OVERVIEW
Objective
¾
To determine the nature and extent of the external auditor’s reliance on the work of internal audit.RELATIONSHIP
ACTIVITIES UNDERSTAND &
ASSESS
EVALUATION
¾ Basic principles
¾ Assessment criteria
¾ Essential procedure
¾ Factors
¾ Internal auditing
¾ Scope and objectives
¾ Basic principles
¾ Co-ordination of work
Optional
¾ External v ¾ Internal
1
ACTIVITIES OF INTERNAL AUDITING
1.1
Internal auditing
Operate in the following areas detailed testing of
transactions and
Review of compliance with external and internal requirements (e.g. laws, regulations
and
management policies)
Special Investigations
Of direct interest to auditor May impact on external audit
1.2
Basic principle
ISA 610 “Considering the Work of Internal Audit”:
The effect, if any, of internal auditing activities on external audit procedures should be considered.
¾
The external auditor has sole responsibility for the audit opinion expressed. This responsibility cannot be reduced regardless of the scope and quality of the internal audit function.1.3
Co-ordination of work
¾
Whilst the objectives of internal audit and external audit differ, there is often overlap in the work that is carried out.¾
Neither internal auditors nor external auditors can dictate the other’s work program. They can, however, assist each other by: sharing information obtained for planning purposes; discussing business developments with key personnel; discussing materiality, risk assessments and audit objectives; reviewing each other’s work plans and programs;
2
UNDERSTAND AND ASSESS
2.1
Basic principles
¾
The external auditor should obtain a sufficient understanding of internal audit activities to identify and assess the risk of material misstatement of the financial statements
obtain a sufficient understanding of internal audit activities to design and perform relevant audit procedures
make a preliminary assessment of the internal audit function if relevant to the auditor’s risk assessment.
¾
Effectiveness of internal audit is just one factor to be considered in the external auditors’ assessment of the control environment.2.2
Assessment criteria
Factors to consider
(a) Organisational status
¾
Effective objectivity?¾
Direct access to highest level of management?¾
Direct access to audit committee?¾
Free of operating responsibility?¾
Free to communicate fully with external auditor and audit committee?(b) Scope of function
¾
Set by Head of Internal Audit and/or independent directors (e.g. audit committee).¾
Nature/extent of assignments (including extent, direction and timing of tests) performed.¾
Evidence of recommendations being actioned by management (see Reports to management and follow up action taken by internal audit).(c) Technical competence
¾
Technical training/proficiency as internal auditors.¾
Internal audit recruitment policy (reviewed by externalauditor to see if appropriate).
3
EVALUATION
3.1
Essential procedure
If it is to be used, the work of internal audit should be evaluated and tested to confirm its adequacy.
3.2
Factors
¾
Risk¾
MaterialityExternal auditors’ involvement must be sufficient to form own conclusion
¾
Assessment of internal audit function. Consider technical training/proficiency proper supervision, review and documentation sufficient appropriate audit evidence
appropriate conclusions
reports consistent with results of work performed exceptions resolved
amendments to audit program need to test work of internal audit.
Illustration 1
¾
Documentation of internal controls and procedures by internal audit. The external auditor would carry out walk though testing to assessreliability of documentation.
¾
Effectiveness of controls requiring observation. The external auditor can only observe the operation of controls whilst they are at the entity’s premises. Internal audit may be able to observe on a continuous basis.
Illustration 1 (cont’d)
¾
Development of computer based systems and controls. Internal audit would be able to conduct quality control testing of the systems development life cycle from initial feasibility studies, design, programming, through to implementation.
They would also ensure that appropriate financial (and other) controls were built into the system.
External audit would review procedures and deliverables of internal audit plus selective testing of new system using CAATs.
¾
Continuous auditing of computer based systems. Internal audit may use CAATs to continuously audit the operation and effectiveness of computer based controls.
External audit would assess the procedures used (including the CAAT programs) the reports produced and action taken. They would use their own CAAT programmes to selectively test the work of internal audit.
¾
Inventory and other material assets held at different locations. Internal audit may observe, say, year-end inventory procedures at some locations, with the external auditor observing the rest. Visits would be rotated each year, but the external auditors would
ensure that they cover all high risk locations each year.
Similar procedures could be used to verify the existence of non-current assets.
In all cases, the auditors must still obtain an understanding of the business, its environment and internal control. They cannot abdicate to the internal
auditors.
FOCUS
You should now be able to: