The auditing process is a component of corporate governance in any consid- ered system of corporate governance. As explained in Part I, an important aspect of corporate governance is financial information disclosure. Auditors are gatekeepers to shareholders under the agency theory of corporate gov- ernance. Further, the OECD principles on corporate governance state that:

An annual audit should be conducted by an independent and qualified auditor to provide an external and objective assurance to the board and shareholders that the financial statements fairly represent the financial position and performance of the company in all material aspect. ¹ The interaction between corporate governance and external audit serv- ices suggests that they are complementary and the purpose of both is to protect stakeholders’ interests. ² Audit services play an important role in reducing the information asymmetry between the shareholders and the management. Expert auditors often look at the corporate governance structure of the client they audit. The composition, the independence of the board and the firm audit committee provide key indications as to the way financial statements are produced.

The New York Securities Exchange Corporate Governance Standards require that the audit committee discuss guidelines and policies to govern the process by which the corporate risk is handled. Each real or perceived risk must be identified and assessed. The auditor must address company issues such as the reliability and integrity of financial statements and operational information, the safeguarding of the corporate assets, com- pliance with laws, regulations, policies, procedures, contracts or other requirements. Finally, risk management is covered in this Part as deter- mining whether risk appetite is an element of good governance that man- agements and boards owe to stakeholders.

161

13

Internal Audit Process

13.1 General

The origins of auditing can be traced back to Greek, Egyptian and earlier civilizations. Audits were associated with detection of fraud. The audit business began to grow with the emergence of large-scale businesses.

Despite making a huge investment in propaganda, the auditing industry has been unable to detect massive frauds or even have been part of the problem. The industry opposes all reforms and leads a strong lobbying in Washington, DC, London, and Brussels. The audit function is salient not only to investors or the public trust, but to society as a whole. One of the fundamental tenets of current corporate governance around the world is the importance of external financial audit. ³ The function of the audit is to ensure that an organization’s results and related disclosures are fairly presented. ⁴ While conducting an internal audit activity, the auditor is required to assess and make appropriate recommendations for improv- ing the governance process in its accomplishment of the following objec- tives: (i) promoting appropriate ethics and values within the organization, (ii) ensuring effective organizational performance management and accountability, (iii) communicating risk and control information to appropriate areas of the organization, and (iv) coordinating the activities of and communicating information to the board, external and internal auditors, and management. ⁵

Internal auditing is conducted in diverse legal and cultural environ- ments. The differences can be major or minor depending on the develop- ment level of the countries used as a benchmark. This chapter analyzes the internal audit standards accepted by the community of nations and considered as standards by both the IMF and the World Bank in their assessment of countries under the ROSC. Internal audit standards are divided between ‘Attribute standards’ and ‘Performance standards’.

13.2 Internal audit v. external audit

Two different groups of auditors are involved in the production of finan- cial statements: (i) the internal auditor, and (ii) the external auditors. Both are part of the financial reporting supply chain, with different status.

13.2.1 The Internal auditor

Internal auditors are employees of a company working within its audit department. The audit department oversees the effectiveness of corpora- tion risk management, and monitors the corporation’s internal account- ing system to prevent fraud or any other improprieties. According to the Internal Auditor Association (IAA) an internal auditor must be inde- pendent, objective and perform its duties without interference from the company management. The IAA goes on to say that one of the internal auditor’s roles is to challenge the design of the company’s internal con- trol and to monitor their effectiveness, particularly in major risk areas.

Though the described attributes are what are really expected from an internal auditor, the achievement in quite a different story. In the US particularly, when the standard employment contract is a so-called ‘at- will contract’, it is hard, if not impossible, to find an internal auditor per- forming without management interference. To have an internal auditor performing independently, objectively, and with professional skepticism, their employment status should be enhanced with a job guarantee. Or, at least, the law should require companies to justify any severance with their internal auditors. Without these guarantees, internal auditors would never deliver up the promises of their assigned duties.

13.2.2 The external auditor

External auditors are firms not related to the audited firms: such firms are Deloitte & Touche, Ernst &Young, KPMG, and PwC. They audit, attest and provide assurance to the financial statements of their clients. The SOX Act of 2002 requires external auditors of publicly-traded companies with US$75 million or more in capitalization to include an opinion on the effectiveness of the internal control over financial reporting that man- agement has implemented to address the risk of material misstatements in financial statements.

13.3 The internal audit attribute standards

Attribute standards refer to those standards related to the organization or the individual auditor performing an internal audit. They cover topics such as the purpose of the internal audit, the independence and objectiv- ity of the auditors, due professional care and other related topics.