external auditing considers only the external auditors'
traditional role of attesting to financial statements. During the 1990s a number of the large public
accounting firms began establishing divisions offering "internal auditing" services in additional
to existing tax, actuarial, external auditing, and management consulting services. Predictably, the
event has caused a flurry of debate among auditors about independence, objectivity, depth of
organizational knowledge, operational effectiveness, and true costs to the organization.
One option available to small business enterprises is to investigate the possibility of "co-
sourcing" its internal audit functions with an outside vendor. "Co-sourcing arrangements with
outside vendors allow the in-house auditors to retain responsibility for the internal audit process
while relying on the outside entity for specialized technical skills and personnel," wrote C.
William Thomas and John T. Parish in Journal of Accountancy . "By contract, a company that
outsources loses day-to-day control over its activities to the vendor—usually a professional
service firm."
As Thomas and Parish note, the relative autonomy of the internal audit function makes it an ideal
candidate for co-sourcing. Under such an arrangement, the outside vendor can attend to
specialized elements of the internal audit function, such as "reconciliation of specialized
accounts; valuation, disclosure and Environmental Protection Agency compliance issues for
certain types of inventory; and reconciliation of foreign accounts where busienss customs pose
review problems." In return, the company saves expenses on permanent staff, gains greater in-
house flexibility in evaluating projects and practices, and garners the ability to maximize its
access to specialized knowledge by selecting vendors for each functional area.
There are potential drawbacks to the co-sourcing arrangement, however. Thomas and Parish cite
staff worries over long-term job security, the possibility of "turf battles" between in-house
auditors and vendors, and loss of in-house focus on "big picture" issues of company-wide
profitability and efficiency as stumbling blocks. But they charge that "a cost-conscious, proactive
internal audit group with custom-designed co-sourcing programs retains the advantages of
outsourcing along with the benefits of having an in-house internal audit staff, such as knowledge
of management methods, accessibility, responsiveness, loyalty, and a shared vision for the
organization's strategic business goals."
SYSTEM AUDIT A system analysis and internal control review is an analysis of systems and
procedures for an entire function such as information services or purchasing.
ETHICAL PRACTICES AUDIT An ethical business practices audit assesses the extent to which a
company and its employees follow established codes of conduct, policies, and standards of
ethical practices. Policies that may fall within the scope of such an audit include adherence to
specified guidelines in such areas as procurement, conflicts of interest, gifts and gratuities,
entertainment, political lobbying, ownership of patents and licenses, use of organization name,
speaking engagements, fair trade practices, and environmentally sensitive practices.
COMPLIANCE AUDIT A compliance audit determines whether the organizational unit or function
is following particular rules or directives. Such rules or directives can originate internally or
externally and can include one or more of the following: organizational policies; performance
plans; established procedures; required authorizations; applicable external regulations; relevant
contractual provisions; and federal, state, and local laws.
FINANCIAL AUDIT A financial audit is an examination of the financial planning and reporting
process, the conduct of financial operations, the reliability and integrity of financial records, and
the preparation of financial statements. Such a review includes an appraisal of the system of
internal controls related to financial functions.
INFORMATION SYSTEMS AUDIT A systems development and life cycle review is a unique type
of information systems audit conducted in partnership with operating personnel who are
designing and installing new information systems. The objective is to appraise the new system
from an internal control perspective and independently test the system at various stages
throughout its design, development, and implementation. This approach intends to identify and
correct internal control problems before systems are actually put in place because modifications
made during the developmental stages are less costly. Sometimes problems can be avoided
altogether. There is risk in this approach that the internal auditor could lose objectivity and
independence with considerable participation in the design and installation process.
PROGRAM AUDIT A program audit evaluates whether the stated goals or objectives of a certain
program or project have been achieved. It may include an appraisal of whether an alternative
approach can achieve the desired results at a lower cost. These types of audits are also called
performance audits, project audits, or management audits.
FRAUD AUDIT A fraud audit investigates whether the organization has suffered a loss through
misappropriation of assets, manipulation of data, omission of information, or any illegal or
irregular acts. It assumes that intentional deception has occurred.
PARTICIPATIVE AUDIT A participative audit enlists the auditee to perform a self-assessment and
otherwise assist in the audit process. In effect this become a problem-solving partnership
between the internal auditor and auditee. This can be cost-effective but is not without risk. The
internal auditor must retain the right to independently test any positions taken by the auditee.
For a small business owner, knowing what areas to audit and where to commit resources is an
integral part of the internal audit function. A long-range audit plan provides a complete view of
audit strategy and coverage in relation to the relative significance of functions to be audited. The
goal is to plan an audit strategy that is cost-effective and emphasizes audit projects that have high
impact or address areas of significant risk. An in-depth understanding of the organization and
how it operates is a prerequisite for the audit planning process. Developing the plan first requires
identifying and listing all auditable units or functions. (This is frequently called the "audit
universe.") Next, a rational system must be devised to assign significance and risk to each
auditable unit or function. Based on perceived significance and estimated risk, the audit priorities
and strategies are documented in the audit plan.
Business owners and managers, however, should recognize that the internal audit process is not a
static one. Its character and emphasis should adapt to the changes that take place in the
organization over time. Departure of key people, changes in markets, new demographics, new
competitors, and other factors can dramatically affect the operations of small businesses and
other organizations. Organizational processes and existing internal control systems may become
obsolete with new technology. Legal and regulatory environments change with the political
winds. Consequently, risks and significance rankings, the audit universe, and audit strategies will
change. The successful small business owner, though, will learn to anticipate such changes, and
adjust his or her internal auditing strategies accordingly.
Read more: Audits, Internal - type, benefits, cost, Development and current status of internal
auditing practices, Internal auditing and internal control
http://www.referenceforbusiness.com/small/A-Bo/Audits-Internal.html#ixzz15TA1TrDQ