Investigating the need for internal auditing

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

2.0 Introduction

The word audit emanates from the Latin verb 'audire', which means to hear. The origin of 'audit' can be traced back to ancient times. Whenever the owners of a business suspected fraud, they appointed certain persons to verify the accounts. Such persons queried the accountants and heard what they have to say in relation to the accounts.

Auditing as its existing form was established only in the middle of 19th century. In today's world, it is known as an inspection of financial statements to confirm whether they are free from material misstatement and also to give an unbiased opinion whether the financial statements are prepared in accordance with the Accounting Standards.

Consequently, auditing is essentially a practical task as the auditor always needs to reflect the nature and state of affairs of the entity being audited. Therefore, it is very unlikely that any two audit assignments will be identical to each other. Furthermore, the scope and depth are determined by the auditors with reference to auditing standards contained in International Standards on Auditing (ISAs), the requirements of relevant professional bodies, legislation and regulation and the term of the audit engagements. The same basic principles of auditing are applied in both public and private sectors. However, auditors of public sector often have wider objectives and additional duties and have specific governmental guidelines to follow.

2.1 Definition of Auditing

A clear-cut definition of the term 'auditing' is difficult to give. Some of definitions given by different authors are as follows:

As per Montgomery, a well known author, 'auditing is a systematic examination of the books and records of a business or the organization in order to ascertain or verify and to report upon the facts regarding the financial operation and the result thereof .'

Spicer and Pegler expanded the above definition as follows:

'An audit may be said to be such an examination of the books, accounts and vouchers of a business as well enable the auditor to satisfy that the Balance Sheet is properly drawn up, so as to give a true and fair view of the state of affairs of the business and whether the Profit or Loss for the financial period according to the best of his information and the explanations given to him and as shown by the books, and if not, in what respect he is not satisfied.'

According to Lawrence R. Dicksee, 'an audit is an examination of accounting records undertaken with a view to establishing whether they correctly and completely reflect the transactions to which they relate. In some instances, it may be necessary to ascertain whether the transactions themselves are supported by authority.'

R. K. Mautz defines auditing as being 'concerned with the verification of accounting data, with determining the accuracy and reliability accounting statement and reports.'

It is clear from the above definitions that auditing is an examination of a set of records both financial and non-financial to ensure reliability and credibility of these records in terms of adherence to accounting principles, management policies, or stated requirements and also to express an opinion onto whether the financial statements are prepared in all material respects in accordance to an identified financial reporting framework.

As a matter of facts, auditing is not a subdivision or a continuation of the field of accounting. It is a powerful management tool that serves to examine and evaluate the efficiency and effectiveness of the control system.

Graham W. Cosserat (2001) outlines individuals who perform the audits are generally classified into three groups. These are:

External auditing (also known as independent auditor)

The independent external audit requirement fulfils the need to ensure that financial statements are free from bias and material misstatements and they can be relied upon.

Internal auditing

The internal audit is an independent activity set up by management to examine and evaluate the organization's risk management and system of control and make recommendations for the attainment of company objectives.

Governmental auditing

Governmental audit is carried out by government auditors. Governmental auditing is crucial to the government's responsibility of accountability to the public. Government audits are thus intended to provide a true and fair assessment of the stewardship, performance, and cost of government policies, programs, and operations. An example of such governmental unit is the GAO [General Accounting Office] in America which serves as the accounting and auditing branch of Congress.

2.2 History and background of Internal Auditing

Although internal auditing has ancient roots, it was not recognized as an important process by many enterprises until the 1930s. Robert Moeller (2009) observed that this recognition was primarily due to the establishment of the U.S. Securities and Exchange Commission (SEC) in 1934 during the Great Depression.

As a legislative corrective action, the SEC required that enterprises registered with it must provide financial statements certified by independent auditors. This requirement prompted corporations to set up internal audit departments, the main purpose of which was to assist their independent auditors. Also at that time, internal auditors were primarily concerned with checking accounting records and detecting financial errors and irregularities. In short, internal auditors were little more than shadows or assistants to their independent external auditors.

There were concerns all around to improve and better utilize the potential of internal auditors. However, things really got started after Victor Z Brink published the first widely read book on internal auditing; the first edition of Modern Internal Auditing. About that same time period and in 1942, the Institute of Internal Auditors (IIA) was launched.

The IIA was formed by people who had been given title of internal auditor by their enterprises and who wanted to share their experiences and gain knowledge with others in this new professional field. A profession was then born that has undergone many changes over the years and has resulted in the multifaceted profession of modern internal auditor.

Ever since then, the IIA has grown larger and bigger with worldwide recognition. The IIA is now the world's leader in research and education for internal auditors. Also, it is the standard setting body for the internal auditing profession. The IIA is hence a dynamic international organization that meets the needs of a worldwide body of internal auditors. The history of internal auditing has been synonymous with that of the IIA and its motto, "Progress Through Sharing."

2.2 The need for internal auditing

Indeed, all managers desperately need knowledge about their organizations. No manager ever made a good decision on imprecise or biased data. In the past, most managers obtained their information by themselves. They were able to observe how their people performed, how their systems functioned, and how their company operated as a whole.

However, in today's fast business environment, managers, notably senior managers rarely have the time to gather those facts themselves. They have no other option than to turn to others and solemnly hope that the suppliers of data are competent, reliable, and trustworthy and also are dedicated in assisting them and bettering the enterprise.

Modern internal auditors fully meet these criteria. Internal auditors, like professional accountants, are expert in breaking down any totality to determine its components and values. They not only bring to their jobs an understanding of the company's people and systems but also provide a solid working knowledge of the principles of good administration and modern management. Certainly, these abilities can be vital to managers.

Furthermore, a key reason why managers need internal auditors is the counsel the auditors can provide. The counsel can take many diverse forms. For instance, it can help managers in decision making by providing objective views on highly technical matters. Also, it can evaluate ongoing programs to assess their potential success or to highlight problems in meeting goals. The list is almost endless. Dan Swanson (2010) affirms that given internal auditors can act like an independent advisor for the Board and senior management, establishing an internal audit department is indeed a long-term and worthwhile investment for most organizations.

Also, the scope of internal auditing extended to many nonfinancial areas in enterprises. Robert Moeller (2009) argues that new business initiatives such as the Committee of Sponsoring Organizations (COSO) internal control framework or Sarbanes-Oxley Act (SOx) have caused a continuing increase in the need for internal auditors' services.

2.3 Definition of Internal Auditing

In the distant past, it was always held that internal auditing is confined to simply ensuring that the accounting and associated records have been properly maintained and that the assets management system is in place in order to safeguard the assets. With changing times, this concept of internal auditing undertook a sea change with regard to its definition and scope of coverage.

The IIA formerly defined internal audit as follows:

'Internal auditing is an independent appraisal function established within an organization to examine and evaluate its activities as a service to the organization.'

However, as the focus of internal audit changed towards a more risk based, consultant type activity, a new definition of internal auditing was designed in June 1999 and unanimously approved by the IIA's Board of Directors to accommodate the profession's expanding role and responsibilities. The new definition is as follows:

'Internal auditing is an independent objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, discipline approach to evaluate and improve the effectiveness of risk management, control, and governance processes.'

The IIA's new definition hence demonstrates the transformation that the internal audit has undergone in recent years with regard to its role and how it is perceived. Now its role may include risk management - along with traditional auditing - is an integral part of corporate governance process (Henning Kagermann et al., 2008).

Moreover, the new definition provided the basis for the Professional Practices Framework (PPF) which was also approved by the Board. The PPF was later reviewed and updated as the International Professional Practices Framework (IPPF). K. H. Spencer Pickett & Jennifer M. Pickett (2010) specifies that the IPPF was approved in July 2007 and as at October 2009, it constitute a professional framework for internal auditing.

The overall purpose of the IPPF is to readily make accessible the full range of existing and developing practice guidance on a timely basis to internal auditors and also strengthening the positioning of the IIA as the standard setting body for the internal audit profession globally. Hence, the management of any organization will expect their internal auditors to perform their auditing practices to a certain level that is complying with the IPPF. Compliance with the IPPF is therefore an indication of the effectiveness of the Internal Audit Department.

It should be noted that the practice of internal auditing is not regulated and the IIA only provides comprehensive guidance for the profession through its IPPF. On the other hand, compliance with the Standards and the Code of Ethics is mandatory for all members of the IIA and Certified Internal Auditors (CIAs). The IIA also provides guidance on assessing, maintaining, and improving quality within the internal audit activity.

2.4 Internal auditing scope and objectives

Already introduced as a revolutionary figure in 20th century internal auditing, Victor Z. Brink, as the IIA's first research director, was influential in getting The IIA's Statement of Responsibilities of the Internal Auditor issued in 1947. By 1993, the Statement of Responsibilities of Internal Auditing noted that "the scope of internal auditing encompasses the examination and evaluation of the adequacy and effectiveness of the organization's system of internal control and the quality of performance in carrying out assigned responsibilities."

In this perspective, there is theoretically no restriction on what internal auditors can evaluate and report about within an organization. But, internal audit projects tend to vary from one company to another, reflecting particular objectives of owners, directors, and senior management. Internal auditors typically operate under a board-approved charter that defines their role, objectives, and scope. The following five directives from the IIA's Statement of Responsibilities of Internal Auditing are included in most charters:

Review the reliability and integrity of financial and operating information and the means used to identify, measure, classify, and report such information;

Review the systems established to ensure compliance with those policies, plans, procedures, laws, regulations, and contracts which could have a significant impact on operations and reports, and determine whether the organization is in compliance;

Review the means of safeguarding assets and, as appropriate, verify the existence of such assets;

Appraise the economy and efficiency with which resources are employed; and,

Review operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned.

According to Mark R. Simmons (1995), an internal audit could encompass all five audit objectives (a full scope audit); or only one or a few of the five audit objectives (a limited scope audit). Audit scope could be further limited by only assessing and evaluating the adequacy of controls (i.e., the degree to which the controls provide reasonable assurance); or by only assessing and evaluating the effectiveness of the controls (i.e., the degree to which the controls actually function as management intended).

2.5 Internal Audit and Internal Control

Robert R Moeller (2009) argues that an internal auditor does not need to have a detailed understanding of the scope and depth of internal auditing with reference to the internal auditing standards of the IIAs, the requirement of relevant professional bodies, legislation and regulations and the term of internal audit engagements. An internal auditor should rather come up with a general understanding of essentially all of these. Some of these areas may be specialized, but an internal auditor must have at least awareness of them. For all internal auditors, especially for new internal auditors, materials such as the Committee of Sponsoring Organisations (COSO) for internal controls are essential.

Internal auditing activity is primarily directed at improving internal control. Therefore, understanding and implementing effective internal controls is a basic principle of internal auditing. Under the COSO Framework, internal control is broadly defined as a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following internal control categories:

Effectiveness and efficiency of operations.

Reliability of financial reporting.

Compliance with laws and regulations.

It is the management who is responsible for internal control. Managers establish policies and processes to help the organization achieve specific objectives in each of these categories. Internal auditors on the other hand perform audits to evaluate whether the policies and processes are designed and operating effectively and provide recommendations for improvement.

2.6 Internal Audit Standards

The IPPF contains the only globally accepted Standards for the professional practice of internal auditing. As discussed earlier, the IPPF is the conceptual framework that organizes authoritative guidance promulgated by the IIA. The IPPF is a future expansion of the PPF. As opposed to the PPF, the IPPF clarifies between the mandatory guidance for internal auditors, which are, definition of internal auditing, international standards, code of ethics and the strongly recommended guidance, which are, position papers, practice advisories, practice guides.

The International Standards, being authoritative guidance for the internal audit profession, are principles-focused. Under the PPF there were three sets of standards: attribute, performance, and implementation standards. However, under the IPPF the three sets of standards were concise into two sets of standards. The implementation standards which refer to either assurance or consulting activities are embedded in the attribute and performance standards.

Hence, attribute standards refer to the composition of the audit department in terms of staff expertise and ongoing training, as well as independence and objectivity. Attribute standards also refer to the internal audit department's purpose, authority, and responsibility. Furthermore, performance standards refer to how the internal audit function should operate and how the planning, scope, and reporting activities should be conducted and by whom. The performance standards reflect the purpose of the internal audit function in that they define the activities to be completed, which help make sure that the internal audit function is operating as designed for the benefit of the organization.

Another authoritative guidance issued by the IIA is the Code of Ethics. This is a statement of principles and expectations governing the behavior of individuals and organizations in the conduct of internal auditing, and provides a description of minimum requirements for conduct, and describes behavioral expectations rather than specific activities. The Code of Ethics refers to:


The integrity of internal auditors establishes trust and thus provides the basis for reliance on their judgment.


Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors make a balanced assessment of all relevant circumstances and are not unduly influenced by their own interests or by others in forming judgments.


Internal auditors respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so.


Internal auditors apply the knowledge, skills, and experience needed in the performance of internal auditing services.

The IPPF therefore offers improved clarity with fewer elements, clearly identifiable as to level of authority. Practitioners will have transparent access to the development plan of future guidance. Also under the IPPF, the technical guidance should be released in a timelier manner. Practitioners can more strongly assure the audit committee and senior management that they are relying on a respected and internationally revered set of standards. Lastly, enhancements will neither alter nor disturb practitioners' continual reliance on the International Standards.

2.7 Internal Auditing in the public sector

As mentioned earlier, the same basic principles of auditing are applied in both public and private sectors but auditors of public sector often have wider objectives, additional duties and are required to comply with specific governmental guidelines. Internal audit in the public sector is usually termed as public internal audit. The public internal audit is the activity functionally independent and objective giving assurance and counseling to the managing board for a good management of public revenues and expenses, improving the activities of the public sector entity; it helps the public entity in achieving its objectives through a systemic and methodic approach evaluating and improving the efficiency and effectiveness of the management based on risk, control and process management.

Examples of specific governmental guidelines are: in the U.S., government audits are performed in accordance with the General Accounting Office's Government Auditing Standards commonly known as "Yellow Book", government auditors in the United Kingdom comply with the HM Treasury's Government Internal Audit Standards; and in Canada, government auditors perform in accordance with the Office of the Auditor General's Comprehensive Auditing Manual. In addition, many public sector audit groups are members of the International Organization of Supreme Audit Institutions (INTOSAI), and thus comply with the auditing standards promulgated by INTOSAI.

Furthermore, every country in the world has its own Supreme Audit Institution (SAI) in order to ensure the fair and proper execution of public finance. The National Audit Office (NAO) is the SAI of the Republic of Mauritius. The public Office of the Director of Audit is set up by the Constitution. Also, the NAO is a member of the International Organization of Supreme Audit Institutions (INTOSAI). The NAO conducts its audit in accordance with the INTOSAI standards and the International Standards on Auditing. Compliance with these standards enhances the auditor's credibility, objectivity, professionalism, and independence.