...Internal Audit Chapter 5 Review 1. A business process is the set of connected activities linked with each other for the purpose of achieving an objective or goal. 2. Two general types of business processes are present in most organizations that deliver goods and services: the operating processes and the management and support processes. The operating processes include strategic planning, product and service design and development, marketing, production/delivery, invoicing, and collection. The management and support processes include obtaining and managing the organization’s human resources (this could include hiring, training, benefits), managing financial resources (including budgeting, financial accounting, treasury), managing the information technology resources, managing physical resources (facilities management, security, maintenance, etc.), the organization’s compliance and governance systems, and the process for managing the organization’s external stakeholders (government relations, public relations, etc.). 5. A top-down approach begins at the entity level with the organization’s objectives, and then identifies the key processes critical to the success of each of the organization’s objectives. A bottom-up approach begins by looking at all processes directly at the activity level, and then aggregates the identified processes across the organization. 7. The two common methods used to document processes are process maps and process write-ups. Process...
Words: 4393 - Pages: 18
...Internal Control Topic List 1. What is internal control? 2. Components of internal control 3. Information about controls Learning outcomes On completion of this section you should be able to: • State the reasons for organisations having effective systems of controls • Identify factors which contribute to an effective control environment • Identify the components of internal control in both manual and IT environments • Identify types of control activity • Distinguish between general controls and application controls • Identify inherent limitations of a system of internal controls • Specify the composition of an audit committee Internal Control [pic] Internal control: ‘The process designed, implemented and maintained by those charged with governance*, management, and other personnel to provide reasonable assurance about the achievement of an entity’s objectives with regard to:- • Effectiveness and efficiency of operations • Reliability of financial reporting, • Compliance with applicable laws and regulations. The term “controls” refers to any aspects of one or more of the components of internal control. A key audit question is: “How does management control the business?” *Usually directors - remember the difference between exec and non-exec Company Objectives • To ensure it correctly reports its financial position to shareholders • To ensure it operates effectively and...
Words: 2434 - Pages: 10
...Internal Audit Guidebook Providing a framework for understanding and delivering Grant Thornton’s Internal Audit Services in a consistent, high-quality way 2012 Internal audit guidebook 1 Contents Page Introduction 2 Common service delivery methodology 6 Determine client needs 8 Scope and arrange work 10 Plan 13 Analyze and assess 20 Report and recommend 28 Implement 32 Evaluate 33 Determine business and technology context 36 Manage engagement performance, quality and risk 38 Communicate and enable change 40 Appendix 42 Internal audit engagement checklist 43 © Grant Thornton LLP. All rights reserved. Updated August 1, 2012 Internal audit guidebook 2 Introduction What is internal audit? The Institute of Internal Auditors (IIA) defines internal auditing as: Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. (1010) An internal audit objectively assesses the management of risks that a company faces. (2100 series) The aim is to • understand the current state, • assess the current state using appropriate standards and criteria, and • develop findings and recommendations...
Words: 15851 - Pages: 64
...attracting and retaining skilled employees. Internal audit is no different. The numerous career options available to new entrants and the seasoned audit practitioner make it imperative for audit managers to continually re-evaluate their approaches to ensure that the internal audit department is adequately staffed both in terms of numbers as well as skill sets to discharge its functions effectively. The IIA Attribute Standards / and Performance Standards are very clear and definitive on this: i) Attribute Standard 1210 - Proficiency Internal auditors should possess the knowledge, skills and other competencies needed to perform their individual responsibilities. The internal audit activity collectively should possess or obtain the knowledge, skills and other competencies needed to perform its responsibilities. ii) Performance Standard 2030 - Resource Management The Chief Audit Executive should ensure that internal audit resources are appropriate, sufficient and effectively deployed to achieve the approved plan. Professionalism Internal auditing is grounded in professionalism and efficiency. Today's internal auditors are a far cry from the 'fault finders' or 'policeman' role that the profession has long been associated with. Modern day internal auditors are routinely consulted on all aspects of the organisation's activities from strategic planning issues to the standard day-to-day operational issues relating to the risk environment and internal control framework. They are continually...
Words: 2392 - Pages: 10
...Chapter 1 Internal audit is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It help an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management control, and government processes. Objective- what an organization wants to achieve. Strategy- how management plans to achieve to organization’s objective. 4 types of objectives -Strategic objectives: value creation choices management makes on behalf of the organization’s stakeholders. -Operations objectives: effectiveness of and efficiency of the organization’s operations. -Reporting objectives: reliability of internal and external reporting of financial and nonfinancial information -Compliance objectives: adherence to applicable laws and regulations Governance is the process conducted by the board of directors to authorize, direct, and oversee management toward the achievement of the organization’s objectives. Risk management is the process conducted by management to understand and deal with uncertainties that could affect the organization’s ability to achieve its objectives. Control is the process conducted by management to mitigate risks to acceptable levels. Independence is the freedom from conditions that threaten objectivity or the appearance of objectivity. Objectivity is an unbiased mental attitude that allows internal auditors to perform...
Words: 989 - Pages: 4
...29, 2004 The Role of Internal Auditing in Enterprise-wide Risk Management In conjunction with the newly released Committee of Sponsoring Organizations of the Treadway Commission (COSO) Enterprise Risk Management - Integrated Framework, The Institute of Internal Auditors (IIA), in coordination with its IIAUK and Ireland affiliate, has issued a position paper on The Role of Internal Audit in Enterprise-wide Risk Management. The paper's purpose is to assist chief audit executives (CAEs) in responding to enterprise risk management (ERM) issues in their organizations. The paper suggests ways for internal auditors to maintain the objectivity and independence required by The IIA's International Standards for the Professional Practice of Internal Auditing (Standards) when providing assurance and consulting services. Internal auditing's core role with regard to ERM is to provide objective assurance to the board on the effectiveness of an organization's ERM activities to help ensure key business risks are being managed appropriately and that the system of internal control is operating effectively Recommended Roles The main factors CAEs should take into account when determining internal auditing's role are whether the activity raises any threats to the internal auditors' independence and objectivity, and whether it is likely to improve the organization's risk management, control, and governance processes. The IIA's position paper indicates which roles internal auditing should and should...
Words: 3877 - Pages: 16
...INTERNAL AUDIT PRINCIPLES The main and ancillary objectives of an internal audit The main objective of internal auditing is to assist members of executive and senior management in the effective discharge of their duties and responsibilities with regard to risk management, control and governance processes. To this end, the internal auditor furnishes them with analyses, appraisals, recommendations, counsel and information concerning the activities reviewed. The discovery of errors and fraud is the ancillary objective of internal auditing. The internal auditor as an adviser to members of the organization As an adviser, the internal auditor examines and reviews the activities of the organization in order to evaluate them with a view to furnishing members of the organization with advice, information and recommendations that will enable them to discharge their duties effectively. As an adviser, the internal auditor merely offers advice, gives information or makes recommendations. The ultimate decision whether or not to accept this advice or information or to implement these recommendations, therefore always rests with executive management. The internal audit activity should never possess the organizational power to force top executive management to accept the audit results. Management may decide to: 1. accept the auditor’s recommendations, in which case the internal auditor must ascertain that the corrective action taken is achieving the desired results, or ...
Words: 36187 - Pages: 145
...Internal audit’s role in modern corporate governance Thought leadership series Risk and Advisory Services Internal audit’s role in modern corporate governance Recent events have highlighted the critical role of boards of directors in promoting good corporate governance. In particular, boards are being charged with ultimate responsibility for the effectiveness of their organisations’ internal control systems. An effective internal audit function plays a key role in assisting the board to discharge its governance responsibilities. Yet how does the board – and its audit committee – satisfy itself that internal audit is functioning effectively and efficiently? The board’s responsibility for internal controls Through working with a broad range of organisations in Hong Kong and internationally, KPMG has identified a number of best practices in relation to the role played by the board audit and/or risk management committees. s Recent events have highlighted the critical role of boards of directors in s s s s s s s Assessing the scope and effectiveness of the systems established by management to identify, assess, manage and monitor the various risks arising from the organisation’s activities. Ensuring senior management establishes and maintains adequate and effective internal controls. Satisfying itself that appropriate controls are in place for monitoring compliance with laws, regulations, supervisory requirements and relevant internal policies....
Words: 2896 - Pages: 12
...Internal Control Understanding and Documentation Project- EICO Iman H. Al Shawab Table of Contents Part I - Understanding of Entity and Business Environment: 3 Business Overview: 3 Suppliers: 3 Operations: 4 a. Suppliers 4 b. Customers: 5 Part II- Understanding of the Entity’s Internal Control Design and Implementations: 6 Part III: Audit EICO 11 Accepting the Audit and Perform Initial Audit Planning 11 Part I - Understanding of Entity and Business Environment: Business Overview: Emirates Industrial Converting Factory (abbreviated EICO) which is divided into three separate divisions, carton, plastic and tissue. EICO is a manufacturing company which is owned by a local investor Mr. Bader Fares, hence it is a sole proprietorship. It is located in Industrial Area # 15 – Sharjah, UAE. As the other companies in the region, the main contacting channels of this company are through phone +97165344122, fax +97165344133, P.O Box 27074 and email eico@emirates.net.ae. In order to get the information needed to analyze the internal control procedures of this company we needed to carry out interviews with the responsible manager at the carton division at EICO. Specifically, we interviewed the Administration manager at EICO Mr Amer Al Meslat. As stated above, EICO is divided into three divisions and this paper will be concentrating on the carton division. This division operates in the carton industry, specifically in the packaging part of the industry. Furthermore...
Words: 4063 - Pages: 17
...Internal Audit Internal auditing is a self-governing, objective assurance and consulting movement designed to add value and advance an organization's operations. The main objective of the internal audit activity is to determine whether the organization/company’s network of risk management, control, and governance processes, as designed and represented by the management, is adequate and functioning in a manner to ensure: risks are identified and managed, objectives are achieved, and compliance with policies are met. Along with internal auditing come developments, including standards and risk assessments for accounting and reporting practices. Sarbanes-Oxley Act The Sarbanes Oxley Act (the “Act”) of 2002 is a federal law passed in response to major corporate and accounting scandals including those of Enron, Tyco International, and Worldcom. These accounting scandals gave pause to the accounting world because of how complex and encompassing they were. They resulted in a decline of public trust in both accounting and reporting practices. It was then when the government realized that major reform was needed. This Act is now mandatory in the accounting world. All companies, whether small or large, must comply with the act. The corporate responsibility section of the Act calls for the establishment of an audit committee. The Act requires that all members of the audit committee be independent. Companies must disclose whether or not the audit committee includes at least one financial...
Words: 527 - Pages: 3
...AUD 610 TUTORIAL 1 (Professional conduct and ethics) Question 1 For each of the following situations, discuss whether there has been any violation of ethical conduct. Support your answers by reference to the relevant professional code and ethics. I. Wani is a CPA, a partner with Joe and Wani, a CPA firm. Her husband owns 30 percent of shares in an audit client of the firm, but she does not take part in the audit of the client and the value of her shares is not material in relation to her husband’s wealth. a) Yes this is violation. b) Under MIA By-Laws ; Professional Independence means unbiased viewpoint in the performance of audit test, evaluation of result and issuance of audit report. c) The reason is husband Wani holds 30 percent of shares in and audit client of her firm. Stated that in Section 290 MIA By-Laws, auditor are not considered to be independent if he or is spouse, or dependent son or daughter or any son or daughter holds directly or indirectly any interest in shares of the company. II. Fahmi is an audit partner of Amin & Ahmad. He is assigned to an audit engagement for Idaman Bhd. Fahmi’s son is working as an engineering in Idaman Bhd. a) No this is not violation. b) Under MIA By-Laws ; Professional Independence which is financial interest treats. If a member or immediate family has any financial interest directly or indirectly in the entity, then the said member is prohibited from accepting appointment as an auditor of the company. However the prohibition...
Words: 673 - Pages: 3
...An internal accountant is a helpful resource to help reform an organization with a out-of-control system. In the following paragraphs there will be information provided to justify the benefits of using an internal auditor to help the client’s organization. There will also be a referral of a prime candidate for an internal auditor based on his or her background. Lastly there will be an explanation of how the candidate’s background will be beneficial to client. Benefits of using an Internal Audit Internal auditor’s role in the organization is to monitor, assess and analyze the risk and controls of the organization. They do this by reviewing and confirming the information in the organization’s policy and procedures. The internal audit in a large organization is not performed by just one person. It is usually done by a team of auditors and they are assigned to different departments within the organization that needs auditing of its procedures and processes. These audits may also include the audit of its computer systems to make sure certain controls are in place. The benefits of an internal audit is to provide upper management and the audit committee assurance that the risks are low and the organizations governance is solid. The internal auditors also makes recommendations in an effort to enhance its policies, processes, and procedures (Cornell University, 2007). According to Cornell University (2007), “Internal auditors sometimes look at the same data or perform some of the same...
Words: 603 - Pages: 3
...Internal Audit – IT Audit Intern We are a specialty retailer offering the very best of what’s next in fashion for men, women and children since 1901. JOIN US WHERE IT ALL BEGAN. Whether you design clothes or business strategies, crunch numbers, lead projects or write code, we have a place for you at our Seattle headquarters. And we think Seattle is a pretty great place to live. More than just rainy days and coffee, Seattle has it all — mountains and beaches, arts and parks, music and film. It's made up of quirky neighborhoods, award-winning restaurants, and thriving industry. Come see for yourself! A day in the life… The ideal internal audit principal is motivated, results-oriented and committed to providing outstanding customer service every day. Responsibilities * Assist the lead auditor with documenting and testing various IT General, Security, Operational and Change Management Controls for Sarbanes-Oxley compliance. * Identify, develop, and document detailed audit observations and recommendations for improvement using independent judgment concerning the control being reviewed * Communicate with control owners across the IT groups to accomplish testing You own this if you have… * Current graduate student or Bachelor of an accredited degree program with concentration in Accounting and/or Management Information Systems/ Information Security * Working knowledge or course work covering the proper application of internal auditing, accounting...
Words: 375 - Pages: 2
...Case Class Discussion – Farma Corporation Do not Pass in Discussion Questions QI: Gain an Understanding of the Client: • What does the organization do? o Farma Corporation: Farma Corporation is a pharmaceutical company headquartered in New Jersey; sales for 1982 were $2 billion. • Why were we called in? o Maintenance Cost Allocation and Quality Concerns: Managers are complaining that they are being overcharged by the in-house maintenance group for poorly-performed, nonroutine jobs. • After doing the SWOT in Appendix A, list by scope area the key problems and/or concerns. (These problems will be placed in Part I of the formal case report) o Quality of Work: ▪ Unsatisfactory Performance: Jobs have to be redone at extra cost because they are not performed correctly the first time. o Work Order Scheduling: ▪ Priority: Maintenance group can substitute routine jobs in the place of nonroutine jobs at will, thus creating backlogs. ▪ Policy: Lack of policy dictating how jobs must be classified and scheduled (routine, nonroutine, emergency, etc.). o Maintenance Staffing: ▪ Understaffed: The maintenance group was refused a staff increase at the beginning of the year, leaving them with insufficient staff. o Communication: ▪ Estimates: Requesting departments are not given estimates of how much a job will cost and are therefore unable...
Words: 5848 - Pages: 24
...Journal of Accountancy Title: 10 Imperatives for Internal Audit Author: Ken Tysiac This article discussed how internal auditing professionals must be go above and beyond to combat risks and threats in the business world of today. The Institute of Internal Auditors issued a report outlining ten main areas that internal auditors can improve upon to meet these challenges. The ten key areas were as follows: anticipate the needs of stakeholders; develop forward looking risk management practices; continually advise the board and audit committee; be courageous; support the business objectives; identify, monitor and deal with emerging technology risks; enhance audit findings through greater use of data analytics; go beyond the IIA’s standards; recruit, motivate, and retain great team members; and invest in yourself. The first item up for discussion in the report is anticipating the needs of stakeholders. Internal Auditors should communicate more with business heads and other audit committees to better serve the clients expectations when developing audit plans. Another one of the ten key points that was addressed is being courageous in reporting to the stakeholders. Internal auditors should not be afraid to provide constructive criticism to the stakeholders and also be able to take what comes in return. The article states that Internal Auditors must be prepared to handle conflict. The last item in the report states that internal Auditors should recruit, motivate, and retain great...
Words: 298 - Pages: 2