Premium Essay

Internal Audit

In: Business and Management

Submitted By chongchen
Words 2434
Pages 10
Internal Control

Topic List

1. What is internal control? 2. Components of internal control 3. Information about controls

Learning outcomes

On completion of this section you should be able to: • State the reasons for organisations having effective systems of controls • Identify factors which contribute to an effective control environment • Identify the components of internal control in both manual and IT environments • Identify types of control activity • Distinguish between general controls and application controls • Identify inherent limitations of a system of internal controls • Specify the composition of an audit committee
Internal Control

Internal control: ‘The process designed, implemented and maintained by those charged with governance*, management, and other personnel to provide reasonable assurance about the achievement of an entity’s objectives with regard to:-

• Effectiveness and efficiency of operations • Reliability of financial reporting, • Compliance with applicable laws and regulations.

The term “controls” refers to any aspects of one or more of the components of internal control.

A key audit question is:

“How does management control the business?”

*Usually directors - remember the difference between exec and non-exec

Company Objectives

• To ensure it correctly reports its financial position to shareholders • To ensure it operates effectively and efficiently • To ensure it complies with relevant laws and regulations • (perhaps among others…)

To meet these objectives, the directors will:

i. Identify risks to that may stop these objectives being met ii. Implement controls to mitigate these risks

Reasons for internal controls

The reasons for internal controls include:

• Preventing and detecting…...

Similar Documents

Premium Essay

Internal Audit

...Internal Audit Chapter 5 Review 1. A business process is the set of connected activities linked with each other for the purpose of achieving an objective or goal. 2. Two general types of business processes are present in most organizations that deliver goods and services: the operating processes and the management and support processes. The operating processes include strategic planning, product and service design and development, marketing, production/delivery, invoicing, and collection. The management and support processes include obtaining and managing the organization’s human resources (this could include hiring, training, benefits), managing financial resources (including budgeting, financial accounting, treasury), managing the information technology resources, managing physical resources (facilities management, security, maintenance, etc.), the organization’s compliance and governance systems, and the process for managing the organization’s external stakeholders (government relations, public relations, etc.). 5. A top-down approach begins at the entity level with the organization’s objectives, and then identifies the key processes critical to the success of each of the organization’s objectives. A bottom-up approach begins by looking at all processes directly at the activity level, and then aggregates the identified processes across the organization. 7. The two common methods used to document processes are process maps and process write-ups. Process...

Words: 4393 - Pages: 18

Premium Essay

Internal Audit

...Internal Audit Internal auditing is a self-governing, objective assurance and consulting movement designed to add value and advance an organization's operations. The main objective of the internal audit activity is to determine whether the organization/company’s network of risk management, control, and governance processes, as designed and represented by the management, is adequate and functioning in a manner to ensure: risks are identified and managed, objectives are achieved, and compliance with policies are met. Along with internal auditing come developments, including standards and risk assessments for accounting and reporting practices. Sarbanes-Oxley Act The Sarbanes Oxley Act (the “Act”) of 2002 is a federal law passed in response to major corporate and accounting scandals including those of Enron, Tyco International, and Worldcom. These accounting scandals gave pause to the accounting world because of how complex and encompassing they were. They resulted in a decline of public trust in both accounting and reporting practices. It was then when the government realized that major reform was needed. This Act is now mandatory in the accounting world. All companies, whether small or large, must comply with the act. The corporate responsibility section of the Act calls for the establishment of an audit committee. The Act requires that all members of the audit committee be independent. Companies must disclose whether or not the audit committee includes at least one......

Words: 527 - Pages: 3

Premium Essay

The Role of Internal Audit in Erm

...29, 2004 The Role of Internal Auditing in Enterprise-wide Risk Management In conjunction with the newly released Committee of Sponsoring Organizations of the Treadway Commission (COSO) Enterprise Risk Management - Integrated Framework, The Institute of Internal Auditors (IIA), in coordination with its IIAUK and Ireland affiliate, has issued a position paper on The Role of Internal Audit in Enterprise-wide Risk Management. The paper's purpose is to assist chief audit executives (CAEs) in responding to enterprise risk management (ERM) issues in their organizations. The paper suggests ways for internal auditors to maintain the objectivity and independence required by The IIA's International Standards for the Professional Practice of Internal Auditing (Standards) when providing assurance and consulting services. Internal auditing's core role with regard to ERM is to provide objective assurance to the board on the effectiveness of an organization's ERM activities to help ensure key business risks are being managed appropriately and that the system of internal control is operating effectively Recommended Roles The main factors CAEs should take into account when determining internal auditing's role are whether the activity raises any threats to the internal auditors' independence and objectivity, and whether it is likely to improve the organization's risk management, control, and governance processes. The IIA's position paper indicates which roles internal auditing should and......

Words: 3877 - Pages: 16

Free Essay

Audit Pengendalian Internal

...digunakan oleh auditor dalam pemerolehan pemahaman atas pengendalian intern, namun digunakan untuk menilai efektifitas pengendalian intern. 3. apakah auditor independen disyaratkan untuk menggunakan pekerjaan yang dilaksanakan auditor internal? Tidak, Auditor independen tidak disyaratkan untuk menggunakan pekerjaan yang dilaksanakan auditor internal. Auditor Independen dapat memutuskan untuk menggunakan atau tidak menggunakan pekerjaan auditor internal. Hal ini tergantung bila auditor independen telah menentukan bahwa pekerjaan auditor internal tersebut kemungkinan relevan dengan audit yang dilakukannya yang diketahui dari hasil evaluasi auditor independen dan prosedur audit atas pekerjaan auditor internal untuk menentukan kecukupan pekerjaan tersebut untuk tujuan auditor independen , dan pengaruh yang direncanakan dari pekerjaan Auditor internal terhadap sifat, waktu, atau luas prosedur Auditor Eksternal karena jika auditor internal bekerja secara efektif dan menghasilkan pekerjaan yang relevan dengan audit yang dilakukan auditor independen maka auditor independen dapat mengurangi risiko pengendalian secara signifikan dan mengurangi pengujian substantif sehingga dapat dikatakan berpengaruh terhadap sifat, waktu atau luasnya prosedur audit yang dilakukan auditor eksternal. 4. Contoh faktor-faktor risiko yang berkaitan dengan salah saji sebagai akibat kecurangan dalam pelaporan keuangan (fraudulent financial reporting) b) Faktor-faktor risiko yang......

Words: 1014 - Pages: 5

Premium Essay

Internal Audit

...The Art Of Auditing Internal Auditor, August, 2000 by Lawrence Metzger "Creativity" and "auditor" are not contradictory terms. In fact, creative thinking is the linchpin of effective internal auditing--and it's a skill you can learn and polish. The work of internal auditors is as much an art as it is a science or technique. The internal audit process encompasses far more than a series of rote checklists; it is much more akin to an archeological dig, where layers of information are methodically uncovered. To connect and understand the layers of organizations, the internal auditor must be able to think creatively. Not only is creativity an inherent aspect of successful internal auditing, but it has become a hot, sought-after commodity in all fields. In his book Jamming, John Kao observes that we are living in an age of creativity. He argues, for example, that global competition is increasingly about a company's ability to mobilize its ideas, talents, and creative abilities. Kao maintains, along with other observers, that companies will increasingly be measured by their knowledge, and he emphasizes that creativity is the crucial variable in the process of turning knowledge into value. Knowledge is more than mastery of facts and data; it is also insight-the ability to see into a situation and make connections. Ideas are interconnected insights that we can grab and run with. And it is creativity that enables the transformation of one form of knowledge to the next. Kao states that...

Words: 2783 - Pages: 12

Premium Essay

Internal Audit

...AUD 610 TUTORIAL 1 (Professional conduct and ethics) Question 1 For each of the following situations, discuss whether there has been any violation of ethical conduct. Support your answers by reference to the relevant professional code and ethics. I. Wani is a CPA, a partner with Joe and Wani, a CPA firm. Her husband owns 30 percent of shares in an audit client of the firm, but she does not take part in the audit of the client and the value of her shares is not material in relation to her husband’s wealth. a) Yes this is violation. b) Under MIA By-Laws ; Professional Independence means unbiased viewpoint in the performance of audit test, evaluation of result and issuance of audit report. c) The reason is husband Wani holds 30 percent of shares in and audit client of her firm. Stated that in Section 290 MIA By-Laws, auditor are not considered to be independent if he or is spouse, or dependent son or daughter or any son or daughter holds directly or indirectly any interest in shares of the company. II. Fahmi is an audit partner of Amin & Ahmad. He is assigned to an audit engagement for Idaman Bhd. Fahmi’s son is working as an engineering in Idaman Bhd. a) No this is not violation. b) Under MIA By-Laws ; Professional Independence which is financial interest treats. If a member or immediate family has any financial interest directly or indirectly in the entity, then the said member is prohibited from accepting appointment as an auditor of the company. However the......

Words: 673 - Pages: 3

Premium Essay

Internal Control in Audit

...Internal Control Understanding and Documentation Project- EICO Iman H. Al Shawab Table of Contents Part I - Understanding of Entity and Business Environment: 3 Business Overview: 3 Suppliers: 3 Operations: 4 a. Suppliers 4 b. Customers: 5 Part II- Understanding of the Entity’s Internal Control Design and Implementations: 6 Part III: Audit EICO 11 Accepting the Audit and Perform Initial Audit Planning 11 Part I - Understanding of Entity and Business Environment: Business Overview: Emirates Industrial Converting Factory (abbreviated EICO) which is divided into three separate divisions, carton, plastic and tissue. EICO is a manufacturing company which is owned by a local investor Mr. Bader Fares, hence it is a sole proprietorship. It is located in Industrial Area # 15 – Sharjah, UAE. As the other companies in the region, the main contacting channels of this company are through phone +97165344122, fax +97165344133, P.O Box 27074 and email In order to get the information needed to analyze the internal control procedures of this company we needed to carry out interviews with the responsible manager at the carton division at EICO. Specifically, we interviewed the Administration manager at EICO Mr Amer Al Meslat. As stated above, EICO is divided into three divisions and this paper will be concentrating on the carton division. This division operates in the carton industry, specifically in the packaging part of the industry.......

Words: 4063 - Pages: 17

Premium Essay

Benefits of an Internal Audit

...An internal accountant is a helpful resource to help reform an organization with a out-of-control system. In the following paragraphs there will be information provided to justify the benefits of using an internal auditor to help the client’s organization. There will also be a referral of a prime candidate for an internal auditor based on his or her background. Lastly there will be an explanation of how the candidate’s background will be beneficial to client. Benefits of using an Internal Audit Internal auditor’s role in the organization is to monitor, assess and analyze the risk and controls of the organization. They do this by reviewing and confirming the information in the organization’s policy and procedures. The internal audit in a large organization is not performed by just one person. It is usually done by a team of auditors and they are assigned to different departments within the organization that needs auditing of its procedures and processes. These audits may also include the audit of its computer systems to make sure certain controls are in place. The benefits of an internal audit is to provide upper management and the audit committee assurance that the risks are low and the organizations governance is solid. The internal auditors also makes recommendations in an effort to enhance its policies, processes, and procedures (Cornell University, 2007). According to Cornell University (2007), “Internal auditors sometimes look at the same data or perform some of the......

Words: 603 - Pages: 3

Premium Essay

Internal Audit

...Internal Audit Guidebook Providing a framework for understanding and delivering Grant Thornton’s Internal Audit Services in a consistent, high-quality way 2012 Internal audit guidebook 1 Contents Page Introduction 2 Common service delivery methodology 6 Determine client needs 8 Scope and arrange work 10 Plan 13 Analyze and assess 20 Report and recommend 28 Implement 32 Evaluate 33 Determine business and technology context 36 Manage engagement performance, quality and risk 38 Communicate and enable change 40 Appendix 42 Internal audit engagement checklist 43 © Grant Thornton LLP. All rights reserved. Updated August 1, 2012 Internal audit guidebook 2 Introduction What is internal audit? The Institute of Internal Auditors (IIA) defines internal auditing as: Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. (1010) An internal audit objectively assesses the management of risks that a company faces. (2100 series) The aim is to • understand the current state, • assess the current state using appropriate standards and criteria, and • develop findings and......

Words: 15851 - Pages: 64

Premium Essay

Internal Audit

...Chapter 1 Internal audit is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It help an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management control, and government processes. Objective- what an organization wants to achieve. Strategy- how management plans to achieve to organization’s objective. 4 types of objectives -Strategic objectives: value creation choices management makes on behalf of the organization’s stakeholders. -Operations objectives: effectiveness of and efficiency of the organization’s operations. -Reporting objectives: reliability of internal and external reporting of financial and nonfinancial information -Compliance objectives: adherence to applicable laws and regulations Governance is the process conducted by the board of directors to authorize, direct, and oversee management toward the achievement of the organization’s objectives. Risk management is the process conducted by management to understand and deal with uncertainties that could affect the organization’s ability to achieve its objectives. Control is the process conducted by management to mitigate risks to acceptable levels. Independence is the freedom from conditions that threaten objectivity or the appearance of objectivity. Objectivity is an unbiased mental attitude that allows internal auditors to......

Words: 989 - Pages: 4

Premium Essay

10 Imperatives for Internal Audit

...Journal of Accountancy Title: 10 Imperatives for Internal Audit Author: Ken Tysiac This article discussed how internal auditing professionals must be go above and beyond to combat risks and threats in the business world of today. The Institute of Internal Auditors issued a report outlining ten main areas that internal auditors can improve upon to meet these challenges. The ten key areas were as follows: anticipate the needs of stakeholders; develop forward looking risk management practices; continually advise the board and audit committee; be courageous; support the business objectives; identify, monitor and deal with emerging technology risks; enhance audit findings through greater use of data analytics; go beyond the IIA’s standards; recruit, motivate, and retain great team members; and invest in yourself. The first item up for discussion in the report is anticipating the needs of stakeholders. Internal Auditors should communicate more with business heads and other audit committees to better serve the clients expectations when developing audit plans. Another one of the ten key points that was addressed is being courageous in reporting to the stakeholders. Internal auditors should not be afraid to provide constructive criticism to the stakeholders and also be able to take what comes in return. The article states that Internal Auditors must be prepared to handle conflict. The last item in the report states that internal Auditors should recruit, motivate, and......

Words: 298 - Pages: 2

Premium Essay

Internal Audit Principles

...INTERNAL AUDIT PRINCIPLES The main and ancillary objectives of an internal audit The main objective of internal auditing is to assist members of executive and senior management in the effective discharge of their duties and responsibilities with regard to risk management, control and governance processes. To this end, the internal auditor furnishes them with analyses, appraisals, recommendations, counsel and information concerning the activities reviewed. The discovery of errors and fraud is the ancillary objective of internal auditing. The internal auditor as an adviser to members of the organization As an adviser, the internal auditor examines and reviews the activities of the organization in order to evaluate them with a view to furnishing members of the organization with advice, information and recommendations that will enable them to discharge their duties effectively. As an adviser, the internal auditor merely offers advice, gives information or makes recommendations. The ultimate decision whether or not to accept this advice or information or to implement these recommendations, therefore always rests with executive management. The internal audit activity should never possess the organizational power to force top executive management to accept the audit results. Management may decide to: 1. accept the auditor’s recommendations, in which case the internal auditor must ascertain that the corrective action taken is achieving the desired results, or ...

Words: 36187 - Pages: 145

Premium Essay

Internal Audit

...attracting and retaining skilled employees. Internal audit is no different. The numerous career options available to new entrants and the seasoned audit practitioner make it imperative for audit managers to continually re-evaluate their approaches to ensure that the internal audit department is adequately staffed both in terms of numbers as well as skill sets to discharge its functions effectively. The IIA Attribute Standards / and Performance Standards are very clear and definitive on this: i) Attribute Standard 1210 - Proficiency Internal auditors should possess the knowledge, skills and other competencies needed to perform their individual responsibilities. The internal audit activity collectively should possess or obtain the knowledge, skills and other competencies needed to perform its responsibilities. ii) Performance Standard 2030 - Resource Management The Chief Audit Executive should ensure that internal audit resources are appropriate, sufficient and effectively deployed to achieve the approved plan. Professionalism Internal auditing is grounded in professionalism and efficiency. Today's internal auditors are a far cry from the 'fault finders' or 'policeman' role that the profession has long been associated with. Modern day internal auditors are routinely consulted on all aspects of the organisation's activities from strategic planning issues to the standard day-to-day operational issues relating to the risk environment and internal control framework. They are......

Words: 2392 - Pages: 10

Premium Essay

Internal Audit

...Framework A successful organization is built on a solid framework of data and information. The Framework explains how IT processes deliver the information that the business needs to achieve its objectives. This delivery is controlled through 34 high-level control objectives, one for each IT process, contained in the four domains. The Framework identifies which of the seven information criteria (effectiveness, efficiency, confidentiality, integrity, availability, compliance and reliability), as well as which IT resources (people, applications, technology, facilities and data) are important for the IT processes to fully support the business objective. Audit Guidelines Analyze, assess, interpret, react, implement. To achieve your desired goals and objectives you must constantly and consistently audit your procedures. Audit Guidelines outlines and suggests actual activities to be performed corresponding to each of the 34 high-level IT control objectives, while substantiating the risk of control objectives not being met. Control Objectives The key to maintaining profitability in a technologically changing environment is how well you maintain control. COBIT’s Control Objectives provides the critical insight needed to delineate a clear policy and good practice for IT controls. Included are the statements of desired results or purposes to be achieved by implementing the 318 specific, detailed control objectives throughout the 34 high-level control......

Words: 666 - Pages: 3

Premium Essay

Internal Audit Role

...Internal audit’s role in modern corporate governance Thought leadership series Risk and Advisory Services Internal audit’s role in modern corporate governance Recent events have highlighted the critical role of boards of directors in promoting good corporate governance. In particular, boards are being charged with ultimate responsibility for the effectiveness of their organisations’ internal control systems. An effective internal audit function plays a key role in assisting the board to discharge its governance responsibilities. Yet how does the board – and its audit committee – satisfy itself that internal audit is functioning effectively and efficiently? The board’s responsibility for internal controls Through working with a broad range of organisations in Hong Kong and internationally, KPMG has identified a number of best practices in relation to the role played by the board audit and/or risk management committees. s Recent events have highlighted the critical role of boards of directors in s s s s s s s Assessing the scope and effectiveness of the systems established by management to identify, assess, manage and monitor the various risks arising from the organisation’s activities. Ensuring senior management establishes and maintains adequate and effective internal controls. Satisfying itself that appropriate controls are in place for monitoring compliance with laws, regulations, supervisory requirements and relevant internal policies....

Words: 2896 - Pages: 12