Add to collection(s) Add to saved
  1. Business
  2. Management

APB Clarified ISAs IIA UK and Ireland response

advertisement 
Keith Billing
Project Director
The Auditing Practices Board
5th Floor
Aldwych House
71-91 Aldwych
London WC2B 4HN
Sent by email to: k.billing@frc-apb.org.uk
Dear Mr Billing,
Proposed clarified International Standards on Auditing (UK and Ireland)
We are delighted to have the opportunity to respond to the consultation paper on the
proposed standards. The comments of the Institute of Internal Auditors – UK and Ireland
have been developed through consultation with our members and we recognise that they
may be placed on public record.
The Institute has concentrated its review on those parts of the International Standards on
Auditing (UK and Ireland) that have a direct affect on internal audit, in particularly 315 and
610. Most of our remarks relate directly to ISA (UK and Ireland) 610. We have included a
summary of our recommendations starting at the beginning of the attachment.
Our comments are in three parts. Firstly, we make suggestions to improve the clarity of the
proposed ISA, partly by retaining enlightened additional guidance that you are proposing to
drop. Secondly, we recommend that you do not go ahead with your proposals related to
instances when individual internal auditors provide direct assistance to the external auditor.
Thirdly, we outline our agenda for future discussions as part of the full review of ISA610 – we
do not expect you to take action on these recommendations at this stage.
Please contact me or our Technical Director, Jackie Cain, on jacke.cain@iia.org.uk if you
have any questions.
Yours Sincerely
Philip Ratcliffe
President
The Institute of Internal Auditors – UK and Ireland Ltd
13 Abbeville Mews, 88 Clapham Park Road, London SW4 7BX
tel 020 7498 0101 fax 020 7978 2492 email info@iia.org.uk
Registered in England and Wales No.1474735
www.iia.org.uk
Response from the Institute of Internal Auditors – UK and Ireland
Proposed clarified International Standards on Auditing (UK and Ireland)
Summary of recommendations
To be actioned immediately
1.
Reword the proposed F/N 1a in ISA (UK and Ireland) 610 to say: “For Listed Companies
in the UK and Ireland, “The Combined Code on Corporate Governance” (published by the
FRC) and the supporting Guidance for Audit Committees contain guidance on the role of
those responsible for governance in approving internal audit’s remit, the appointment or
termination of appointment of the head of internal audit and the work of internal audit.”
2.
Reinstate F/N 1 in ISA (UK and Ireland) 610 to say: “In the UK and Ireland it is those
charged with governance, rather than management, who are usually responsible for
determining the role of internal audit.”
3.
Reinstate in ISA (UK and Ireland) 610 the guidance: “10-1. The effectiveness of internal
auditing may be an important factor in the external auditor’s evaluation of the control
environment and assessment of audit risk”
4.
Remove from ISA (UK and Ireland) 610 the proposed paragraph A6-1 and include it in a
future revision of the whole standard.
5.
To be consistent with recommendation 4, reject the proposed changes to paragraph 2 ISA
(UK and Ireland) 610 so that the final text states: “This ISA (UK and Ireland) does not deal
with instances when individual internal auditors provide direct assistance to the external
auditor in carrying out audit procedures.”
6.
If you choose to retain A6-1 in ISA (UK and Ireland) 610, we recommend the following
amendments:
“A6-1. In addition to using specific work of an internal audit function, the external auditor
may obtain direct assistance from individuals from the internal audit function. In addition to
the considerations set out in paragraphs 12 and A6, When direct assistance is provided
by individuals from the internal audit function, the external auditor:
“(a) obtains a written confirmation from such individuals and from an authorised
representative of the entity that they agree to follow the instructions of staff of the audit
firm in relation to the work performed and that, where applicable, they will keep
confidential specific matters as instructed by the audit team;
“(a-1) concludes a formal written agreement with the head of internal audit, or those
responsible for governance in the organisation, confirming the role that the individuals will
play, the responsibility of the external audit partner for quality assurance and the overall
audit opinion, and the agreement of the entity to the terms in (a) above;
“(b) directly supervises, reviews and evaluates the work performed;
“(c) ensures that such individuals are only involved in work where self-review or judgment
is not an important part of the audit procedure; and
“(d) communicates the details of the planned arrangements with those charged with
governance at the planning stage of the audit, so as to agree this approach, as described
in paragraph 11-9 of ISA (UK and Ireland) 260. This communication to include a
statement either of the external audit costs saved by internal audit assistance, or of the
cost of internal audit assistance that will be added to the external audit fee to show the
total cost of the external audit.”
22 July 2009
-2–
Response from the Institute of Internal Auditors – UK and Ireland
Proposed clarified International Standards on Auditing (UK and Ireland)
To be actioned as part of the review of ISA 610
Substantive discussions between APB and IIA related to the content of ISA 610, using the
agenda:
The value of diverting internal audit resources to support the external audit
The role of modern professional internal audit
Building respect between internal audit and external audit
Internal audit responsibilities and work does not have to include financial reporting risks
Autonomy of internal audit in setting its objectives
Independence of internal audit
Definition of Internal Auditing – using the professional standards
The use of the phrase “the work of the internal auditors is adequate”
Relying on information provided by other management experts
Reference to professional standards of internal auditing
Assessment of objectives of internal audit work
Given the amount of work required, is there any value to relying on internal audit?
Properly supervised, reviewed and documented work
No presumption that internal audit work should cover financial reporting risks
Objectives of internal auditing should reflect modern practice
Disclosure of total external audit costs
22 July 2009
-3–
Response from the Institute of Internal Auditors – UK and Ireland
Proposed clarified International Standards on Auditing (UK and Ireland)
1. Response to the questions included in your consultation draft
Question 3 Do you believe that the proposed supplementary requirements and guidance
are clearly expressed? If not, please explain how they could be improved.
We believe that the proposed new footnote 1a in ISA (UK and Ireland) 610 is not clearly
expressed.
The proposed footnote reads: “For Listed Companies in the UK and Ireland, “The Combined
Code on Corporate Governance” (published by the FRC) contains guidance to assist company
boards in making suitable arrangements for their audit committees.”
The Institute believes that the intention of this footnote is not clear. Given the position of it, we
believe that it is referring the reader to the guidance in the Combined Code relating to the audit
committee’s duties in relation to internal audit. These in turn are supplemented by the FRC’s
Guidance for Audit Committees, which refers to the internationally recognised standards for
professional internal auditing, “the Institute of Internal Auditors’ Code of Ethics and the
International Standards for the Professional Practice of Internal Auditing”. We propose below a
clear formulation, if that is your intention.
Recommendation
Reword the proposed F/N 1a in ISA (UK and Ireland) 610 to say: “For Listed Companies in
the UK and Ireland, “The Combined Code on Corporate Governance” (published by the FRC)
and the supporting Guidance for Audit Committees contain guidance on the role of those
responsible for governance in approving internal audit’s remit, the appointment or termination
of appointment of the head of internal audit and the work of internal audit.”
Question 4 Are there any particular current audit quality supplementary requirements
and guidance that APB has not proposed to retain that you believe should be? If so,
please identify them and give your reasons.
Yes, there are that two elements of this guidance that the Institute believes should be retained.
In ISA (UK and Ireland) 610, you are proposing not carrying forward the following two comments
(with your references):
“F/N 1: In the UK and Ireland those charged with governance, rather than management,
are usually responsible for determining the role of internal auditing.”
“Paragraph 10-1. The effectiveness of internal auditing may be an important factor in the
external auditor’s evaluation of the control environment and assessment of audit risk.”
22 July 2009
-4–
Response from the Institute of Internal Auditors – UK and Ireland
Proposed clarified International Standards on Auditing (UK and Ireland)
Old footnote 1
For F/N 1, the existing wording recognises the relative importance of those charged with
governance to the way professional internal audit sets its agenda. This better reflects our view
of how this should be done to ensure high quality internal auditing.
We recognise that the proposed clarified ISA has improved the treatment of this issue – and,
therefore, you may feel that the old footnote is no longer necessary. So, the proposed wording
of paragraph 3 states: “The objectives of the internal audit function are determined by
management and, where applicable, those charged with governance.” Although, as noted, this
is an improvement of the original ISA text, it still does not reflect our view that management and
those responsible for governance should be at least equally responsible for agreeing the
objectives of internal audit, in conjunction with the head of internal audit.
Recommendation
Reinstate F/N 1 in ISA (UK and Ireland) 610 to say: “In the UK and Ireland it is those
charged with governance, rather than management, who are usually responsible for
determining the role of internal audit.”
Paragraph 10-1
The existing guidance, including internal auditing as a factor in the control or internal
environment, is closely aligned to our views, expressed below, on the role of modern
professional internal auditing. The Institute believes that the view of the APB in this area is
enlightened and we would like to see it retained.
Recommendation
Reinstate in ISA (UK and Ireland) 610 the guidance: “10-1. The effectiveness of internal
auditing may be an important factor in the external auditor’s evaluation of the control
environment and assessment of audit risk”
22 July 2009
-5–
Response from the Institute of Internal Auditors – UK and Ireland
Proposed clarified International Standards on Auditing (UK and Ireland)
2. Comment on proposed addition to ISA (UK and Ireland) 610 – A6-1
The additional paragraph A6-1 provides guidance on instances when individual internal auditors
provide direct assistance to the external auditor. In the Institute’s response to your recent
consultation on the Ethical Standards for external auditors, we expressed concerns about this
practice. We also commented on the practical difficulties in your proposals, now included as
A6-1. Given the imminent revision of the whole of ISA 610, we recommend that you do not
make this change now but wait until the exposure of the proposed ISA 610.
Recommendations
Remove from ISA (UK and Ireland) 610 the proposed paragraph A6-1 and include it in a
future revision of the whole standard.
To be consistent, reject the proposed changes to paragraph 2 ISA (UK and Ireland) 610
so that the final text states: “This ISA (UK and Ireland) does not deal with instances
when individual internal auditors provide direct assistance to the external auditor in
carrying out audit procedures.”
If you retain the proposed paragraph A6-1, the Institute believes that the wording should be
revised to address the practical issues raised in our response to the consultation draft of the
Ethical Standards. For your convenience, these are replicated below, with the references
amended to tie into the draft of ISA (UK and Ireland) 610.
Practical issues with your approach:
Whatever the wording of the addendum to ES2, the fact remains that, if the internal auditors are
an in-house team, they are employees of another organisation. The terms required in the
revised ISA (UK and Ireland) 610 may pose a conflict of interest to the individual at the same
time that it solves the independence issues of the external auditor. The internal auditors
concerned may wish to obtain written confirmation from the organisation that their employer is
happy to waive any terms related to confidentiality, etc.
If another service provider, particularly an accounting firm, provides the internal audit service,
the APB should consider whether there would be a need for guidelines on how the working
relationship should operate, including how to address potential liability issues.
In relation to the points, above the APB should also consider how the external auditors should
explain the impact upon their audit fee. For example, there should be some requirement either
to show the external audit costs saved by internal audit assistance, or to add the cost of internal
audit assistance to the total cost of the external audit. This could be included in the
communication at A6-1 (d).
If it were to go ahead, there should be a formal agreement in place between the Head of
Internal Audit, or those responsible for governance in the organisation, and the external audit
partner to confirm the role that internal audit would play, and to reinforce that quality assurance
and the responsibility for the overall audit opinion is the responsibility of the external audit
partner and not internal audit. This is in addition to any written confirmation in A6-1 (a) and the
potentially one-way communication in A6-1 (d).
Your proposed wording for A6-1 includes the phrase, “in addition to the considerations set out in
paragraph 12 and A6”. Those considerations do not appear to relate in any way to the situation
in A6-1. The external audit partner should have direct responsibility for the technical proficiency
of all the external audit team, for the evidence they accumulate, the conclusions they draw, the
quality of their reports and the disposition of the exceptions that they find. We recommend you
delete that phrase.
22 July 2009
-6–
Response from the Institute of Internal Auditors – UK and Ireland
Proposed clarified International Standards on Auditing (UK and Ireland)
You include a bullet point stating: “the external auditor ensures that such individuals are only
involved in work where self-review or judgment is not an important part of the audit procedure”.
This appears to be extremely restrictive and to mean that the particular skills and competencies
of internal auditors will not be of use in the work. Given this, it might be better to avoid the
complications and use less vital temporary staff if extra resources are needed.
Recommendation – if you retain A6-1
If you choose to retain A6-1, we recommend the following amendments:
“A6-1. In addition to using specific work of an internal audit function, the external auditor
may obtain direct assistance from individuals from the internal audit function. In addition
to the considerations set out in paragraphs 12 and A6, When direct assistance is
provided by individuals from the internal audit function, the external auditor:
“(a) obtains a written confirmation from such individuals and from an authorised
representative of the entity that they agree to follow the instructions of staff of the audit
firm in relation to the work performed and that, where applicable, they will keep
confidential specific matters as instructed by the audit team;
“(a-1) concludes a formal written agreement with the head of internal audit, or those
responsible for governance in the organisation, confirming the role that the individuals
will play, the responsibility of the external audit partner for quality assurance and the
overall audit opinion, and the agreement of the entity to the terms in (a) above;
“(b) directly supervises, reviews and evaluates the work performed;
“(c) ensures that such individuals are only involved in work where self-review or
judgment is not an important part of the audit procedure; and
“(d) communicates the details of the planned arrangements with those charged with
governance at the planning stage of the audit, so as to agree this approach, as
described in paragraph 11-9 of ISA (UK and Ireland) 260. This communication to include
a statement either of the external audit costs saved by internal audit assistance, or of the
cost of internal audit assistance that will be added to the external audit fee to show the
total cost of the external audit.”
22 July 2009
-7–
Response from the Institute of Internal Auditors – UK and Ireland
Proposed clarified International Standards on Auditing (UK and Ireland)
3. Discussion of general concerns with ISA (UK and Ireland) 610
The Institute is aware that one of the current projects of the International Auditing and
Assurance Standards Board (IAASB) is a full review of this standard. Therefore, we are taking
the opportunity of the current consultation to bring to the attention of the APB views that we
hope will be taken into account during the full review. We have organised them into two groups:
firstly, overall comments and, secondly, comments related to specific sections of ISA 610. We
see them as setting an agenda for future discussions and we do not expect you to take action
on them now.
Overall comments
Concerns about the practice of diverting internal audit resource
The Institute has some fundamental concerns with the practice of diverting internal audit
resource to support the external audit.
Clearly, there are some circumstances where it is practical and useful for the organisation to
have its internal audit activity devote some of its resources to supporting the delivery of the
external audit opinion; but we suggest that those should be an exception not a rule. In our view,
external audit should not regard internal audit as a convenient resource that they can draw upon
whenever the need arises. Internal audit has a distinct and valuable role within the governance
structure. If it diverts its resources to supporting the external audit effort, then it is reducing the
work it can do in support of senior management and the board. This weakens governance as a
whole and creates a number of practical problems.
Internal audit helps an organisation accomplish its objectives by bringing a systematic,
disciplined approach to evaluate and improve the effectiveness of risk management, control and
governance processes. Internal audit has a broad remit, covering all risks in an organisation, not
just those related to financial reporting. It is a service to both management and to the board,
especially the audit committee, assisting those individuals in fulfilling their responsibilities to the
company as a whole. Assigning internal auditors to external audit diverts resources away from
these duties, reducing the amount of assurance available to managers and directors on the
broader risks facing the organisation, weakening an aspect of governance.
This being said, the Institute supports good co-operation between all assurance providers. The
aim of such cooperation, which the International Standards for the Professional Practice of
Internal Auditing mandate, is to minimise duplication and to ensure that the overall assurance
provided to an organisation is of the highest possible quality. Such cooperation should be a
two-way process involving the alignment of strategies, not the simple transfer and management
of internal audit staff. The principle is about mutual benefit and not about one set of auditors
working for the other.
22 July 2009
-8–
Response from the Institute of Internal Auditors – UK and Ireland
Proposed clarified International Standards on Auditing (UK and Ireland)
The role of internal audit
The ISAs in general recognise internal audit as being part of the component of internal control
called Monitoring of internal controls (ISA (UK and Ireland) 315 A101 et seq). This is a
somewhat limited view of the role of internal auditing.
Internal auditors provide assurance to those responsible for governance and to management on
the effectiveness of governance and of the management of risk, including the effectiveness of
controls. They also help management in their efforts to improve governance and risk
management. As such, internal auditing fits better as part of the component called Control or
Internal Environment, and some views even have it sitting outside the system of internal control.
The misplacement of internal auditing in the ISAs helps to create misunderstandings and poor
communication between internal auditors and external auditors. This is unfortunate because, if
the two professions work better together, there is potential to improve the overall assurance that
an organisation’s stakeholders receive.
Differences in scope of internal and external audit
External audit’s scope clearly focuses on the financial statements and, therefore, the risks to
financial reporting. As a result, the ISAs look at the organisation and at internal auditing only in
relation to financial reporting risks.
In contrast, internal audit covers all the activities of the organisation and all types of risks. The
amount of assurance provided on financial reporting risks may be very small – but that may be
completely appropriate, given the risk profile of the organisation.
However, when external auditors approach internal audit through the guidance in the ISAs, they
are not looking at the whole picture. The language in the ISAs encourages external auditors to
conclude that internal audit is “inadequate”, without adding the necessary qualifier: “to support
the external audit opinion”.
This again helps to create misunderstandings and poor communication. Given the purpose of
the ISAs, it may not be possible to address this issue in the ISA itself. The Institute would
welcome the opportunity of working with the FRC to improve the level of respect and
communication between the two groups of auditors.
Comments on specific sections of ISA610
“Scope of this ISA”
At present the requirement to decide whether or not the internal audit function is likely to be
relevant to the external audit is found in paragraph 23 of ISA (UK and Ireland) 315. This
paragraph refers to various factors that help external auditors to make the decision, eg internal
auditing’s responsibilities and its organisational independence and to the engagements it
actually performs.
It would be helpful to include this paragraph and the related guidance on how to assess these
factors in ISA (UK and Ireland) 610.
It would also be helpful for the ISAs to acknowledge that, given the nature of internal auditing
and its professional role, it is entirely reasonable for the function to be focussing on risks other
than financial reporting risks. There is no presumption that internal audit must provide
assurance on those financial reporting risks.
22 July 2009
-9–
Response from the Institute of Internal Auditors – UK and Ireland
Proposed clarified International Standards on Auditing (UK and Ireland)
Relationship between internal auditing and the external auditor
Paragraphs 3 and 4 of ISA (UK and Ireland) 610 make several comments that are not
particularly helpful in explaining the relationship between the two types of auditors or in
reflecting the role of a modern internal audit function. The following comments take each
sentence at a time and outline the changes the Institute would like to see.
The first sentence says that the objectives of the internal audit function are determined by
management or those responsible for governance. This does not reflect best professional
practice as outlined in the International Standards for the Professional Practice of Internal
Auditing (International Standards). The International Standards require internal audit to discuss
and agree their objectives and their work with those responsible for governance and
management but to exercise a degree of autonomy in deciding what they will be.
It is true that not all internal audit functions that external auditors will meet will conform with the
professional standards. Therefore, the IAASB may not wish the ISAs to assume a level of
professionalism that may not exist. However, it would be an easy matter for the standards to
require the external auditor to find out if the internal audit function conforms with the
International Standards and to make more detailed enquiries only if it does not. In this case,
ISA610 could then talk about the objectives of internal audit being about providing assurance on
governance, risk management and control.
The second sentence of paragraph 3 recognises that the objectives of the two types of auditor
may differ. It also comments that the “some of the ways in which (they) achieve their respective
objectives may be similar”. The Institute notes that, while this may be true, it appears irrelevant.
Given the different objectives, the superficial similarities between the methods used by internal
and external auditors may merely mask the differences between the two functions. If work by
one function has different objectives from similar work required by the other, the work of one
function is unlikely to be suitable for the needs of the other. Therefore, we believe this sentence
is unnecessary and could be deleted.
The issue of independence – or autonomy – is a complex one and can create conflicts between
the two functions. There is no such thing as total independence. Internal auditors are not totally
independent – and neither are external auditors, even when they comply with the panoply of
ethical and other standards deployed to ensure their independence. Independence is a
spectrum. Internal auditors who conform with the International Standards will be independent of
the activities on which they provide assurance. This is an adequate position on the spectrum for
the purposes of internal auditing. ISA 610 should not imply otherwise.
Having said that, the facts set out in paragraph 4 are correct. The Institute agrees that the
external auditor has sole responsibility for the audit opinion expressed. The Institute does not
wish to see external auditor’s responsibility reduced by any use of the work of internal auditors.
Definitions
The definition of internal auditing used in paragraph 7(a) ISA (UK and Ireland) 610 does not
reflect the most up-to-date views on the purpose and role of internal auditing. We recommend
that the definition be replaced by the profession’s Definition of Internal Auditing:
“Internal auditing is an independent, objective assurance and consulting activity designed to add
value and improve an organisation’s operations. It helps an organisation accomplish its
objectives by bringing a systematic, disciplined approach to evaluate and improve the
effectiveness of risk management, control and governance processes”. 1
1
The Definition of Internal Auditing © 1999 Copyright by The Institute of Internal Auditors, Inc., 247 Maitland Avenue, Altamonte
Springs, Florida 32710-4201 U.S.A.
22 July 2009
- 10 –
Response from the Institute of Internal Auditors – UK and Ireland
Proposed clarified International Standards on Auditing (UK and Ireland)
Whether the work of the internal auditors is adequate for the purposes of the audit
There is always going to be some tension introduced when external auditors are in a position of
stating, “the work of the internal auditors is inadequate”. It is entirely reasonable for the IAASB
to focus on providing the external auditor with guidance on how to gather sufficient reliable
evidence to support the external audit opinion. However, the wording used can imply that the
internal audit work is not adequate at all. It would be helpful if the ISA included guidance for
external auditors on how to communicate their findings in this area so that they do not give the
impression that they are reporting on the overall adequacy of the internal audit function.
More fundamentally, the Institute proposes that the ISA 610 uses a slightly different method to
consider the reliance on internal auditors. Although the ISA is not currently explicit about it, it
does appear to be dealing with the issue of the reliability of the information provided by internal
audit. As such, this seems to be very similar to the situation of relying on information provided
by other management experts. This situation is covered in ISA 500 (A34 et seq). The Institute
believes that ISA 500 provides an appropriate starting point for re-writing ISA 610.
The profession of internal auditing has its own standards and qualifications, designed
specifically to equip internal auditors to provide reliable assurance. The Institute proposes that
the IAASB refers to this framework to assist external auditors in taking into account all the
factors that demonstrate if the internal auditors are reliable for external audit purposes. Internal
auditors should conform with the mandatory guidance of the International Professional Practices
Framework of the Institute of Internal Auditors. This comprises the Definition, quoted above, the
Code of Ethics and the International Standards. These include all the requirements in ISA 610
(UK and Ireland) paragraph 9 – organisational independence and personal objectivity,
competency – technical and behavioural, due professional care, including performance
standards, and the need to coordinate with other assurance providers. They are, however,
more comprehensive than the existing ISA.
Paragraph 10[c] refers to “subjectivity”. The related guidance, however, talks about the criteria
that internal audit uses to evaluate information. The Institute recognises that the criteria are key
to the reliability of the work but does not believe this is a matter of subjectivity. Paragraph 10[c]
should be reworded to talk about criteria.
One point that seems to be missing is a review of the objectives of the internal audit work.
External audit work has very specific objectives related to gathering and evaluating evidence
related to various ‘assertions’. It is entirely possible that internal auditors do not have exactly
the same objectives, even if they are working in a similar area or on a similar function. The
external auditors should not make assumptions based on their own specific view of what work
would be done. They should discuss the objectives with the internal auditors.
Using the specific work of the internal auditors
The Institute recognises the need for external auditors to perform work to satisfy themselves
that the internal audit work is adequate for the purpose of the external audit. However, it does
appear that the level of work included in this section of the standard (paragraphs 11 and 12)
means that there is limited value in using internal audit work.
Paragraph 12[b] raises one concern. Given the different purposes, organisational position and
business models of internal and external audit, the definition of “properly supervised, reviewed
and documented” will also be different for the two functions. External audit may conclude that
the processes of internal audit do not meet its needs but that does not mean that the work is not
properly supervised etc for internal audit’s own needs. Again, external auditors need guidance
on how to present their conclusions to those responsible for governance to ensure that they do
not undermine internal audit.
22 July 2009
- 11 –
Response from the Institute of Internal Auditors – UK and Ireland
Proposed clarified International Standards on Auditing (UK and Ireland)
Scope – Paragraph A1
Given the nature of external audit work, it is clear that the external auditor will wish to rely on
internal audit work only if it covers risks related to the entity’s financial reporting. From the
external auditor’s perspective, these may appear the most important risks. However, in reality
they may not be and, even if they are important risks, they may not be the risks on which those
responsible for governance want independent and objective assurance from internal audit.
Therefore, there should be in the ISA no presumption – implied or explicit – that internal audit
ought to work in this area.
Objectives of internal audit – paragraph A3
This guidance does not reflect the modern view of internal audit as an assurance function and,
in particular, risk-based internal auditing.
In brief, bullet 1 contradicts the Institute’s view that monitoring is the role of management.
Internal audit is more likely to concentrate on providing assurance that the monitoring and the
related reporting are effective. Bullets 2, 3 and especially 4 portray a compliance audit
approach, rather than an approach that reviews whether management are managing the
associated risks. Bullet 5 implies that internal audit identifies risk when its focus should be on
assessing management’s processes for identifying and responding to risk.
This section could be improved substantially by working from the International Standards. This
would start with the wording in Performance Standard 2100 – the nature of work: “The internal
audit activity must evaluate and contribute to the improvement of governance, risk
management, and control processes using a systematic and disciplined approach.” The
Institute would be delighted to work with the APB to identify more contemporary wording.
Determining whether and to what extent to use the work of the internal auditors
This section could be improved by reference to the professional standards of internal auditing,
referred to above. Although objectivity, technical competence, due professional care and
communication are important factors, they are not the only ones. Referring to the professional
standards, see above, would be more comprehensive.
Planned effect on external auditor’s procedures
In addition to the matters discussed, the Institute believes that external audit should disclose the
external audit costs saved by internal audit assistance. In addition, we believe that the audit fee
disclosed in the financial statements should include an allowance either for the external audit
costs saved or for the cost of internal audit assistance. This ensures that the total cost of the
audit is disclosed to shareholders and other stakeholders.
22 July 2009
- 12 –
Response from the Institute of Internal Auditors – UK and Ireland
Proposed clarified International Standards on Auditing (UK and Ireland)
About the Institute
The Institute of Internal Auditors (IIA) is the only body focused exclusively on internal auditing
and we are passionate about supporting, promoting and training the professionals who work in
it.
We have been leading the profession of internal auditing for over 60 years. Our International
Standards and Code of Ethics unite a global community of 160,000 internal auditors in 165
countries.
The IIA plays an active role in the public arena, building awareness of internal auditing,
promoting members’ interests and challenging organisations to reach the highest standards of
corporate governance.
- ENDS -
22 July 2009
- 13 –
Related documents
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
Green Impact Auditor
Green Impact Auditor
CIS 349 – Information Technology Audit and Control
CIS 349 – Information Technology Audit and Control
Getting to Know Internal Auditing - The Institute of Internal Auditors
Getting to Know Internal Auditing - The Institute of Internal Auditors
Case
Case
grp-2
grp-2
Audit Poster - BSG Colonoscopy Audit
Audit Poster - BSG Colonoscopy Audit
Mystery Fraud Training Outline
Mystery Fraud Training Outline
Internal Audit Status Report - University of Alaska System
Internal Audit Status Report - University of Alaska System
Download
advertisement