2.

An Introduction to Internal Auditing

Chapter 2 in Coetzee et al

1
 • Read – on p. 10
An Introduction to
Internal Auditing
Introduction

2
 • Old definition (p. 19): “Internal auditing
An Introduction to is an independent appraisal function
Internal Auditing established within an organisation to
examine and evaluate its activities as a
Definition of internal
service to the organisation.”
auditing
• New definition (p. 20): “Internal
auditing is an independent, objective
assurance and consulting activity
designed to add value and improve an
organisation’s operations. It helps an
organisation accomplish its objectives
by bringing a systematic, disciplined
approach to evaluate and improve the
effectiveness of risk management,
control and governance processes.”

3
 • Terms used on slide 2
An Introduction to – Risk management: identifying
Internal Auditing
and assessing threats that could
Definition of internal prevent the organisation from
auditing achieving its objectives, and
deciding on appropriate steps to
eliminate or mitigate such threats
• Examples of threats?
– Control: steps taken to eliminate
or mitigate risks/threats
• Examples of controls?

4
 • Terms used on slide 2
An Introduction to – Governance (corporate
Internal Auditing
governance): how an
Definition of internal organisation’s leadership
auditing structures should be structured
to make it more likely that the
company will survive and thrive
over the longer term (crude
definition)

5
 An Introduction to Internal Auditing
Definition of internal auditing

Shift from: To:

• Providing assurance about
historical activities
• Watchdog role
• Consulting role
• Assisting management to
accomplish the organisation’s
objectives by identifying and
managing threats
• More futuristic risk-based approach
aimed at adding value
• Role regarding risk management,
internal control and governance
processes

6
 • Read the following:
An Introduction to – Introduction on p. 10
Internal Auditing
– The history of auditing on pp. 11
Introduction and a bit and 12
of history

7
 • Read the following:
An Introduction to – The history of internal auditing
Internal Auditing
Introduction and a bit
of history
on pp. 12 and 13, and note the
following:
• The factors contributing to the
development of internal auditing
within organisations – has to do
with the increased size and
complexity of organisations, to a
large extent
• “The activities of internal auditing
expanded from being a watchdog…
to being a guide-dog (assisting and
advising management with their
activities). The modern internal
auditor’s responsibility is as broad
as the current business
environment.”
8
 • Read the following:
An Introduction to – The history of internal auditing
Internal Auditing
on pp. 12 and 13, and note the
Introduction and a bit following:
of history • From the last paragraph: “An
institute for internal auditors was
founded to look after the needs and
expectations of its members, and to
guide them in the continuously
changing environment in which they
practice their profession.”

9
 • Function found in larger
An Introduction to organisations
Internal Auditing
• Not to be confused with external
More about internal
auditing
auditing
– External to the organisation under
audit
– Focus of external auditing is on the
truthfulness of the organisation’s
external financial reporting
– Dominated by Deloitte, EY, KPMG
and PwC
– Note that these firms also do
internal audit work for non-
external audit clients

10
 • Read 2.4.1 and 2.4.2 on pp. 13
An Introduction to to 16
Internal Auditing
• The Institute of Internal
The Institute of
Internal Auditors Auditors today (p. 16)
– More than 200,000 members in
over 165 countries
– See p. 16 for the Institute’s core
purpose, vision and goals

11
 • The Institute of Internal
An Introduction to Auditors South Africa (IIA-SA)
Internal Auditing
(pp. 17 and 18)
The Institute of
– Established in 1964
Internal Auditors
– Affiliated to the Institute of
Internal Auditors-Global (IIA-
Global)
– The IIA-SA now has about 10,000
members
– Most important objective is to
assist its members
• See p. 17 for more about its services

12
 • The King Report on Corporate
An Introduction to Governance
Internal Auditing
– The present version, version IV,
Relevant legislation was released in 2016
and codes (pp. 18 and
– See next slide for more on this
19)

13
 An Introduction to Internal Auditing
Relevant legislation and codes (pp. 18 and 19)

King III King IV

• Included a chapter on IA and inter • Builds on the recommendations
alia stated that: in King III and:
– The board should ensure that there is – Highlights the pivotal role of internal
an effective risk-based (not compliance- auditing in the combined assurance
based) internal audit activity model
– Internal auditing should follow a risk- – Emphasises that the internal audit
based approach to its internal audit activity is an important pillar of
plan organisational governance
– Internal auditing should provide a
written assessment of the effectiveness
of the company’s system of internal
control and risk management
– The audit committee should oversee
internal auditing
– Internal auditing should be strategically
positioned to achieve its objectives
14
 • Also:
An Introduction to – The Public Finance Management
Internal Auditing
Act (PFMA)
Relevant legislation – The Sarbanes-Oxley Act (US
and codes legislation)
– The Companies Act of 2008

15
 • On p. 21
An Introduction to • Consists of two types of
Internal Auditing
guidance
The International
Professional Practices 1. Mandatory guidance
• The 10 core principles of internal
Framework
auditing - see slide 19
• The definition of internal auditing
(referred to earlier)
• The IIA’s code of ethics – dealt with
in chapter 3
• The International Standards for the
Professional Practices of Internal
Auditing
– Criteria against which the activities of
internal auditing are evaluated

16
 • Two types of guidance
An Introduction to
Internal Auditing 2. Recommended guidance
The International • Implementation guidance
– Assists internal auditors in
Professional Practices
applying the definition, the
Framework code of ethics and the
standards
– Not compulsory
– Useful as an interpretation tool
for the standards

17
 • Two types of guidance
An Introduction to
Internal Auditing 2. Recommended guidance
The International • Supplemental guidance
– Assists a wide range of
Professional Practices
interested parties, including
Framework those outside the internal audit
profession, in understanding
significant governance, risk and
control issues and delineating
related roles and
responsibilities of internal
auditing
– Educational products, research
studies and other material

18
 • Mission of internal auditing
An Introduction to – P. 22: “To enhance and protect
Internal Auditing
organisational value by providing
The International risk-based and objective
Professional Practices assurance, advice, and insight.”
Framework
• 10 core principles
– P. 22: “The core principles
underpin internal audit
effectiveness.”
– See p. 23 for a list of the
principles

19
 • International Standards for the
An Introduction to Professional Practices of
Internal Auditing
Internal Auditing
The International
– P. 23: “The [standards] are the
Professional Practices
minimum requirements that are
Framework
internationally applicable at
organisational and individual
levels and provide a framework
for performing and promoting
internal auditing.”
Remember:
the standards is one of
the four sources of
mandatory guidance

20
 • International Standards for the
An Introduction to Professional Practices of
Internal Auditing
Internal Auditing
The International
– The purpose of the standards is
Professional Practices
to:
Framework
• Delineate basic principles that
represent the proper practice of
internal auditing
• Provide a framework for performing
and promoting a broad range of
value-added internal audit activities
• Establish a basis for the evaluation
of internal audit performance
• Promote improved organisational
processes and operations

21
 An Introduction to Internal Auditing
The International Professional Practices Framework

• International Standards…
– Three types of standards
1. Attribute standards,
dealing with:
– The characteristics of the
internal audit activity
Attribute
Attribute Implementation standards
– The individuals that perform standards
standards
(1000 series)
series) Apply attribute and
the activity (1000
performance standards to:
- Assurance services
2. Performance standards,
(A series)
dealing with: - Consulting services
– Internal audit services and the (C series)
internal audit process Performance
Performance
standards
standards
– Measurement of the quality (2000
(2000 series)
series)
thereof

22
 An Introduction to Internal Auditing
The International Professional Practices Framework

• International Standards…
– Three types of standards
3. Implementation standards
– Assurance implementation
standards: deal with the
objective evaluation of
Attribute
evidence to provide an Attribute
standards
standards
Implementation standards
independent assessment of (1000 series)
(1000 series) Apply attribute and
performance standards to:
governance, risk management - Assurance services
and control processes (A series)
– Consulting implementation - Consulting services
standards: focus on consulting (C series)
Performance
services, i.e. activities beyond Performance
standards
standards
traditional assurance work, (2000
(2000 series)
series)
requested by management

23
 • Internal auditors are expected
An Introduction to to add value by advising
Internal Auditing
management regarding
The role of internal
governance, risk and control
auditing in the
business environment processes
• To be effective it should:
– Be at the centre of the
organisation and be respected for
the role it plays
– Have the full cooperation and
support of the board of directors
and management
– Report to the highest level of
authority in the organisation
24
 • Should provide reasonable
An Introduction to
Internal Auditing
The role of internal
auditing in the
business environment
assurance that the following
are adequate and effective:
– The organisation’s governance
processes
– The organisation’s risk
management processes
– The organisation’s control
processes

As per the
definition of
internal auditing

25
 • Services include assurance and
An Introduction to consulting services
Internal Auditing
– Assurance services are the
The role of internal examination of evidence by the
auditing in the internal auditor to provide an
business environment independent and objective
opinion on whether:
• Management’s policies and
procedures are adhered to
• Processes (including control
activities) are mitigating risks
• The organisation is complying with
relevant laws and regulations

26
 • Services include assurance and
An Introduction to consulting services
Internal Auditing
– While consulting services include
The role of internal (for example):
auditing in the • Staff training
business environment • Providing advice to management on
controls, risk issues and governance
• Assisting in developing policies
• Participating in quality teams
• Read pp. 28 and 29

27