PREPARED BY NEENA MOL – ACCA FACULTY

12) INTERNAL AUDIT

INTRODUCTION
Internal audit as defined by the IIA (Institute of internal auditors):

“An independent, objective assurance and consulting activity designed to add value
and improve an organisation’s operations. It helps an organisation accomplish its
objectives by bringing a systematic disciplined approach to evaluate and improve
the effectiveness of risk management, control, and governance processes.”

The institute of internal auditors is the global authority on internal audit as it is the
only professional body focused exclusively on internal auditing.

Unlike external audit, internal auditors do not require professional qualification’s

nor are they required to be a member of a qualifying body. Despite these issues,
stakeholders remain comforted by companies who have internal audit functions
within the Company.

THE NEED FOR INTERNAL AUDIT

Having an internal audit function is generally seen by stakeholders as adding
additional comfort because the function review, monitor and feedback on risks,
controls and governance.

Internal audit functions are not required by law in the UK however, all companies
required to follow corporate governance are required to have an internal audit
function as part of the governance code. By contrast, corporate governance in the
USA is law and requires all those companies following the code to have an internal
audit function.

Smaller and family owned and managed companies see little relevance for internal
audit functions due to their size and the hands-on nature of the management who
are often also the owners of the business.

The need for the internal audit therefore tends to be depend upon the following
factors:

• Scale, Diversity and Complexity of Activities – In diversified organisations,

there is a risk that controls may not work effectively because of delegation of
responsibilities. Internal auditors can report back to the audit committee if the
controls are not working effectively. The more complex the organisation is,
the greater the benefit obtained from having an IA function as there is greater
risk of things going wrong. With larger organisations the consequences of

PREPARED BY NEENA MOL – ACCA FACULTY

PREPARED BY NEENA MOL – ACCA FACULTY

poor controls/risk management/corporate governance practices are likely to

be greater.
• No of Employees – there is a risk of fraud when there exists high number of
employees within an entity.
• Cost/benefit considerations – It is worthwhile to establish an internal audit
department when the benefit of having internal audit department outweighs
the cost of establishing one.
• Desire of board to have assurance and risks and controls – the board may
wish to have comfort over the operations of the company through ongoing
monitoring carried out by the internal auditors which will help them
discharge their responsibilities.

THE ELEMENTS OF BEST PRACTISE IN THE STRUCTURE

AND OPERATIONS OF INTERNAL AUDIT
As previously mentioned, internal auditors are not required to hold a qualification
nor are they required to be a member of a professional body, however best practice is
that internal auditors are members of IIA and hold one of the IIA qualifications i.e.
CIA (Certified Internal Auditor)

IIA recommend an optimal reporting structure to ensure internal auditors remain

independent. Note that the issues with independence come from the fact that internal
auditors are employees of the company which calls into question their independence.
The IIA therefore believe that internal audit should report into a body of NED’s (Audit
committee) from a functional view point (functional meaning that they are assessed
and reviewed by this body).

The IIA has also an IPPF (Internal Professional Practices Framework) in place to help
provide guidance to its members regarding independence and number of other
matters relating to the structure and operations of the internal audit department.

DIFFERENCE BETWEEN EXTERNAL AND INTERNAL AUDIT

EXTERNAL AUDIT INTERNAL AUDIT
Objective Express an opinion on Review the
the FS effectiveness and
efficiency of internal
controls
Reporting Shareholder’s Management or those
charged with governance
Appointment and Shareholder’s Audit committee or
removal board of directors

PREPARED BY NEENA MOL – ACCA FACULTY

PREPARED BY NEENA MOL – ACCA FACULTY

Relationship with Must be independent of May be employees

company the Company which limits
independence
Legal required recommended
Events Focused on past events Focuses on past,
present and future
events
Information Concerned with Concerned with both
financial information financial and non-
financial information

LIMITATIONS OF INTERNAL AUDIT

• Internal auditors may be employees of the company they are reporting on and
therefore may not wish to raise issues in case they lose their job.
• Internal auditors do not need to be qualified or be members of a professional
body. This can lead to inconsistencies of the quality of work and
professionalism demonstrated.
• In many organisation’s the internal audit department do not use the optimal
reporting structure. For example, some companies have the internal audit
department report to the finance director who is an employee of the Company
and his/her department is subject to audit. Hence, reducing the independence
of internal audit.
• Members of the internal audit may provide consulting activities which they
then go on to audit resulting in a self-review threat. The chief internal auditor
must ensure that teams are segregated within the internal audit department to
ensure this threat does not materialise.
• Internal audit staff may have been employed for a long period of time which
may limit their effectiveness because they became too familiar with the work or
the clients. The chief internal auditor should therefore rotate staff and ensure
the work is independently reviewed.

OUTSOURCING INTERNAL AUDIT

Outsourcing is where an external company provide the internal audit service rather
than having an in-house department of employees.

ADVANTAGES AND DISADVANTAGES OF OUTSOURCING INTERNAL AUDIT

ADVANTAGES DISADVANTAGES
It is cost effective as the cost of employing Blurring external and internal audit roles
permanent staff is avoided. especially if external audit provides both
services

PREPARED BY NEENA MOL – ACCA FACULTY

PREPARED BY NEENA MOL – ACCA FACULTY

Competent, experienced staff will be Lack of business knowledge

performing the internal audit which
improves the quality of work done
Risk of staff turnover passed to Cost may take precedence over
outsourcing firm effectiveness
Specialist skills may be more readily Flexibility and availability may not be as
available high as with an in-house function
Be seen to be independent of the client Pressure on the independence of the
and management outsourced function due to threat by
management not to renew the contract
Better technology Possible conflict of interest if external
auditors also conduct internal audit
Reduced management administration Lack of controls over services provided
time
No recruitment fees
It is preferred for companies who require
individual assignments as the internal
auditors can be appointment as and
when they are required

SCOPE OF INTERNAL AUDIT

The main key roles of the internal auditors are as follows:

• Evaluating the company risks identification and management processes.
• Testing the effectiveness of internal controls
• Assessing the reliability of financial and operational information
• Assessing compliance with laws and regulations
• Providing recommendation on the prevention and detection of fraud as well as
internal controls.
• Assessing whether the company is complying with corporate governance
principles.

OTHER INTERNAL AUDIT ASSIGNMENTS

There are many other assignments which the internal auditors can perform other than
reviewing the internal controls of the company which are as follows:

VALUE FOR MONEY (VFM) AUDIT

VFM aims to obtain the best possible combination of goods or services for the least
resources. VFM requires review of the 3 “E’s”.
• Economy – obtaining the best quality of resources for the least cost
• Efficiency – obtaining the maximum output with the best use of resources
• Effectiveness – achieving the goals and targets.

PREPARED BY NEENA MOL – ACCA FACULTY

PREPARED BY NEENA MOL – ACCA FACULTY

IT AUDIT
IT audits may look at one or more of the following:
• Company is getting value for money from their IT systems
• Management and maintenance of equipment
• Internal Controls within IT system are operating effectively
• Assessing the reliability of the system
• IT external contracts i.e. the software maintenance

FINANCIAL AUDIT
The main aims of a financial audit are to ensure that the financial information is reliable
and produced on a timely basis.
Financial information includes financial statements, budgets or forecasts and
management accounts.
This type of audit is like an external audit and some of the work may be relied upon
by the external auditor which in turn reduces the work of the external auditor in those
areas.
For external auditors to use internal auditors work as evidence for their audit, there
are number of considerations to be made.

FRAUD INVESTIGATION
This may involve detecting fraud, identifying the perpetrator, quantifying the loss to
the company due to the fraud, providing recommendations on how the company can
protect itself against fraud in the future.

MYSTERY SHOPPER VISITS

For retail and service companies the internal audit staff can pose as customers to
ensure that customer service is at the required level.

PROVIDING DIRECT ASSISTANCE TO THE EXTERNAL AUDITOR

Internal audit staff can help the external auditor with their procedures under their
supervision

OPERATIONAL AUDIT
Operational audits look at business operations that is procurement, marketing etc.
The audit reviews the effectiveness of operational controls and identifies areas for
improvement including recommendations from internal audit.

REPORTING
There is no formal reporting structure for internal audit unlike an internal audit report.
The format is usually agreeing with the audit committee or board of directors prior to
commencing the assignment.

PREPARED BY NEENA MOL – ACCA FACULTY

PREPARED BY NEENA MOL – ACCA FACULTY

These are for internal use only. The external auditors may inspect them if they are
intending on placing reliance on the work of internal audit.

An internal audit report will include:

• Terms of reference – the requirements of the assignment.
• Executive summary – the key risks and recommendations that are described
more fully in the body of the report
• Body of the report – a detailed description of the work performed and the result
of that work.
• Appendix – Containing any additional information that doesn’t belong in the
body of the report but which is relevant to the assignment.

PREPARED BY NEENA MOL – ACCA FACULTY