INTERNAL AUDITING

Internal Auditor Association (IIA) has developed the globally accepted definition of internal auditing as
follows:

“Internal auditing is an independent, objective assurance and consulting activity designed to add value
and improve organization’s operations. It helps an organization to accomplish its objectives by bringing
a systematic approach to evaluate and improve the effectiveness of risk management, control and
governance processes”

DEFINITION
Independence- the freedom from conditions that threatens the ability of the internal audit activity to carry
our internal audit responsibilities in an unbiased manner.
 SEC requires listed companies two have at least 2 independent directors or such a number of
independent directors that constitutes 20% of the members of the Board, whichever is lesser, but in no
case less than 2.
 Direct reporting to the Board of Directors instead of the President or CEO

KEY CONCEPTS
 Objectivity- unbiased mental attitude that allows internal auditors to perform engagements ins such a
manner they believe in their work product and that no quality compromised are made
 Organization independence- is effectively achieved when the Chief Audit Executive (CAE) reports
functionally to the board by having direct and unrestricted access both to senior management and the
board (Dual Relationship) as established by the organization and reporting structure of a company

KEY CONCEPTS
 Internal audit activity- a department, division, team of consultants, or other practitioners that provided
independent, objective assurance and consulting services designed to add value and improve
organization’s operations.

INTERNAL AUDIT ACTIVITY DEFINED

Internal audit reports both to the Board and the CEO.
 Direct reporting (reporting function) to the Board through the Internal Audit Committee (IAC)
 Coordination (administrative function) with the CEO

DUAL REPORTING
Definition: a restriction placed upon the internal audit activity that precludes the audit activity from
accomplishing its objective and plans.

 Any reporting relationship that impedes independence and effective operations of internal auditing
 CAE is required under the IAA standard to confirm to the board, at least annually, the organization
independence of the internal audit activity
 Scope limitation, along with its potential effect, needs to be communicated to the Board, preferably in
writing
 Internal auditors are not to accept gifts

SCOPE LIMITATION
Definition: a restriction placed upon the internal audit activity that precludes the audit activity from
accomplishing its objective and plans.

 Any reporting relationship that impedes independence and effective operations of internal auditing
 CAE is required under the IAA standard to confirm to the board, at least annually, the organization
independence of the internal audit activity
 Scope limitation, along with its potential effect, needs to be communicated to the Board, preferably in
writing
 Internal auditors are not to accept gifts

SCOPE LIMITATION
1. Conflict of interest- situation in which an internal auditor, who is in a position of trust, has a
competing professional or personal interest, which hinders him to render his duties impartially.
2. Individual objectivity- an internal auditors perform engagements in such a manner that they have an
honest belief in their work product and that no significant quality compromises are made.

OBJECTIVITY
Assurance engagement- an objective examination of evidence for the purpose of providing an
independent assessment on risk management, control, or governance processes for the organization

Assurance services- involves the internal auditor’s assessment of evidence to provide an independent
opinion or conclusions regarding an entity, operation , function, process, system, or other subject matter.
Nature and scope is determined by the internal auditor.

ASSURANCE
Parties in Assurance Engagement:
1. The Process owner- responsible party/auditee
2. The internal auditor
3. The user

ASSURANCE
Consulting services- advisory and related client service activities, the nature and scope of which are
agreed with the client and which are intended to add value and improve an organization’s governance,
risk management, and control process without the internal auditor assuming management responsibilities.

Parties in consulting engagement:

1. The internal auditor
2. The engagement client- maybe a business unit, department, group, individual or other established
subdivision of an organization that is subject of consulting engagement

CONSULTING
Categories of consulting engagement:
1. Formal consulting engagement
2. Informal consulting engagement
3. Special consulting engagement
4. Emergency consulting engagement

CONSULTING
1. Audit committee/ board- improve quality of information
2. Operating management- effectiveness and efficiency of operations

4 factors in determining what will add the most value to their organizations
3. Deep knowledge of the organization
4. The courage to innovate
5. A broad knowledge of those practices the profession
6. The creativity to adapt innovations

ADDING VALUE
Elements:
1. Defined audit objectives
2. Risk analysis
3. Audit work plan
4. Defined audit procedures
5. Use of technology
6. Independent review of audit work
7. Review of conclusions with management

SYSTEMATIC AND DISCIPLINED APPROACH

1. Helping the organization achieve its objective- business objectives are stated, measurable targets of
how to achieve business goals.
Categories of business objectives:
a. Strategic objectives
b. Operations objectives
c. Reporting objectives
d. Compliance objectives

MAIN OBJECTIVES OF INTERNAL AUDIT

2. Evaluation and improving the effectiveness of risk management, control, and governance processes

3. Assurance and consulting activity designed to add value and improve operations

MAIN OBJECTIVES OF INTERNAL AUDIT

INTERNAL VS. EXTERNAL AUDIT
INTERNAL VS. EXTERNAL AUDIT
 Established in 1941
 An international professional association of more than 150,000 members with global headquarters in
Altamonte, Springs, Fla., United States
 Members work in internal auditing, risk management, governance, internal control, information
technology audit, education and security
 CIA- Certified Internal Auditor
 The Institute of Internal Auditors- Philippines (IIA-P)

INSTITUTE OF INTERNAL AUDITORS