Internal audit function is the crucial part of an entity’s corporate governance. Their has been important concern about the level of fraud within the company. The purpose of this study is to evaluate whether the companies with an internal audit function can detect fraud with those without.
We find that the companies with internal audit function are performing more well than those without the function of internal audit to detect fraud within their companies. The companies that do not conduct internal audit function are less likely to detect fraud than those that take part in their internal audit function. These results recommend that internal audit adds value through improving the control within organizations to detect fraud.
CHAPTER # 1
THE NATURE, PURPOSE, SCOPE AND THEORY OF INTERNAL AUDIT
NATURE OF INTERNAL AUDIT
Internal auditing is the independent assessment of the various systems and operations of control to determine whether legislative requirements, acceptable policies and procedures are followed, and established standards are met, resources are used economically and efficiently and planned missions are accomplished effectively.
It helps the Department achieve its objectives by bringing a methodical, disciplined
approach to evaluation and improves the risk management, control and governance processes
SCOPE OF INTERNAL AUDIT
The Internal Audit treatment may extend to all areas of the Department and include
financial, accounting, administrative, operational and computing activities. The scope of internal audits will depend upon circumstances such as results of risk associated with activities, previous audits, materiality, relative, the ability of the system of internal control and the resources available.
There is a need to decide what is included within the scope of audit work. It is possible to provide services outside the formal scope as long as we make a conscious decision. The scope of internal audit should be based on a professional framework. The main role of internal audit is assurance work. Anything else is consultancy services which should be assessed through appropriate criteria.
A discussion of scope creates an opportunity agree on the important distinction between audit’s role in contrast to that of the management. There are various forces that impact on the final model adopted. These ranges from the CAE’s views, the needs of management and the type of staff employed.
COMMUNICATED
There is little point setting formal objectives for the audit function if these are not properly publicized across the organization. Communication may take the following forms:
Objectives embodied within an audit charter
Suitable correspondence that repeats the objectives
The annual audit report
Regular meetings with management on this topic
Formal presentation to the audit committee
Some mention within major audit reports
This is a continual process as strategy does not arise as a one-off event but changes and adjusts overtime, in response to the environment.
UNDERSTOOD BY ALL
Passing formal documents out to auditors and management is not enough. There is a need to ensure that auditors understand and work to agreed objectives. For audit staff this may involve internally organized induction training and skill workshops. They may make a formal presentation to senior management that might be used to dispel myths and misunderstanding. It is essential that the members of the audit committee have a clear understanding.
Don't use plagiarized sources. Get Your Custom Essay on
Audit internal review activities within an organization
Just from $13/Page
Get Help With Your Essay
If you need assistance with writing your essay, our professional essay writing service is here to help!
Essay Writing Service
TERMS OF REFERENCE
The purpose, authority and scope of work of the internal audit department should be set out in a formal document. This will help to give the internal auditors the high profile within the organization that is necessary if they are to function effectively. It should also clarify the independence of the internal auditors from the other parts of the business and the remit of internal audit, ensuring in particular that this is not restricted in any ways and covers all aspects of the business. Where internal audit work is subcontracted, these matters will normally be dealt with in an engagement letter between the parties. In all cases, the terms of reference for the internal audit function should be regularly reviewed and updated.
HEAD OF INTERNAL AUDIT
It is important that the internal audit function, however it is organised, is headed by an individual who has the necessary professional expertise and carries the respect, confidence and support of other members of the senior management team. He or she could preferably have an appropriate qualification, relevent experience and the personal skills needed to deal with the individuals throughout the organization and to handle potentially difficult and sensitive issues. There needs to be a close working relationship between the head of internal audit and the executive and also, where relevent, good communication between the head of internal audit and the audit committee. If the internal audit function is a separate department within the organisation, the head of internal audit will be a management appointment. If internal audit work is subcontracted, the person with overall responsibility for the work (e.g a partner in a firm of accountants) is in effect the head of internal audit , and it will be important to ensure that the necessary relationships can be put into place quickly and effectively. Where the company has an audit committee, this committee will usually participate in the appointment. The head of internal audit should have a direct line of communication to the chairman of the audit committee, to enable sensitive issues to be raised and discussed without executive management being present where necessary and to demonstrate and strengthen the independence of the internal audit function.
STAFFING
If the internal audit department is to achieve the necessary degree of respect and confidence within the organisation, it is essential that it has adequate resources to carry out its work. Wherever possible, internal audit staff should be suitably trained and professionally qualified. This does not necessarily mean that everyone needs to hold the same qualifications. The department should be viewed as the team, and the skills and expertise available should be appropriate for the range of work that the department is expected to cover. The skills needed will inevitably vary, depending on the nature and complexity of the business. As well as financial expertise, the internal audit function may need skills in areas such as computing, logistics or environmental issues. On occcassions it may be appropriate for high calibre staff from elsewhere in the organisation to be seconded to internal audit to assist with specific projects, particularly if they can offer specialist skills. This can be valuable in increasing general awareness and understanding of the internal audit function within the company and can help to raise the profile of internal audit. It is important to remember that interna audit staff will need to deal with individuals throughout the organisation and they may sometimes be required to handle potentially difficult and sensitive situations. All internal audit staff need to have some strong interpersonal and communication skills and to be confident in dealing with senior management.
CONCEPT OF INTERNAL AUDIT
The exact scope and objective of internal audit differ largely and depend on the size and structure of the company and the requirements of its management.ISA 610 states that internal auditing activities will usually include one or more or the following:
(a) MONITORING OF INTERNAL CONTROL
The establishment of an adequate internal control system is a responsibility of management and is an important aspect of good corporate governance. Because the internal control system needs to b monitored on a continuous basis, large companies are likely to establish an internal audit function to assist management in this role. Internal audit is therefore usually given specific responsibility by management for reviewing internal controls, monitor operations and suggesting improvements via a report to the directors.
(b) REVIEW OF THE ECONOMY, EFFECTIVENESS & EFFICIENCY OF OPERATIONS
This would include a review of non-financial controls.
(c) Review of fulfillment with regulations and other external and internal requirements such as management policies and directives.
(d) Special investigations into particular areas such as suspected fraud.
The majority of these activities will be classed as operational internal audit assignments. These are audits of specific processes and operations performed by the entity. However, internal audit could also be asked to perform other assignments such as value for money and best value audits.
Whatever tasks are assigned to internal auditors the same degree of indepence can never be achieved as that required of the external auditor. In order to achieve as much independence as possible it is therefore important that the internal auditor report to the highest level of management.
It is also the matter for the entity setting up the internal audit function what qualifications or experience it requires of the members of its internal audit team. In contrast, the external auditor has to comply with the regulations set by government and his professional body covering technical and professional and standards and qualifications.
OBJECTIVE AND ROLE OF INTERNAL AUDIT
The internal audit function is established to assist the Secretary and management of the Department to verify that appropriate governance of operations is in place and to achieve sound managerial control of the operations of the Department including accounting, financial control, asset management and information management and control systems. The objective of internal audit is to help out all levels of management in the valuable fulfill of their responsibilities by providing analysis and recommendations concerning the activities reviewed.
The achievement of the objectives may involve:
Assessing the sufficiency of established procedures and systems.
conducting special assignments and investigations on behalf of the Secretary
into any matter affecting the interests and operating effectiveness of the department,
appraising and reviewing the sufficiency and effectiveness of the system of internal controls;
Reviewing operations to determine whether results are reliable with the Department’s established objectives and goals and to check whether they are being properly achieved.
appraising the integrity of management, reliability, relevance and, reports, financial and operating data
reviewing the means of protecting the assets and verifying the existence of such assets;
Reviewing the systems established to ensure fulfillment with those policies, legal requirements, plans, procedures which could have an important impact on operations.
OBJECTIVE OF INTERNAL AUDIT FUNCTION
The objective of internal audit function varies widely and depends on the size and structure of the company and the requirements of its management. Ordinarily internal audit objective include:
REVIEW OF ACCOUNTING AND INTERNAL CONTROL SYSTEM
Internal auditing is normally assigned specific responsibility by the management of the company for, reviewing accounting, monitoring their operations, internal control systems and recommending improvements.
EXAMINATION OF FINANCIAL AND OPERATING INFORMATION
It includes the review of ways used to recognize, determine, classify and report such information and detailed investigation into individual items including detailed test of transaction, balances and procedures.
Evaluation of efficiency of operations including non financial control of the entity.
Review of fulfillment with regulations, external & internal requirements and with management policies, directions
The auditor should develop and document an overall audit plan describing expected scope and conduct of the audit, the matters to be kept in mind by the auditor in developing an overall audit plan is the knowledge of the business he has obtained.
ROLE OF INTERNAL AUDIT
The role of internal audit has altered considerably over the years , reflecting the changing needs of business and management. This has been especially true in recent years, as corporate governance issues have been given an increasingly high profile. Directors and seniour management are alert of their duties to control risk of the company and to establish controls to protect assets, defend fraud and improve the efficient operation of the business. The primary role of an internal audit funvtion is to assist management in identifying potential risk and to provide assurance that the companys system of internal control is effective in reducing business risk to an acceptable level. It also acts as a useful source of information for management on what is actually happening in practice within the business and provides support and advice by identifying needs nad recommending policies, procedures and controls to resolve potential problems as they are identified. In the case of public company, the work of internal audit will usually be a significant factor in enabling the directors to report on internal control as required by the code.
HOW NOT TO USE INTERNAL AUDIT
Historically, there has been a considerable degree of confusion over the precise role of internal audit. It is important to recognize that internal auditors are not responsible for designing and implementing systems and procedures, nor are they responsible for the prevention and detection of fraud and irregularity. These are must always remain the responsibilty of management. Internal auditors have an important role to play in assisting management to fulfil their responsibilities, and they will frequently recommend changes to systems and procedures, or new controls that should be introduced. However if they were to become directly involved in designing and implementing systems and procedures, their independence from the operating functions could be seriously impaired. For the same reason, it is essential that internal auditors are not seen as a floating resource who can be used to cover for the unexpected departure or long-term absence of accounting and other staff.
INTERNAL AUDIT AND RISK ASSESSMENT
Internal control systems are put in place by the directors (executive management) in order to help them manage the company’s governance risks. Risks can be thought of as anything which may prevent an organization from achieving its objectives. It may be convenient in this context to think of risks as the risks of errors or frauds, or the risks that information will be unreliable.
Risk is extremely relevant to the role of the internal auditor. His work may often involve carrying out a risk assessment exercise, designed to identify the main areas of risks to which the organization is exposed. The internal auditor will report those risks to management, and will perhaps make suggestions about how risks can be managed.
It is useful to analyze the risks that are considered by internal auditors into three main categories. These are :
OPERATIONAL RISK
These are the risks that the operating activities of an entity may be disrupted, either deliberately or unintentionally and in error. Employees make mistakes, and do something wrong or forget to do something. Machines may break down. There may be poor security arrangements, poor supervision, weak management or an ineffective organization structure. Operational risk refers to anything that might go wrong with operational activities.
FINANCIAL RISK
These are the risk of what might happen if there are changes in the financial environment, such as interest rates, taxation law or exchange rates. Financial risk also includes credit risk, which is the risk of non-payment or late payment by customers.
(c) COMPLIANCE RISK
These are risk that the entity may fail to comply with relevant rules and regulations, resulting in penalties being imposed by regulatory authorities or fines being paid to injured parties. Examples of compliance risk vary according to the nature of a company’s activities: they may include the risk of non-compliance with health and safety law, anti-pollution law, employment law, and so on.
MANAGEMENT OF RISK
Approaches to risk management that an internal auditor may recommend to management include the following:
ACCEPTANCE
Risk acceptance means accepting the risk and doing nothing to reduce the possibility that an adverse event will happen and doing nothing to limit the consequences if an adverse event does occur. This approach is normally only acceptable if the risk is insignificant.
REDUCTION
Risk reduction involves taking measures to reduce the probability that an adverse event will happen, or reducing the consequences of an adverse event. Measures to reduce risk may involve instituting appropriate controls to minimize the risk to which the entity is exposed. Most internal controls are designed as risk reduction measures.
(c) AVOIDANCE
Risk avoidance means avoiding transactions or situations that would create an exposure to a risk. For companies, it is normally impossible to avoid risks entirely without withdrawing from a business operation entirely.
(d)TRANSFER
Risk transfers means transferring the risk to a third party, often in return for a payment. The most commonly-used example of risk transfer is probably the use of insurance. With insurance, risk is transferred to an insurance company in exchange for the payment of a premium.
AREAS USUALLY COVERED BY INTERNAL AUDIT
Internal audit will usually provide assurance on:
Safeguarding of the company’s assets.
The completeness and accuracy of the company’s accounting and other records.
The adequacy and effectiveness of measures to prevent fraud and other irregularity and
The overall effeiciency of the operations.
The internal auditors should develop a strong, in-depth knowledge of the company’s operating system, coupled with their own professional expertise, and they are therefore in a good position to advise management on the assessment of risk and the implementation aof procedures and controls. If there is no internal audit function, the external auditor will usually need to carry out some review and testing of the company’s systems and controls, but as their focus is the material accuracy of the annual accounts their work will concentrate on financial controls rather than the company’s overall system of internal control. The level and extent of their review and testing will also be lower, as the level of assurance needed for external audit purposes will not be as extensive as that required for effective management of the business.
CHAPTER # 2
TYPES OF INTERNAL AUDIT
CHAPTER # 3
BENEFITS AND INTERNAL REVIEW ACITIVITIES
BENEFITS OF INTERNAL AUDIT
An internal audit function is an essential element of a sound corporate governance system. It may also liaise with the audit committee, who may themselves require special reports from the internal auditors.
The role of internal audit is set by management and the type of work they do will depend on what management requires of them. However their work is likely to encompass the following, all of which are useful to management.
REVIEW OF ACCOUNTING AND INTERNAL CONTROL SYSTEMS
This involves an assessment of the adequacy of the entity’s systems and controls in managing the risks of the business and could encompass IT audits. Where there are deficiencies, the internal auditor will recommend cost effective improvements to management. For example if the company does not properly check goods received for quality and quantity, the entity is at risk of accepting substandard goods or the wrong quantity of goods. The internal auditor would require procedures to be put in place to prevent losses incurred by such a lack of controls.
EXAMINATION OF FINANCIAL AND OPERATING INFORMATION
Such internal audits form another part of the traditional role of the internal auditor, reviewing accounting and other records to substantiate figures in the financial statements or management accounts. For example, the internal auditor might trace items on inventory sheets to the inventory figure in the financial statements.
OTHER AUDITS
The internal auditor might carry out specific other types of audits such as value for money or best value audits.
SPECIAL INVESTIGATION
Internal auditors will perform any necessary investigation into useful matters. An example of this might be a fraud investigation.
OPERATIONAL INTERNAL AUDIT ASSIGNMENTS
These involve the internal auditor considering particular areas of the entity’s business such as marketing or human resources. For example work could be carried out to ensure that there are appropriate recruitment and selection procedures in place. In addition, the internal audit function will also liaise with the external auditors and may provide valuable evidence to the external audit team. This may result in a more efficient (and hence cheaper) external audit.
ELIMINATES FRAUD
Internal audit helps to eliminate the chances of frauds.
BURDEN OF EXTERNAL AUDITOR
Internal auditor reduces the trouble of external auditor to do the audit in the business.
TRUE AND FAIR VIEW OF FINANCIAL STATEMENTS
Internal auditor helps the company in checking their accounts and makes the true and fair view of financial statements of the organization.
SAVE MONEY
Internal auditors save large sum of money because the does not feel the need to employ externals to act as an internal auditors. This becomes more beneficial for an organization if the department of internal audit is properly run by more experienced and well trained internal auditors.
HIGHLY SKILLED PEOPLE
The jobs and functions which other employees cannot deal with efficiently and effectively, the internal auditors does that by maintaining a group of highly skilled people available in the company.
AUDIT ON REGULAR BASIS
The accounts are audited on the regular basis hence this reduces the chance of fraud. Internal auditors keep an eye on the clerks and accountants so they cannot make any loss to the accounts of the company.
CONFIDENTIAL INFORMATION
The internal auditors are very close to business as they are continuously employed in the same company and have access to much confidential information and to all levels of management. They are very special staff having very deep inner knowledge which can then add value to the company.
PROPER ACCOUNTING SYSTEM
Internal audit is beneficial to an organization because it introduces a proper accounting system. To achieve desired results the proper procedures, devices, records and personnel are required.
CONTROLS
Internal audit is beneficial to ensure that effective and efficient controls are in place.
AVOID FRAUD
Internal audit also helps to avoid possible risk of fraud, abuse and wastage.
BETTER MANAGEMENT
With proper internal control, internal check and internal audit the aims and goals of a company can be achieved. The managements depend on internal audit for better results. The internal auditor points out the weak areas of management. Internal audit helps in better management.
IMPROVE OPERATIONS
Internal audit helps to make possible discussions between Department Heads in order to improve operations.
PROVIDE ASSISSTANCE
Internal audit provides a self-regulating and separate guidance which may guide prevention, helps in increasing revenue and reducing loss and advanced staff training.
CORRECTIVE ACTIONS
Internal audit is beneficial to an organization because it helps to identify weaknesses and strengths within an organization.
POLICY & PROCEDURES
The internal audit is beneficial to organization by ensuring that the standard policies and procedures are running smoothly within the organization.
INVALUABLE IN AREAS
In operational audits, regular examination of internal check control, internal auditors are important in these areas.
INTERNAL AUDIT SERVICES
Internal audit services may be provide to an audit client by the firm. On the other hand it should be made sure that the client acknowledges its responsibility for maintaining, establishing and monitoring the system of internal controls. It should be suitable to use safeguards to ensure that an employee of client is responsible for internal audit activities and the client approves all work that internal audit does.
The heightened profile of corporate governance issues, and public reporting on aspects such as internal control under the combined code (and its predecessor codes), has generally increased management’s awareness of their responsibilities and encouraged them to consider how these responsibilities can best be fulfilled in practice. Internal audit has had a relatively high profile within the public sector except in the largest organizations. In the past, internal audit department tended to be given a low status within the organization, but the benefits of a well-organized and high-caliber internal audit function are now becoming clearer to companies of all sizes. Management always retains the responsibility for identifying business risk and introducing procedures and controls to reduce risk to an acceptable level. However establishing a strong internal audit function to assist with this can enable management to demonstrate clearly that they have paid due attention to the relevant issues and that the procedures and controls that have been put in place are being subjected to continual scrutiny. This is particularly important as the business develops without regular independent scrutiny, the procedures and controls can easily become out of date and fail to provide adequate cover in new areas of operations.
A strategy focus (developed by CAE ) by the auditor can have many benefits some of which include being able to
Provide both those managing and evaluating performance assurance that the right things are being done and done right.
Assist those managing understand the need for synthesis of future external opportunities as well as analysis of internal problems based on extrapolating
Of the past, recognizing and taking risk through innovation as well as minimizing risk and maintaining stability.
Recognize risk where it occurs and the four way communication necessary for the adaptation to changing risks and making them acceptable.
Enable recognition as a learning organization through the necessary use of the skills, knowledge and attitude of those managing and
Establish a clearly identifiable, understandable and acceptable basis for the scope of any audit.
Many of the benefits which can follow from a well-prepared internal audit programme, carried out by trained auditors in a constructive and positive way, will already be apparent. Poorly planned and executive programmers will do lasting damage to an organization and its culture.
Organization with successful programmes consistently identifies a range of interlinked direct and indirect benefits:
Customers are more likely to be attracted to, and stay with, organization who adopt a proactive approach to identifying and correcting their own shortcomings
It is possible to demonstrate to potential customers a history of improvements from an audit programme
Allows the organization to test its compliance to the external standards and regulations
Demonstrate that the organization is meeting the requirements of at least one element of the standard (where the requirement is to have an internal audit programme)
Supports the continuation of the accreditation of the management system by second and third party bodies
Improves confidence in what is being done, and how it is done
Improves the attainment of objectives of the management system (better quality, safer products, safer and healthier workplace, reduced environmental impact, better security and so on)
Identifies problems at an early stage and leads to reduced loss
Having audit reports requires corrective action to be planned and taken (other, informal, mechanisms often do not have this effect)
Disciplines managers to get their act sorted
Provoke opportunities for managers to review their part of the management system for continuing relevance, effectiveness, efficiency and so on
Brings a fresh pair of eyes to bear on a particular area (people continually operating in the same environment often become blind to the most obvious and important bad habits and associated opportunities for improvement, during the hurly-burly of everyday work)
Leads to eventual improvements in products, reviews and effectiveness of the organization (provokes review of discrepancies and improvements to operations)
Increases general awareness of good management, products and practices and the need for standard ways of working in critical areas and questions them in non-critical areas( and by having a continual audit programme, it does so continually)
Leads to convergence of interpretation and understanding of external requirements throughout the organization (more coherence)
Reduces chaos, reduces debilitating variability
Auditing requires openness and visibility in order to succeed and once seen to be succeeding, it in turn will encourage openness and visibility
Improves organizational cohesiveness:
Reduces interpersonal barriers
Re-enforces the teamwork ethic
Increases mutual understanding between functions, and between management and staff
gives insight into colleague’s way of working and can lead to cross-fertilization of ideas and good practice transfer
focuses people on the common goals of the system
increases interest in the management system and its goal
discourages complacency and improves awareness of accountability
Lends emphasis to the need for objective evidence (facts and figures) as the basis for working rather than opinions and feelings.
There are numerous benefits of an effective audit process. they include the following:
Reduced operating cost through better sufficiency, increased productivity, better planning and reduced scrap and rework. Some organizations have calculated actual return on investment on audit findings that have totaled well into six and seven figures in annual returns.
Improved safety performance. Internal audit process can have a positive impact on safety performance. A good employee training process and well-written operating instructions contribute to an effective occupational health and safety management system. When these have been combined with the accountability that audit provides, many organizations have seen substantial improvements in their s
