What is the role of internal auditors in financial auditing?


Citation preview

What is the role of internalWhat is the role of internal

auditors in financial auditing?auditors in financial auditing?

Internal AuditingInternal Auditing

The New York Stock ExchangeThe New York Stock Exchangerequires its registrants to haverequires its registrants to have

an internal audit function.an internal audit function.

Internal AuditingInternal Auditing

It is an independent, objective assurance andIt is an independent, objective assurance andconsulting activity designed to add valueconsulting activity designed to add value

and improve an organization’s operations.and improve an organization’s operations.

It helps an organization accomplish its objectivesIt helps an organization accomplish its objectivesby bringing a systematic, disciplined approach toby bringing a systematic, disciplined approach to

evaluate and improve the effectiveness of riskevaluate and improve the effectiveness of riskmanagement, control, and governance processes.management, control, and governance processes.

What about Sarbox?What about Sarbox?

Does Sarbanes-Oxley add “legitimacy” to the IA Does Sarbanes-Oxley add “legitimacy” to the IA function?function?

Where were the internal auditors at Enron?Where were the internal auditors at Enron?

WorldCom … Waste Management … etc…WorldCom … Waste Management … etc…

Institute of Internal Auditors Institute of Internal Auditors Ethical PrinciplesEthical Principles






Internal auditors:Internal auditors:1.1. Shall perform their work with honesty, diligence, 1.1. Shall perform their work with honesty, diligence,

and responsibility.and responsibility.1.2. Shall observe the law and make disclosures 1.2. Shall observe the law and make disclosures

expected by the law and the profession.expected by the law and the profession.1.3. Shall not knowingly be a party to any illegal 1.3. Shall not knowingly be a party to any illegal

activity, or engage in acts that are discreditable to the activity, or engage in acts that are discreditable to the profession of internal auditing or to the organization.profession of internal auditing or to the organization.

1.4. Shall respect and contribute to the legitimate and 1.4. Shall respect and contribute to the legitimate and ethical objectives of the organization.ethical objectives of the organization.


Internal auditors:Internal auditors:2.1. Shall not participate in any activity or relationship 2.1. Shall not participate in any activity or relationship

that may impair or be presumed to impair their that may impair or be presumed to impair their unbiased assessment. This participation includes unbiased assessment. This participation includes those activities or relationships that may be in conflict those activities or relationships that may be in conflict with the interests of the organization.with the interests of the organization.

2.2 Shall not accept anything that may impair or be 2.2 Shall not accept anything that may impair or be presumed to impair their professional judgment.presumed to impair their professional judgment.

2.3 Shall disclose all material facts known to them that, 2.3 Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities if not disclosed, may distort the reporting of activities under review.under review.


Internal auditors:Internal auditors:3.1 Shall be prudent in the use and protection of 3.1 Shall be prudent in the use and protection of

information acquired in the course of their information acquired in the course of their duties.duties.

3.2 Shall not use information for any personal 3.2 Shall not use information for any personal gain or in any manner that would be contrary gain or in any manner that would be contrary to the law or detrimental to the legitimate and to the law or detrimental to the legitimate and ethical objectives of the organization.ethical objectives of the organization.


Internal auditors:Internal auditors:4.1. Shall engage only in those services for which they 4.1. Shall engage only in those services for which they

have the necessary knowledge, skills, and experience.have the necessary knowledge, skills, and experience.4.2 Shall perform internal auditing services in 4.2 Shall perform internal auditing services in

accordance with the accordance with the InternationalInternational Standards for the Standards for the Professional Practice of Internal AuditingProfessional Practice of Internal Auditing ..

4.3 Shall continually improve their proficiency and the 4.3 Shall continually improve their proficiency and the effectiveness and quality of their services.effectiveness and quality of their services.

Relationship of InternalRelationship of Internaland External Auditorsand External Auditors

The The externalexternal auditor is responsible auditor is responsibleto financial statement users.to financial statement users.

The The internalinternal auditor is responsible auditor is responsibleto management.to management.

Relationship of InternalRelationship of Internaland External Auditorsand External Auditors




Audit risk modelAudit risk model

Governmental Financial Governmental Financial AuditingAuditing

The primary source of authoritative literatureThe primary source of authoritative literaturefor performance of government audits isfor performance of government audits is

Government Auditing StandardsGovernment Auditing Standards,,which is issued by the GAO.which is issued by the GAO.

Because of the color of the cover, it isBecause of the color of the cover, it isusually referred to as the usually referred to as the ““Yellow BookYellow Book.”.”

Governmental Financial Governmental Financial AuditingAuditing

The Yellow Book standards are often calledThe Yellow Book standards are often calledgenerally accepted government auditinggenerally accepted government auditing

standards (GAGAS or GAS).standards (GAGAS or GAS).

Financial Audit and Reporting Financial Audit and Reporting Requirements – Yellow BookRequirements – Yellow Book

Materiality and significanceMateriality and significance Quality controlQuality control Compliance auditingCompliance auditing ReportingReporting Audit filesAudit files

Audit and Reporting – Single AuditAudit and Reporting – Single AuditAct and OMB Circular A-133Act and OMB Circular A-133

The threshold for requiring a single auditThe threshold for requiring a single auditwas raised from $100,000 to $300,000was raised from $100,000 to $300,000

to exempt many smaller entitiesto exempt many smaller entitiesfrom single audit requirements.from single audit requirements.

The OMB increased the single auditThe OMB increased the single auditthreshold to $500,000 beginning in 2004.threshold to $500,000 beginning in 2004.

Audit and Reporting – Single AuditAudit and Reporting – Single AuditAct and OMB Circular A-133Act and OMB Circular A-133

The office of Management and Budget issuedThe office of Management and Budget issueda revised Circular A-133, a revised Circular A-133, Audits of States,Audits of States,

Local Governments, and Non-ProfitLocal Governments, and Non-ProfitOrganizations, Organizations, to provide administrativeto provide administrative

guidance for implementing theguidance for implementing thesingle audit requirements.single audit requirements.

Audit RequirementsAudit Requirements

The audit should be in accordanceThe audit should be in accordancewith generally accepted governmentwith generally accepted government

auditing standards (GAGAS).auditing standards (GAGAS).

The auditor must obtain an understandingThe auditor must obtain an understandingof internal control over federal programsof internal control over federal programs

sufficient to support a low assessedsufficient to support a low assessedlevel of control risk for major programs.level of control risk for major programs.

Audit RequirementsAudit Requirements

The auditor should determine whether the clientThe auditor should determine whether the clienthad complied with laws, regulations, and thehad complied with laws, regulations, and theprovisions of contracts or grant agreementsprovisions of contracts or grant agreementsthat may have a direct and material effectthat may have a direct and material effect

on each of its major programs.on each of its major programs.

Reporting RequirementsReporting Requirements

an opinion on whether the financial statementsan opinion on whether the financial statementsare in accordance with GAAP, and an opinionare in accordance with GAAP, and an opinionas to whether the schedule of federal awardsas to whether the schedule of federal awardsis presented fairly in all material respects inis presented fairly in all material respects inrelation to the financial statements as a wholerelation to the financial statements as a whole

Reporting RequirementsReporting Requirements

a report on internal control related to thea report on internal control related to thefinancial statements and major programsfinancial statements and major programs

a report on compliance with laws,a report on compliance with laws,regulations, and the provisions ofregulations, and the provisions ofcontracts or grant agreementscontracts or grant agreements

a schedule of findings and questioned costsa schedule of findings and questioned costs

Reporting RequirementsReporting Requirements

reasonable (positive) assurance related reasonable (positive) assurance related to items testedto items tested

limited (negative) assurance related to limited (negative) assurance related to items not tested (usually includes items not tested (usually includes ““nonmajor” programs)nonmajor” programs)

Operational AuditingOperational Auditing

The purpose of operational auditing is toThe purpose of operational auditing is todetermine the efficiency and effectivenessdetermine the efficiency and effectiveness

of any part of an organization.of any part of an organization.

Differences between OperationalDifferences between Operationaland Financial Auditingand Financial Auditing

Distribution ofDistribution ofthe reportsthe reports

Inclusion ofInclusion ofnonfinancial areasnonfinancial areas

Purpose ofPurpose ofthe auditthe audit

EffectivenessEffectiveness refers to the refers to theaccomplishment of objectives.accomplishment of objectives.

EfficiencyEfficiency refers to the resources used refers to the resources usedto accomplish those objectives.to accomplish those objectives.

Effectiveness Versus Effectiveness Versus EfficiencyEfficiency

Types ofTypes ofinefficiencyinefficiency ExampleExample

Acquisition of goods andAcquisition of goods andservices is excessively costly.services is excessively costly.

Bids for purchases ofBids for purchases ofmaterials are not required.materials are not required.

Raw materials are notRaw materials are notavailable when needed.available when needed.

An assembly line was shutAn assembly line was shutdown for lack of materials.down for lack of materials.

A duplication of effort byA duplication of effort byemployees exists.employees exists.

Production and accountingProduction and accountingkeep identical records.keep identical records.

Effectiveness Versus Efficiency


Can a process be “effective” if it is inefficient? Can a process be “effective” if it is inefficient?

Relationship between OperationalRelationship between OperationalAuditing and Internal ControlsAuditing and Internal Controls

Reliability of financial reportingReliability of financial reporting

Efficiency and effectiveness of operationsEfficiency and effectiveness of operations

Compliance with applicable laws and regulationsCompliance with applicable laws and regulations

Types of Operational AuditsTypes of Operational Audits



Special assignmentsSpecial assignments

CPA firmsCPA firms



Who PerformsWho PerformsOperational AuditsOperational Audits

The two most important qualities forThe two most important qualities for an operational auditor are:an operational auditor are:

Independence and Competence Independence and Competence of Operational Auditorsof Operational Auditors

IndependenceIndependence CompetenceCompetence


Is this the same kind of “independence” that financial auditors have?

How can an operational auditor be How can an operational auditor be independent?independent?

Specific Criteria for Evaluating Specific Criteria for Evaluating Efficiency and EffectivenessEfficiency and Effectiveness

Were all plant layoutsWere all plant layouts approved by home office approved by home office engineering at the time of original design?engineering at the time of original design?

Has home office engineering done a reevaluationHas home office engineering done a reevaluationstudy of plant layout in the past five years?study of plant layout in the past five years?

Specific Criteria for Evaluating Specific Criteria for Evaluating Efficiency and EffectivenessEfficiency and Effectiveness

Is each piece of equipment operatingIs each piece of equipment operatingat 60% of capacity or more forat 60% of capacity or more forat least three months each year?at least three months each year?

Does layout facilitate the movement ofDoes layout facilitate the movement ofnewnew materials to the production floor?materials to the production floor?

Does layout facilitate the productionDoes layout facilitate the productionof finished goods?of finished goods?

Specific Criteria for Evaluating Specific Criteria for Evaluating Efficiency and EffectivenessEfficiency and Effectiveness

Does layout facilitate the movement ofDoes layout facilitate the movement offinished goods to distribution centers? finished goods to distribution centers?

Does the plant layout effectively useDoes the plant layout effectively useexisting equipment?existing equipment?

Is the safety of employees endangeredIs the safety of employees endangeredby the plant layout?by the plant layout?

Sources of CriteriaSources of Criteria

Historical performanceHistorical performance


Engineers standardsEngineers standards

Discussion and agreementDiscussion and agreement

Phases in Operational AuditingPhases in Operational Auditing


Evidence accumulation and evaluationEvidence accumulation and evaluation

Reporting and follow-upReporting and follow-up


• Scope of engagementScope of engagement

• StaffingStaffing

• Background informationBackground information

• Understand internal controlUnderstand internal control

• Decide on appropriate evidenceDecide on appropriate evidence

Evidence AccumulationEvidence Accumulationand Evaluationand Evaluation

• DocumentationDocumentation

• ClientClient

• ObservationObservation

Reporting Follow-upReporting Follow-up

• Report usually sent to managementReport usually sent to management

• Tailored reportsTailored reports

• Follow-up on recommendationsFollow-up on recommendationswith managementwith management

Examples of OperationalExamples of OperationalAudit Findings (from text)Audit Findings (from text)

• Outside janitorial firm saves $160,000Outside janitorial firm saves $160,000

• More timely credit memo processingMore timely credit memo processing

• Use the right toolUse the right tool

• Computer programs save manual laborComputer programs save manual labor
