Obayemi Emmanuel Ayomide

20222928

Auditing theory
Overview of Internal audit

Introduction

All quoted and listed companies are required to carry out a compulsory annual external audit of

their financial statements, however, internal audit is not compulsory, but rather forms part of a

good and well-practiced corporate governance, corporate governance gives the different

stakeholders in a business a greater confidence in the company’s ability to achieve its stated

objectives and report them in a fair and objective manner.

Definition of Internal audit

Internal audit is an independent, objective assurance and consulting activity designed to add

value and improve an organisation’s operations. Companies must create a strong system of

internal control in order to fulfil their responsibilities. However, it is not sufficient to imply have

mechanisms in place to manage a business, their effectiveness must be regularly evaluated. All

systems need some form of monitoring and feedback. This is the role of internal audit.

Overview

Many large companies and organizations maintain an internal auditing staff. Internal auditors are

employed by individual companies to investigate and appraise the effectiveness of company

operations for management. Much of their attention is often given to the appraisal of internal

controls. A large part of their work consists of operational audits; in addition, they may conduct

compliance audits. In many countries internal auditors are heavily involved in financial audits. In

these circumstances the external auditor should review the work performed by the internal

auditor (Hayes et al, 2021). The internal audit department reports directly to the president or

board of directors. An internal auditor must be independent of the department heads and other
executives whose work he reviews. Internal auditors, however, can never be independent in the

same sense as the independent auditors because they are employees of the company they are

examining.

The internal audit goes beyond just the usual control functions, as this limits the functions the

internal audit adds to the company, in order to widen the base of their functions, The Institute of

Internal Auditors (IIA) defines internal auditing as an independent, objective assurance and

consulting activity designed to add value and improve an organization’s operations. It helps an

organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate

and improve the effectiveness of risk management, control, and governance processes. (IIA,

1999).

Internal auditors as risk managers

Internal auditors can add value to the entity by providing assurance that its risk exposures are

properly understood and managed. Internal audit should play a key role in monitoring a

company’s risk profile and identifying areas to improve risk management processes. As Walker

et al. (2003, p. 52) assert, internal audit can “help organizations identify and evaluate risks,

moving the profession into the front line of risk management”. We would therefore expect there

to be a link between the use of internal audit and the company’s commitment to sound risk

management.

Internal audit as a control mechanism

Internal control is the process adopted by the directors and management of an entity to provide

reasonable assurance that the objectives of the entity are achieved with regard to operations,

financial reporting and compliance with regulations (COSO Report, 1992). External auditing
standards (e.g. ISA, 400 and AUS, 402) recognize that an effective internal audit function can

significantly strengthen the control environment by:

(1) reviewing the internal control structure;

(2) monitoring the operations of the information system and control procedures on behalf of

management (AUS 402 19(d)).

As a result of the asymmetry of information between senior managers and division managers

senior managers can lose their ability to tightly control operations. This problem is compounded

by the existence of internal agency costs that arise because of differences in incentives between

senior managers and lower-level staff. Hence, it is important to have in place a strong system of

internal control, which may include the use of internal audit as a review and monitoring

mechanism. In this way, senior management may delegate their responsibilities with respect to

internal control to the internal audit function (Goodwin-Stewart & Kent, 2006).

Internal audit as an internal governance mechanism

From an agency perspective, the importance of strong governance stems from the need to align

the interests of management with other stakeholders in the firm in order to reduce agency costs

(Cohen et al., 2002). Various corporate governance mechanisms can be used to monitor

management’s behaviour and these include independent directors on the board, an independent

board chair, an effective audit committee and both external and internal audit. Cohen et al.

(2004) describe the complex interactions between these governance mechanisms as the

“corporate governance mosaic” (p. 88).

Anderson et al. (1993) argue that internal audit is a substitute mechanism for monitoring by

directors. However, information asymmetry problems between executive and independent

directors suggest that internal audit is more likely to be a complementary mechanism. This is
supported by research evidence examining the relationship between internal audit and audit

committees (Scarbrough et al., 1998) and is also consistent with the IIA view that internal

auditing helps an organization to evaluate and improve other governance processes (IIA, 1999,).

Hence, we expect a positive association between the use of internal audit and both an

independent board chair and the proportion of independent directors on the board. We also

expect a positive association between the internal audit function and a strong audit committee

because the goals of both are “closely intertwined” (Scarbrough et al., 1998, p. 53). While a

strong internal audit function can enhance the effectiveness of the audit committee.
References

Anderson, D., Francis, J. R., & Stokes, D. J. (1993). Auditing, directorships and the demand for

monitoring. Journal of accounting and public policy, 12(4), 353-375.

Cohen, J. R., Krishnamoorthy, G., & Wright, A. (2004). The corporate governance mosaic and

financial reporting quality. Journal of accounting literature, 87-152.

Cohen, J., Krishnamoorthy, G., & Wright, A. M. (2002). Corporate governance and the audit

process. Contemporary accounting research, 19(4), 573-594.

Goodwin‐Stewart, J., & Kent, P. (2006). The use of internal audit by Australian companies.

Managerial Auditing Journal, 21(1), 81-101.

Hayes, R., Eimers, P., & Wallage, P. (2021). Principles of International Auditing and Assurance.

Amsterdam University Press.

Institute of Internal Auditors (IIA) (1999), Definition of Internal Auditing, The Institute of

Internal Auditors, Altamonte Springs, FL.

Scarbrough, D. P., Rama, D. V., & Raghunandan, K. (1998). Audit committee composition and

interaction with intemal auditing: Canadian Evidence. Accounting Horizons, 12(1), 51-

62.

Walker, P. L., Shenkir, W. G., & Barton, T. L. (2003). ERM in practice: examples of auditing's

role in enterprise risk management efforts at five leading companies shed light on how

this new paradigm is impacting audit practitioners. Internal Auditor, 60(4), 51-55.