Professional Documents
Culture Documents
The Code requires Chief Audit Executive to report directly to the Board of directors, Audit committee or
other appropriate governing authority instead to the President or CEO who are in-charged of day to day
operation and the subject of the examination.
– Is an independent, objective assurance and consulting activity designed to add value and
improve an organization’s operations. It helps an organization accomplish its objectives by
bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk
management, control and governance processes.
Primary purpose: To assist members of the organization in the effective discharge of their
responsibilities (Proper segregation of duties and responsibilities)
2) Assurance and consulting activity designed to add value and improve operations
3) Evaluating and improving the effectiveness of risk management, control and governance
processes
Types of audit
2) Performance audit – also known as operational audit or value for money audit. Is an audit
performed by internal auditor to evaluate the performance of organizational or business unit.
3) Systems-based audit – this approach concentrates on the functioning of the accounting system,
rather than the accuracy of accounting records and the evaluation of controls and control
systems.
4) Financial audit –is an audit performed by external auditors to provide an opinion on whether
the financial statements presented is true and complied with applicable accounting standards
5) Risk-based audit – this approach reviews the risk management process: how the organization
manages risk and takes action to mitigate risks, including the use of controls
Independence – For what reason? To have a freedom from conditions that threaten the ability of the
internal audit activity to carry out internal audit responsibilities in an unbiased manner.
Through:
a. Organizational independence
It is achieved when the Chief Audit Executive reports directly to the Board and senior
management (CEO) – Dual reporting
Scope limitation – is a restriction placed upon the internal audit activity that precludes
(pagsarhan) the audit activity from accomplishing its objectives and plans.
Under Practice Advisory 1130-1, a scope limitation, among other things, may restrict the:
i. Scope defined in the internal audit charter
Internal audit charter – is a formal document that defines internal audit’s purpose,
authority, responsibility and position within an organization.
ii. Internal audit activity’s access to records, personnel and physical properties
relevant to the performance of the engagements
iii. Approved engagement work schedule
iv. performance of necessary engagement procedures
v. approved staffing plan and financial budget
Due to independence, a threat may possibly arises such as having scope limitation, along with its
potential effect, needs to be communicated, preferably in writing, to the Board.
Internal auditors are not to accept fees, gifts or entertainment from an employee, client, customer,
supplier or business associate that may create appearance that the auditor’s objectivity has been
impaired. Except for receipt of promotional items (such as pens, calendars or samples) having minimal
value. Internal auditors are to report immediately the offer of all material fees or gifts to their
supervisors.
Reporting line (functional reporting) – is the ultimate source of its independence and authority.
Administrative line – is the relationship within the organization’s management structure that facilitates
day-to-day operations of the internal audit activity and provides appropriate interface and support for
effectiveness (coordination)
Individual objectivity – means the internal auditors perform engagements in such a manner
that they have an honest belief in their work product and that no significant quality
compromises are made.
Conflict of interest – is a situation in which an internal auditor, who is in a position of trust, has a
competing professional or personal interest. It exists even if no unethical or improper act results.
a. avoidance
Case B. Fermin, the Chief Audit Executive (CAE) of XYZ Company has been appointed to a
committee to evaluate the appointment of the company’s external auditors. Patricia, the
engagement partner of one of the potential external accounting firms wants Fermin to join her
for a week of hunting at her private lodge in Batangas. Should Fermin accept Patricia’s
invitation?
Answer: No on the grounds of conflict of interest.
Engagement - a specific internal audit assignment or project that includes multiple tasks or
activities designed to accomplish a specific set of objectives
I. Assurance services – is one involving an internal auditor’s objective (since they gather
evidence on outside parties such as suppliers) assessment of evidence to provide an
independent opinion or conclusions regarding the entity, operation, function, process,
system or other subject matter.
- an objective examination of evidence for the purpose of providing an independent
assessment on governance, risk management, and control processes for the
organization.
F/S have six (6) classifications
Assurance engagements - assess evidence regarding a particular issue and draw a conclusion
Note: the nature and scope of the assurance engagement are determined by the internal auditor as
defined in the internal audit charter
1) Process owner – the person or group directly involved with the entity, operation, function,
process, system or other subject matter. In external audit, the process owner is also known as
the “responsible party” or the “auditee”
2) Internal auditor – the person or group making the assessment
3) User – the person or group using the assessment
II. Consulting services – advisory and related client service activities, the nature and scope of
which are agreed with the client and which are intended to add value and improve an
organization’s governance, risk management and control processes without the internal
auditor assuming management responsibility.
1) Formal consulting engagements – planned and subject to written agreement such as assessment
of controls in a system
2) Informal consulting engagements – routine activities, such as, participation on standing
committees, limited-life projects, adhoc meetings, routine information exchange, serving on
task forces to analyze operations and make recommendations.
3) Special consulting engagements – such as participation on a merger and acquisition team or
system conversion team, study and evaluation of the proposed restructure of the organization to
reflect the most practical, economical and logical alignment
4) Emergency consulting engagement – participation on a team established for recovery or
maintenance of operations after a disaster or other extraordinary business event or a team
assembled to supply temporary help to meet a special request or unusual deadline.
Pagkonsulta sa pakikipag-ugnayan
1) Engagement client – maybe a person, group, business unit or department seeking and receiving
the advice.
2) Internal auditor – the person or group offering the advice
Note: When performing consulting services, the internal auditor should maintain objectivity and not
assume management responsibility.
Note: The client and internal auditor are parties responsible for determining the scope and nature of a
consulting engagement
Note: Independence and objectivity may be impaired if assurance services are provided within one year
after a formal consulting activity
Enterprise risk management (ERM) – is a process to identify, assess, manage and control potential
events or situations to provide reasonable assurance regarding the achievement of the organization’s
objective.
– Process conducted by management to understand and deal with difficulties that could affect
ability to achieve.
Control – any action taken by the Board, management and other parties to manage risk and increase
the likelihood that the established objectives and goals will be achieved. “PERC”
Classifications of control
Governance – the act of governing by the board to inform, direct, manage and monitor the activities of
the organization through combination of processes and structures.
– The process conducted by a board of directors to authorize, direct, and overse management
toward the achievements of the organization.