Internal Audit is an independent appraisal function established within an organization to examine and evaluate its activities as a service to the organization. It is an independent, objectives assurance and consulting activity designed to add value and improve an organization's operations. It helps organization to accomplish objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and government process
Scope and Objectives of Internal Audit
As per AAS-6, Internal Control System refers to all the policies and procedures adopted by the management of the entity to assist in achieving management's objectives ensuring the orderly conduct of the business, the accuracy and completeness of accounting records, the timely preparation of financial information, safeguarding of assets of enterprises and detection of fraud and errors in a timely manner. The internal audit function constitutes a separate component of internal control with the objective of determining whether other internal controls are well designed and properly evaluated.
The Scope and Objectives of internal audit vary widely and are dependent upon the size and structure of the entity and the management's requirements. The internal audit normally operates in one or more of the following areas:
(a)Review of accounting system and related internal controls: Although the establishment of an adequate accounting system and related internal controls is the responsibility of the management. However it is must that they are reviewed from time to time to ensure that they are operating effectively and recommend any improvement thereto;
(b) Examination of Management of financial and operating information : It includes the review of the means used to identify, measure, classify and report such information and specific inquiry into individual items including tests of transaction;
(c) Examination of the economy, efficiency and effectiveness of operations including the financial controls of an organization: This will help the external auditor when it has an important bearing on the reliability of the financial records;
(d) Physical examination and verification: It includes the examination and verification of physical existence and condition of the tangible assets of the entity.
The objects of internal audit can be stated as follows:
Verification of the accuracy and authenticity of the financial, accounting and statistical records.
(b) Ascertaining that accepted accounting policies and practices have been followed while preparing the financial accounts.
(c) The assets are purchased or disposed under proper authorization. Also ensuring that the access to assets is restricted to the authorized persons at the authorized times.
(d) Confirming that the liabilities are incurred for the legitimate activities of the organization.
(e) The internal checks system operating in the organization is sound and economical.
(f) Fraud and errors are prevented and detected.
(g) Reviewing overall operations of internal control system and if deviations or weakness are noted, the same are communicated to the appropriate authorities on timely basis. This will help in instituting corrective actions.
Interaction between internal audit and external audit
Although internal and external audit need to maintain clear boundaries and independence from each other, both functions complement one another. Therefore, it is beneficial for external and internal audit to maintain an appropriate, constructive, and fluid two-way dialogue. This relationship will ensure they coordinate efforts and share valuable information, such as the internal audit programme of work, the external audit management plan, the risks each function has identified, or changes in legislation/regulation.
The Chartered IIA's Internal Audit Code of Practice states that: "The chief internal auditor and the partner responsible for external audit should ensure appropriate and regular communication and sharing of information."
This position supports the IIA Global International Standards for the Professional Practice of Internal Auditing (International Standards) - Standard 2050:
"The chief audit executive should share information, coordinate activities, and consider relying upon the work of other internal and external assurance and consulting service providers to ensure proper coverage and minimize duplication of efforts."
We note that one unintended consequence of the UK standard, which prohibits internal auditors directly assisting external auditors, is that the interaction between the two functions seems to have diminished over recent years. The chief audit executive and the partner responsible for the external audit should find ways to communicate and facilitate a constructive relationship, whilst maintaining their independence and objectivity.
This is something that Sir Donald Brydon also raised in his final report of the Independent Review into the Quality and Effectiveness of Audit (December 2019). He wrote:
"I heard frequently that ISA (UK) 610, which governs how auditors may make appropriate use of internal audit work without receiving direct assistance, is complex to adhere to. As a result, there is very limited use made of internal audit by external auditors."
He continued by suggesting that ISA (UK) 610 should be reviewed with a view to encouraging greater, but still appropriate, use of internal audit by the external auditor. The Chartered IIA would support such a review, particularly if it leads to a better and more productive relationship between the two assurance functions.