Internal Audit

Account Standard 2605: Consideration of the Internal Audit Function

The Internal Auditor considers many factors while auditing, such as the nature, timing, and extent of audit procedures of an organisation’s financial records. One of the factors is existing of an internal audit function.

Roles of the Auditors

The Auditor’s responsibilities in an audit are to comply with the standards and procedures of the Public Company Accounting Oversight Board (PCAOB) and to obtain sufficient evidence to provide reasonable data in the organisational financial statements. To fulfil this responsibility, the Auditor maintains independence from the entity. The auditors provide analyses, evaluations, assurances, recommendations, and other information to the entity’s management, board of directors, or others with equivalent authority and responsibility. To fulfil this responsibility, auditors maintain objectivity concerning the audit.

To obtain an understanding of the Internal Audit Function.

• The critical responsibility of an audit is to monitor the performance of the organisation’s internal controls. After understanding internal control, the auditors obtained an understanding of the audit function to identify the activities relevant to planning the audit. The procedures of understanding an audit will vary, depending on the nature of those audits.
• The Auditor will inquire about internal audit personnel, appropriate management and auditors.
• Organizational status within the entity.
• Application of professional standards.
• Audit plan, including audit work’s nature, timing, and extent.
• Access to financial records and verify the limitations of an audit.

Additionally, the Auditor might inquire about the internal audit function’s charter, financial statement, or similar directive from management or the board of directors. This inquiry will generally provide information about the objectives and goals established for the internal audit function. Certain audit activities may not be relevant to an audit of the organisation’s financial statements.

For instance, the auditors’ procedures to evaluate the efficiency of specific management decision-making processes are ordinarily irrelevant to a financial statement audit.

Relevant activities give evidence related to the effectiveness and design of internal controls that pertain to the entity’s ability to initiate, process, record and report financial data of the entity. The Auditor may find beneficial results by following procedures.

Considering knowledge from the previous-year audit.

• Verifying how the auditors allocate their audit resources to financial or operating areas in response to their risk-assessment process.
• Observing internal audit reports to obtain detailed information about the scope of internal audit activities.
• After a brief understanding of the internal audit function, the Auditor concludes that the auditors’ activities are irrelevant to an entity’s financial statement^[1].
• The Auditor only has to provide further consideration to the internal audit function if the Auditor requests direct assistance from the auditors.

 If some of the auditors’ activities are relevant to the audit, the Auditor may conclude that it would not be efficient to consider further the auditors’ work. Suppose the Auditor decides it would be efficient to consider how the auditors’ work might affect the nature, timing, and extent of audit procedures. In that case, the Auditor examines the objectivity and competency of the internal audit function. While assessing the competency and objectivity of the Auditors, the Auditor obtained some information after considering from previous year’s audit.

Eligibility of  Auditors

• Professional certification and continuing education.
• Audit policies, programs, and procedures.
• Practices regarding the assignment of auditors.
• Supervised and reviewed auditors’ activities.
• Quality of working-paper documentation, reports, and recommendations.
• Evaluation of auditors’ performance.

The objectivity of the Auditors

• While assessing the auditors’ objectivity and competency, the Auditor obtains information based on the previous year’s audit.
• The organisational status of the Auditor responsible for the internal audit function includes the following:
• The Auditor reports whether it is sufficient status to ensure the audit. Whether the auditors’ findings and recommendations have direct access and give reports regularly to the audit committee, board of audit or the manager.
• Whether the audit committee, board of directors or the manager oversees employment decisions related to the Auditor.

Policies to maintain internal auditors’ objectivity  includes:

• Policies prohibit auditors from auditing areas where relatives are employed in essential or audit-sensitive positions.
• Policies prohibit auditors from auditing areas where they were recently assigned or are scheduled to be assigned on completion of responsibilities in the internal audit function.

Assessing competence and objectivity

While assessing competence and objectivity, the Auditor usually considers information obtained from previous experience with the internal audit function, discussions with management personnel, and quality review. The Auditor used professional internal auditing standards as criteria for making the assessment.

Procedures the Auditor performs after understanding the entity’s internal control

• The Auditor performs when assessing future risk.
• Substantive procedures to be followed by the Auditor.
• When the auditors’ work is expected to affect the audit, the guidance follows Auditor’s work and evaluates and tests the effectiveness of the auditors’ work.
• Understanding of Internal Control

After obtaining a sufficient understanding of the design of controls relevant to financial statements, the Auditor plans the audit and determines whether they have been placed in operation. Since the primary objective of many internal audit functions is to review, assess, and monitor controls, the procedures performed by the internal auditors in this area may provide helpful information to the Auditor.

Risk Assessment

The Auditor verifies the risk of material misstatement at the financial statement and the account balances-of-transaction levels.

Financial-Statement Level

The Auditor makes an overall assessment relating to the risk of the financial-statement level. The Auditor analysed that specific controls may have a pervasive effect on the financial statement. The accounting system and control environment often have a pervasive effect on several account balances and transaction classes and, therefore, can affect many assertions.

Account balance or class of transaction level

At the account balance or class-of-transaction level, the Auditor performs procedures to obtain and evaluate evidential matters concerning management’s assertions. The Auditor assesses control risk for each relevant financial statement assertion related to all accounts and performs tests of controls to support assessments. Some procedures performed by internal auditors may provide direct evidence of material misstatements in assertions about specific account balances or classes of transactions. For example, the internal auditors may confirm certain accounts receivable and observe specific physical invent specific parts of their work. The results of these procedures provide evidence that the Auditor may consider restricting detection risk for the related assertions. Consequently, the Auditor can change the timing of the confirmation procedures, the number of accounts receivable to be confirmed, or the number of locations of physical inventories to be observed.

The Effect of the Auditors’ Work

• Sometimes,  the auditors’ work may affect the procedures to obtain sufficient, appropriate evidence to support Auditor’s report. Such evidence was obtained through Auditor’s direct personal knowledge, including physical examination, observation, computation, and inspection.
• The Auditor’s responsibility to report on the financial statements rests solely with the Auditor. The responsibility is shared because the Auditor has to express an opinion on the financial statements and judgments about assessments of inherent and control risks.
• While making judgments about the extent of the effect of the internal auditors’ work on the Auditor’s procedures, the Auditor considers certain factors:
• The materiality of financial statement amounts is account balances or class transactions.
• The risk (consisting of inherent and control risk) of material misstatement of the assertions related to these financial statement amounts.
• The degree of subjectivity in evaluating the audit evidence.

Coordination of the audit work with the auditors

The work of the auditors is expected to affect Auditor’s procedures. It may be efficient for the Auditor and the internal auditors to coordinate their work:

• Holding periodic meetings.
• Scheduling audit work.
• Providing access to internal auditors’ working papers.
• Review audit reports.
• Discuss possible auditing and accounting risks.

Evaluating and testing the effectiveness of Auditors’ Work

The Auditor performed the procedures to evaluate the quality and effectiveness of the auditors’ work. The nature and extent of the procedures performed by the auditors in evaluating the account balances or class of transaction.

• In developing the evaluation procedures, the Auditor considers some relevant factors:
• The scope of work is appropriate to meet the entity’s objectives.
• The auditors adequately perform audit programs.
• Evaluate the document work performed, including evidence of review and supervision.
• Reports are consistent with the results of the audit work performed by the auditors
• While evaluating, the Auditor should test some  auditors’ work related to the significant financial record

These tests may be performed by either

 (a) examining some of the transactions, controls, or balances that the internal auditors examined or

 (b) examining similar controls, transactions, or balances which the auditors do not evaluate. To reach conclusions about the auditors’ work, the Auditor should compare the results of their tests. The extent of the testing depended on the circumstances.

Using Internal Auditors to give direct assistance to the Auditor

The Auditor requests to provide direct assistance from the internal auditors. For instance,  the internal auditors may assist the external Auditor in obtaining an understanding of control or performing substantive tests consistent with the guidance about Auditor’s responsibility when direct assistance is provided. The Auditor examines the internal auditors’ competence and objectivity and supervises, evaluates, reviews and tests the work performed by internal auditors. The Auditor should inform the internal auditors of their responsibilities, the procedure, objectives, and matters that may affect the nature, extent and timing of audit procedures. The Auditor should also inform about the significant accounting and auditing issues identified during the audit should be brought to Auditor’s attention.

Conclusion

The Institute of Internal Auditors and the General Accounting Office have developed the accounting standard for internal auditing. These standards are meant to impart an understanding of the role and responsibilities of Internal auditing to all levels of management, board of directors, public bodies and other related professionals. However, it permits measurement of the internal auditing performance and improves the practice of internal auditing.

Also Read:
Objectives of Internal Audit: A general overview
Roles and Responsibilities of Internal Auditor
Effective Steps of Performing an Internal Audit Successfully