AC 410X. Ch 19 by xiaohuicaicai

VIEWS: 0 PAGES: 23

									Internal Auditing and
     Outsourcing

                        1
         Internal Auditing
Internal auditing is an independent and
 objective assurance and consulting activity
 that is designed to add value to improve
 an organization's operations. It helps an
 organization accomplish its objectives by
 bringing a systematic, discipline approach
 to evaluate and improve the effectiveness
 of risk management, control, and
 governance processes.

                                           2
      Internal Auditing     (continued)


Exists only because it adds value to the
 organization
Must change as organizations change
Proves objective assurance to top
 management and the board
Reports problems, and also offers advice
 on needed improvements
Encompasses all the important operations
 of an organization
                                            3
Assurance & Consulting Activity
Assurance services - objective services that improve the
    Quality of information about processes
    Effectiveness of controls
    Reliability of information
    Compliance with company, regulatory, or governmental
     procedures
    Effectiveness and efficiency of operations
Consulting services:
    Advisory or partnering activities that add value and improve
     operations
    Both parties must agree on nature and scope of services
    Identifies problems and potential solutions
    Advisory; does not include decision making
                                                                    4
Assurance & Consulting Activity
                        (continued)


Systematic and Disciplined Approach
  Internal auditing standards are designed to ensure
   objective, relevant, and sufficient evidence is
   gathered and evaluated
  Internal auditors identify risks, gather evidence,
   evaluate findings, and suggest improvements
  Elements of the systematic and disciplined approach:
     Defined audit objectives
     Risk analysis
     Audit work plan
     Defined audit procedures
     Use of technology
     Independent review of audit work
     Review of conclusions with management
                                                          5
Assurance & Consulting Activity
                        (Continued)

Corporate Governance, Risk Management, and
 Control
  Good governance requires organizations implement
   processes and controls designed to ensure
     Decisions are made at the appropriate level of the
      organization
     Processes comply with organization policies and government
      regulations
     Processes are efficient and effective
     Risks are identified and factored into decisions
     Controls are properly designed and implemented
     Effective whistle-blowing function is implemented
                                                               6
     Review Internal Auditing &
      Corporate Governance
Internal auditors should:
   Understand key governance issues, stakeholders,
    and accountability to those stakeholders
   Provide analysis to determine that top management
    understands risks and have processes in place to
    address such risks
   Ensure the organization has controls to address such
    risks, and that such controls are operating effectively
   Evaluate organization's processes for determining
    operating efficiency
   Determine that operations comply with organization
    policies as well as contracts, laws, and regulations
   Determine that an effective whistle-blowing function is
    in place                                                7
       What is the internal audit
               charter?
As the statement of the internal audit's role in an
  organization, the charter accomplishes two important
  objectives:
    Defines the scope of the internal audit activity including access
     to company records
    Defines the reporting relationships that exist between the audit
     activity and others within the organization such as audit
     committee members, senior management, and operating
     management
Important issues that should be noted in the charter:
    Statement of the mission of the activity defined in terms of
     governance, risk, control, and operating efficiency
    Identification of audit accountabilities
    Defined responsibility to provide periodic reports
    Prohibition against performing operational tasks
    Identification of standards by which to judge performance of        8
     internal audit work
   Internal Auditing & the Audit
            Committee
Internal auditors assist the audit committee in a
  number of ways:
   Review the quality of internal controls over financial
    reporting
   Provide an independent viewpoint on major
    accounting issues
   Provide feedback on the efficiency of operations and
    compliance with company and regulatory policies
   Facilitate information flow to the audit committee
   Perform special projects or investigations as
    requested
                                                             9
   Internal Auditing & the Audit
            Committee
Monitor effectiveness of whistle-blowing
 activities
Evaluate whether the company has met its
 reporting objectives
Assess the "quality" of financial reporting
Evaluate the effectiveness of risk management
 processes
Provide independent assessments of risk
Provide information to facilitate monitoring of key
 risks
                                                  10
       Internal Audit Outsourcing
Recent trend for companies to outsource their internal audit
  function to public accounting or other specialize firms
This trend may slow as the SEC prohibits a CPA from
  providing both internal and external audit services for the
  same company
Possible advantages of outsourcing internal audit function.
  Service provider may:
     Have greater expertise or specialized talents
     Be able to provide service at lower cost
     Have global presence and be able to provide service without language or
      cultural problems
     Provide greater flexibility in staffing and budgeting
Possible disadvantages of outsourcing internal audit function:
     Employees may have greater knowledge of the company and its
      operations
     Loss of internal audit as a training ground to develop new managers   11
    What is value-added internal
             auditing?
Internal audit activities can be classified as:
   Risk analysis
      Organizations take risks to accomplish their objectives
      Organizations need processes to recognize risk and institute
       controls to minimize adverse outcomes
      Risk analysis examines whether processes are adequate to
       manage risks
   Information reliability
      Organizations need accurate, reliable, and timely information
      Information must also be protected
      Internal auditors perform periodic reviews of security and
       controls
                                                                    12
   What is value-added internal
         auditing? (continued)
Control effectiveness
  Controls exist to address risks
  Internal auditors provide objective assessment as to
   whether
     Controls are adequate to manage risk
     Controls are operating effectively
Operational effectiveness and efficiency
Conformance with company policies and
 procedures
Fraud investigations
                                                          13
   What are operational audits?
Evaluate organization's activities, systems,
 and controls
  Assess quality and efficiency of performance
  Identify opportunities and develop
   recommendations for improvement
Criteria for evaluation of performance
  Past operations
  Best practices for similar operations
  Stated management objectives
                                                  14
             Operational Audits
Every operational audit follows the same ten-step
   process:
   1. Understanding the operational area and management's interest
       in having the area audited
   2. Develop background information about the audit area
   3. Develop objective criteria regarding operational efficiency
   4. Perform preliminary analysis of the audit area
   5. Perform detailed risk analysis
   6. Develop and analyze data that might indicate problems
   7. Perform inquiry and testing to identify source of problems
   8. Performed detailed tests of operating activities and controls
   9. Summarize findings - prepare report and discuss with
       management
   10. Develop mechanism to follow-up on recommendations
                                                                 15
       Operational Audits                        (continued)


Detailed considerations: Establish criteria
    Objective criteria should be established prior to the audit
    Criteria should include both performance and control measures
Perform preliminary risk analysis for all operational audit
  areas
    To determine whether organization has effective risk management
     process
    To identify important controls
Perform analytical analysis
    To identify existence and source of potential operating problems
Test controls and operations
    Every operational audit will have compliance testing component
    To determine whether operations follow company policies and
     meet company standards
                                                                     16
           Compliance Audits
Performed to determine whether operations are
  being conducted in compliance with contracts,
  management's policies, or applicable laws and
  regulations
Add value because they can
  Improve operational efficiency
  Provide assurance that organization is operating
    within applicable laws and regulations

                                                      17
        Internal Auditing and
           Sarbanes-Oxley
Internal auditors are an integral part of
 assisting organizations to implement
 provisions of the Sarbanes-Oxley Act
Internal audit may assist in facilitating a
 control self-assessment by management
 assisting operating personnel understand
 controls and documentation
                                               18
      Internal Audit Standards
Standards for the Professional Practice of Internal
  Auditing (IIA):
Attribute Standards
  Purpose, Authority, and Responsibility
  Independence and Objectivity
  Proficiency and Due Professional Care
  Quality Assurance and Improvement Program
Performance Standards
  Managing the Internal Audit Activity
  Nature of Work
                                                  19
 Internal Audit Standards             (continued)


Performance Standards
  Engagement Planning
  Performing the Engagement
  Communicating Results
  Monitoring Progress
  Management's Acceptance of Risks
Implementation Standards
There may be multiple implementation
 standards derived from the concepts in the
 attribute and performance standards
                                                    20
 What is the IIA Code of Ethics?

Focuses on broad-based Principles
 and Rules of Conduct regarding:
  Integrity
  Objectivity
  Confidentiality
  Competence
                                    21
            Reporting Fraud

The IIA's Code of Ethics makes it clear that
 an internal auditor should
  "Observe the law and make disclosures
   expected by the law and the profession"
  "Not knowingly be a party to any illegal
   activity, nor engage in acts that are
   discreditable to the profession of internal
   auditing or to the organization"
                                                 22
       Reporting Fraud          (continued)


If an internal auditor uncovers evidence of
   fraud, the auditor should:
  Document the findings and include them in
   an audit report
  Report findings to the board of directors, the
   audit committee, and appropriate members of
   top management
  Consult with an attorney on actions
   appropriate to the particular case
  Consider the need for any additional
   action to disassociate from the fraud
                                                23

								
To top