FACULTY OF BUSINESS AND ACCOUNTANCY

UNIVERSITI SELANGOR

EXERCISE

INTERNAL AUDIT

COURSE NAME : AUDIT AND INVESTIGATION

COURSE CODE : PAS3143
SEMESTER : NOVEMBER 2020 / 32034
LECTURER’S NAME : MADAM SALINA BINTI RASLI
GROUP : G1
SUBMISSION DATE : 24 DECEMBER 2020

Please fill in the following particulars:

STUDENT’S DETAIL

NAME STUDENT ID.

NUR QAMARINA BINTI MOHAMAD ASRI 4174017761
NUR IZZAH HAZWANI BINTI NORIZAN 4174017771
NUR HANIS ZULAIKHA BINTI ZULKIFLI 4154001201
NURUL SYAFIQAH BINTI JAAFAR 4155003641
Question 1

Discuss why the internal audit function is one of the cornerstones of effective control.

Answer

Internal audit can play an important assurance role in an organisation’s governance processes,
particularly in the area of risk management and control. In many organisations, the expectations
placed upon internal audit have increased and the function is being relied on to make a significant
contribution. Internal audit can contribute to independent assurance on the overall risk
management, control and corporate governance processes.

A business cannot grow without a strong foundation, it is necessary for a business to have
thorough internal controls. There are 4 cornerstones of internal control and it’s important to
understand.

1. Procedures
It is vital for businesses to have proper procedures in place. This includes a written policy that
outlines who is in charge of what duties within the company, along with the expected deadlines
for these duties. When determining which employees are performing specific tasks, always keep
segregation of duties in mind.

Segregation of duties is dividing or allocating tasks among various individuals, striving to

reduce the risk of error and fraud. The three categories to separate are authorization, custody, and
record keeping. Smaller businesses may have a harder time spreading duties amongst staff, but
custody and record keeping should remain separate.

2. Documentation
Complete and detailed documentation plays a key role in fraud prevention and detection. For
example, invoices that are pre-numbered in sequential order allow for early detection of out-of-
order or abnormal invoice numbers. It is important to have original copies of supporting
documentation. All documentation and records should be reported in a timely manner to reduce
the ease of fraudulent activity.
Question 1…CONT’D.

Answer…Cont’d.

3. Security Controls
Proper security controls are needed. Good physical security controls include locked doors,
safes, and vaults. Strong mechanical security controls are video-monitoring systems, time clocks,
alarm systems, and employee key cards. Protecting the company’s information is a necessary
security control in this day and age. Make sure each employee has a separate log-in and password
in order to access the company’s network.

4. Monitoring
A business manager still needs to monitor the entire process to make sure the internal controls
are operating effectively. Large companies utilize an internal audit team to make sure their internal
controls are operating properly. External audits are another highly recommended monitoring
function.

A CPA can make sure that a company is following Generally Accepted Accounting Principles
(GAAP), but the process is not designed to focus on fraud detection. If a company does not have
an internal audit team, it is strongly recommended to have an internal control study performed by
an external party.
Question 2 (10 Marks)

Elaborate how the interactions between Internal and External Auditors.

Answer

Internal auditors are an organizations employee, or can also be an independent entity which is
outsource or co-outsource and not usually a member of the MIA. External auditors are an
independent contractor who practicing accounting from outside of the organization and a member
of MIA.
Interaction is an action that occurs as two or more objects have an effect upon one another.
Internal and external auditors should maintain clear boundaries and independence from each other,
it is because both functions complement to one another. Therefore, it is beneficial for external and
internal audit to maintain an appropriate, constructive, and fluid two-way communication.
Internal should serves the need of the organizations though the function must be managed
by the organization while the external auditors serves third parties who need reliable financial
information in compliance with the companies act 2016 (CA2016). This relationship will ensure
they coordinate efforts and share valuable information, such as the internal audit programme of
work, the external audit management plan, the risks each function has identified, or changes in
standards.
Next, the internal auditors serve the needs of the organization, through the function must
be manage by the organization while the external auditors serve third parties who need reliable
financial information in compliance with CA 2016. Auditors share information, coordinate
activities, and consider relying upon the work of other internal and external assurance and
consulting service providers to ensure proper coverage and minimize duplication of efforts.
Then, focuses on the future events by evaluating controls design to assure the
accomplishment of the entity’s goals and objectives while external auditors focus on the accuracy
and understand ability of historical events as expressed in financial statements. The chief internal
auditor and the partner responsible for external audit should ensure appropriate and regular
communication and sharing of information.
Last but not least, chief internal auditor and the partner responsible for external audit should
ensure appropriate and regular communication and sharing of information.
Question 3 (25 Marks)

Explain EIGHT (8) definition of the services provided by DuPont’s Internal Auditors.

Answer

1. Internal Control Assessment is an overall evaluation of the internal control structure and
its sufficiency to resolve the related risks for each business field of an organization. The
resources of an entity are guided, controlled, and calculated in an efficient way through
control analysis. It plays a main role in protecting the tangible and intangible capital of the
company.
2. Consulting is the activity of an internal auditing that is usually provided in response to a
management request. It is developed to provide an experience in solving problems related to
internal control. Besides, consulting also ensures that internal auditors, apart from
highlighting problems, have quality solutions to the problems. It is very much a value adding
service. In other word, consulting can be included in answering questions, developing
problem-solving solutions, suggesting courses of action and formulating an opinion.
3. Business process improvement is the involvement of the business practice by identifying,
analyzing and improving existing business processes to optimize performance, meet best
practice standards or simply improve quality and the user experience for customers and end-
user.
4. Internal controls education is a combination of measures put in place in order to ensure
that the financial and physical assets of the school are safeguarded from the risk of theft and
fraud is minimized.
5. System implementation review is the process of defining how the information system
should be build, ensuring that the information system is operational and used, ensuring that
the information system meets quality standard.
6. Self-assessment is an evaluation of oneself or one’s actions, attitudes, performances,
judgment, sometimes for official purposes that make about your abilities and qualities.
Question 3 (25 Marks)…CONT’D.

Answer…Cont’d.

7. Investigation is any material issues raised by the independent registered public accounting
firm’s most recent internal quality control review or peer review or by any governmental
or professional inquiry or investigation in the most recent five-year period relating to the
independent registered public accounting firm’s audits and steps taken to address such
issues.
8. Process Audit is an examination of results determines whether the activities, resources and
behaviors that can caused them being managed efficiently and effectively. Process audit is
a transaction that generates results to be generated effectively managed process.
Question 4 (10 Marks)

Discuss TWO (2) primary categories of Internal Auditors roles.

Answer

What is Internal Auditor? Internal Auditor is experienced professional tasked with

providing independent and objective evaluation of a Company financial and operational business
activities. It is designed to add value and improve organizational operations. Internal auditors also
have to educate the company’s employees and management on how to improve the business
operation and activities by looking the documents.

Based on the definition of Internal Auditors, it has established two primary roles. The first
primary roles is an Internal Auditor should provide an independent assurance service to the board,
audit committee and management, addressing on reviewing the effectiveness of the governance,
risk management and control processes that management that has put into place. He or she has to
ensure on providing independent assurance that management has, in its financial statements
presented “true and fair” view of a company of a company financial performance and position.
Besides, as an internal auditor, they have a professional duty to provide an unbiased and objective
view. Internal auditor must be independent from the operations they evaluate and record it to the
highest level in an organization.

The second primary role is to provide guidance to management on governance risks and
controls, for example, the controls that will be needed when undertaking new business ventures.
Internal auditors are not responsible for the performance of company activities. They give
instruction to management and the board of directors regarding on how to execute their
responsibilities. As a result of their broad scope of cooperation, internal auditors may have a
selection of higher educational and professional backgrounds. In conclusion, internal auditors help
organizations to succeed. Internal auditors do this through a combination of assurance and
consulting. The assurance part of their work involves telling managers and governors how well
the systems and processes designed to keep the organization on track are working.
Question 5 (10 Marks)

Describe FOUR (4) main principles of ethical conduct follows by Internal Auditor.

Answer

The four main principles of ethical conduct which followed by the Internal Auditor are integrity,
objectivity, confidentiality and competency.

Integrity is the performance of work with honesty, diligence and responsibility. In other word, the
internal auditor should be aware of the provisions of the Code of Ethics and should carry out all
operations in compliance with the Code. Besides, integrity also interpret that become an auditor,
an individual need to observe the law and make reports that are required by the law and the
professional and need to respect and contribute to the organization's legitimate and ethical goals.
An auditor also need to know the activities that involving the illegal activity or engage in activities
which are discreditable to the internal auditing profession or the organization must be avoids no
matter what.

Objectivity is where the auditor shall make a balanced evaluation of all the relevant circumstances
and shall not be unduly influenced in the making of decisions by their own interests or by others.
This mean that they need to avoid acts or relationship impaired unbiased assessment which it
including those that conflicts with the organization’s interest. Other than that, as an auditor all the
relevant information that they know should be disclosed, which if not been disclosed, it can distort
the reporting of the activities under investigation.

Confidentiality is information that been obtained while performing an audit must be protected
and used only as appropriate in the engagement. It mean that as an auditor the information that
they obtained from performing an audit must not use for personal gain, contrary to the law or to
detriment of legitimate and ethical objective of the organization.

Competency is where the skill, knowledge and experience are important on auditor requirements
for providing internal auditing services. In the word, the performance of the internal auditing
services shall be in compliance with the International Guidelines for Internal Auditing Professional
Practice and competency of an audit and the reliability and quality of their services should be
continuously improved.