INTERNAL

AUDITING
FUNCTIONS AND
ACTIVITIES
“There are two types of auditor
in the accounting world - those
whose opinion you can rely on,
and those whose opinion you
can't”

START
 a state of mind which allows When an audit report states
the individual to make that ‘the audit view is...’
judgements, based upon all this should provide a
the available evidence comment on the state of
relating to the situation, in a internal controls. Where
state of emotional and used to provide an
psychological detachment advantage for the audit
from the situation or decision function, credibility is
risked.
IMPARTIALITY VALID OPINION

OBJECTIVITY UNBIASED
Readers of audit reports VIEWS
Objectivity may be
seen as not being require the auditors to
influenced by improper complete work to
motives while professional standards
impartiality is not taking with the audit opinion
sides properly derived from
this work.
 THREATS TO INDEPENDENCE

Self-Interest Threat
A self-interest threat exists if the auditor holds a direct
or indirect financial interest in the company or depends
on the client for a major fee outstanding.

Example
The audit team is preparing to conduct its 2020 audit
for ABC Company. However, the audit team has not
received its audit fees from ABC Company for their
2019 audit.
Issue
The audit team may issue a favorable report so that the
company is able to secure a loan to settle the fees
outstanding for their 2019 audit.
 THREATS TO INDEPENDENCE

Self-Review Threat
A self-review threat exists if the auditor is auditing
his or own work or work that is done by others in
the same firm.

Example
The auditor prepares the financial statements for
ABC Company while also serving as the auditor for
ABC Company.

Issue
By having the auditor review his or her own work,
the auditor would not be able to form an unbiased
opinion on the financial statements.
 THREATS TO INDEPENDENCE

Advocacy Threat
An advocacy threat exists if the auditor is involved
in promoting the client to the point in which their
objectivity is potentially compromised.

Example
The auditor is assisting in selling ABC Company
while also serving as the auditor for the company.

Issue
The auditor may issue a favorable report to
increase the sale price of ABC Company.
 THREATS TO INDEPENDENCE

Familiarity Threat
A familiarity threat exists if the auditor is either too
familiar with employees, officers, and directors, or
keeps a long-standing relationship with the client.

Example
ABC Company has been audited by the same
auditor for over 10 years.

Issue
By having audited the company for such a long
time, the auditor may become too familiar with its
client and lack objectivity in their work.
ICE BREAKER
 THREATS TO INDEPENDENCE

Intimidation Threat
An intimidation threat exists if the auditor is
intimidated by management or its directors to the
point that they are deterred from acting
objectively.
Example
ABC Company is unhappy with the conclusion of the
audit report and threatens to switch auditors next year.
ABC Company is the biggest client of the auditor.

Issue
The auditor’s independence may be compromised as ABC
Company is the biggest client to the auditor and he/she may not
want to lose such a client. Therefore, the auditor may issue a
report that appeases ABC Company.
 IIA ATTRIBUTE
STANDARDS
1100: the internal audit activity should be independent, and internal auditors
should be objective in performing their work.
1110: the internal audit activity should report to a level within the
organization that allows the internal audit activity to fulfil its
responsibilities.
1110.A1: the internal audit activity should be free from interference in
determining the scope of internal auditing, performing work, and
communicating results.
1120:internal auditors should have an impartial,
unbiased attitude and avoid conflicts of interest.
1130: if independence or objectivity is impaired in
fact or appearance, the details of the impairment
should be disclosed to appropriate parties. The nature
of the disclosure will depend upon the impairment.
 IIA ATTRIBUTE
STANDARDS
1130.A1:internal auditors should refrain from assessing specific operations for which
they were previously responsible. Objectivity is presumed to be impaired if an
auditor provides assurance services for an activity for which the auditor had
responsibility within the previous year.
1130.A2: assurance engagements for functions over which the CAE
has responsibility should be overseen by a party outside the
internal audit activity.
1130.C1: internal auditors may provide consulting
services relating to operations for which they had
previous responsibilities.
 MODELS

THE RITTENBERG
MODEL

THE WORKING
MODEL
 Objectivity is an An audit department with
0 0
independent mental no formal audit plans can
6 attitude that internal never be said to be 8
auditors should maintain independent. Not only are
Objectivity in performing professional audit Planning
engagements. Internal work areas
standards being flouted
auditors are not to but it also means that
subordinate their audit responds to the
judgement on audit pressures of the day
matters to that of others.

This is achieved through

recruitment, training and
“A CAE who allows this disastrous Competenc development programs supported
e by performance appraisal
condition to arise will be open to criticism.”
schemes. Sound human resource
0 management practices are the
only means of ensuring that
7 competent staff are employed
and retained.
 POLICE OFFICER VS CONSULTANT

Internal auditors setting out to perform an ethics audit face both their own concerns about the
often-uncharted territory of such tasks as well as the concerns of the colleagues and supervisors.
Those concerns, expert say can be alloyed once such an audit is fully developed be quantified,
examined and issues of appropriate against inappropriate behavior can be addressed successfull
May be a police officer responsible to Examination, investigation, scrutiny, review&
inspection way, in this philosophy internal auditor job is like police officer.

EXAMINED SCRUTINY

INVESTIGATION
INSPECTIO
N
REVIE
W
Managing Expectations through Web
Design

The internal audit website serves as an open

communications link between the
organizations and the outside world.

The internal audit website may be used to

establish the role of the function of managing
expectations from people who may have a
distorted perception of the audit role.
 FAQs
• What is internal audit?
• Provide a formal definition of internal auditing that makes sense and fits the
organization. Perhaps the IIA definition, then a short, user-friendly
explanation of some of the components.

• What is the difference between external and internal audit?

• Make clear these differences and explain that we try to coordinate efforts
wherever possible.. Make clear that internal audit is a high-level function
that also audits other review and compliance teams.

• What is the audit objective?

• This part will say what internal audit is trying to achieve and may be a mix
of consulting roles in helping management understand and manage their
risks, along with an assurance role of providing impartial assurances to the
board and audit committee that controls are in place and working.

• Why do we have internal audit?

• This provides an opportunity to note the benefits from internal auditing
without going over the top. Some measure the success of internal audit in
terms of the development of a sound control environment within the
organization.
• How is internal audit independent?
• Outline the concept of independence (status and
objectivity) and that internal audit work can be relied on
as professional, impartial and reliable.

• What does internal audit do?

• List in more detail the services that are provided by
internal audit, including ongoing advice and assistance
Audit Competencies
• IIA standard 1200 deals with proficiency and due
professional care by stating that:

“Engagements must be performed with proficiency and

due professional care.”

• IIA standard 1210:

“Internal auditors must possess the knowledge, skills,

and other competencies needed to perform their
individual responsibilities. The internal audit activity
collectively must possess or obtain the knowledge, skills,
and other competencies needed to perform its
responsibilities.”
What makes for Good Internal Auditors
• Proficiency in applying internal audit standards, procedures,
and techniques in performing engagements.
• Proficiency in accounting principles and techniques if
internal auditors work extensively with financial records and
reports.
• Knowledge to identify the indicators of fraud.
• Knowledge of key information technology risks and controls
and available technology-based audit techniques.
• An understanding of management principles to recognize
and evaluate the materiality and significance of deviations
from good business practices.
• An appreciation of the fundamentals of business subjects
such as accounting, economics, commercial law, taxation,
finance, quantitative methods, information technology, risk
management, and fraud.
• Skills in dealing with people, understanding human relations,
and maintaining satisfactory relationships with engagement
 Competent Internal Auditor
• able to apply innovative and creative thinking;
• able to work to agreed timescales and account for time;
• able to add value to the organization;
• able to appreciate concerns of stakeholders and focus on needs of the customer;
• able to appreciate new ideas and embrace and encourage change;
• able to quickly build relationships but retain professional stance;
• able to work under pressure and set priorities;
• ambitious and confident without being overbearing;
• balance and common sense with an overall sense of fairness and diplomacy;
• committed to continuous learning and open to training and development;
• committed to working within set corporate policies and section procedures;
• communications skills, oral, public speaking, writing, report writing, effective listening, written
• good decision making and judgement with no special bias to self-interests.
Continuous Professional Development

• The IIA Attribute Standard 1230

“Internal auditors must enhance their knowledge, skills, and other

competencies through continuing professional development.”
Training and Development
• Training is an important aspect of developing
internal auditors, and has to be carefully planned
in line with a career developmental programme.

• IIA.UK&Ireland Syllabus
• 2002, the introduction of a new syllabus for the IIA. UK &
Ireland
• sought a wider coverage of the audit world and
related areas. This now provides two levels of
qualification, the practitioner level and the more
advanced professional level.

• More recently, the IIA. UK & Ireland have developed a

certificate in Corporate Governance and Risk
Management.
Benefits of Training
• Increase in the quantity of work done by auditors
• There should be an increased efficiency in the way audit work
is carried out which is then translated into increased output.
• Better quality of work
• Audit training should achieve a higher standard of quality from
auditors. Training may have a firm objective to produce
excellence. There should be a direct link between the level of
training and the increasing ability to audit at higher
managerial levels.
• Better standard of report writing
• Some argue that the report is the ‘window’ to the audit
department as a formally published item widely read.
There is no short-cut to performing good audit work and
this should be the main concern of audit management.
Audit training will certainly include report writing, and
inconsistencies between individual auditors will arise.
• Better quality of working papers
• Whatever the scenario, there is a need to ensure that
auditors are preparing suitable working papers. It is
frustrating to review a report that is well presented and
based on sound evidence but the underlying evidence
cannot be readily gleaned from the working paper file.
• Less audit staff required in the long term
• One useful model is to employ a smaller number of
auditors, working to higher standards. Training facilitates
this process as skills are spread, greater efficiency is
encouraged and the training process itself may be used
to filter out those staff who are not able to readily
transfer to these higher standards.
• Smaller training gap in terms of skills shortages
• This will be designed to promote efficiency and
effectiveness and so help guarantee the future of
internal audit.. A skills gap exists when auditors are not
able to meet management’s expectations and again if
this is the case, the audit manual may fail.
• Greater degree of professionalism
• Better motivated workforce with career
development programmes
• Whenever a course is organized, the impact on
motivation should be considered and catered
for in the course wherever possible. Motivated
staff are more likely to stay with the audit team
for longer .
Training Auditor
• Professional training
• This may be based on passing examinations of
a defined professional body such as the IIA,
which is a completely different form of training
from skills-based courses.
• The audit review
• The audit review process enables audit managers and
team leaders to direct the work of junior staff and also
provides experience in staff management. The process
should form part of the training programme by building
in the concept of staff development.
The Role of the Institute of Internal Auditors

• Professional examinations
• These ensure the student has covered a defined series of subjects, and has
shown competence in relevant examinations.
• Conferences
• The IIA organizes seminars and conferences. This provides an avenue for
meeting people in the auditing arena and allows open exchange of views.
• Periodicals
• We may subscribe to all relevant periodicals that contribute to the audit
database of relevant information.
• Research publications
• The IIA publishes specialist research papers that may be used by the CAE to
develop audit practice.
• District societies
• The IIA.UK&Ireland is organized geographically into
district societies with each member being located in one.
They meet regularly and organize events and seminars
that may be used in developing the audit function.
• Committee meetings
• A more proactive approach is applied where one is
actively involved in the various committees and working
groups that help shape the overall direction of the
profession of internal auditing.
• Journals and articles
• We may keep up with topical debates by reading the
latest articles from the IIA journal. Technical updates are
vitally important to audit management as they may
impact on the current audit strategy.
The Link into Development

• Training is part of the managerial process and as such forms only

one constituent of the overall system of human resource
management. Training must be set clearly within a formal
auditor-development programme that tracks the progress of each
auditor throughout their career with the organization.