The Role and Organization of Internal Audit

1
ACG 4671 Internal Auditing
2

• CHAPTER 8
• Managing the Internal Audit Function

3
Overview

• Scope
• Audit Charters
• Independence
• Organization Structure and Planning
• Quality Assurance Programs

4
Internal Audit Scope

• The internal audit activity should evaluate risk
  exposure relating to the organizations
  governance, operations and information systems
  regarding the
• Reliability and integrity of financial and
  operational information
• Effectiveness and efficiency of operations
• Safeguarding of assets
• Compliance with laws, regulations and contracts

5
Audit Charters

• Formal document that sets the goals, objectives
  and purpose of an organizations internal audit
  function
• Structure Should Include
• Definitions The nature of internal Auditing
  risk, control, management responsibilities,
  assurance
• Scope of Work The IA departmental scope
• Services Audit, consulting, review, reporting,
  etc.
• Access What IA can investigate/view contacting
  IA
• Independence Organizational status, auditor
  independence, and professional guidelines

6
Independence

• Objectivity-correctness and fair play no
  improper motives
• Impartiality-not taking sides
• Unbiased views-no personal views opinions based
  on standards. Includes unintentional behavioral
  biases (e.g. anchor adjustment, overconfidence,
  confirmation, etc.)
• Valid opinion-opinions based on audit evidence

7
Organizational Structure

• Types of Organizational Structures
• Centralized
• Decentralized

8
Organizational Structure

• Advantages of Centralized
• Good position to establish strong tone-at-the-top
• Consistent understanding of corporate policies
  and procedures
• Consistent application of audit methodology and
  organization-wide standards
• Potentially better objectivity and independence
  from local level

9
Organizational Structure

• Advantages of Decentralized
• Freeing up higher-level personnel from minor
  decisions
• Local personnel have better understanding of
  local processes and issues
• Minimize or avoid beaurocratic red tape more
  streamlined
• Typically more respected by local personnel

10
Organizational Structure

• Alternative Types of Organizational Structures
• Types of Audit
• Parallel to Overall Organizational Structure
• Geographical
• Mixed Bag

11
Organizational Planning

• Defined as
• the process of organizing and matching goals and
  objectives with available resources to achieve
  the most effective utilization of those
  resources.

12
Organizational Planning

• Parties Affecting Planning
• Management
• Board of Directors
• External Auditors

13
Organizational Planning

• High-level Considerations in Planning
• Type of managerial assistance
• Level of managerial assistance
• Degree of independence
• Resources to be provided
• Quality of service
• Quality of internal audit staff

14
Organizational Planning

• Short-term and Long-term Planning
• Short-term annual budget
• Very detailed
• Reviewed throughout the year (budget vs. actual)
• Long-term multi-year budget
• Outlines overall audit coverage (not everything
  can be done in a single year)
• Updated annually and rolled forward

15
Organizational Planning

• Criteria for Selection of Areas to Audit
• Level of risk for audit areas
• Prior findings
• Management requests for specific audits
• Prior audit coverage
• Required audits (e.g. SOX compliance)
• Sensitive areas

16
IA Quality Programs

• CAE is accountable for implementing a quality
  program designed to provide reasonable assurance
  to the various stakeholders that the IA activity
• Performs in accordance with its charter, which
  should be consistent with the Standards and the
  Code of Ethics.
• Operates in and effective and efficient manner.
• Is perceived by those stakeholders as adding
  value and improving the organizations operations.

17
Assessing Quality Programs

• Assessments of quality programs should include
  evaluations of
• Compliance with the Standards and Code of Ethics.
• Adequacy of the internal audit activitys
  charter, goals, objectives, policies, and
  procedures.
• Contribution to the organization's risk
  management, governance, and control processes.
• Compliance with applicable laws, regulations, and
  government or industry standards.
• Effectiveness of continuous improvement
  activities and adoption of best practices.
• Whether the audit activity adds value and
  improves the organizations operations.

18
QA Standards

• 1300
• The chief audit executive should develop and
  maintain a quality assurance and improvement
  program that covers all aspects of the internal
  audit activity and continuously monitors its
  effectiveness. The program should be designed to
  help the internal auditing activity add value and
  improve the organization's operations and to
  provide assurance that the internal audit
  activity is in conformity with the Standards and
  the Code of Ethics.
• 1310
• The internal audit activity should adopt a
  process to monitor and assess the overall
  effectiveness of the quality program. The
  process should include both internal and external
  assessments.

19
QA Standards

• 1311
• Internal assessments should include
• Ongoing reviews of the performance of the
  internal audit activity.
• Periodic reviews performed through
  self-assessment or by other within the
  organization, with knowledge of internal audit
  practices and the Standards.
• 1312
• External assessments, such as quality assurance
  reviews, should be conducted at least once every
  five years by a qualified, independent reviewer
  or review team from outside the organization.
• 1320
• The chief audit executive should communicate the
  results of the external assessment to the board.

20
PA 1311-2 Possible Performance Categories
Internal Customers Board/AC Senior
mgmt. Operating mgmt.
Internal Audit Process Risk assessment Audit
planning Planning and performing the audit
engagement Reporting
External Customers Regulators External
auditors Community Corporate customers
PPF Laws regulations Corporate internal audit
strategies
Innovation Capabilities Training Technology Indu
stry/Knowledge