The sole objective of this course is to give you a ground understanding of the basics, what Auditing is all about, the objectives, benefits and concept. We plan to turn beginners in Internal Auditing to masters. Anyone with a keen interest on how to conduct an Internal Audit would benefit from this course.
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
Overview of Internal Audit
1. Information Technology
Audit
Business Practice Training
Sean D. Obi, CISA, CISM, PMP
IT Audit | IT Risk | IT Compliance
Understanding basic approaches towards Information Technology
review
@seanpizzie
1
www.techembro.com
@techembro
2. Internal Audit - Introduction
Internal auditing is an independent, objective assurance and
consulting activity designed to add value and improve an
organization's operations. It helps an organization accomplish its
objectives by bringing a systematic, disciplined approach to evaluate
and improve the effectiveness of risk management, control, and
governance processes.
The internal audit program provides assurance that internal controls
in place are adequate to mitigate risks, governance processes are
effective and efficient, and organizational goals and objectives are
being met.
@seanpizzie 2
www.techembro.com
@techembro
3. Internal Audit – Introduction (Cont’d)
Internal auditing bridges the gap between management and the
executive leadership or the board of an agency; assesses the ethical
climate and the effectiveness and efficiency of operations; and serves
as an organization’s safety net for compliance with rules, regulations,
and overall best business practices.
Internal audits are performed by professionals employed by the
agency who have an in-depth understanding of the business culture,
systems, and processes.
The internal audit function is an integral part of the agency and
derives its authority from senior management. It serves to promote
objective, comprehensive review coverage, and to assure the
consideration of audit recommendations.
@seanpizzie 3
www.techembro.com
@techembro
4. Internal Audit – Introduction (Cont’d)
The chief audit executive (CAE) is the person within an agency with
overall responsibility for the internal audit program. The CAE is
responsible for developing the internal audit charter, staffing,
administering, and managing the internal audit program to ensure it
operates in accordance with professional standards and adds value to
the organization. The CAE reports to the agency director or board
significant nonconformance of professional standards that impacts the
overall scope or operation of the internal audit program.
Depending on an agency’s governance structure, an audit
committee may be used to help the agency review, monitor, and/or
direct the agency’s activities related to maintaining effective internal
control. An agency audit committee could also improve financial
practices and reporting, and enhance both the internal and external
audit functions.@seanpizzie 4
www.techembro.com
@techembro
5. Internal Audit – Introduction (Cont’d)
The internal auditor or other professionals (internal or external to the
agency) may provide assurance and advisory support to management
in areas such as developing appropriate procedures to conduct risk
assessments and internal reviews of control activities.
External auditors are not part of an agency’s internal audit program
and cannot be a replacement for or supplement to an adequate
internal audit program. The role of the external auditor is to provide
independent accountability and assurance to the public and external
stakeholders. However, this independent assurance is also valuable
feedback to those charged with governance and agency management.
@seanpizzie 5
www.techembro.com
@techembro
6. Professional audit standards
The internal audit program must conform to either the International
Standards for the Professional Practice of Internal Auditing and Code
of Ethics (IIA Red Book), Generally Accepted Government Auditing
Standards (GAO Yellow Book), or both.
Regardless of which set of standards are adopted, the internal
auditing program should adhere to the following core principles and
mandatory attributes of internal auditing.
@seanpizzie 6
www.techembro.com
@techembro
7. Professional audit standards
Core principles
Demonstrates integrity
Demonstrates quality and continuous improvement
Demonstrates competence and due professional care
Communicates effectively
Is objective and free from undue influence
Provides risk-based assurance
Aligns with the strategies, objectives, and risks of the organization
Is insightful, proactive, and future-focused
Is appropriately positioned and adequately resourced
Promotes organizational improvement
@seanpizzie
7
www.techembro.com
@techembro
8. Professional audit standards
Common mandatory attributes
Organizational independence
Individual objectivity
Proficiency and due professional care
Quality assurance and improvement program
@seanpizzie
8
www.techembro.com
@techembro
9. Internal and external auditors
As an integral part of the organization, internal auditors possess an in-
depth understanding of the agency’s culture, operations, strategies, and
risks. External auditors gain an understanding of operations only as
needed to inform their specific audit.
Some key differences between internal and external auditing to consider
in coordinating efforts include:
Internal audit
Staffed by employees or contractors of the agency.
Mandated to provide assurance and advice to senior management (and
board, if applicable) to improve the state of governance, risk
management, and control within the agency.
Focused on all functions and operations of the agency.
Required to meet audit standards for organizational independence.
Provide continuous services to management.
@seanpizzie 9
www.techembro.com
@techembro
10. Internal and external auditors
External audit
Staffed by employees or contractors of the external audit
organization.
Mandated by authorizing law, rule, or other authority to provide
assurance to external stakeholders (the public, legislature,
federal regulators, etc.) on the accuracy of agency reports,
compliance with laws and rules, and efficiency of operations.
Focused on areas stipulated by statute, rule, or authority.
Independent of the agency.
Audits may be intermittent or routine such as the end of a
fiscal period or grant period.
@seanpizzie 10
www.techembro.com
@techembro
11. Components of an Internal Audit Charter
What is an Audit Charter?
Internal audit functions play a vital role in providing assurance of an
organization’s risk management practices and protecting and
enhancing organizational value.
The internal audit charter is a formal document that clearly defines
and articulates “marching orders” for the internal audit function from
the governing body (typically the audit committee) and management.
It should be reviewed and approved by the governing body on an
annual basis. The charter must define, at minimum, the following
items:
@seanpizzie 11
www.techembro.com
@techembro
12. Components of an Internal Audit Charter
“Cont’d”
Internal audit’s purpose within the organization
Internal audit’s authority
Internal audit’s responsibility
Internal audit’s position within the organization
The charter provides a blueprint for how internal audit will operate and
allows the governing body to emphasize the value it places on the
independence of the internal audit function. The charter establishes this
independence by defining reporting lines from the Chief Audit Executive
(CAE) to the governing body and, administratively, to executive
management.
@seanpizzie 12
www.techembro.com
@techembro
13. Vital Components of an Audit Charter
the IIA identified seven vital components that support the overall
strength and effectiveness of the internal audit function and should
be included in the internal audit charter:
1. Mission and Purpose
The charter should define both the mission and the purpose of the
internal audit function. The mission should be to enhance and protect
organizational value by providing risk-based and objective assurance,
advice, and insight. Internal audit’s independent and objective assurance
and consulting services should be designed to add value and improve the
organization’s operations.
@seanpizzie 13
www.techembro.com
@techembro
14. Vital Components of an Audit Charter
2. Adherence to the International Standards for the Professional
Practice of Internal Auditing
The charter should include details about how the internal audit function
governs itself and how it adheres to the IIA’s International Professional
Practices Framework (IPPF), including:
Standards
Core principles for the professional practice of internal auditing
Definition of internal auditing
Code of ethics
@seanpizzie
14
www.techembro.com
@techembro
15. Vital Components of an Audit Charter
3. Authority
The charter should define the CAE’s functional and administrative
reporting relationship in the organization as noted above. In addition, a
statement should be included affirming that the governing body will
establish, maintain, and assure that the internal audit function has
sufficient authority to fulfill its duties.
@seanpizzie 15
www.techembro.com
@techembro
16. Vital Components of an Audit Charter
4. Independence and Objectivity
The charter should state that the CAE will ensure independence and
objectivity of the internal audit function to carry out its duties in an
unbiased manner. Furthermore, internal audit should have no direct
operational responsibility or authority over any of the activities
audited.
@seanpizzie 16
www.techembro.com
@techembro
17. Vital Components of an Audit Charter
5. Scope of Internal Audit Activities
The charter should define the scope of the internal audit function.
The scope should include providing independent assessments of the
adequacy and effectiveness of governance, risk management, and
control processes.
@seanpizzie 17
www.techembro.com
@techembro
18. Vital Components of an Audit Charter
6. Responsibility
The responsibility of the internal audit function should also be described
in the charter and the following should be performed at least annually:
Verification that the internal audit function is fulfilling its mandate
Assurance of compliance with IIA standards
Communication of the results of its work and follow up of agreed
corrective actions
@seanpizzie 18
www.techembro.com
@techembro
19. Vital Components of an Audit Charter
7. Quality Assurance and Improvement Program
The charter should define the internal audit’s Quality Assurance and
Improvement Program (QAIP), which covers all aspects of the internal
audit function including:
Evaluation of conformance to IIA Standards and requirement to report
the results of its QAIP periodically to senior management and the
governing body
An external assessment of the activity at least once every five years
@seanpizzie 19
www.techembro.com
@techembro