Introduction to Internal Audit

By : Dinesh Kumara
ACA, Bsc.(Mgt.) Sp 2nd upper
1
Content
• What is internal auditing.
• History and evolution of internal auditing.
• Key principles from the International Professional Practices Framework (IPPF).
• Comparison between internal and external auditing.
• Scope of the Internal audit functions
• Objective of the Internal audit functions
• Responsibilities of the Internal audit department
• The importance of ethics in internal auditing.
• The concept of assurance in auditing.
• How internal auditing adds value to an organization.
• Challenges faced by modern internal auditors.

2
Introduction to Internal Auditing
Internal audit is an independent assuring and counselling activity relate that is
intended to add value and improve the operations of a company. It helps a
company to fulfil its objectives by means of a systematic and methodical
approach that assesses and improves the efficiency of the risk management
processes, control and governance.

Internal audit function -An appraisal activity established or provided as service

to the entity. Its functions include, amongst other things examining, evaluating
and monitoring the adequacy and effectiveness of the internal control.

Internal auditors – Those individuals who perform the activities of the internal
audit function. Internal auditors may belong to the internal audit department or
equivalent function.

3
Key principles from the International Professional Practices
Framework (IPPF).

The Core Principles, above all, define tangible internal audit effectiveness. When all Principles are present
and operating cohesively, internal audit function achieves maximum efficiency. Though the way every
internal auditor approaches these Core Principles may vary from organization to organization, there’s no
denying that a failure to achieve any of the Principles would signal an internal audit activity that’s not
performing at its absolute best.

➢ Demonstrates integrity.
➢ Demonstrates competence and due professional care.
➢ Is objective and free from undue influence (independent).
➢ Aligns with the strategies, objectives, and risks of the organization.
➢ Is appropriately positioned and adequately resourced.
➢ Demonstrates quality and continuous improvement.
➢ Communicates effectively.
➢ Provides risk-based assurance.
➢ Is insightful, proactive, and future-focused.
➢ Promotes organizational improvement.
4
Internal Auditing vs External Audit

5
Internal Auditing vs External Audit

6
Scope of the Internal audit functions
According to the international audit standards, the scope of the internal audit
functions could include the following:

• Monitoring of internal control. The internal audit function could receive tasks
related to the review of controls, to monitor the operations and to recommend
improvements.

• Examination of financial and operational information. The internal audit

function could be assigned to review the methods used for the identification,
assessment, classification and reporting of financial and operational information,
and could perform specific investigations upon certain individual elements,
including all detailed tests related to transactions, balances and procedures.

• Review of operational activities. The internal audit function could be assigned

to examine the economy and the effectiveness of the operational activities,
including the company’s non-financial activities. 7
Scope of the Internal audit functions

Review of compliance with the laws and regulations. The internal audit function
could be assigned to examine the compliance with the provisions of laws,
regulations and other external requirements, and with the management’s policies,
with directives and other internal requirements.

Risk management. The internal audit function could assist the company in
identifying and assessing the significant risk exposures and in improving the risk
management and the control systems.

Governance. The internal audit function could assess the governance process
from the point of view of fulfilling its targets with respect to ethics and values,
efficiency and liability, by communicating the risk and the control information to
the respective areas of the company and the effectiveness of communication
between persons that are responsible for governance, internal and external
auditors and management. (IIA, 2015).
8
Objective of the Internal audit functions

The purpose of the internal audit is to provide an assurance with respect to the
degree of control upon operations carried on by a company, to guide that company
in the sense of increasing the effectiveness of the activities carried on and to
contribute to the addition of value to the economic and financial results achieved by
the company.

Therefore the authority of the internal audit department cumulates the following
rights:
- Each member of the internal audit department has free access or is accompanied
by a representative of the audited company in any location, office, warehouse,
cashier’s office, archive, production space, dispatching space, reception etc. in which
the audit member requests to enter with the purpose of carrying on his audit
mission.

9
Objective of the Internal audit functions

- The members of the internal audit department have the right to get any
accounting, financial, banking document, or any other document of a different
nature issued or received by the company or that refers to the company’s activity,
in the period subject to auditing or in previous periods in order to clarify a current
matter.

- The members of the internal audit department have the right to visualize the data
bases containing accounting information provided by the informatics programme of
the audited company.

10
Responsibilities of the Internal audit department

➢ To develop and periodically update the Operating Regulation of the internal audit
department, the Manual of procedures and policies of internal audit, the Annual
plan for the audit activities and the Programme for ensuring and improving quality.

➢ To carry on the audit missions in compliance with the internal audit norms issued
by CAFR and with the approved and updated Operating regulation.

➢ To improve their knowledge, skills and other competences that are necessary
through continuous professional training.
➢ To observe the professional principles in exercising the position held by them.

➢ To have a special vigilance with respect to the significant risks that could affect the
objectives, operations or the patrimony of the audited company.

11
The importance of ethics in internal auditing
Internal auditors are expected to apply and uphold the following principles:

Integrity
The integrity of internal auditors establishes trust and thus provides the basis for reliance on their
judgment.

Objectivity
Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and
communicating information about the activity or process being examined. Internal auditors make a
balanced assessment of all the relevant circumstances and are not unduly influenced by their own
interests or by others in forming judgments.

Confidentiality
Internal auditors respect the value and ownership of information they receive and do not disclose
information without appropriate authority unless there is a legal or professional obligation to do so.

Competency
Internal auditors apply the knowledge, skills, and experience needed in the performance of internal
audit services. 12
 The importance of ethics in internal auditing
1. Integrity

Internal auditors:

1.1. Shall perform their work with honesty, diligence, and responsibility.

1.2. Shall observe the law and make disclosures expected by the law and the profession.

1.3. Shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or
to the organization.

1.4. Shall respect and contribute to the legitimate and ethical objectives of the organization.

2. Objectivity

Internal auditors:

2.1. Shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This
participation includes those activities or relationships that may be in conflict with the interests of the organization.

2.2. Shall not accept anything that may impair or be presumed to impair their professional judgment.

2.3. Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review.
13
 The importance of ethics in internal auditing
1. Integrity

Internal auditors:

1.1. Shall perform their work with honesty, diligence, and responsibility.

1.2. Shall observe the law and make disclosures expected by the law and the profession.

1.3. Shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or
to the organization.

1.4. Shall respect and contribute to the legitimate and ethical objectives of the organization.

2. Objectivity

Internal auditors:

2.1. Shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This
participation includes those activities or relationships that may be in conflict with the interests of the organization.

2.2. Shall not accept anything that may impair or be presumed to impair their professional judgment.

2.3. Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review.
14
The importance of ethics in internal auditing
3. Confidentiality

Internal auditors:

3.1. Shall be prudent in the use and protection of information acquired in the course of their duties.

3.2. Shall not use the information for any personal gain or in any manner that would be contrary to the law or
detrimental to the legitimate and ethical objectives of the organization.

4. Competency

Internal auditors:

4.1. Shall engage only in those services for which they have the necessary knowledge, skills, and experience.

4.2. Shall perform internal audit services in accordance with the International Standards for the Professional
Practice of Internal Auditing.

4.3. Shall continually improve their proficiency and the effectiveness and quality of their services.
15
The concept of assurance in auditing.
Assurance is a process for independently ensuring the accuracy of an audit. Assurance
typically occurs after an audit and provides a second opinion on financial data, solidifying
the validity of the data. Organizations may conduct assurance processes to ensure an
auditor's report is accurate and includes all necessary information. This process can be
useful for providing additional assurance to investors, business owners and managers that
their auditing and financial reporting processes are factual and reliable.

For example, assurance may provide a report saying an audit accurately recorded the
revenue and expenses of a business. An organization then can provide its audit and
assurance report to an investor during a meeting, which could help the company secure an
investment.
Owners, management, investors, governments, regulators and other stakeholders need to rely on
the successful conduct of business activities, sound internal processes and the production of
credible information.

These operational and reporting processes enable users to make decisions and develop policies.
Confidence diminishes when there are uncertainties around the integrity of information or of
underlying operational processes. 16
Internal auditing adds value to an organization
Internal Auditing adds value by evaluating and making recommendations for: Operational and
quality effectiveness. Business risks. Business and/or process controls.

Internal Auditing adds value by evaluating and making recommendations for:

➢ Operational and quality effectiveness

➢ Business risks
➢ Business and/or process controls
➢ Process and business efficiencies
➢ Cost and waste reduction opportunities
➢ Effective corporate governance

17
 Internal auditing adds value to an organization
Exploring the Value of Internal Audit
Internal audit adds value to organizations in various ways, contributing to their success and sustainability. Let’s
delve into the key aspects of value that internal audit brings:

1. Enhancing Governance and Compliance

• Strengthening Internal Controls: Internal audit evaluates the design and effectiveness of internal controls,
helping to mitigate risks and prevent fraud or misuse of resources. By ensuring compliance with laws,
regulations, and internal policies, internal auditors promote good governance and ethical conduct.

• Identifying Compliance Gaps: Internal auditors assess the organization’s adherence to regulatory requirements
and industry standards. They identify compliance gaps and recommend corrective actions to address
deficiencies, reducing the risk of penalties, fines, or reputational damage.

2. Improving Operational Efficiency

• Optimizing Processes: Internal audit identifies opportunities for process improvements and efficiency gains. By
streamlining workflows, eliminating redundancies, and leveraging technology, internal auditors help enhance
operational efficiency and reduce costs.

• Enhancing Resource Utilization: Internal audit evaluates resource allocation and utilization across the
organization. By identifying areas of underutilization or inefficiency, internal auditors assist management in
reallocating resources to strategic priorities, maximizing value creation. 18
Internal auditing adds value to an organization

3. Mitigating Risks and Uncertainties

• Assessing Risk Exposure: Internal audit assesses the organization’s risk profile and exposure to various risks,
including operational, financial, and strategic risks. By conducting risk assessments and scenario analyses,
internal auditors help management understand and mitigate potential threats.

• Providing Early Warning Signals: Internal auditors identify emerging risks and vulnerabilities before they escalate
into significant issues. By providing early warning signals and proactive recommendations, internal audit helps
the organization anticipate and mitigate risks effectively.

4. Facilitating Informed Decision-Making

• Providing Reliable Information: Internal audit provides independent assurance regarding the reliability and
accuracy of financial and operational information. By validating data integrity and reporting practices, internal
auditors enable management to make informed decisions based on trustworthy information.

• Offering Strategic Insights: Internal audit offers strategic insights and recommendations to senior management
and the board of directors. By evaluating strategic initiatives and investment decisions, internal auditors assist in
assessing risks and opportunities, ultimately supporting the organization’s long-term objectives.

19
Challenges faced by modern internal auditors.
The main challenge faced by internal auditor is maintaining independence and objectivity.
Internal auditors live in a world of risk. They are charged with helping organizations determine
whether controls are in place to reduce risks in various processes and operations. They look for holes,
inefficiencies, inconsistencies and regulatory compliance. There are some other challenges faced by
modern internal auditors.

1. Talent shortage
Attracting and retaining internal audit staff has become a hardship in many sectors. Even though hiring
budgets for auditors have increased overall, filling positions has never been tougher. Organizations
need to be a place where auditors want to work. You need to recognize the premium workers place on
flexibility in both where they work and when their workday starts and ends. Cookie-cutter rules about
office hours and face time in the office are becoming obsolete.

2. Rise of remote work

The pandemic caused most organizations to pivot quickly to remote operations. And most employees
aren’t super excited about returning to full-time in-office work. If you don’t allow for flexibility, the
chances rise that auditors you have on staff now will flee to other organizations. You don’t want to risk
losing valued team members by failing to make your remote-work policies permanent.
20
Challenges faced by modern internal auditors.
3. Relationship-building barriers
In addition to the challenges with your own staff working remotely, you may find that working with
auditing clients remotely requires some new practices, too. Audits themselves are more likely to be
done off-site nowadays. In the past, it was easier to foster relationships with an organization
through the organic connections that developed during regular visits.

4. Evolving audit skill needs

Analytical and critical thinking skills have always been a necessity for internal auditors, but subject
matter needs are expanding exponentially. Cybersecurity, data mining and analytics, and a vast
array of IT systems require expertise that keeps growing and changing.
Even if you are fully staffed in your company’s audit department, your needs will keep evolving as
new areas of risk emerge. Stay current with those needs and be sure you have the capacity to audit
based on emerging cyber threats and new technologies.

5. Tech tool reassessment

Does your internal audit department have the right technology available to do the job? And is your
team properly trained to use those tools and systems? Audits may well benefit from applying
technologies such as continuous auditing, data analytics and cloud-based audit management
software. 21
Internal control framework

The internal control framework for most U.S. companies is the Committee
of Sponsoring Organizations of the Treadway Commission (COSO) Internal
Control—Integrated Framework, issued in 1992.

➢ The Control Environment

➢ Risk Assessment

➢ Control Activities

➢ Information and Communication

➢ Monitoring

22
Test Your Knowledge…………
(1) Which is not a correct statement relevant internal audit:
(A) It is not a statutory requirement.
(B) It is a continuous process occurred through out the year.
(C) Internal auditor is an independent party.
(D) Internal auditor provides reports only to the management.

(2) Of the following, which is a function of internal auditing:

(A) Provide true and fair view on financial statements.
(B) Examination of financial and operational information.
(C) Participating annual general meeting of the company.
(D) Cash payment to purchase machinery.

(3) Which is not a key principles from the International Professional Practices Framework ?
(A) Integrity (B) Sample testing
(C) Independence (D) Competency and due care

23
Test Your Knowledge…………
(4) External auditors appointed by
Shareholders of the company
(5) Internal auditors shall perform their work with honesty, diligence, and responsibility means
A. Confidentiality
B. Integrity
C. Competency
D. Objectivity

(6) What is the main challenge faced by internal auditors:

A. Talent shortage
B. Maintaining independence and objectivity
C. Evolving audit skill needs
D. Raise of remote works

(7) Which is not a element of internal control system:

(A) The Control Environment
(B) Risk assessment
(C) Control Activities
(D) Decentralization 24