14 – Audit and Compliance

Function and importance of internal audit

Internal audit is a management control. The department reviews the effectiveness of other controls within a company.

An internal audit generally performs the three tasks outlined below.

Assess any risks and the internal controls within a company
Ensure that a company and its employees are in compliance with federal and state laws and regulations
Make suggestions as to what needs to be done to rectify a failed audit or issues that were identified as problematic during the audit

Roles of Internal Audit Department

Reviewing accounting and internal control Systems (financial audit)

Assisting with the identification of significant risks

Reviewing the economy, efficiency and effectiveness of operations (operational audit)

Examining financial and operating information

Special investigations

Reviewing compliance with laws and other external regulations

Factors affecting the need for Internal audit

The scale, diversity and complexity of the company’s activities.

The number of employees.

Cost/benefit considerations.

Changes in the organisational structures, reporting processes or underlying information systems.

Changes in key risks (could be internal or external in nature).

Problems with existing internal control systems.

An increased number of unexplained or unacceptable events

Auditor Independence

Internal audit is an independent objective assurance activity.

To ensure that the activity is carried out objectively, the internal auditor must have his/her independence protected.

Auditor should be Independent in Mind as well as Appearance.

Ethical Threats

Self-interest threat

Occurs when the audit firm or a member of the audit team could benefit from a financial interest in, or other self-interest conflict with, an audit client.

Self-review threat

Occurs when the audit firm, or an individual audit team member, is put in a position of reviewing subject matter for which the firm or individual was previously responsible, and which is significant in the context of the audit engagement.

Advocacy threat

It arises when auditor (most of the time unintentionally) supports the opinion or position (of the client most of the time) to the extent that it is not supported with relevant evidence or simply auditor supported the opinion beyond the degree of objectivity.

Familiarity threat

Occurs when, by virtue of a close relationship with an audit client, its directors, officers or employees, an audit firm or a member of the audit team becomes too sympathetic to the client’s interests.

Intimidation threat

Occurs when a member of the audit team may be deterred from acting objectively and exercising professional scepticism by threats, actual or perceived, from the directors, officers or employees of an audit client.

Audit Committee

An audit committee consists of independent NEDs who are responsible for monitoring and reviewing the company’s internal financial controls and the integrity of the financial statement.

The audit committee acts as an interface between the full board of directors and both the internal and external auditors.

Audit Committee & Internal Controls

The board is responsible for the total process of risk management, which includes ensuring that the system of internal control is adequate and effective.

The board delegates this internal control responsibility to the audit committee.

Audit Committee & Internal Audit

The audit committee is responsible for overseeing the work of the internal audit function.

Audit Committee & External Controls

The audit committee is responsible for oversight of the company’s relations with its external auditors. The audit committee should:

Have the primary responsibility for making a recommendation to the board on the appointment, re-appointment or removal of the external auditors

Approve (though not necessarily negotiate) the terms of engagement of the external auditors and the remuneration for their audit services