You are on page 1of 34

Introduction to

Derick S. Figueroa, CPA, CTT, MBA
Internal Auditing

• Is a independent, objective assurance

and consulting activity designed to add
value and improve an organization’s
Internal Auditing

• It helps an organization accomplish its

objectives by bringing a systematic,
disciplined approach to evaluate and
improve the effectiveness of risk
management, control and governance
Internal Auditing

• Is a catalyst for improving an

organization’s governance, risk
management and management controls by
providing insight and recommendations
based on analyses and assessments of
data and business process.
Internal Auditing

• With commitment to integrity and

accountability, internal auditing
provides value to governing bodies and
senior management as an objective
source of independent advice.
Development of Internal Audit

• Evolved after World War II

• Conceptually focused on financial auditing

by public accounting firms, quality
assurance and banking compliance
Development of Internal Audit
Lawrence Sawyer
- The “Father of Modern Internal Auditing”

- The philosophy, theory and practice of Internal

Auditing was adopted by the International
Professional Practices Framework (IPPF) of the
Institute of Internal Auditors.
Development of Internal Audit

The Sarbanes-Oxley Act of 2002

- Basic foundation law of the Internal Audit

- Focused on financial policy and procedures

disrupting progress.
Development of Internal Audit

In 2010
The Institute of Internal Auditors once again
began advocating for the broader role
internal auditing should play in the corporate
Scope of Internal Auditing
• Corporate Governance
• Risk Management
• Management Controls:
• Efficiency/Effectiveness of operations (including
Safeguarding of Assets)
• Reliability of Financial Reporting
• Compliance with Laws and Regulations
Scope of Internal Auditing

• Internal Auditors are not responsible for:

• Execution of a Company Activities.
• IA only advise management and the Board of
Directors regarding how to better execute their
• Preparation of financial statements and
financial related reports.
The Institute of Internal Auditors
• The recognized international standard
setting body for the internal audit
profession and awards the Certified
Internal Auditor designation internationally
through rigorous written examinations.
Independence of Internal
• Internal Auditors are employed by

• Internal Auditors are independent of the

business activities they audit.
Independence of Internal
• Independence is achieved through the
organizational placement and reporting lines of
the internal audit department.

• Reports directly to the Board of Directors or to

the Audit Committee of the Board of Directors.
Internal Control
-A process, effected by management, and other
personnel, designed to provide reasonable
assurance regarding the achievement of the
- Effectiveness and Efficiency of Operations (Including
Safeguarding of Assets)
- Reliability of Financial Reporting
- Compliance with Laws and Regulations
Role of Management and Internal
Auditors in the Internal Control
• Management is responsible for design and implementation
of internal controls.

• Internal Auditors performs audit to evaluate whether the

control components are present and operating effectively,
and if not, provide recommendations for improvement.
Internal Control Components
(COSO Framework)
• Control Environment
• Risk Assessment
• Control Activities
• Information and Communication
• Monitoring
Role of Internal Auditors on
Risk Management
• The process by which an organization identifies,
analyzes, responds, gathers information about,
and monitors strategic risks that could actually or
potentially impact the organization’s ability to
achieve its mission and objectives.
Role of Internal Auditor on
Corporate Governance
• Part of the Four Pillars of Corporate Governance
• Board of Directors
• Management
• External Auditors
• Internal Auditors
Role of Internal Auditor on
Corporate Governance
• Internal Auditors helps the Audit Committee
performs its responsibilities effectively.
• This includes: reporting critical management control
issues, suggesting questions or topics for the Audit
Committee’s meeting agendas, and coordinating
with the external auditor and management to ensure
the Committee receives effective information.
Internal Audit Philosophy
• Lawrence Sawyer’s Philosophy
• Internal audit emphasized assisting management and
the Board in achieving the organization’s objectives
through well-reasoned audits, evaluations and analyses
of operational areas.
• Internal auditors act as counselor to management
rather than as an adversary.
• IA act as active players influencing events in the
business rather than criticizing all degrees or errors
and mistakes.
Internal Audit Philosophy
• Lawrence Sawyer’s Philosophy
“Catching a manager doing something right”

Balanced reporting while simultaneously building better

Internal Audit Philosophy
• Lawrence Sawyer’s Philosophy
• Focus on operational or performance auditing.
• “Looking beyond financial statements and financial
related auditing” such as:
• Purchasing, warehousing and distribution, human
resources, information technology, facilities
management, customer service, field operations
and program management.
Chief Audit Executive (CAE)
• The Head of Internal Audit.
• Term recommended by the Institute of Internal Auditors

• Director of Internal Audit (DIA)

Chief Audit Executive (CAE)

• Develop, document, implement, test, and

maintain a comprehensive internal audit
plan and system of internal control.
• Evaluate financial and operational
procedures to assure adequate internal
controls are present.
• Identify, assess and evaluate the company’s
risk areas
Chief Audit Executive (CAE)
• Make appropriate recommendations for improved internal
controls and accounting procedures
• Research and adopt industry best practices where
• Provide expert knowledge with respect to maintaining the
Company’s tax status.
• Monitor current financial reporting, tax, fraud and anti-money
laundering laws.
The Internal Audit Function

• Assist the Company in fulfilling its vision,

mission, strategic initiatives and objectives
while adhering to its core values, by bringing a
systematic, disciplined approach to evaluate
and improve the effectiveness of enterprise-
wide risk management, internal control
systems and governance processes.
The Internal Audit Function
• Risk are appropriately identified and managed.
• Significant financial, managerial and operating
information is accurate, reliable and timely.
• Company resources are used efficiently and
adequately safeguarded.
The Internal Audit Function
• Company operations are transacted in accordance
with sufficient internal controls, good business
judgment and high ethical standards.
• Quality and continuous improvement are fostered
in the Company’s internal control process.
Types of Audits

• Departmental Audit
- Review and evaluate the activities and
operations of a particular Company function.
Types of Audit
• Financial Audits
- Designed to validate the accuracy and completeness
of records and account balances.
- Determines whether the financial information of the
company functions, activity, department or unit under
audit fairly presents the financial position, results of
operations and cash flows of the auditee in
accordance with the Generally Accepted Accounting
Types of Audit
• Operational Audit
- Designed to evaluate procedures and controls
which impact the attainment of the company’s
organizational goals and objectives.
- Operational audits also measure compliance with
company policies and procedures.
Types of Audit
• Compliance Audit
- Designed to audit the compliance of the company
with all applicable laws and regulations were it is
- It does not include compliance with accounting
standards or IFRS and compliance with company
internal policies.
• Next..
• More about Internal Audit Function and Activities
• Internal Auditor vs External Auditor
• Understanding more The Types of Audit