Embed Size (px)
DESCRIPTION
accounting
Citation preview
11/7/2013
1
Audit and Compliance
Chapter 9
Session Content
1. Function and importance of
Internal Audit
General
• A management control
• Statutory requirement/suggestion of CG codes
• Varying work of IA
• Chief internal auditor heads the dept
• Report to Audit Committee
Roles of Internal Audit
Types of audit work
• Some of the types are:
a. Financial Audit
b. Operational Audit
c. Project Audit
d. VFM Audit
e. Social and Environmental Audit
f. Management Audit
a. Financial Audit
- The main area of work of IA:
• Check accuracy of financial and management reporting
b. Operational Audit
- Examination and review of business operation
- Effectiveness of controls
- 3Es
11/7/2013
2
c. Project auditing
- About looking at a specific project:
• Were the objectives achieved?
• Was the projected implemented efficiently?
• What lessons can be learned from any
mistakes made/?
d. VFM Audit
Assesses 3 main areas �
economy/efficiency/effectiveness
• Economy
- Inputs to business and look if economical and
of acceptable quality
- Inputs could be capital, raw materials,
workforce and any administrative function
• Efficiency of operation
Checks how well the operation converts inputs to outputs
e.g. looking at quality control failures or wastage in production
• Effectiveness of an organisation
Checks whether the organisation achieves its objectives
- Must be clear objectives – not easy
e. Social and environmental audit
Social and environmental report in Annual report
• Social Audit: looks at the Co’s contribution to society and community e.g. donations, sponsorships, education, health and safety etc
Purpose of this audit: confirms statement of Directors or make recommendations on social policies Co should perform
• Environmental audit
- Evaluation of how well organisations are
performing with the aim of contributing to
safeguarding the environment
- Examine at corporate environmental policies
and practices and whether these are being
complied with
- Environmental report in Annual report
f. Management audit (or operational audit)
• The independence appraisal of the effectiveness of managers and corporate structure in achievement of entity’s objectives and policies
• Aim is to identify weaknesses and make recommendations on how to rectify them
• Linked to business objectives and therefore risks
11/7/2013
3
2. Factors affecting the need for IA
• Scale, complexity and diversity of Co’s
activities
• Number of employees (evidence of size)
• Cost-benefit considerations
• Changes in organisational structure, processes
or information systems (change complexity
and thus change risk)
• Changes in key risks
3. Auditor independence
• IA � an independent assurance activity
• To ensure that activity is carried out objectively and be able to rely on it, internal auditor must be independent
• Independence assured by appropriate structure within which IA work
• Independence is also assured in part by the internal auditor following acceptable ethical and work standards
Risks if auditors are not independent
4. Potential ethical threats
• Independence compromised when ethical threats are present
• A threat is anything that means that the opinion of an auditor could be doubted
• Threats can be real or perceived
• ACCA code provides examples of generic threats
• See below for threats that affect normally external auditors
SELF – INTEREST THREAT
• Audit firm or member of audit has something to benefit from the audit client
• Examples
- Loan from audit client to auditors
- Financial support
- Potential employment with audit clien
- Dependence of fees from audit client
11/7/2013
4
SELF-REVIEW THREAT
• Reviewing something which the individual
auditor was previously responsible for
• For example:
- Member of audit team previously an
employee of audit client
- Preparing the financial statements and then
audit them
ADVOCACY THREAT
• Auditor promotes or perceived to promote
audit client’s position or opinion
• For example:
- Being promoter of shares of audit client
- Acting as advocate on behalf of audit client in
litigation disputes
FAMILIARITY THREAT
• Due to close relationship with an audit client the auditor becomes too sympathetic to the client’s interests
• For example
- Auditor has family member that is employed by the audit client and has the power to exert significant influence over subject matter of audit
- Long association of a senior member of audit
team with audit client
- Acceptance of gifts from audit clients
INTIMIDATION THREAT
• When a member of the audit team is deterred
from acting objectively due to fear of the
client
• Examples:
- Threat of replacement over a disagreement
- Pressure to reduce extent of work in order to
reduce fees
• Test your understanding 2 (page 214)
11/7/2013
5
Protection of independence
• Internal auditors must be independent from executive management and should not have any involvement in the activities or systems that they audit
• Head of IA should report directly to a senior director or the Audit C/ee. In addition the head of IA should have direct access to the chairman of the Board and to the Audit C/ee and should be accountable to the audit Committee
• The audit C/ee should approve the appointment and termination of appointment of the head of IA
5. Audit Committee
• Role of the Audit Committee
- Review of IC systems
- Oversee work of IA
- Monitor integrity of FS
- Review work of external audit
• Consists 100% of NEDs
• At least one must have recent and relevant financial experience
6. The Audit Committee and Internal
Controls
The Audit Committee and Internal Controls
• Review the company’s internal financial controls
• Review all the company’s internal control and risk management systems
• Give approval to internal control and risk management statements in annual report
• Receive reports from management about effectiveness of control systems
• Receive reports on tests carried out on controls by internal auditors
7. Audit committee and internal audit
• Smith Guidance on audit committees recommends that the committee meet with internal auditors at least once a year without management
• If the Co does not have an internal audit function:
- Committee should consider annually whether there is a need for an internal audit function
- Reasons for absence of internal audit function should be explained in the relevant section of the A/R
11/7/2013
6
8. The Audit Committee and External
Audit
a. Appointment, re-appointment and removal –
recommendations to the Board
b. Oversee the selection process of new
auditors
c. Approve terms of engagement and their
remuneration
d. Have annual procedures to ensure independence and objectivity of auditors (see below)
e. Review scope of audit and ensure sufficient
f. Ensure that plans in place for the audit at the start of annual audit
g. Carry out post completion audit review
- Review level of errors identified during audit
- Review key accounting or audit judgements
- Discuss any major issues that arose during audit and whether they’ve been resolved
• Test your understanding 3 (page 228)
9. Reporting on internal controls to
shareholders
• SHs are entitled to know whether the IC system is sufficient to safeguard their investment
• Thus, the Board should at least annually conduct review of effectiveness of IC and report to SH that done so
• Review must cover all material controls
• Review must be conducted against COSO’s elements of an effective IC system as seen Ch9
• Annual report should inform SH of work of Audit Committee
• The chair of the Audit C/ee must be available
at AGMs to answer questions of SH
• SOX � additional reporting requirements
