Internal/External Audit Corporate Governance part 5 What is Internal Audit? The role of internal audit is to provide independent assurance that an organization's risk management, governance and internal control processes are operating effectively. What is its value to the organization? Internal auditors deal with issues that are fundamentally important to the survival and prosperity of any organization. Unlike external auditors, they look beyond financial risks and statements to consider wider issues such as the organization's reputation, growth, its impact on the environment and the way it treats its employees. In sum, internal auditors help organizations to succeed. The difference between internal and external audit While sharing some characteristics, internal and external audit have very different objectives. These are explained in the table on the following pages: Reports to • External Audit shareholders or members who are outside the organizations governance structure. • Internal Audit The board and senior management who are within the organizations governance structure. Objectives • External Audit Add credibility and reliability to financial reports from the organization to its stakeholders by giving opinion on the report • Internal Audit Evaluate and improve the effectiveness of governance, risk management and control processes. This provides members of the boards and senior management with assurance that helps them fulfil their duties to the organization and its stakeholders. Coverage • External Audit • Internal Audit Financial reports, financial reporting risks. All categories of risk, their management, including reporting on them. Responsibility for improvement • External Audit • Internal Audit None, however there is a duty to report problems. Improvement is fundamental to the purpose of internal auditing. But it is done by advising, coaching and facilitating in order to not undermine the responsibility of management. Qualification and special skills To be effective, the internal audit activity must have qualified, skilled and experienced people who can work in accordance with the Code of ethics and the International Standards. Cadbury Report on Internal Audit The function of the internal auditors is complementary to, but different from, that of the outside auditors. It is regarded as good practice for companies to establish internal audit functions to undertake regular monitoring of key controls and procedures. Such regular monitoring is an integral part of a company’s system of internal control and helps to ensure its effectiveness. An internal audit function is well placed to undertake investigations on behalf of the audit committee and to follow up any suspicion of fraud. It is essential that heads of internal audit should have unrestricted access to the chairman of the audit committee in order to ensure the independence of their position. Importance of Audit The annual audit is one of the cornerstones of corporate governance. Directors are required to report on their stewardship by means of the annual report and financial statements sent to the shareholders. The audit provides an external and objective check on the way in which the financial statements have been prepared and presented, and it is an essential part of the checks and balances required. The question is not whether there should be an audit, but how to ensure its objectivity and effectiveness. Audits are a reassurance to all who have a financial interest in companies, quite apart from their value to boards of directors. The most direct method of ensuring that companies are accountable for their actions is through open disclosure by boards and through audits carried out against strict accounting standards. Internal Control An effective internal control system is an essential part of the efficient management of a company. Directors should report on the effectiveness of their system of internal control, and the auditors should report on their statement. A great deal of detailed work is now necessary to develop these proposals, and the accountancy profession, in conjunction with representatives of preparers of accounts, should take the lead in: a) developing a set of criteria for assessing effectiveness; (b) developing guidance for companies on the form in which directors should report; and (c) developing guidance for auditors on relevant audit procedures and the form in which auditors should report. Fraud The prime responsibility for the prevention and detection of fraud (and other illegal acts) is that of the board, as part of its fiduciary responsibility for protecting the assets of the company. The auditor’s responsibility, as defined in auditing guidance, is properly to plan, perform and evaluate his audit work so as to have a reasonable expectation of detecting material misstatements in the financial statements. Problem for the auditors is when they suspect that top management itself is implicated in the fraud, without having the necessary evidence to back up their suspicions. They are not in a strong enough position to confront management, nor have they a case to report to the appropriate authorities. Audit Committee These are not easy problems to resolve, but an effective and independent-minded audit committee is an essential safeguard. It has an important role to play in considering B AUDITING whether any extra work should be undertaken in addition to the normal audit procedures to investigate defencess against fraud. The audit committee also provides a forum in which auditors can discuss at board level any concern they may have about the possibility of fraud by senior management. It can then decide whatever investigations are necessary to resolve the matter. A group of at least 3 individuals responsible for overseeing all internal and external audit functions of a company. In addition, at least one member must be a financial expert or have significant financial expertise. • Audit committees are responsible for selecting and appraising independent and external CPA firms to provide audit functions. • They also oversee the financial reporting process including (but not limited to) supervising internal auditors, monitoring internal controls, and ensuring adequate compliance with SEC and GAPP standards. Because staff on audit committees report to the board of directors of a company, they cannot have ties to the company`s management team or be in a position where their independence can be questioned. CPA firm – Certified Public Accountant firm SEC – Security Exchange Commission – Federal government regulatory GAPP – General Accepted Accounting Principles