Professional Documents
Culture Documents
MISSION STATEMENT/OBJECTIVES/VALUES
MISSION STATEMENT
Internal Audit exists to support the Board of Directors in the effective discharge of their
responsibilities. Using our knowledge and professional judgement, we will provide an
independent appraisal of ABC Company's financial, operational, and control activities. We
will report on the adequacy of internal controls, the accuracy and propriety of transactions, the
extent to which assets are accounted for and safeguarded, and the level of compliance with
company policies and government laws and regulations. Additionally, we will provide
analyses, recommendations, counsel, and information concerning the activities reviewed.
OUR OBJECTIVES IN ACCOMPLISHING OUR MISSION INCLUDE THE FOLLOWING:
QUALITY ASSURANCE
The purpose of "quality assurance" is to provide reasonable assurance that audit work
performed by ABC Company - Internal Audit conforms to Generally Accepted Auditing
Standards.
Quality Assurance Policy
All working papers shall be independently reviewed to ensure there is sufficient evidence to
support conclusions, document the extent of audit work performed, and ensure that all audit
objectives have been met, as well as substantiate compliance with applicable auditing
standards.
A detailed review shall be conducted by the Audit Manager for assigned staff's working
papers. A less comprehensive review shall be conducted by Internal Audit Department or an
assigned Quality Assurance staff person. EXCEPTION: If the Audit Manager is the only staff
member assigned to the audit/task then the detailed review shall be performed by department
administration or an assigned Quality Assurance staff person.
Initialling (Director/Quality Assurance staff person and the Audit Manager) working papers
(Section Summaries, Audit Programs, Draft Report) and completing the "Quality Assurance
Review form," will serve as documentation of the review process and will be filed with the
working papers.
NOTE: Auditors are encouraged to perform an "informal" self-review of their working papers.
However, this review would be for their benefit only and therefore this document SHALL
NOT be a part of the working papers.
Quality Assurance Review Process
In performing the review the reviewer should:
• Review working papers from audit program steps to the referenced working papers
ensuring cross-referencing is proper, the working papers support the steps performed,
and all steps have been completed (or why steps were not completed).
• Review working papers from the report(s) to the digest to the working paper
summaries to the detailed working papers to ensure that all findings are stated,
adequately document and support the OPINIONS, FINDINGS, and
RECOMMENDATIONS stated in the report.
• Determine working paper's compliance to department working paper standards.
• Determine report(s) compliance with department report standards.
• Determine Permanent Audit File's compliance with department standards.
• Record any deficiencies, comments, etc. on a Working Paper Review Notes form.
Audit Manager
We request that you, or the staff member most familiar with our recent work, complete and
submit the questionnaire. Please feel free to expand on any areas that you wish to clarify in
the comments area. We sincerely appreciate your assistance.
Audit Working Papers: Record the information obtained, the analyses made, and the
conclusions reached during an audit. Audit working papers support the bases for the findings
and recommendations to be reported. Audit working papers are a key part of the evidence
used by us in arriving at our conclusions and recommendations.
Auditable Activities: Consist of those subjects, units, or systems, which are capable of being
defined and evaluated. Auditable activities may include:
We have adopted risk-based approach in recent years as an approach that uses the Company's
Risk Register as a means of identifying our audit universe.
Audit Universe: An inventory of audit areas that is compiled and maintained to identify areas
for audit during the audit planning process. Traditionally, the list included all financial and
key operational systems audited as part of the overall cycle of planned work. The audit
universe serves as the source from which the five-year audit plan and the annual audit
schedule are prepared. Developments in the approach to auditing and audit planning have
meant that the audit universe is determined by risk (i.e. a risk universe) and that the risk-based
approach to auditing results in planning that is driven by the Company's risk register. The
universe will be periodically revised to reflect changes in the overall risk profile. An inventory
of audit areas, or audit universe, will be complied and maintained.
Authorisation: Implies that the authorising authority has verified and validated that the
activity or transaction conforms to established policies and procedures.
Authorising: Includes initiating or granting permission to perform activities or transactions.
C
Charter: The charter of the internal audit activity is a formal written document that defines
the activity's purpose, authority, and responsibility.
Compliance: The ability to reasonably ensure conformity and adherence to Company's
policies, plans, procedures, laws, regulations, contracts, ordinances and statutes.
Conclusions: Our evaluation of the effects of the findings on the activities reviewed.
Conclusions usually put the findings in perspective based upon their overall implications,
particularly in a risk-based audit approach which will provide an audit viewpoint in relations
to the aims and objectives of the Company.
Conflict of Interest: Any relationship that is or appears to be not in the best interest of the
Company. A conflict of interest would prejudice an individual's ability to perform his or her
duties and responsibilities objectively.
Consequence: The outcome of an event expressed qualitatively or quantitatively, being a
loss, injury, disadvantage or gain.
Control Framework: A recognised system of control categories that covers all internal
controls expected in an organisation.
Control Processes: The policies, procedures, and activities that are part of a control
framework, designed to ensure that risks are contained within the risk tolerances established
by the risk management process.
Control Risk: The tendency of the internal control system to lose effectiveness over time and
to expose, or fail to prevent /detect weaknesses in the systems of control.
Control Self-Assessment: A class of techniques used in an audit or in place of an audit to
assess risk and control strength and weaknesses against a Control Framework. The "self"
assessment refers to the involvement of management and staff in the assessment process,
often facilitated by internal auditors. There are many self-assessment techniques in use. At the
Company, we operate an annual self-audit system that is a form of self-assessment.
D
Detection Risk: The probability that an incorrect audit conclusion will be drawn from the
results of the examination or that the audit work will fail to detect any serious errors.
Detective Controls: Actions taken to detect and correct undesirable events which have
occurred.
Directive Controls: Actions taken to cause or encourage a desirable event to occur.
Due Professional Care: Calls for the application of the care and skill expected of a
reasonably prudent and competent internal auditor in the same or similar circumstances. Due
professional care is exercised when internal audits are performed in accordance with
Generally Accepted Auditing Standards. The exercise of due professional care requires that: