Professional Documents
Culture Documents
Internal auditing
Learning objectives
14.1 Understand the evolving nature of internal auditing.
14.2 Appreciate the professional standards developed for internal auditing.
14.3 Understand what internal auditors do in practice.
14.4 Gain an appreciation of the evolving relationship with external audit.
14.5 Appreciate the approaches to assessing risk management, control and governance processes.
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 1
Lecture plan
Internal audit has for the last decade been in a state of transition, with a general move away from a
traditional view of service to management (primarily on the basis of controls review) to a view of
adding value to the client. This shift has given internal audit much more of a business risk assessment
focus (which we call the new internal audit), consistent with the move that we have seen with
external audit. We first examine the traditional view of internal auditing, and then look at how
internal auditing has evolved, and what is involved in the new internal auditing.
You should outline the learning objectives for this chapter, and walk students through how this
chapter outlines the services provided by internal audit.
Students are also guided through a brief history of the IIA, while gaining some insights into its
current roles. They can also be stepped through the CIA qualification, and what needs to be done to
gain this qualification.
The four categories of attribute standards are outlined in the textbook. The slides, however, only
cover two major categories; independence and proficiency and due professional care.
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 2
LO 14.3: The practice of internal audit
This covers the scope of internal audit work as identified from surveys undertaken by Institute of
Internal Auditors–Australia, along with the consulting company Protiviti. It includes information on
IA and data analytics.
Summary
We provide a summary slide of the main learning takeaways in this chapter.
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 3
SOLUTIONS
REVIEW QUESTIONS
14.1 Internal auditing is an independent, objective assurance and consulting activity designed to add value
and improve an organisation’s operations. It helps an entity achieve its objectives by bringing a
systematic, disciplined approach to evaluate and improve the effectiveness of risk management,
control and governance processes.
This objective was introduced by IIA several years ago. Before this time, the objective of internal
auditing was broadly stated as assisting members of the organisation in the effective discharge of
their responsibilities.
14.2 In the past, to obtain the Certified Internal Auditor (CIA) qualification, a candidate needed to:
hold a Bachelor’s degree or equivalent (in any discipline) from an accredited university-level
institution
pass the CIA exam and keep the contents of the exam confidential.
However, the Global Board of Directors has recently approved an alternate path to eligibility for the
CIA for those candidates who do not possess a Bachelor’s degree from an accredited
university. Candidates may now become eligible for the CIA, subject to approval, who possess two
years’ post-secondary education and five years’ verified experience in internal audit or its equivalent,
or seven years’ verified experience in internal audit or its equivalent.
14.3 In accordance with IIA Standard 1110, to maintain organisational independence, the internal audit
department should report to a level within the organisation that allows internal audit to fulfil its
responsibilities. Best practice indicates that this will be the board of directors or the audit committee.
The head of internal audit should also have direct access to the board (audit committee) to help ensure
independence, as well as to keep the board informed.
In addition, the board (audit committee) should concur with the appointment or removal of the head of
internal audit.
14.4 In accordance with IIA Standard 1130, internal auditors should refrain from assessing operations for
which they were previously responsible. Objectivity is presumed to be impaired if an internal auditor
provides assurance services for an activity for which the internal auditor had responsibility within the
previous year.
14.5 In accordance with IIA Standard 1220, elements that the internal auditor should consider when
exercising due professional care include:
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 4
extent of work needed to achieve the engagement’s objectives
14.6 In accordance with IIA Standard 2010, internal audit must establish a risk-based plan to determine the
priorities of the internal audit activity, consistent with the entity’s goals. As a result, in planning the
engagement, matters internal auditors should consider include:
the objectives of the activity being reviewed and the means by which the activity controls its
performance
the significant risks to the activity, its objectives, resources and operations, and the means
by which the potential impact of risk is kept to an acceptable level
the adequacy and effectiveness of the activity’s risk management and control systems
compared to a relevant control framework or model
the opportunities for making significant improvements to the activity’s risk management and
control systems.
14.7 The ASX Corporate Governance Principles and Recommendations (Recommendation 4.1) state that if
a listed entity does not have an internal audit function, they need to explain the reason for this.
Additionally, they should explain how risk management and internal control processes are managed,
evaluated and continually improved in the absence of an internal audit function.
Data analytics was gaining a foothold in internal auditing, with two out of three departments
utilising analytics as part of the audit process.
Organisations with more mature analytics capabilities in the internal audit function are
realising greater organisational value from data analytics.
Cybersecurity, cloud, mobile tech and big data dominate the priority list for internal
auditors.
Business and digital transformation is drawing more attention than in prior years.
14.9 The level of reliance placed on internal audit by external audit in this area will be very much
determined by what type of work the internal auditor undertakes.
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 5
Therefore, it is likely that a much wider scope of function will be considered than has been previously
considered by the external auditor, including work performed by the internal auditor in evaluating
business risk. In determining reliance on internal audit, the external auditor will still have to assess the
objectivity, technical competence, due professional care of the internal auditor, and the
communications between the internal auditor and the external auditor. However, it also must be
remembered that ASA 610.Aus 25.1 prohibits the use of internal auditors to provide direct assistance to
an external auditor by performing audit procedures under the direction, supervision and review of
external audit.
14.10 There are concerns about the independence of the external auditor when they also provide internal
audit services. There is also a concern that the large accounting firms that are providing internal audit
services are seen to be competing with in-house internal auditing functions. A benefit of outsourcing is
the greater availability of internal auditing expertise that might possibly come from ‘contracting in’ the
required areas of expertise. Also, there is the general benefit of outsourcing, which is that it allows an
organisation to concentrate their resources on their core competencies.
14.11 Matters that internal audit should evaluate in relation to risk exposures include whether:
an appropriate risk management framework exists that will identify and assess significant
risks
appropriate risk responses are selected by management and the board that will align risks
with the entity’s risk profile
14.12 Areas in which internal audit should evaluate the adequacy and effectiveness of internal controls
include:
safeguarding of assets
14.13 The COSO ERM Framework outlines the importance of enterprise risk management in strategic
planning. It emphasises that it is important to embed ERM throughout an entity, as risk both influences
and aligns strategy and performance across all parts of the entity.
14.14 (Easy)
In her report to the board, Michaela should explain that the internal audit activities can add value to
Express Solutions’ risk management and corporate governance areas by:
assessing risk management, control and governance processes using business risk models
such as SWOT analysis, PEST analysis and value-chain analysis
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 6
undertaking activities that are consultative (providing advice) in nature—that is, by
providing expert advice—about:
providing ongoing assurance about the efficiency and effectiveness of risk-identification and
management systems, control strategies, structures and systems
contributing towards enhanced understandings of different types of control that can be used
in organisations
14.15 (Medium)
The role of Supported Living’s internal auditors with regard to the system switch-over processes at
Serenity would be to consider areas for business improvement and business risks. Given the objective
to ‘make sure the switch-over worked without any problems’, the role of the internal audit team would
have been to make sure that all steps of the system switch-over processes were followed in accordance
with the agreed plans, methods and resources. If the steps were not adhered to, then the internal audit
team would have had to increase the business risk that Serenity would not be able to correctly process
its patient revenue, affecting cash flow and so on. Some of the procedures involved would include
checking all the steps to ensure that all the data was complete (e.g. by undertaking a record count to
ensure that all records in each file were transferred, with none lost or duplicated) and accurately
transferred to the new system (e.g. ensuring the key fields ad correctly after the switch-over).
14.16 (Medium)
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 7
Issue Justification
Issue 1: There were numerous Although there does not appear to be any risk of bad
occasions during the year when three debts in relation to these customers, the head of internal
major accounts receivable, audit will be concerned about the possible adverse
representing 35% of gross revenues, impact on the company’s cash flows of the slow
settled their accounts 30 days after collections leading to potential inability to meet its
the due date. These accounts financial commitments on a timely basis.
receivable have been long-standing
and reliable customers.
Issue 4: Failure to carry out machine The head of internal audit will be concerned about the
maintenance in accordance with the breakdown in internal controls over the maintenance of
required maintenance cycle, leading machinery under warranty. This results in the invalida-
to warranties being invalidated. tion of warranties, causing the company to incur repair
costs within the warranty period. This would have been
avoided had the machines been maintained in accordance
with the manufacturer’s maintenance cycle.
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 8
Issues of concern to both external auditor and the head of internal audit:
Issue Justification
Issue 2: The company has an Both the external auditor and the head of internal audit
accounts receivable insurance will be concerned that potential losses, incurred on
policy, which allows the company to possible bad debts, will have a material impact on the
claim for bad debts of up to $25 000 company’s financial results and consequently on its
per annum. The amount covered financial position, given that the amount insured has not
under the policy has remained the increased in accordance with the increase in the amounts
same since 2015 (when the accounts of accounts receivable outstanding.
receivable averaged $1 million).
Since 2015, the average accounts
receivable balance has increased to
$2 million.
Issue 3: Lack of supervision over Both the external auditor and the head of internal audit
the accounts payable clerk relating will be concerned about the breakdown in internal
to the accuracy of the cost of the control over the correct costing of imported inventory
imported inventories acquired in the during the two-month period leading to year-end. The
last two months of the year ended lack of supervision of the accounts payable clerk could
30 June 2018. result in the incorrect valuation of inventory on hand at
year-end and the recognition of an incorrect amount of
cost of goods sold in respect of the inventory sold during
the year.
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 9
14.17 (Hard)
Issues of concern to the head of internal audit:
Issue Justification
Issue 3: Employees have reacted unfavourably The amendment of the annual leave policy has
to an amended annual leave policy. The no bearing on the impact on the annual financial
amended annual leave policy requires report, but it is of interest to internal audit as
employees to book their annual leave in blocks there has been a lack of compliance with
of two weeks. It also requires employees to management policy.
take their full 20 days’ annual leave
Internal audit would also consider the impact on
entitlement each year. Many employees are not
the wellbeing of staff. Taking two weeks’ leave
following the annual leave policy and are
in one block, rather than the old policy of one
booking annual leave in blocks of one week.
week, will go further in enabling employees to
reduce stress by winding down.
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 10
Issues of concern to both external auditor and the head of internal audit:
Issues Justification
Issue 1: Many employees have complained External auditors would be concerned about the
that their payslips do not accurately reflect accuracy of leave reflected on the payslips, as this
their leave entitlements. might cause a material error in the financial report.
Issue 2: Employees’ annual leave balances External auditors would be concerned that annual
have increased by more than 15% over the leave balances have increased by more than 15%, as
past year. this would have a material impact on the financial
report.
Issue 4: As demand for courier services in Employees taking on additional tasks may have an
the Sydney area has recently declined, impact on the approach to the audit, as a controls-
Speedy Delivery has laid off many employ- based audit may be impacted by a lack of segregation
ees, resulting in the remaining employees of duties.
taking on additional tasks. This has in-
Internal auditors will be concerned about employees
creased employee stress levels.
taking on additional tasks and the increased stress
levels, as this presents the following risks.
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 11
Increased staff stress and reduced morale may
reduce compliance with controls, efficiency of
operations and the quality with which controls are
performed. Stressed staff may also take short-cuts
when performing their duties.
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 12
14.18 (Easy)
As the internal audit department (IAD) has not had responsibility for the design or implementation of
the current stocktaking procedures, there is unlikely to be an independence problem. The only area of
concern would be the training provided to the managers. If adequacy of training was a part of the
review, the IAD might have some concerns about the perceived independence of their report, given
some involvement in training by IAD staff.
14.19 (Easy)
(a) Assessment of the reporting structure of the internal audit department (IAD) reveals that it does
not appear to be independent, in accordance with IIA Standard 1110, for the following reasons:
The head of IAD reports to the CFO. One responsibility of IAD is to review the work of the
accounting department—it is doubtful that they could remain unbiased with respect to the
accounting department.
The audit programs are designed by the CFO. This impairs the independence of the IAD, as
they are reporting on areas under the CFO’s control.
Roslyn and Brendan perform accounting tasks, so are potentially in a position of evaluating
their own work.
(b) Realignment of the reporting structure should include the following changes.
The IAD should report to the board of directors or the audit committee.
Responsibility of coordinating IAD staff should pass to Frank, and he should have
responsibility for designing and implementing the internal audit programs.
14.20 (Easy)
(a) Yes. Internal auditor A is required to undertake continuing professional development. (Refer to
IIA Standard 1230.)
(b) Yes. Internal auditor B should reveal all material facts known to them that, if not revealed, could
either distort reports of operations under review or conceal unlawful practices. Internal auditor B
should report this matter to the audit committee. (Refer to IIA Standards 1110 and 1111.)
14.21 (Medium)
(a) Having the director of IAD report to the CFO will tend to restrict the scope of the internal audit
department’s work to accounting and financial matters. It is also possible that the CFO may
direct the work of IAD away from areas of interest. This reporting line is contrary to IIA
Standard 1110. The director of IAD should report to the board of directors (or to the audit
committee if there is one).
(b) Making the IAD responsible for the adequacy of the internal control system is contrary to IIA
Standards 1120 and 1130. The IAD should have no direct responsibilities or authority over
activities that they audit. The IAD should only review the adequacy of such systems.
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 13
(c) Limiting full access to accounting records only and thus restricting the scope of the IAD is
contrary to IIA Standard 1130, which requires full access to all records, properties and personnel
relevant to the subject under review.
(e) Participation in the design and implementation of internal control is contrary to IIA Standard
1120 and should be prohibited.
14.22 (Hard)
(i) No effect on The CEO is not changing the Steven should ensure that the
independence content of the report as CEO understands the need for
presented by the internal the management comments to
auditors, just adding to the be clearly separated from the
management comments. As internal auditor’s report.
long as these comments are
clearly defined as ‘management
comments’, these do not affect
internal audit independence.
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 14
Standard 1120.) business. He may also wish to
discuss the matter with the
audit committee.
(iv) No effect on Steven is doing his job as long Steven could discuss his
independence as he reports issues as they are concerns with the audit
uncovered, without letting the committee chair and request
potential for a negative review that his performance be
affect his judgment. evaluated by the audit
committee, rather than the
CEO.
(v) Weakens Steven should not be part of Steven should highlight his
independence internal control, as internal concerns to the CEO, asking to
audit is required to assess its be removed from the list of
adequacy. This creates a self- signatories.
review threat. (Refer to IIA
Standard 1130.)
(vi) No effect on The discount is available to all Steven should ensure that the
independence staff, and so is not something discounts he receives are
that could be used by limited to those discounts that
management to try to influence are available to all staff. He
internal audit. may also maintain a record of
all discounts received and
disclose these to the chair of
the audit committee.
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 15
14.23 (Hard)
(a) The charter limits document and personnel access to only those approved by operating
management, thus limiting the scope of internal audit’s work.
The charter should authorise access to all records, personnel and physical properties relevant to
the performance of audits, in accordance with IIA Standard 1110.
(b) Management establishes the audit schedule and several subsidiary operations have not been
audited since acquisition, even though the director of internal audit believes that audit coverage
of the subsidiary operations is crucial to the group. Therefore, the scope of internal audit work
has been limited.
The audit schedule of internal audit should be developed by the director of internal audit after
consideration of the areas for potential audit and the risks inherent in all areas for potential audit
and approved by the board or audit committee, in accordance with IIA Standard 1110.
(c) The director of internal audit does not report to an individual at a high enough level to ensure
independence and appropriate authority. Internal audit staff members do not have access to the
board either directly or through the director of internal audit. The CEO forwards to the board
only the audit information he considers important. There is a possible deficiency should the
CEO and the internal audit director fail to agree on the importance of information.
The director of internal audit and members of the internal audit staff should have direct access,
as needed, to the board, in accordance with IIA Standard 1110.
(d) Individuals in the internal audit department are assigned to operating responsibilities; to design,
install or operate systems; and to draft procedures for systems. Internal auditors also may be
assigned to audit areas in which they had operational or design and implementation
responsibilities, thus adversely impacting their independence.
Internal auditors should not be assigned to operating responsibilities; to design, install or operate
systems; or to draft procedures for systems. Internal auditors cannot be objective when they are
auditing procedures they wrote or systems they designed or installed. Upon returning to the
internal audit department, internal auditors should not audit functions over which they
previously had operating responsibilities until sufficient time has elapsed, in accordance with
IIA Standard 1130.
14.24 (Easy)
The purpose of internal auditing is to provide a service and/or to add value to the organisation.
Therefore, there is nothing to indicate that the service should be confined to accounting-related
information, or that all recruits should be well versed in traditional financial report auditing and its
procedures. In some cases, such as in environmentally sensitive industries where environmental
auditing is an important internal audit activity, it might be inappropriate to require that all internal
auditors have accounting qualifications.
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 16
Given the range of activities now conducted by internal audit departments, the qualifications held by
the members of the department should be determined by reference to its core activities. A
qualification such as ‘certified internal auditor’ might have value if the internal audit department’s
education and other member-assistance programs assist internal auditors in their new diverse roles, so
that members of the IIA are, and are seen to be, superior internal auditors. Only when a professional
body can demonstrate its relevance in this manner will it become essential for internal auditors.
Why, then, has the accounting designation of CA/CPA been the most commonly achieved
designation by internal auditors in the past? The answer to this might be that, traditionally, internal
audit activities have focused on reviewing internal controls and associated accounting information
systems—areas in which people holding the CA/CPA designation are recognised experts. It may also
be that one of the logical career paths of accountants who hold the CA/CPA designation is into the IA
departments of major organisations. Once such a designation has been earned, it is in many cases not
relinquished, even when career paths may have changed. As the activities of internal audit continue
to broaden, this designation might lose some of its relevance, unless the accounting bodies also
broaden the scope of activities they support through education and other member assistance
programs.
14.25 (Medium)
As internal audit will be a service to CFL, the directors will need to consider the types of services
they wish to avail themselves of. Once this has been determined, they can determine the type of
person they require. There is, however, some general advice regarding the activities and role of
internal audit that may be given.
strategic business review—assisting with the development of key business strategy and
identification of key business risks, and considering key performance indicators and related
controls
In terms of the role of the internal auditor, there are a number of important points that should be
considered to ensure that the internal auditor remains effective, as follows:
Independence must be ensured. The auditor must not have responsibility for the area that they
are responsible for reviewing, and must be given sufficient organisational status to accomplish
their objectives. In an organisation the size of CFL, this would mean direct access and reporting
to the board of directors (or audit committee if applicable).
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 17
A charter should be established indicating the purpose, authority and responsibility of the
internal auditor.
Management and the board of directors should be kept informed of work schedules, budgets, the
scope of work conducted and the results of any activities undertaken. In most cases, the internal
auditor will determine the work schedule and the scope of activities, subject to the approval of
the board of directors; however, the board of directors may direct the internal auditor to review
any particular area it considers necessary.
Once the board of directors has determined the activities on which they wish to focus, advice can be
given regarding appropriate qualifications for the internal auditor. Heads of internal audit
departments have traditionally been members of the Institute of Internal Auditors, CPA Australia or
Chartered Accountants ANZ, and this might be appropriate for CFL. If, however, CFL wishes to
focus on operational auditing, consideration should be given to including someone in the internal
audit team with more diverse qualifications relevant to the fashion industry.
14.26 (Medium)
(a) Internal audit is not merely a service checking that internal controls are operating successfully,
although this of itself can be valuable in the detection and prevention of fraud and in the correct
operation of key areas of the business. It is an independent appraiser of what is happening,
reviewing systems and activities in a value-for-money sense. It may also be employed to
undertake special investigations of problem areas that are currently not being adequately
tackled.
elimination of waste, especially where this results from poor or non-existent control
internal auditors and staff having better working relationships, if internal auditors are not
seen as outsiders
a service to the entity that is not dependent or reliant on the selling of additional work
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 18
Disadvantages of in-house internal audit may include:
lack of flexibility
Advantages of buying in internal audit services from an external provider such as Peterson &
Associates may include:
Disadvantages of buying in internal audit services from an external provider such as Peterson &
Associates may include:
contract restraints—you only get what you have specified and agreed to pay for
potential conflicts of interest, especially in situations where the external audit provider is
also involved in the provision of an internal audit service.
14.27 (Medium)
(a) There is no formalised control over leases at Shops Galore and the leases were negotiated and
approved by the Ballarat shopping centre manager without any oversight or independent review
and approval. This manager is therefore able to report artificially low lease revenue, as long as
the revenue numbers are greater than budget, as Amanda only follows up negative budget
variances.
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 19
(b) While it is the responsibility of the board to ensure that the internal control environment is set
up with adequate controls, the internal audit function can assist in preventing fraud by
confirming the effectiveness of the controls that have been set up by the board of directors as
well as suggesting improvements through the audit process. For example, at Shops Galore, the
lack of sufficient oversight regarding lease revenue would be identified as a control gap. Internal
audit would recommend that a control is implemented whereby on a regular basis a
reconciliation is performed between actual lease revenue and the market value of leases for the
shops that are available for lease. Other benefits provided by internal audit include independent
assurance that:
the standards, policies, business practices, procedures and regulatory requirements which
could have a significant impact on Shops Galore’s operations are duly complied with
transactions are properly classified, recorded and reported, and key accounting and
management information, including the related processes and systems, are reliable and
accurate
decisions are based on accurate and timely information and at the appropriate levels of
authority
economic and efficient use is made of Shops Galore’s resources and that the operations are
conducted in an efficient and proper manner
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 20
(a) Risks (b) Improvements
Current KPIs do not address complaints. This is Introduce KPIs around customer complaints.
likely to have severe consequences in the medium to Produce a communications plan for in-
longer term, as investors will not renew their invest- vestors to manage investor relations and ex-
ments. pectations.
The current level of distributions is impacting on the Review and reconsider the current level of
viability of the fund. This may lead to inadequate li- distributions.
quidity.
Thirty-five per cent of their debt is due for repay- Difficult to control in the short term. Negoti-
ment two months after the year end. This may create ate with financiers and, if necessary, con-
going concern problems, if they are unable to roll- sider refinancing. In future, consider longer-
over their current debt financing. term financing and spread out repayment
dates, so that not more than, say, 20% of
debt needs to be repaid or refinanced in any
one year.
High vacancy rates within one of the major proper- Offer incentives such as free fit-outs or rent-
ties. This is deemed severe as this asset makes up free periods to attract tenants to the centre.
25% of revenue. Obtain bank guarantees and appropriate
rental bonds to protect against a tenant leav-
ing before expiry of their lease.
Lack of segregation of duties, as the head of opera- Segregate duties between the operations and
tions at Investment is also performing the duties of fund managers.
company secretary and fund manager. Therefore, the
head of operations may be able to cover up a fraud if
they committed it, as there is a lack of independent
oversight of their activities.
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 21
SOLUTIONS
REVIEW QUESTIONS
14.1 Internal auditing is an independent, objective assurance and consulting activity designed to add value
and improve an organisation’s operations. It helps an entity achieve its objectives by bringing a
systematic, disciplined approach to evaluate and improve the effectiveness of risk management,
control and governance processes.
This objective was introduced by IIA several years ago. Before this time, the objective of internal
auditing was broadly stated as assisting members of the organisation in the effective discharge of
their responsibilities.
14.2 In the past, to obtain the Certified Internal Auditor (CIA) qualification, a candidate needed to:
hold a Bachelor’s degree or equivalent (in any discipline) from an accredited university-level
institution
pass the CIA exam and keep the contents of the exam confidential.
However, the Global Board of Directors has recently approved an alternate path to eligibility for the
CIA for those candidates who do not possess a Bachelor’s degree from an accredited
university. Candidates may now become eligible for the CIA, subject to approval, who possess two
years’ post-secondary education and five years’ verified experience in internal audit or its equivalent,
or seven years’ verified experience in internal audit or its equivalent.
14.3 In accordance with IIA Standard 1110, to maintain organisational independence, the internal audit
department should report to a level within the organisation that allows internal audit to fulfil its
responsibilities. Best practice indicates that this will be the board of directors or the audit committee.
The head of internal audit should also have direct access to the board (audit committee) to help ensure
independence, as well as to keep the board informed.
In addition, the board (audit committee) should concur with the appointment or removal of the head of
internal audit.
14.4 In accordance with IIA Standard 1130, internal auditors should refrain from assessing operations for
which they were previously responsible. Objectivity is presumed to be impaired if an internal auditor
provides assurance services for an activity for which the internal auditor had responsibility within the
previous year.
14.5 In accordance with IIA Standard 1220, elements that the internal auditor should consider when
exercising due professional care include:
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 22
extent of work needed to achieve the engagement’s objectives
14.6 In accordance with IIA Standard 2010, internal audit must establish a risk-based plan to determine the
priorities of the internal audit activity, consistent with the entity’s goals. As a result, in planning the
engagement, matters internal auditors should consider include:
the objectives of the activity being reviewed and the means by which the activity controls its
performance
the significant risks to the activity, its objectives, resources and operations, and the means
by which the potential impact of risk is kept to an acceptable level
the adequacy and effectiveness of the activity’s risk management and control systems
compared to a relevant control framework or model
the opportunities for making significant improvements to the activity’s risk management and
control systems.
14.7 The ASX Corporate Governance Principles and Recommendations (Recommendation 4.1) state that if
a listed entity does not have an internal audit function, they need to explain the reason for this.
Additionally, they should explain how risk management and internal control processes are managed,
evaluated and continually improved in the absence of an internal audit function.
Data analytics was gaining a foothold in internal auditing, with two out of three departments
utilising analytics as part of the audit process.
Organisations with more mature analytics capabilities in the internal audit function are
realising greater organisational value from data analytics.
Cybersecurity, cloud, mobile tech and big data dominate the priority list for internal
auditors.
Business and digital transformation is drawing more attention than in prior years.
14.9 The level of reliance placed on internal audit by external audit in this area will be very much
determined by what type of work the internal auditor undertakes.
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 23
Therefore, it is likely that a much wider scope of function will be considered than has been previously
considered by the external auditor, including work performed by the internal auditor in evaluating
business risk. In determining reliance on internal audit, the external auditor will still have to assess the
objectivity, technical competence, due professional care of the internal auditor, and the
communications between the internal auditor and the external auditor. However, it also must be
remembered that ASA 610.Aus 25.1 prohibits the use of internal auditors to provide direct assistance to
an external auditor by performing audit procedures under the direction, supervision and review of
external audit.
14.10 There are concerns about the independence of the external auditor when they also provide internal
audit services. There is also a concern that the large accounting firms that are providing internal audit
services are seen to be competing with in-house internal auditing functions. A benefit of outsourcing is
the greater availability of internal auditing expertise that might possibly come from ‘contracting in’ the
required areas of expertise. Also, there is the general benefit of outsourcing, which is that it allows an
organisation to concentrate their resources on their core competencies.
14.11 Matters that internal audit should evaluate in relation to risk exposures include whether:
an appropriate risk management framework exists that will identify and assess significant
risks
appropriate risk responses are selected by management and the board that will align risks
with the entity’s risk profile
14.12 Areas in which internal audit should evaluate the adequacy and effectiveness of internal controls
include:
safeguarding of assets
14.13 The COSO ERM Framework outlines the importance of enterprise risk management in strategic
planning. It emphasises that it is important to embed ERM throughout an entity, as risk both influences
and aligns strategy and performance across all parts of the entity.
14.14 (Easy)
In her report to the board, Michaela should explain that the internal audit activities can add value to
Express Solutions’ risk management and corporate governance areas by:
assessing risk management, control and governance processes using business risk models
such as SWOT analysis, PEST analysis and value-chain analysis
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 24
undertaking activities that are consultative (providing advice) in nature—that is, by
providing expert advice—about:
providing ongoing assurance about the efficiency and effectiveness of risk-identification and
management systems, control strategies, structures and systems
contributing towards enhanced understandings of different types of control that can be used
in organisations
14.15 (Medium)
The role of Supported Living’s internal auditors with regard to the system switch-over processes at
Serenity would be to consider areas for business improvement and business risks. Given the objective
to ‘make sure the switch-over worked without any problems’, the role of the internal audit team would
have been to make sure that all steps of the system switch-over processes were followed in accordance
with the agreed plans, methods and resources. If the steps were not adhered to, then the internal audit
team would have had to increase the business risk that Serenity would not be able to correctly process
its patient revenue, affecting cash flow and so on. Some of the procedures involved would include
checking all the steps to ensure that all the data was complete (e.g. by undertaking a record count to
ensure that all records in each file were transferred, with none lost or duplicated) and accurately
transferred to the new system (e.g. ensuring the key fields ad correctly after the switch-over).
14.16 (Medium)
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 25
Issue Justification
Issue 1: There were numerous Although there does not appear to be any risk of bad
occasions during the year when three debts in relation to these customers, the head of internal
major accounts receivable, audit will be concerned about the possible adverse
representing 35% of gross revenues, impact on the company’s cash flows of the slow
settled their accounts 30 days after collections leading to potential inability to meet its
the due date. These accounts financial commitments on a timely basis.
receivable have been long-standing
and reliable customers.
Issue 4: Failure to carry out machine The head of internal audit will be concerned about the
maintenance in accordance with the breakdown in internal controls over the maintenance of
required maintenance cycle, leading machinery under warranty. This results in the invalida-
to warranties being invalidated. tion of warranties, causing the company to incur repair
costs within the warranty period. This would have been
avoided had the machines been maintained in accordance
with the manufacturer’s maintenance cycle.
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 26
Issues of concern to both external auditor and the head of internal audit:
Issue Justification
Issue 2: The company has an Both the external auditor and the head of internal audit
accounts receivable insurance will be concerned that potential losses, incurred on
policy, which allows the company to possible bad debts, will have a material impact on the
claim for bad debts of up to $25 000 company’s financial results and consequently on its
per annum. The amount covered financial position, given that the amount insured has not
under the policy has remained the increased in accordance with the increase in the amounts
same since 2015 (when the accounts of accounts receivable outstanding.
receivable averaged $1 million).
Since 2015, the average accounts
receivable balance has increased to
$2 million.
Issue 3: Lack of supervision over Both the external auditor and the head of internal audit
the accounts payable clerk relating will be concerned about the breakdown in internal
to the accuracy of the cost of the control over the correct costing of imported inventory
imported inventories acquired in the during the two-month period leading to year-end. The
last two months of the year ended lack of supervision of the accounts payable clerk could
30 June 2018. result in the incorrect valuation of inventory on hand at
year-end and the recognition of an incorrect amount of
cost of goods sold in respect of the inventory sold during
the year.
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 27
14.17 (Hard)
Issues of concern to the head of internal audit:
Issue Justification
Issue 3: Employees have reacted unfavourably The amendment of the annual leave policy has
to an amended annual leave policy. The no bearing on the impact on the annual financial
amended annual leave policy requires report, but it is of interest to internal audit as
employees to book their annual leave in blocks there has been a lack of compliance with
of two weeks. It also requires employees to management policy.
take their full 20 days’ annual leave
Internal audit would also consider the impact on
entitlement each year. Many employees are not
the wellbeing of staff. Taking two weeks’ leave
following the annual leave policy and are
in one block, rather than the old policy of one
booking annual leave in blocks of one week.
week, will go further in enabling employees to
reduce stress by winding down.
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 28
Issues of concern to both external auditor and the head of internal audit:
Issues Justification
Issue 1: Many employees have complained External auditors would be concerned about the
that their payslips do not accurately reflect accuracy of leave reflected on the payslips, as this
their leave entitlements. might cause a material error in the financial report.
Issue 2: Employees’ annual leave balances External auditors would be concerned that annual
have increased by more than 15% over the leave balances have increased by more than 15%, as
past year. this would have a material impact on the financial
report.
Issue 4: As demand for courier services in Employees taking on additional tasks may have an
the Sydney area has recently declined, impact on the approach to the audit, as a controls-
Speedy Delivery has laid off many employ- based audit may be impacted by a lack of segregation
ees, resulting in the remaining employees of duties.
taking on additional tasks. This has in-
Internal auditors will be concerned about employees
creased employee stress levels.
taking on additional tasks and the increased stress
levels, as this presents the following risks.
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 29
Increased staff stress and reduced morale may
reduce compliance with controls, efficiency of
operations and the quality with which controls are
performed. Stressed staff may also take short-cuts
when performing their duties.
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 30
14.18 (Easy)
As the internal audit department (IAD) has not had responsibility for the design or implementation of
the current stocktaking procedures, there is unlikely to be an independence problem. The only area of
concern would be the training provided to the managers. If adequacy of training was a part of the
review, the IAD might have some concerns about the perceived independence of their report, given
some involvement in training by IAD staff.
14.19 (Easy)
(c) Assessment of the reporting structure of the internal audit department (IAD) reveals that it does
not appear to be independent, in accordance with IIA Standard 1110, for the following reasons:
The head of IAD reports to the CFO. One responsibility of IAD is to review the work of the
accounting department—it is doubtful that they could remain unbiased with respect to the
accounting department.
The audit programs are designed by the CFO. This impairs the independence of the IAD, as
they are reporting on areas under the CFO’s control.
Roslyn and Brendan perform accounting tasks, so are potentially in a position of evaluating
their own work.
(d) Realignment of the reporting structure should include the following changes.
The IAD should report to the board of directors or the audit committee.
Responsibility of coordinating IAD staff should pass to Frank, and he should have
responsibility for designing and implementing the internal audit programs.
14.20 (Easy)
(c) Yes. Internal auditor A is required to undertake continuing professional development. (Refer to
IIA Standard 1230.)
(d) Yes. Internal auditor B should reveal all material facts known to them that, if not revealed, could
either distort reports of operations under review or conceal unlawful practices. Internal auditor B
should report this matter to the audit committee. (Refer to IIA Standards 1110 and 1111.)
14.21 (Medium)
(a) Having the director of IAD report to the CFO will tend to restrict the scope of the internal audit
department’s work to accounting and financial matters. It is also possible that the CFO may
direct the work of IAD away from areas of interest. This reporting line is contrary to IIA
Standard 1110. The director of IAD should report to the board of directors (or to the audit
committee if there is one).
(b) Making the IAD responsible for the adequacy of the internal control system is contrary to IIA
Standards 1120 and 1130. The IAD should have no direct responsibilities or authority over
activities that they audit. The IAD should only review the adequacy of such systems.
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 31
(c) Limiting full access to accounting records only and thus restricting the scope of the IAD is
contrary to IIA Standard 1130, which requires full access to all records, properties and personnel
relevant to the subject under review.
(e) Participation in the design and implementation of internal control is contrary to IIA Standard
1120 and should be prohibited.
14.22 (Hard)
(i) No effect on The CEO is not changing the Steven should ensure that the
independence content of the report as CEO understands the need for
presented by the internal the management comments to
auditors, just adding to the be clearly separated from the
management comments. As internal auditor’s report.
long as these comments are
clearly defined as ‘management
comments’, these do not affect
internal audit independence.
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 32
Standard 1120.) business. He may also wish to
discuss the matter with the
audit committee.
(iv) No effect on Steven is doing his job as long Steven could discuss his
independence as he reports issues as they are concerns with the audit
uncovered, without letting the committee chair and request
potential for a negative review that his performance be
affect his judgment. evaluated by the audit
committee, rather than the
CEO.
(v) Weakens Steven should not be part of Steven should highlight his
independence internal control, as internal concerns to the CEO, asking to
audit is required to assess its be removed from the list of
adequacy. This creates a self- signatories.
review threat. (Refer to IIA
Standard 1130.)
(vi) No effect on The discount is available to all Steven should ensure that the
independence staff, and so is not something discounts he receives are
that could be used by limited to those discounts that
management to try to influence are available to all staff. He
internal audit. may also maintain a record of
all discounts received and
disclose these to the chair of
the audit committee.
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 33
14.23 (Hard)
(a) The charter limits document and personnel access to only those approved by operating
management, thus limiting the scope of internal audit’s work.
The charter should authorise access to all records, personnel and physical properties relevant to
the performance of audits, in accordance with IIA Standard 1110.
(b) Management establishes the audit schedule and several subsidiary operations have not been
audited since acquisition, even though the director of internal audit believes that audit coverage
of the subsidiary operations is crucial to the group. Therefore, the scope of internal audit work
has been limited.
The audit schedule of internal audit should be developed by the director of internal audit after
consideration of the areas for potential audit and the risks inherent in all areas for potential audit
and approved by the board or audit committee, in accordance with IIA Standard 1110.
(c) The director of internal audit does not report to an individual at a high enough level to ensure
independence and appropriate authority. Internal audit staff members do not have access to the
board either directly or through the director of internal audit. The CEO forwards to the board
only the audit information he considers important. There is a possible deficiency should the
CEO and the internal audit director fail to agree on the importance of information.
The director of internal audit and members of the internal audit staff should have direct access,
as needed, to the board, in accordance with IIA Standard 1110.
(d) Individuals in the internal audit department are assigned to operating responsibilities; to design,
install or operate systems; and to draft procedures for systems. Internal auditors also may be
assigned to audit areas in which they had operational or design and implementation
responsibilities, thus adversely impacting their independence.
Internal auditors should not be assigned to operating responsibilities; to design, install or operate
systems; or to draft procedures for systems. Internal auditors cannot be objective when they are
auditing procedures they wrote or systems they designed or installed. Upon returning to the
internal audit department, internal auditors should not audit functions over which they
previously had operating responsibilities until sufficient time has elapsed, in accordance with
IIA Standard 1130.
14.24 (Easy)
The purpose of internal auditing is to provide a service and/or to add value to the organisation.
Therefore, there is nothing to indicate that the service should be confined to accounting-related
information, or that all recruits should be well versed in traditional financial report auditing and its
procedures. In some cases, such as in environmentally sensitive industries where environmental
auditing is an important internal audit activity, it might be inappropriate to require that all internal
auditors have accounting qualifications.
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 34
Given the range of activities now conducted by internal audit departments, the qualifications held by
the members of the department should be determined by reference to its core activities. A
qualification such as ‘certified internal auditor’ might have value if the internal audit department’s
education and other member-assistance programs assist internal auditors in their new diverse roles, so
that members of the IIA are, and are seen to be, superior internal auditors. Only when a professional
body can demonstrate its relevance in this manner will it become essential for internal auditors.
Why, then, has the accounting designation of CA/CPA been the most commonly achieved
designation by internal auditors in the past? The answer to this might be that, traditionally, internal
audit activities have focused on reviewing internal controls and associated accounting information
systems—areas in which people holding the CA/CPA designation are recognised experts. It may also
be that one of the logical career paths of accountants who hold the CA/CPA designation is into the IA
departments of major organisations. Once such a designation has been earned, it is in many cases not
relinquished, even when career paths may have changed. As the activities of internal audit continue
to broaden, this designation might lose some of its relevance, unless the accounting bodies also
broaden the scope of activities they support through education and other member assistance
programs.
14.25 (Medium)
As internal audit will be a service to CFL, the directors will need to consider the types of services
they wish to avail themselves of. Once this has been determined, they can determine the type of
person they require. There is, however, some general advice regarding the activities and role of
internal audit that may be given.
strategic business review—assisting with the development of key business strategy and
identification of key business risks, and considering key performance indicators and related
controls
In terms of the role of the internal auditor, there are a number of important points that should be
considered to ensure that the internal auditor remains effective, as follows:
Independence must be ensured. The auditor must not have responsibility for the area that they
are responsible for reviewing, and must be given sufficient organisational status to accomplish
their objectives. In an organisation the size of CFL, this would mean direct access and reporting
to the board of directors (or audit committee if applicable).
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 35
A charter should be established indicating the purpose, authority and responsibility of the
internal auditor.
Management and the board of directors should be kept informed of work schedules, budgets, the
scope of work conducted and the results of any activities undertaken. In most cases, the internal
auditor will determine the work schedule and the scope of activities, subject to the approval of
the board of directors; however, the board of directors may direct the internal auditor to review
any particular area it considers necessary.
Once the board of directors has determined the activities on which they wish to focus, advice can be
given regarding appropriate qualifications for the internal auditor. Heads of internal audit
departments have traditionally been members of the Institute of Internal Auditors, CPA Australia or
Chartered Accountants ANZ, and this might be appropriate for CFL. If, however, CFL wishes to
focus on operational auditing, consideration should be given to including someone in the internal
audit team with more diverse qualifications relevant to the fashion industry.
14.26 (Medium)
(c) Internal audit is not merely a service checking that internal controls are operating successfully,
although this of itself can be valuable in the detection and prevention of fraud and in the correct
operation of key areas of the business. It is an independent appraiser of what is happening,
reviewing systems and activities in a value-for-money sense. It may also be employed to
undertake special investigations of problem areas that are currently not being adequately
tackled.
elimination of waste, especially where this results from poor or non-existent control
internal auditors and staff having better working relationships, if internal auditors are not
seen as outsiders
a service to the entity that is not dependent or reliant on the selling of additional work
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 36
Disadvantages of in-house internal audit may include:
lack of flexibility
Advantages of buying in internal audit services from an external provider such as Peterson &
Associates may include:
Disadvantages of buying in internal audit services from an external provider such as Peterson &
Associates may include:
contract restraints—you only get what you have specified and agreed to pay for
potential conflicts of interest, especially in situations where the external audit provider is
also involved in the provision of an internal audit service.
14.27 (Medium)
(a) There is no formalised control over leases at Shops Galore and the leases were negotiated and
approved by the Ballarat shopping centre manager without any oversight or independent review
and approval. This manager is therefore able to report artificially low lease revenue, as long as
the revenue numbers are greater than budget, as Amanda only follows up negative budget
variances.
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 37
(b) While it is the responsibility of the board to ensure that the internal control environment is set
up with adequate controls, the internal audit function can assist in preventing fraud by
confirming the effectiveness of the controls that have been set up by the board of directors as
well as suggesting improvements through the audit process. For example, at Shops Galore, the
lack of sufficient oversight regarding lease revenue would be identified as a control gap. Internal
audit would recommend that a control is implemented whereby on a regular basis a
reconciliation is performed between actual lease revenue and the market value of leases for the
shops that are available for lease. Other benefits provided by internal audit include independent
assurance that:
the standards, policies, business practices, procedures and regulatory requirements which
could have a significant impact on Shops Galore’s operations are duly complied with
transactions are properly classified, recorded and reported, and key accounting and
management information, including the related processes and systems, are reliable and
accurate
decisions are based on accurate and timely information and at the appropriate levels of
authority
economic and efficient use is made of Shops Galore’s resources and that the operations are
conducted in an efficient and proper manner
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 38
(a) Risks (b) Improvements
Current KPIs do not address complaints. This is Introduce KPIs around customer complaints.
likely to have severe consequences in the medium to Produce a communications plan for in-
longer term, as investors will not renew their invest- vestors to manage investor relations and ex-
ments. pectations.
The current level of distributions is impacting on the Review and reconsider the current level of
viability of the fund. This may lead to inadequate li- distributions.
quidity.
Thirty-five per cent of their debt is due for repay- Difficult to control in the short term. Negoti-
ment two months after the year end. This may create ate with financiers and, if necessary, con-
going concern problems, if they are unable to roll- sider refinancing. In future, consider longer-
over their current debt financing. term financing and spread out repayment
dates, so that not more than, say, 20% of
debt needs to be repaid or refinanced in any
one year.
High vacancy rates within one of the major proper- Offer incentives such as free fit-outs or rent-
ties. This is deemed severe as this asset makes up free periods to attract tenants to the centre.
25% of revenue. Obtain bank guarantees and appropriate
rental bonds to protect against a tenant leav-
ing before expiry of their lease.
Lack of segregation of duties, as the head of opera- Segregate duties between the operations and
tions at Investment is also performing the duties of fund managers.
company secretary and fund manager. Therefore, the
head of operations may be able to cover up a fraud if
they committed it, as there is a lack of independent
oversight of their activities.
Instructor Resource Manual t/a Auditing and Assurance Services in Australia 7e by Gay & Simnett
© McGraw-Hill Education (Australia) 2018
Chapter 14 39