ebook img

The internal auditor at work : a practical guide to everyday challenges PDF

293 Pages·2004·1.409 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview The internal auditor at work : a practical guide to everyday challenges

fm.tex (i-xiv) 10/4/03 2:24 PM Page iii THE INTERNAL AUDITOR AT WORK A Practical Guide to Everyday Challenges K.H. SPENCER PICKETT John Wiley & Sons, Inc. fm.tex (i-xiv) 10/4/03 2:24 PM Page iv This text is printed on acid-free paper. (cid:1)(cid:1) Copyright © 2004 by John Wiley & Sons. All rights reserved. Published by John Wiley & Sons, Inc., Hoboken, New Jersey Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400, fax 978-750-4470, or on the web atwww.copyright.com.Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, 201-748-6011, fax 201-748-6008, e-mail: [email protected]. Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages. For general information on our other products and services, or technical support, please contact our Customer Care Department within the United States at 800-762-2974, outside the United States at 317-572-3993 or fax 317-572-4002. Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books. ISBN 0-471-45839-2 Printed in the United States of America 10 9 8 7 6 5 4 3 2 1 fm.tex (i-xiv) 10/4/03 2:24 PM Page ix CONTENTS List of Abbreviations xiii Chapter 1 Introduction 1 Section 1 About the Book 1 Section 2 The New Internal Auditor 2 Section 3 The Challenges of a Career in Internal Auditing 4 Section 4 Popular Misconceptions 6 Section 5 ABrief History of Internal Auditing 10 Section 6 The Importance of Tracking New Developments 14 Section 7 The Audit Model 17 Section 8 Summary: Top Ten Considerations 19 Section 9 Your Personal Development Exercises 20 Chapter 2 The Audit Context 23 Section 1 The Growth of Corporate Governance 23 Section 2 Understanding Societal Expectations 24 Section 3 The Global Dimension 29 Section 4 Impact on the Board and Senior Management 33 Section 5 The Role of the Audit Committee 34 Section 6 Risk Management: The Key to Success 39 Section 7 Understanding Internal Controls 44 Section 8 Defining the Internal Audit Role 50 Section 9 External Audit 55 Section 10 The Value-Add Proposition 59 Section 11 The Audit Model 62 Section 12 Summary: Top Ten Considerations 65 Section 13 Your Personal Development Exercises 67 ix fm.tex (i-xiv) 10/4/03 2:24 PM Page x x CONTENTS Chapter 3 The Strategic Dimension 69 Section 1 Approaches to Internal Audit Work 69 Section 2 Risk-Based Systems Approach 71 Section 3 Consulting Services 74 Section 4 Compliance 79 Section 5 Fraud and Abuse 82 Section 6 Information Systems 87 Section 7 CSAWorkshops 91 Section 8 Developing an Integrated Approach 96 Section 9 The Audit Model 100 Section 10 Summary: Top Ten Considerations 103 Section 11 Your Personal Development Exercises 106 Chapter 4 Quality Assurance and Audit Competence 109 Section 1 The Quality Concept 109 Section 2 Professional Internal Auditing Standards 110 Section 3 Documentation Standards and Review 113 Section 4 Internal and External Reviews 125 Section 5 Audit Competence 129 Section 6 Interviewing 132 Section 7 The Audit Model 140 Section 8 Summary: Top Ten Considerations 143 Section 9 Your Personal Development Exercises 146 Chapter 5 The Audit Process 151 Section 1 The Audit Process 151 Section 2 Risk-Based Strategies 152 Section 3 Preliminary Surveys 162 Section 4 Developing Assignment Plans 168 Section 5 Audit Fieldwork 180 Section 6 Developing Findings 214 Section 7 Audit Reporting and Follow-Up 222 Section 8 The Audit Model 241 Section 9 Summary: Top Ten Considerations 244 Section 10 Your Personal Development Exercises 248 fm.tex (i-xiv) 10/4/03 2:24 PM Page xi CONTENTS xi Chapter 6 The Audit Proposition 253 Section 1 Impacting Corporate Governance 253 Section 2 Supporting the Board and the Audit Committee 255 Section 3 Providing Assurances on Controls 258 Section 4 Making Risk Management Work 261 Section 5 Partnerships with Management 265 Section 6 The Global Audit Community 267 Section 7 Future Directions and Challenges 268 Section 8 The Final Audit Model 273 Section 9 Summary: Top Ten Considerations 279 Section 10 Your Personal Development Exercises 281 Index 283 fm.tex (i-xiv) 10/4/03 2:24 PM Page xiii LIST OF ABBREVIATIONS ACFE Association of Certified Fraud Examiners ACL Audit Command Language AICPA American Institute of Certified Public Accountants CAE Chief Audit Executive CEO Chief Executive Officer CFE Certified Fraud Examiner CFIA Competency Framework for Internal Auditing CFO Chief Finance Officer CG Corporate Governance CIA Certified Internal Auditor CISA Certified Information Systems Auditor COSO Committee of Sponsoring Organizations CPA Certified Public Accountant CRSA Control Risk Self-Assessment CSA Control Self-Assessment ERM Enterprise Risk Management GAAP Generally Accepted Accounting Principles HR Human Resource ICE Internal Control Evaluation ICES Internal Control Evaluation Schedule ICQ Internal Control Questionnaire ID Identification IDEA Interactive Data Extraction and Analysis IIA Institute of Internal Auditors IS Information Systems IT Information Technology KPI Key Performance Indicators NYSE New York Stock Exchange OECD Organisation for Economic Co-operation and Development RBSA Risk-Based Systems Auditing SEC Securities and Exchange Commission xiii c01.tex (1-22) 10/4/03 2:24 PM Page 1 1 INTRODUCTION SECTION 1 ABOUT THE BOOK This new book provides a dynamic resource for business graduates and others entering the field of internal auditing as well as for seasoned auditors who are looking for ways to expand audit services. It acts as a concise guide to the role and responsibilities of the internal auditor within the context of the global themes of corporate governance, risk management, and control. The book addresses the challenges facing internal auditors in larger and medium-sized organizations in the private, not-for-profit, and wider public sectors. Although set in the U.S. economy, it is relevant throughout the developed and developing world—in line with the increasing reliance on internal auditing to promote integrity, account- ability, and transparency in business and government. The book focuses on the context, role, and work of the internal auditor as an introductory text. It provides broad coverage of important concepts rather than just concentrating on the basic and detailed workbook exercises that some orientation guides contain. Internal auditing has many branches and specialist areas. The interpretation of the audit role will depend on the adopted perspective of the individual auditor and may consist of a combination of roles that includes: ● Basic internal auditing ● Retail and branch audits ● Information systems auditing ● Investigations and forensic examination ● Detailed analytical review ● Contract and large engineering project audits ● Internal audit management and quality assurance ● Corporate governance and top management reviews ● Specialist compliance, disclosures, and financial statement auditing This orientation guide addresses the first item, basic internal auditing, and does not provide extensive details of the other more specialist areas of audit 1 c01.tex (1-22) 10/4/03 2:24 PM Page 2 2 INTRODUCTION work. There is a whole array of relevant material available to the budding inter- nal auditor that provides an insight into these and many other specialist aspects of the job. Not least are the vast resources that appear on Internet Web sites using the key search words “internal auditing.” The Institute of Internal Audi- tors (IIA), a global body that represents the interests of internal audit profes- sionals and like-minded specialists, has developed a wealth of material that is both interesting and relevant. There are hundreds of specialist textbooks, study guides, videos, and CDs that address aspects of the internal auditor’s work. The newly appointed auditor will doubtless visit these resources as his or her career develops. This book limits reference material to the professional standards and prac- tice advisories published by the IIA as a good starting place for the new auditor. As such, all references to standards and advisories throughout the book relate to the professional practices framework published by the IIA. Note that both the standards and practice advisories are in a constant state of development. There- fore, the reader is advised to track developments, as standards are updated and changed over the years. Most sections of the book conclude with ideas that the auditor could consider discussing with an audit colleague from the employing organization or anyone else who is associated with internal auditing in some shape or form. Each chapter closes with a set of exercises that should be tackled by the new auditor as part of his or her personal development plan. For Further Discussion How has orientation training been covered in the past, and what other steps have new auditors taken to come to grips with the internal audit role? SECTION 2 THE NEW INTERNAL AUDITOR The growing emphasis on corporate accountability has led to a drive for more openness in the way private business and the public sector manage and commu- nicate their performance to key stakeholders. This, in turn, has led to a search for mechanisms that may help promote the three linked concepts of integrity, accountability, and transparency, commonly known as good corporate gover- nance. The governance processis defined by the IIA (Glossary) as: The procedures utilized by the representatives of the organization’s stake- holders (e.g., shareholders, etc.) to provide oversight of risk and control processes administered by management. c01.tex (1-22) 10/4/03 2:24 PM Page 3 THE NEW INTERNAL AUDITOR 3 One of the pillars of corporate governance relates to the establishment of sound systems of audit and accountability. Directors report to company owners and communicate with various stakeholders through the annual report, while independent auditors double-check the report and the associated accounts on behalf of these owners. This quite straightforward model is, however, dependent on effective internal systems to support the financial and corporate strategies of the organization. Moreover, the reality can be far from the theoretical model of ownership, stewardship, management, and accountability, because published information may not always be entirely reliable. There are many different types of risk that can undermine the search for success. The internal auditor appears on the horizon to help review the system of controls that address actual and per- ceived threats to an organization. Again, the auditor is an independent party who is able to stand back from apparently conflicting forces when performing its reviews. The formal definition of internal auditingis as follows: Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a system- atic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Free from Spin The audit process has become increasingly relevant to successful businesses as there are fewer people around who are not engaged in the constant spin that clouds most reviews, reports, and published opinions. In turn, the internal audit process depends on a source of professional staff who are able to achieve the demanding goal of balancing the task of helping the customer develop good business systems with the need to provide an objective assessment of the same customer’s systems. The internal auditor’s role is that of assisting managers and their teams, while also working for the corporate body of the organization and often reporting to an independent audit committee. We will develop these dual themes of performing objective reviews and understanding the real pressures facing busy operational managers. Our main objective is to address these themes in the context of the changing role of internal auditing and how audi- tors can respond to new developments. The IIA defines an internal audit activ- ityas: a department, division, team of consultants, or other practitioner(s) that provide independent, objective assurance and consulting services designed to add value and improve an organization’s operations. The internal audit activity helps an organization accomplish its objectives by bringing a c01.tex (1-22) 10/4/03 2:24 PM Page 4 4 INTRODUCTION systematic, disciplined approach to evaluate and improve the effective- ness of risk management, control, and governance processes. Three Aspects of Internal Auditing Note that the three aspects of the audit role—risk management, control, and governance processes—are referred to regularly throughout the entire book. No apologies are offered for this approach, since it is important that there be con- stant reinforcement of the fundamentals of internal auditing. For Further Discussion In what way has internal auditing changed over the years, and what are the highlights and downsides of these changes? SECTION 3 THE CHALLENGES OF A CAREER IN INTERNAL AUDITING It is a well-kept secret that in days gone by, many people found themselves transferred to internal audit either by chance or because they were not really suited to anything else. Over the last few decades, things have not only changed but have also gone full circle. Now, instead of being “sent” to internal audit, many staff members are prepared to fight for the chance to join the in-house audit team. The prospects can be very good, and there is much scope for personal development and excellent rewards from a career in internal auditing. Mean- while, the challenges are quite unique. Balancing the auditor’s consulting role with the need to retain professional objectivity is quite an achievement. It takes a certain type of individual to succeed in this task. A career in internal audit involves acquiring more than just professional competence. It requires a demeanor that is flexible and understanding but firm on important points of principle. It requires someone who is able to listen, consider, and then make a decision on a position even in the face of inconsistent and/or incomplete infor- mation. More than this, internal auditors need to see the “big picture,” even when aspects are missing or at times distorted. But the big picture must also contain the little pieces that go together to make up the final image. The Career Auditor A career in internal auditing is not for the fainthearted. It is for those who are prepared to go the distance and who do not mind the lack of glamour and gold medals, but simply accept the challenge. This does not mean some people will

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.