what is the role of internal auditors in financial auditing?
TRANSCRIPT
What is the role of internalWhat is the role of internal
auditors in financial auditing?auditors in financial auditing?
Internal AuditingInternal Auditing
The New York Stock ExchangeThe New York Stock Exchangerequires its registrants to haverequires its registrants to have
an internal audit function.an internal audit function.
Internal AuditingInternal Auditing
It is an independent, objective assurance andIt is an independent, objective assurance andconsulting activity designed to add valueconsulting activity designed to add value
and improve an organization’s operations.and improve an organization’s operations.
It helps an organization accomplish its objectivesIt helps an organization accomplish its objectivesby bringing a systematic, disciplined approach toby bringing a systematic, disciplined approach to
evaluate and improve the effectiveness of riskevaluate and improve the effectiveness of riskmanagement, control, and governance processes.management, control, and governance processes.
What about Sarbox?What about Sarbox?
Does Sarbanes-Oxley add “legitimacy” to the IA Does Sarbanes-Oxley add “legitimacy” to the IA function?function?
Where were the internal auditors at Enron?Where were the internal auditors at Enron?
WorldCom … Waste Management … etc…WorldCom … Waste Management … etc…
Institute of Internal Auditors Institute of Internal Auditors Ethical PrinciplesEthical Principles
IntegrityIntegrity
ConfidentialityConfidentiality
ObjectivityObjectivity
CompetencyCompetency
IntegrityIntegrity
Internal auditors:Internal auditors:1.1. Shall perform their work with honesty, diligence, 1.1. Shall perform their work with honesty, diligence,
and responsibility.and responsibility.1.2. Shall observe the law and make disclosures 1.2. Shall observe the law and make disclosures
expected by the law and the profession.expected by the law and the profession.1.3. Shall not knowingly be a party to any illegal 1.3. Shall not knowingly be a party to any illegal
activity, or engage in acts that are discreditable to the activity, or engage in acts that are discreditable to the profession of internal auditing or to the organization.profession of internal auditing or to the organization.
1.4. Shall respect and contribute to the legitimate and 1.4. Shall respect and contribute to the legitimate and ethical objectives of the organization.ethical objectives of the organization.
ObjectivityObjectivity
Internal auditors:Internal auditors:2.1. Shall not participate in any activity or relationship 2.1. Shall not participate in any activity or relationship
that may impair or be presumed to impair their that may impair or be presumed to impair their unbiased assessment. This participation includes unbiased assessment. This participation includes those activities or relationships that may be in conflict those activities or relationships that may be in conflict with the interests of the organization.with the interests of the organization.
2.2 Shall not accept anything that may impair or be 2.2 Shall not accept anything that may impair or be presumed to impair their professional judgment.presumed to impair their professional judgment.
2.3 Shall disclose all material facts known to them that, 2.3 Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities if not disclosed, may distort the reporting of activities under review.under review.
ConfidentialityConfidentiality
Internal auditors:Internal auditors:3.1 Shall be prudent in the use and protection of 3.1 Shall be prudent in the use and protection of
information acquired in the course of their information acquired in the course of their duties.duties.
3.2 Shall not use information for any personal 3.2 Shall not use information for any personal gain or in any manner that would be contrary gain or in any manner that would be contrary to the law or detrimental to the legitimate and to the law or detrimental to the legitimate and ethical objectives of the organization.ethical objectives of the organization.
CompetencyCompetency
Internal auditors:Internal auditors:4.1. Shall engage only in those services for which they 4.1. Shall engage only in those services for which they
have the necessary knowledge, skills, and experience.have the necessary knowledge, skills, and experience.4.2 Shall perform internal auditing services in 4.2 Shall perform internal auditing services in
accordance with the accordance with the InternationalInternational Standards for the Standards for the Professional Practice of Internal AuditingProfessional Practice of Internal Auditing ..
4.3 Shall continually improve their proficiency and the 4.3 Shall continually improve their proficiency and the effectiveness and quality of their services.effectiveness and quality of their services.
Relationship of InternalRelationship of Internaland External Auditorsand External Auditors
The The externalexternal auditor is responsible auditor is responsibleto financial statement users.to financial statement users.
The The internalinternal auditor is responsible auditor is responsibleto management.to management.
Relationship of InternalRelationship of Internaland External Auditorsand External Auditors
CompetencyCompetency
MethodologyMethodology
ObjectivityObjectivity
Audit risk modelAudit risk model
Governmental Financial Governmental Financial AuditingAuditing
The primary source of authoritative literatureThe primary source of authoritative literaturefor performance of government audits isfor performance of government audits is
Government Auditing StandardsGovernment Auditing Standards,,which is issued by the GAO.which is issued by the GAO.
Because of the color of the cover, it isBecause of the color of the cover, it isusually referred to as the usually referred to as the ““Yellow BookYellow Book.”.”
Governmental Financial Governmental Financial AuditingAuditing
The Yellow Book standards are often calledThe Yellow Book standards are often calledgenerally accepted government auditinggenerally accepted government auditing
standards (GAGAS or GAS).standards (GAGAS or GAS).
Financial Audit and Reporting Financial Audit and Reporting Requirements – Yellow BookRequirements – Yellow Book
Materiality and significanceMateriality and significance Quality controlQuality control Compliance auditingCompliance auditing ReportingReporting Audit filesAudit files
Audit and Reporting – Single AuditAudit and Reporting – Single AuditAct and OMB Circular A-133Act and OMB Circular A-133
The threshold for requiring a single auditThe threshold for requiring a single auditwas raised from $100,000 to $300,000was raised from $100,000 to $300,000
to exempt many smaller entitiesto exempt many smaller entitiesfrom single audit requirements.from single audit requirements.
The OMB increased the single auditThe OMB increased the single auditthreshold to $500,000 beginning in 2004.threshold to $500,000 beginning in 2004.
Audit and Reporting – Single AuditAudit and Reporting – Single AuditAct and OMB Circular A-133Act and OMB Circular A-133
The office of Management and Budget issuedThe office of Management and Budget issueda revised Circular A-133, a revised Circular A-133, Audits of States,Audits of States,
Local Governments, and Non-ProfitLocal Governments, and Non-ProfitOrganizations, Organizations, to provide administrativeto provide administrative
guidance for implementing theguidance for implementing thesingle audit requirements.single audit requirements.
Audit RequirementsAudit Requirements
The audit should be in accordanceThe audit should be in accordancewith generally accepted governmentwith generally accepted government
auditing standards (GAGAS).auditing standards (GAGAS).
The auditor must obtain an understandingThe auditor must obtain an understandingof internal control over federal programsof internal control over federal programs
sufficient to support a low assessedsufficient to support a low assessedlevel of control risk for major programs.level of control risk for major programs.
Audit RequirementsAudit Requirements
The auditor should determine whether the clientThe auditor should determine whether the clienthad complied with laws, regulations, and thehad complied with laws, regulations, and theprovisions of contracts or grant agreementsprovisions of contracts or grant agreementsthat may have a direct and material effectthat may have a direct and material effect
on each of its major programs.on each of its major programs.
Reporting RequirementsReporting Requirements
an opinion on whether the financial statementsan opinion on whether the financial statementsare in accordance with GAAP, and an opinionare in accordance with GAAP, and an opinionas to whether the schedule of federal awardsas to whether the schedule of federal awardsis presented fairly in all material respects inis presented fairly in all material respects inrelation to the financial statements as a wholerelation to the financial statements as a whole
Reporting RequirementsReporting Requirements
a report on internal control related to thea report on internal control related to thefinancial statements and major programsfinancial statements and major programs
a report on compliance with laws,a report on compliance with laws,regulations, and the provisions ofregulations, and the provisions ofcontracts or grant agreementscontracts or grant agreements
a schedule of findings and questioned costsa schedule of findings and questioned costs
Reporting RequirementsReporting Requirements
reasonable (positive) assurance related reasonable (positive) assurance related to items testedto items tested
limited (negative) assurance related to limited (negative) assurance related to items not tested (usually includes items not tested (usually includes ““nonmajor” programs)nonmajor” programs)
Operational AuditingOperational Auditing
The purpose of operational auditing is toThe purpose of operational auditing is todetermine the efficiency and effectivenessdetermine the efficiency and effectiveness
of any part of an organization.of any part of an organization.
Differences between OperationalDifferences between Operationaland Financial Auditingand Financial Auditing
Distribution ofDistribution ofthe reportsthe reports
Inclusion ofInclusion ofnonfinancial areasnonfinancial areas
Purpose ofPurpose ofthe auditthe audit
EffectivenessEffectiveness refers to the refers to theaccomplishment of objectives.accomplishment of objectives.
EfficiencyEfficiency refers to the resources used refers to the resources usedto accomplish those objectives.to accomplish those objectives.
Effectiveness Versus Effectiveness Versus EfficiencyEfficiency
Types ofTypes ofinefficiencyinefficiency ExampleExample
Acquisition of goods andAcquisition of goods andservices is excessively costly.services is excessively costly.
Bids for purchases ofBids for purchases ofmaterials are not required.materials are not required.
Raw materials are notRaw materials are notavailable when needed.available when needed.
An assembly line was shutAn assembly line was shutdown for lack of materials.down for lack of materials.
A duplication of effort byA duplication of effort byemployees exists.employees exists.
Production and accountingProduction and accountingkeep identical records.keep identical records.
Effectiveness Versus Efficiency
EffectivenessEffectiveness
Can a process be “effective” if it is inefficient? Can a process be “effective” if it is inefficient?
Relationship between OperationalRelationship between OperationalAuditing and Internal ControlsAuditing and Internal Controls
Reliability of financial reportingReliability of financial reporting
Efficiency and effectiveness of operationsEfficiency and effectiveness of operations
Compliance with applicable laws and regulationsCompliance with applicable laws and regulations
Types of Operational AuditsTypes of Operational Audits
FunctionalFunctional
OrganizationalOrganizational
Special assignmentsSpecial assignments
CPA firmsCPA firms
GovernmentGovernmentauditorsauditors
InternalInternalauditorsauditors
Who PerformsWho PerformsOperational AuditsOperational Audits
The two most important qualities forThe two most important qualities for an operational auditor are:an operational auditor are:
Independence and Competence Independence and Competence of Operational Auditorsof Operational Auditors
IndependenceIndependence CompetenceCompetence
IndependenceIndependence
Is this the same kind of “independence” that financial auditors have?
How can an operational auditor be How can an operational auditor be independent?independent?
Specific Criteria for Evaluating Specific Criteria for Evaluating Efficiency and EffectivenessEfficiency and Effectiveness
Were all plant layoutsWere all plant layouts approved by home office approved by home office engineering at the time of original design?engineering at the time of original design?
Has home office engineering done a reevaluationHas home office engineering done a reevaluationstudy of plant layout in the past five years?study of plant layout in the past five years?
Specific Criteria for Evaluating Specific Criteria for Evaluating Efficiency and EffectivenessEfficiency and Effectiveness
Is each piece of equipment operatingIs each piece of equipment operatingat 60% of capacity or more forat 60% of capacity or more forat least three months each year?at least three months each year?
Does layout facilitate the movement ofDoes layout facilitate the movement ofnewnew materials to the production floor?materials to the production floor?
Does layout facilitate the productionDoes layout facilitate the productionof finished goods?of finished goods?
Specific Criteria for Evaluating Specific Criteria for Evaluating Efficiency and EffectivenessEfficiency and Effectiveness
Does layout facilitate the movement ofDoes layout facilitate the movement offinished goods to distribution centers? finished goods to distribution centers?
Does the plant layout effectively useDoes the plant layout effectively useexisting equipment?existing equipment?
Is the safety of employees endangeredIs the safety of employees endangeredby the plant layout?by the plant layout?
Sources of CriteriaSources of Criteria
Historical performanceHistorical performance
BenchmarkingBenchmarking
Engineers standardsEngineers standards
Discussion and agreementDiscussion and agreement
Phases in Operational AuditingPhases in Operational Auditing
PlanningPlanning
Evidence accumulation and evaluationEvidence accumulation and evaluation
Reporting and follow-upReporting and follow-up
PlanningPlanning
• Scope of engagementScope of engagement
• StaffingStaffing
• Background informationBackground information
• Understand internal controlUnderstand internal control
• Decide on appropriate evidenceDecide on appropriate evidence
Evidence AccumulationEvidence Accumulationand Evaluationand Evaluation
• DocumentationDocumentation
• ClientClient
• ObservationObservation
Reporting Follow-upReporting Follow-up
• Report usually sent to managementReport usually sent to management
• Tailored reportsTailored reports
• Follow-up on recommendationsFollow-up on recommendationswith managementwith management
Examples of OperationalExamples of OperationalAudit Findings (from text)Audit Findings (from text)
• Outside janitorial firm saves $160,000Outside janitorial firm saves $160,000
• More timely credit memo processingMore timely credit memo processing
• Use the right toolUse the right tool
• Computer programs save manual laborComputer programs save manual labor