11/7/2013

Session Content

Audit and Compliance

Chapter 9

1. Function and importance of

Internal Audit

General
A management control
Statutory requirement/suggestion of CG codes
Varying work of IA
Chief internal auditor heads the dept
Report to Audit Committee

Types of audit work

Some of the types are:
a. Financial Audit
b. Operational Audit
c. Project Audit
d. VFM Audit
e. Social and Environmental Audit
f. Management Audit

Roles of Internal Audit

a. Financial Audit
- The main area of work of IA:
Check accuracy of financial and management
reporting
b. Operational Audit
- Examination and review of business operation
- Effectiveness of controls
- 3Es

11/7/2013

c. Project auditing
- About looking at a specific project:
Were the objectives achieved?
Was the projected implemented efficiently?
What lessons can be learned from any
mistakes made/?

d. VFM Audit
Assesses 3 main areas
economy/efficiency/effectiveness
Economy
- Inputs to business and look if economical and
of acceptable quality
- Inputs could be capital, raw materials,
workforce and any administrative function

Efficiency of operation
Checks how well the operation converts inputs to
outputs
e.g. looking at quality control failures or wastage in
production
Effectiveness of an organisation
Checks whether the organisation achieves its
objectives
- Must be clear objectives not easy

e. Social and environmental audit

Social and environmental report in Annual
report
Social Audit: looks at the Cos contribution to
society and community e.g. donations,
sponsorships, education, health and safety etc
Purpose of this audit: confirms statement of
Directors or make recommendations on social
policies Co should perform

Environmental audit
- Evaluation of how well organisations are
performing with the aim of contributing to
safeguarding the environment
- Examine at corporate environmental policies
and practices and whether these are being
complied with
- Environmental report in Annual report

f. Management audit (or operational audit)

The independence appraisal of the
effectiveness of managers and corporate
structure in achievement of entitys objectives
and policies
Aim is to identify weaknesses and make
recommendations on how to rectify them
Linked to business objectives and therefore
risks

11/7/2013

2. Factors affecting the need for IA

Scale, complexity and diversity of Cos
activities
Number of employees (evidence of size)
Cost-benefit considerations
Changes in organisational structure, processes
or information systems (change complexity
and thus change risk)
Changes in key risks

3. Auditor independence
IA an independent assurance activity
To ensure that activity is carried out
objectively and be able to rely on it, internal
auditor must be independent
Independence assured by appropriate
structure within which IA work
Independence is also assured in part by the
internal auditor following acceptable ethical
and work standards

4. Potential ethical threats

Risks if auditors are not independent

Independence compromised when ethical

threats are present
A threat is anything that means that the
opinion of an auditor could be doubted
Threats can be real or perceived
ACCA code provides examples of generic
threats
See below for threats that affect normally
external auditors

SELF INTEREST THREAT

Audit firm or member of audit has something
to benefit from the audit client
Examples
- Loan from audit client to auditors
- Financial support
- Potential employment with audit clien
- Dependence of fees from audit client

11/7/2013

SELF-REVIEW THREAT
Reviewing something which the individual
auditor was previously responsible for
For example:
- Member of audit team previously an
employee of audit client
- Preparing the financial statements and then
audit them

ADVOCACY THREAT
Auditor promotes or perceived to promote
audit clients position or opinion
For example:
- Being promoter of shares of audit client
- Acting as advocate on behalf of audit client in
litigation disputes

FAMILIARITY THREAT
Due to close relationship with an audit client
the auditor becomes too sympathetic to the
clients interests
For example
- Auditor has family member that is employed
by the audit client and has the power to exert
significant influence over subject matter of
audit

- Long association of a senior member of audit

team with audit client
- Acceptance of gifts from audit clients

INTIMIDATION THREAT
When a member of the audit team is deterred
from acting objectively due to fear of the
client
Examples:
- Threat of replacement over a disagreement
- Pressure to reduce extent of work in order to
reduce fees

Test your understanding 2 (page 214)

11/7/2013

5. Audit Committee
Protection of independence
Internal auditors must be independent from executive
management and should not have any involvement in
the activities or systems that they audit
Head of IA should report directly to a senior director or
the Audit C/ee. In addition the head of IA should have
direct access to the chairman of the Board and to the
Audit C/ee and should be accountable to the audit
Committee
The audit C/ee should approve the appointment and
termination of appointment of the head of IA

Role of the Audit Committee

Review of IC systems
Oversee work of IA
Monitor integrity of FS
Review work of external audit
Consists 100% of NEDs
At least one must have recent and relevant
financial experience

6. The Audit Committee and Internal

Controls

The Audit Committee and Internal Controls

Review the companys internal financial controls
Review all the companys internal control and
risk management systems
Give approval to internal control and risk
management statements in annual report
Receive reports from management about
effectiveness of control systems
Receive reports on tests carried out on controls
by internal auditors

7. Audit committee and internal audit

Smith Guidance on audit committees
recommends that the committee meet with
internal auditors at least once a year without
management
If the Co does not have an internal audit function:
- Committee should consider annually whether
there is a need for an internal audit function
- Reasons for absence of internal audit function
should be explained in the relevant section of the
A/R

11/7/2013

8. The Audit Committee and External

Audit
a. Appointment, re-appointment and removal
recommendations to the Board
b. Oversee the selection process of new
auditors
c. Approve terms of engagement and their
remuneration

d. Have annual procedures to ensure independence and

objectivity of auditors (see below)
e. Review scope of audit and ensure sufficient
f. Ensure that plans in place for the audit at the start of
annual audit
g. Carry out post completion audit review
- Review level of errors identified during audit
- Review key accounting or audit judgements
- Discuss any major issues that arose during audit and
whether theyve been resolved

9. Reporting on internal controls to

shareholders
Test your understanding 3 (page 228)

SHs are entitled to know whether the IC system is

sufficient to safeguard their investment
Thus, the Board should at least annually conduct
review of effectiveness of IC and report to SH that
done so
Review must cover all material controls
Review must be conducted against COSOs
elements of an effective IC system as seen Ch9
Annual report should inform SH of work of Audit
Committee

The chair of the Audit C/ee must be available

at AGMs to answer questions of SH
SOX additional reporting requirements