BUSINESS, MANAGEMENT, AND ACCOUNTING F INTERNAL AUDIT AND IT AUDIT SERIES o u n t International Profes- a While the Institute of Internal Auditors (IIA) has provided standards and i sional Practice Framework (IPPF) n guidelines for the practice of internal audit through the , internal auditors and Chief Audit Execu- tives (CAEs) continue to experience difficulties when attempting to balance the requirements of the IPPF with management expectations. The true chal- L lenge for any internal auditor is to appropriately apply the Standards while e exerting adequate independence and objectivity in the face of management a d preLsesuardei.ng the Internal Audit Function i Leading the n In , Lynn Fountain presents lessons g learned from her extensive experience as an internal auditor, internal audit manager, and CAE to help internal auditors understand the challenges, issues, t h and potential alternative solutions when executing the role. The book identi- Internal Audit e fies more than 50 challenges for auditors and discusses potential alternative actions the auditor can take when they experience a similar challenge. The I n book explains how to: t Function • Build a value-oriented function that abides by the standards and e r supports the objectives and goals of the organization. n • Execute the many aspects of the internal audit, including assurance a and consulting work. l • Build a risk-based audit process. A • Develop and sustain the internal audit team. • Develop and manage relationships with management and the u audit committee. d • Manage internal audit’s role in corporate governance, compliance, i t Leaadnind gfr tahued I.nternal Audit Function F includes real-life examples, scenarios, u and lessons learned from internal auditors and CAEs to emphasize the impor- n tance of carefully managing all aspects of the internal audit. The author sum- c marizes her many lessons learned into ten “commandments” for both CAEs t i and internal auditors. By following the guidelines in this book, you should o be well-equipped to gain management support, perform effective and ethical n audits, and uphold IIA Standards. K26126 6000 Broken Sound Parkway, NW ISBN: 978-1-4987-3042-6 Suite 300, Boca Raton, FL 33487 90000 711 Third Avenue New York, NY 10017 CRMA, CGMA an informa business 2 Park Square, Milton Park Lynn Fountain, www.crcpress.com Abingdon, Oxon OX14 4RN, UK 9 781498730426 www.auerbach-publications.com AN AUERBACH BOOK This book is one I wish were available about eight years ago when taking my first CAE position. Lynn’s writing style, similar to her speaking style, uses real-life examples and brings the reader into easily understanding the concept she conveys. The reader may use the concepts in this book in any industry, an environment, whether public or closely held; manufacturing or service; for profit or nonprofit. I highly recommend it to new CAEs as well as a reality check for current CAEs who wish to improve the position of internal audit in their organizations. Renee Wessel Jaenicke Audit Director CHM2M Hill Ms. Fountain succinctly captures the challenges chief audit executives (CAEs) face in their roles today. She provides a roadmap that will enable those servicing in this critical role to execute their responsibilities in align- ment to the published Institute of Internal Audit Standards and within the company culture that they operate in on a daily basis. As a former CAE, her lessons and wisdom provide a foundation for this outstanding book of advice. Tom Andreesen Managing Director Protiviti, Chicago Lynn is one of the highest rated and most popular instructors on our learn- ing platform. That would be good if the platform were limited to internal audit content and users. What is amazing is that the platform covers the entire office of the CFO, and here she is, leading the way for all of these functions. Bravo Lynn and keep the great learning coming. John Kogan Past five-time CFO Current Founder of Proformative Academy Leading the Internal Audit Function Internal Audit and IT Audit Series Editor: Dan Swanson PUBLISHED The Chief Audit Executive: The Reality of Performing in Business Today by Lynn Fountain ISBN: 978-1-4987-3042-6 FORTHCOMING Internal Audit Practice from A to Z by Patrick Onwura Nzechukwu ISBN: 978-1-4987-4205-4 Securing an IT Organization through Governance, Risk Management, and Audit by Kenneth Sigler and James L. Rainey, III ISBN: 978-1-4987-3731-9 The Complete Guide to CyberSecurity Risks and Controls by Anne Kohnke and Daniel Shoemaker ISBN: 978-1-4987-4054-8 Practical Techniques for Effective Risk-Based Process Auditing by Ann Butera ISBN: 978-1-4987-3849-1 Software Quality Assurance: Integrating Testing, Security, and Audit by Abu Sayed Mahfuz ISBN: 978-1-4987-3553-7 CyberSecurity: A Guide to the National Initiative for Cybersecurity Education (NICE) Framework (2.0) by Dan Shoemaker, Anne Kohnke, Ken Sigler ISBN: 978-1-4987-3996-2 Leading the Internal Audit Function CRMA, CGMA Lynn Fountain, CRC Press Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 © 2016 by Taylor & Francis Group, LLC CRC Press is an imprint of Taylor & Francis Group, an Informa business No claim to original U.S. Government works Version Date: 20150512 International Standard Book Number-13: 978-1-4987-3043-3 (eBook - PDF) This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmit- ted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, please access www.copyright. com (http://www.copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. CCC is a not-for-profit organization that provides licenses and registration for a variety of users. For organizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged. Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe. Visit the Taylor & Francis Web site at http://www.taylorandfrancis.com and the CRC Press Web site at http://www.crcpress.com Contents Preface xiii IntroductIon xv chaPter 1 Lessons of an audItor 1 Introduction 1 Management’s View 2 Section 1: Lessons Learned 4 Introduction 4 Lesson 1: Clarify/Define Management Expectations for Internal Audit 5 Lesson 2: Balance Management Expectations with the International Institute of Auditors Standards 6 Lesson 3: Validate the Internal Audit Charter as Fact and Not Fiction 8 Lesson 4: Clarify the Purpose and Execution of Risk-B ased Auditing 9 Lesson 5: Define “Independent Risk Assessment” in Relation to the Audit Plan 11 Lesson 6: Add Value While Maintaining Independence 11 Lesson 7: Serve the Audit Committee 13 Lesson 8: Communication of Issues When Management Objects 15 Lesson 9: Understand How the CAE Role and Audit Department Are Viewed 17 Lesson 10: Gaining a “Seat at the Table” 20 Section 2: Is It Legal or Is It Ethical?—The CAE’s Dilemma 23 Introduction 23 Everyone Is Responsible 25 Tone at the Top Is Essential 25 vii viii Contents Honesty Is Still the Best Policy 26 Integrity Can Be a Measure of Ethics 26 Corporate Responsibility and Communications Must Be Prevalent 27 Silence Is Not Acceptable 27 Summary 29 chaPter 2 defInIng the PurPose of the InternaL audIt functIon 31 Introduction 31 Section 1: Understanding the Definition and Purpose of Internal Audit 32 Challenge 1: Independence and Objectivity 34 Challenge 2: Assurance and Consulting Activity 39 Challenge 3: Add Value and Improve an Organization’s Operation 41 Challenge 4: Disciplined Approach to Evaluate and Improve the Effectiveness of Risk Management, Control, and Governance Processes 44 Summary: Internal Audit Definition Challenges 48 Scope of Internal Audit 49 Professional Standards—Principles for Internal Auditor Effectiveness 50 Section 2: The Internal Charter—Reality or Fiction? 50 Introduction 50 Challenge 5: Internal Audit Charter 51 Challenge 6: Positioning and Authority 55 Section 3: Internal Audit versus Quality Assurance Functions 61 Introduction 61 Internal Audit versus Quality Assurance—The Reality 62 Mini-Audit Functions 63 Scenario: Mini-Audit Process 65 Challenge 7: Internal Audit versus Quality Assurance 66 Section 4: Management Expectations versus Standards 67 Introduction 67 Management Expectations and the Standards 67 Certified Internal Auditor 69 Challenge 8: Attribute Standards Integrity and Ethical Values 69 Challenge 9: Attribute Standards Proficiency and Due Care 72 Challenge 10: Attribute Standards Quality Assurance and Improvement 76 Section 5: Performance Standards 77 Introduction 77 Challenge 11: Performance Standard 2000 78 Section 6: Standards and Report Writing 82 Introduction 82
Description: