The board of directors is responsible for deciding whether to establish an internal audit function or outsource it. The SEC allows outsourcing to the independent auditor for operational audits not related to accounting controls, financial systems, or statements, and for nonrecurring assessments. The audit committee can help internal auditors succeed by ensuring their independence from management, adequate resources and skills, and proper knowledge of governance and financial reporting.
The board of directors is responsible for deciding whether to establish an internal audit function or outsource it. The SEC allows outsourcing to the independent auditor for operational audits not related to accounting controls, financial systems, or statements, and for nonrecurring assessments. The audit committee can help internal auditors succeed by ensuring their independence from management, adequate resources and skills, and proper knowledge of governance and financial reporting.
The board of directors is responsible for deciding whether to establish an internal audit function or outsource it. The SEC allows outsourcing to the independent auditor for operational audits not related to accounting controls, financial systems, or statements, and for nonrecurring assessments. The audit committee can help internal auditors succeed by ensuring their independence from management, adequate resources and skills, and proper knowledge of governance and financial reporting.
The decision of whether to establish and maintain an internal
audit function or outsource the function should be made by the
company’s board of directors and its representatives.
The SEC rule permits internal audit outsourcing to the client’s
independent auditor in the following areas:
1. Operational internal audits that are not related to internal
accounting controls, financial systems, or financial statements. 2. Nonrecurring assessment of discrete items or other programs unrelated to outsourcing of the internal audit function. The audit committee can contribute to the success of internal auditors and the achievement of their value-added activities by ensuring that they have 1. Sufficient independence from management by reporting to and being held accountable to the audit committee 2. Adequate resources, competence, and focus to assess the company’s operational efficiency, internal control effectiveness, ERM, and reliability of financial reports 3. Proper knowledge of the company’s corporate governance, internal control, financial reporting, and audit activities 4. The mechanisms and confidence to bring forward controversial financial reporting issues 5. A process for communicating directly with the company’s audit committee on a regular and timely basis 6. Access to the audit committee to discuss concerns related to management activities, financial reporting risk, and fraudulent financial reporting 7. Audit committee approval of the budget and staffing of the internal audit function. Step 1 Reevaluate the risk assessment