Page 63 - DCOM509_ADVANCED_AUDITING
P. 63
Advanced Auditing
Notes Internal auditors play an important role in their organization’s corporate governance, internal
control structure, risk management analysis, and financial reporting process. In the past decade,
auditors actively have provided management with consulting and assurance services to assist in
compliance with regulations such as the U.S. Sarbanes-Oxley Act of 2002. Internal audit resources
also have been expanded to satisfy the high demand for services to assist in executive certifications
of internal controls and financial reports.
Example: U.S. Securities and Exchange Commission’s (SEC’s) Proxy Disclosure
Enhancements rules released in December require companies listed on U.S. exchanges to disclose
their governance measures, including their board structure, the board’s oversight of risk
management, and its relationship with executive compensation policies and practices.
In the coming years, internal auditors may be expected to expand their role to assume more
responsibilities in improving risk management, reducing organizational complexity and costs,
and participating in developing strategic and governance processes.
Example: U.S. Securities and Exchange Commission’s (SEC’s) Proxy Disclosure
Enhancements rules released in December require companies listed on U.S. exchanges to disclose
their governance measures, including their board structure, the board’s oversight of risk
management, and its relationship with executive compensation policies and practices.
The proxy disclosure rules create opportunities for internal auditors to report on and provide
their opinions about their organization’s compliance with its own governance and risk assessment
requirements. In particular, auditors may need to express opinions in the areas of corporate
governance, risk management, and internal controls.
Fraud Detection: Small businesses lose millions of money every year to employee theft. Types
of fraud committed by employees include skimming payments from customers; check tampering,
cash theft and misuse of company credit cards, and improper payroll transactions. Many small-
business owners may believe they lack the staff to create an internal audit policy or carry out
audits to combat these problems. However, even with a small staff, a small business may create
an effective internal control system for monitoring employees and their behaviour. A formal
internal audit policy, even if conducted part time by individuals normally assigned other duties,
performs other tasks besides detecting fraud. Examining policies and procedures on a regular
basis ensures that the company minimizes its exposure to fraud and other losses. Extension of
credit to customers provides one such area of loss prevention.
Internal Controls in a Computerised Environment: It includes:
General control and application controls in a computerised environment. The purpose of
application controls is to establish specific control procedures over the accounting
applications in order to provide reasonable assurance that all transactions are authorised
and recorded and are processed completely, accurately and on a timely basis.
Development of computer application, for example, standards over systems design,
programming and documentation; testing procedures using test data; approval by computer
users and management; segregation of duties from those who design and those who test;
installation procedures and training of staff, etc.
Prevention or detection of unauthorised changes to program, which include full records
of program changes, password protection, restricted access to central computer, virus
checks, backup copies of program or control copies.
Testing and documentation of program changes
Controls to prevent wrong programs or files being used
58 LOVELY PROFESSIONAL UNIVERSITY
