Professional Documents
Culture Documents
20222928
Auditing theory
Overview of Internal audit
Introduction
All quoted and listed companies are required to carry out a compulsory annual external audit of
their financial statements, however, internal audit is not compulsory, but rather forms part of a
good and well-practiced corporate governance, corporate governance gives the different
stakeholders in a business a greater confidence in the company’s ability to achieve its stated
Internal audit is an independent, objective assurance and consulting activity designed to add
value and improve an organisation’s operations. Companies must create a strong system of
internal control in order to fulfil their responsibilities. However, it is not sufficient to imply have
mechanisms in place to manage a business, their effectiveness must be regularly evaluated. All
systems need some form of monitoring and feedback. This is the role of internal audit.
Overview
Many large companies and organizations maintain an internal auditing staff. Internal auditors are
operations for management. Much of their attention is often given to the appraisal of internal
controls. A large part of their work consists of operational audits; in addition, they may conduct
compliance audits. In many countries internal auditors are heavily involved in financial audits. In
these circumstances the external auditor should review the work performed by the internal
auditor (Hayes et al, 2021). The internal audit department reports directly to the president or
board of directors. An internal auditor must be independent of the department heads and other
executives whose work he reviews. Internal auditors, however, can never be independent in the
same sense as the independent auditors because they are employees of the company they are
examining.
The internal audit goes beyond just the usual control functions, as this limits the functions the
internal audit adds to the company, in order to widen the base of their functions, The Institute of
Internal Auditors (IIA) defines internal auditing as an independent, objective assurance and
consulting activity designed to add value and improve an organization’s operations. It helps an
and improve the effectiveness of risk management, control, and governance processes. (IIA,
1999).
Internal auditors can add value to the entity by providing assurance that its risk exposures are
properly understood and managed. Internal audit should play a key role in monitoring a
company’s risk profile and identifying areas to improve risk management processes. As Walker
et al. (2003, p. 52) assert, internal audit can “help organizations identify and evaluate risks,
moving the profession into the front line of risk management”. We would therefore expect there
to be a link between the use of internal audit and the company’s commitment to sound risk
management.
Internal control is the process adopted by the directors and management of an entity to provide
reasonable assurance that the objectives of the entity are achieved with regard to operations,
financial reporting and compliance with regulations (COSO Report, 1992). External auditing
standards (e.g. ISA, 400 and AUS, 402) recognize that an effective internal audit function can
(2) monitoring the operations of the information system and control procedures on behalf of
As a result of the asymmetry of information between senior managers and division managers
senior managers can lose their ability to tightly control operations. This problem is compounded
by the existence of internal agency costs that arise because of differences in incentives between
senior managers and lower-level staff. Hence, it is important to have in place a strong system of
internal control, which may include the use of internal audit as a review and monitoring
mechanism. In this way, senior management may delegate their responsibilities with respect to
internal control to the internal audit function (Goodwin-Stewart & Kent, 2006).
From an agency perspective, the importance of strong governance stems from the need to align
the interests of management with other stakeholders in the firm in order to reduce agency costs
(Cohen et al., 2002). Various corporate governance mechanisms can be used to monitor
management’s behaviour and these include independent directors on the board, an independent
board chair, an effective audit committee and both external and internal audit. Cohen et al.
(2004) describe the complex interactions between these governance mechanisms as the
Anderson et al. (1993) argue that internal audit is a substitute mechanism for monitoring by
directors suggest that internal audit is more likely to be a complementary mechanism. This is
supported by research evidence examining the relationship between internal audit and audit
committees (Scarbrough et al., 1998) and is also consistent with the IIA view that internal
auditing helps an organization to evaluate and improve other governance processes (IIA, 1999,).
Hence, we expect a positive association between the use of internal audit and both an
independent board chair and the proportion of independent directors on the board. We also
expect a positive association between the internal audit function and a strong audit committee
because the goals of both are “closely intertwined” (Scarbrough et al., 1998, p. 53). While a
strong internal audit function can enhance the effectiveness of the audit committee.
References
Anderson, D., Francis, J. R., & Stokes, D. J. (1993). Auditing, directorships and the demand for
Cohen, J. R., Krishnamoorthy, G., & Wright, A. (2004). The corporate governance mosaic and
Cohen, J., Krishnamoorthy, G., & Wright, A. M. (2002). Corporate governance and the audit
Goodwin‐Stewart, J., & Kent, P. (2006). The use of internal audit by Australian companies.
Hayes, R., Eimers, P., & Wallage, P. (2021). Principles of International Auditing and Assurance.
Institute of Internal Auditors (IIA) (1999), Definition of Internal Auditing, The Institute of
Scarbrough, D. P., Rama, D. V., & Raghunandan, K. (1998). Audit committee composition and
interaction with intemal auditing: Canadian Evidence. Accounting Horizons, 12(1), 51-
62.
Walker, P. L., Shenkir, W. G., & Barton, T. L. (2003). ERM in practice: examples of auditing's
role in enterprise risk management efforts at five leading companies shed light on how
this new paradigm is impacting audit practitioners. Internal Auditor, 60(4), 51-55.