This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Internal audit function is the crucial part of an entity's corporate governance. Their has been important concern about the level of fraud within the company. The purpose of this study is to evaluate whether the companies with an internal audit function can detect fraud with those without.
We find that the companies with internal audit function are performing more well than those without the function of internal audit to detect fraud within their companies. The companies that do not conduct internal audit function are less likely to detect fraud than those that take part in their internal audit function. These result recommend that internal audit adds value through improving the control within organizations to detect fraud.
CHAPTER # 1
THE NATURE, PURPOSE, SCOPE AND THEORY OF INTERNAL AUDIT
NATURE OF INTERNAL AUDIT
Internal auditing is the independent assessment of the various systems and operations of control to determine whether legislative requirements ,acceptable policies and procedures are followed,and established standards are met, resources are used economically and efficiently and planned missions are accomplished effectively.
It helps the Department achieve its objectives by bringing a methodical, disciplined
approach to evaluation and improves the risk management, control and governance processes
SCOPE OF INTERNAL AUDIT
The Internal Audit treatment may extend to all areas of the Department and include
financial, accounting, administrative, operational and computing activities. The scope of internal audits will depend upon circumstances such as results of risk associated with activities, previous audits, materiality, relative, the ability of the system of internal control and the resources available.
CONCEPT OF INTERNAL AUDIT
The exact scope and objective of internal audit differ largely and depend on the size and structure of the company and the requirements of its management.ISA 610 states that internal auditing activities will usually include one or more or the following:
(a) MONITORING OF INTERNAL CONTROL
The establishment of an adequate internal control system is a responsibility of management and is an important aspect of good corporate governance. Because the internal control system needs to b monitored on a continuos basis, large companies are likely to establish an internal audit function to assist management in this role. Internal audit is therefore usually given specific responsibility by management for reviewing internal controls, monitor operations and suggesting improvements via a report to the directors.
(b ) REVIEW OF THE ECONOMY, EFFECTIVENESS & EFFICIENCY OF OPERATIONS
This would include a review of non-financial controls.
(c) review of fulfillment with regulations, regulations and other external requirementsand with internal requirements such as management policies and directives.
(d) special investigations into particular areas such as suspected fraud.
The majority of these activities will be classed as operational internal audit assignments. These are audits of specific processes and operations performed by the entity. However, internal audit could also be asked to perform other assignments such as value for money and best value audits.
Whatever tasks are assigned to internal auditors the same degree of indepence can never be achieved as that required of the external auditor. In order to achieve as much independence as possible it is therefore important that the internal auditor report to the highest level of management.
It is also the matter for the entity setting up the internal audit function what qualifications or experience it requires of of the members of its internal audit team. In contrast, the external auditor has to comply with the regulations set by government and his professional body coverng technical and professional and standards and qualifications.
OBJECTIVE AND ROLE OF INTERNAL AUDIT
The internal audit function is established to assist the Secretary and management of the Department to verify that appropriate governance of operations is in place and to achieve sound managerial control of the operations of the Department including accounting, financial control, asset management and information management and control systems. The objective of internal audit is to help out all levels of management in the valuable fulfill of their responsibilities by providing analysis and recommendations concerning the activities reviewed.
The achievement of the objectives may involve:
Assessing the sufficiency of established procedures and systems.
conducting special assignments and investigations on behalf of the Secretary
into any matter affecting the interests and operating effectiveness of the department,
appraising and reviewing the sufficiency and effectiveness of the system of internal controls;
reviewing operations to determine whether results are reliable with the Department's established objectives and goals and to check whether they are being properly achieved.
appraising the integrity of management, reliability, relevance and, reports, financial and operating data
reviewing the means of protecting the assets and verifying the existence of such assets;
reviewing the systems established to ensure fulfillment with those policies, legal requirements , plans, procedures which could have a important impact on operations.
OBJECTIVE OF INTERNAL AUDIT FUNCTION
The objective of internal audit function varies widely and depends on the size and structure of the company and the requirements of its management. Ordinarily internal audit objective include:
REVIEW OF ACCOUNTING AND INTERNAL CONTROL SYSTEM
Internal auditing is normally assigned specific responsibility by the management of the company for, reviewing accounting and internal control systems, monitoring their operations and recommending improvements therein.
EXAMINATION OF FINANCIAL AND OPERATING INFORMATION
It includes the review of means used to identify, measure, classify and report such information and specific inquiry into individual items including detailed test of transaction, balances and procedures.
Review of effectiveness of operations including non financial control of the company.
Review of fulfillment with regulations,regulations and other external requirements and with management policies, directions and other internal requirements.
The auditor should develop and document an overall audit plan describing expected scope and conduct of the audit, the matters to be kept in mind by the auditor in developing an overall audit plan is the knowledge of the business he has obtained.
USEFULNESS OF INTERNAL AUDIT
An internal audit function is an essential element of a sound corporate governance system. It may also liaise with the audit committee, who may themselves require special reports from the internal auditors.
The role of internal audit is set by management and the type of work they do will depend on what management requires of them. However their work is likely to encompass the following, all of which are usefull to management.
(a)REVIEW OF ACCOUNTING AND INTERNAL CONTROL SYSTEMS
This involves an assessment of the adequacy of the entity's systems and controls in managing the risks of the business and could encompass IT audits. Where there are deficiencies, the internal auditor will recommend cost effective improvements to management. For example if the company does not properly check goods received for quality and quantity, the entity is at risk of accepting substandard goods or the wrong quantity of goods. The internal auditor would require procedures to be put in place to prevent losses incurred by such a lack of controls.
(b)EXAMINATION OF FINANCIAL AND OPERATING INFORMATION
Such internal audits form another part of the traditional role of the internal auditor, reviewing accounting and other records to substantiate figures in the financial statements or management accounts. For example, the internal auditor might trace items on inventory sheets to the inventory figure in the financial statements.
(c ) OTHER AUDITS
The internal auditor might carry out specific other types of audits such as value for money or best value audits.
Internal auditors will perform any necessary investigation into usefull matters. An example of this might be a fraud investigation.
(e) OPERATIONAL INTERNAL AUDIT ASSIGNMENTS
These involve the internal auditorconsidering particular areas of the entity's business such as marketing or human resources. For example work could be carried out to ensure that there are appropriate recruitmant and selection procedures in place.
In addition, the internal audit function will also liaise with the external auditors and may provide valuable evidence to the external audit team.this may result in a more efficient (and hence cheaper) external audit.
INTERNAL AUDIT AND RISK ASSESSMENT
Internal control systems are put in place by the directors (executive management) in order to help them manage the company's governance risks. Risks can be thought of as anything which may prevent an organization from achieving its objectives. It may be convenient in this context to think of risks as the risks of errors or frauds, or the risks that information will be unreliable.
Risk is extremely relevent to the role of the internal auditor. His work may often involve carrying out a risk assessment exercise, designed to identify the main areas of risks to which the organization is exposed. The internal auditor will report those risks to management , and will perhaps make suggestions about how risks can be managed.
It is usefull to analyse the risks that are considered by internal auditors into three main categories. These are :
These are the risks that the operating activities of an entity may be disrupted, either deliberately or unintentionally and in error. Employees make make mistakes, and do something wrong or forget to do something. Machines may break down. There may be poor security arrangements, poor supervision, weak management or an ineffective organization structure. Operational risk refers to anything that might go wrong with operatiomal activities.
These are the risk of what might happen if there are changes in the financial environment, such as intrest rates, taxation law or exchange rates. Financial risk also includes credit risk, which is the risk of non-payment or late payment by customers.
(c ) COMPLIANCE RISK
These are risk that the entity may fail to comply with relevent rules and regulations, resulting In penalties being imposed by regulatory authorities or fines being paid to injured parties. Examples of compliance risk vary according to the nature of a company's activities: they may include the risk of non-compliance with health and safety law, anti-pollution law, employment law, and so on.
MANAGEMENT OF RISK
Approaches to risk management that an internal auditor may recommend to management include the following:
Risk acceptence means accepting the risk and doing nothing to reduce the possibility that an adverse event will happen and doing nothing to limit the consequences if an adverse event does occur. This approach is normally only acceptable if the risk is insignificant.
Risk reduction involves taking measures to reduce the probability that an adverse event will happen, or reducing the consequences of an adverse event. Measures to reduce risk may involve instituting appropriate controls to minimise the risk to which the entity is exposed. Most internal controls are designed as risk reduction measures.
(c ) AVOIDANCE
Risk avoidance means avoiding transactions or situations that would create an exposure to a risk. For companies, it is normally impossible to avoid risks entirely without withdrawing from a business operation entirely.
Risk transfers means transferring the risk to a third party, often in return for a payment. The most commonly-used example of risk transfer is probably the use of insurance. With insurance, risk are tranferred to an insurance company in exchange for the payment of a premium.
INTERNAL AUDIT SERVICES
Internal audit services may be provide to an audit client by the firm. On the other hand it should be made sure that the client acknowledges its responsibility for maintaining, establishing and monitoring the system of internal controls. It should be suitable to use safeguards to ensure that an employee of client is responsible for internal audit activities and the client approves all work that internal audit does.