Page 126 - DCOM204_AUDITING_THEORY
P. 126
Auditing Theory
Notes Use of Internal Control Systems by Auditors
An internal control can only provide, at best, a reasonable assurance that objectives are being
reached because of inherent limitations, such as, human error and potential for fraud. These
inherent limitations demonstrate why auditors cannot obtain all their evidence from tests of the
systems of internal control.
7.3 Internal Auditing
Performed by professionals with an in-depth understanding of the business culture, systems,
and processes, the internal audit activity provides assurance that internal controls in place are
adequate to mitigate the risks, governance processes are effective and efficient, and organizational
goals and objectives are met.
Internal Auditing is an independent, objective assurance and consulting activity designed to add
value and improve an organization’s operations. It helps an organization accomplish its objectives
by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk
management, control, and governance processes.
Independence is established by the organizational and reporting structure. Objectivity is achieved
by an appropriate mind-set. The internal audit activity evaluates risk exposures relating to the
organization’s governance, operations and information systems, in relation to:
1. Effectiveness and efficiency of operations.
2. Reliability and integrity of financial and operational information.
3. Safeguarding of assets.
4. Compliance with laws, regulations, and contracts.
Based on the results of the risk assessment, the internal auditors evaluate the adequacy and
effectiveness of how risks are identified and managed in the above areas. They also assess other
aspects such as ethics and values within the organization, performance management,
communication of risk and control information within the organization in order to facilitate a
good governance process.
The internal auditors are expected to provide recommendations for improvement in those areas
where opportunities or deficiencies are identified. While management is responsible for internal
controls, the internal audit activity provides assurance to management and the audit committee
that internal controls are effective and working as intended.
The internal audit activity is led by the Chief Audit Executive (CAE). The CAE delineates the
scope of activities, authority, and independence for internal auditing in a written charter that is
approved by the audit committee.
An effective internal audit activity is a valuable resource for management and the board or its
equivalent, and the audit committee due to its understanding of the organization and its
culture, operations, and risk profile. The objectivity, skills, and knowledge of competent
internal auditors can significantly add value to an organization’s internal control, risk
management, and governance processes. Similarly an effective internal audit activity can
provide assurance to other stakeholders such as regulators, employees, providers of finance,
and shareholders.
Did u know? As the primary body for the internal audit profession, The IIA maintains the
International Standards for the Professional Practice of Internal Auditing and the
professions Code of Ethics. IIA members are required to adhere to the Standards and Code
of Ethics.
120 LOVELY PROFESSIONAL UNIVERSITY
