INTERNAL AUDITORS take note for exam

- Internal audit - an independent appraisal activity established within an organization – IA function can also be
outsourced
- IA is a form of mgnt control – monitor and report to board
- Functions
(a) examine and evaluate adequacy and effectiveness of other ctrls
(b) assist member of orgz in the effective discharge of their responsibilities
- IA function should act independently of executive managers

- Report to either board, AC or CEO ; functionally report to AC, administratively report to CEO
- To be effective, IA must report to highest authority within the co i.e. the board bcos
(a) Board is not involved in operation – will not suffer self review threat – enhance independence of IA
(b) IA able to secure cooperation from the auditees

- Work – wide-ranging – not prescribe by regulations – decided by board/AC/mgnt vs EA – statutory audit –

work prescribed by Companies Act

ROLE OF INTERNAL AUDITORS (possible tasks)

1. Review financial IC system

-establish whether suitable financial ctrls exist – whether they are applied as prescribed – whether
effective

2. Examine financial and operational information

-investigate the accuracy of info in reports (reliable) and timeliness of reporting (relevant)

3. Value for money audits / operational audits – investigate operation or activity – establish whether
economical (cost eg quotation), efficiency (unit cost of prodn –utilisation of resources) and effective –
IA add value? Lack of biz knowledge

4. Review compliance with particular laws or reg – applicable for IA working in regulated industry

5. Risk assessment - IA not to manage risk – only monitor and report – investigate aspects of RM –
adequacy of mechanism for identifying, assessing and controlling significant risks to the orgz

Identifying – role of IA – review the risks that have been identified by both the board & operatg mgnt to
ensure they are COMPREHENSIVE i.e. no omission of significant risks
Assessing – role of IA – evaluate REASONABLENESS of the likelihood of risk arising and the impact
assigned for each of the risk
Controlling – role of IA – evaluate APPROPRIATENESS of the measures planned for addressing the risks i.e.
capable of overcoming the risks

6. Special investigations – carried out on ad-hoc basis under instruction of board due to suspicions possibly
rec’d from whistle blowers

1
FACTORS TO CONSIDER IN DETERMINING THE NEED FOR IA tested once

- IA function is not compulsory for UK listed companies – therefore Combined Code requires the board of
listed companies to review from time to time the benefits of having an internal audit function if company
does not already have one

- Turnbull – factors :
1. Scale – size of orgz – the bigger the size of the co., the higher would be the volume of transactions which
will increase the chances of error
2. Diversity – the larger is the range of pdt/service that a company offer, the more complicated would be
its operations and therefore chances of error
3. Complexity of company’s activities
4. Number of employees – fraud is more likely to happen when the staff force is large as close monitoring
by mgnt become difficult which make fraud easier to occur
5. Cost/benefit considerations – include both qualitative and quantitative cost & benefits such as
morale of the company staff, prevention of fraud and the costs of IA staff etc

- Turnbull guidelines – abesence of IA function – board shud undertake other monitoring processes – to
assure itself that the IC system is functioning as intended – sound, effective

IMPORTANCE OF AUDITOR INDEPENDENCE

EA
- Agency theory perspective – separation of O & C – how to resolve – one of it is monitoring – by EA –
audit function – important CG mechanism – helps S/Hs monitor and control company mgnt
- EA – checks and balances - help monitor company mgnt’s activities – increase transparency
- Audit of co’s F/S – disclosures more credible – instil confidence in company’s transparency
- However, such reliance on the audited F/S only possible if EA is independent of client company –
ensure audit opinion not influenced by
(a) r/ship btw EA and the company (familiarity threat)
(b) EA wish to maintain good relations with mgnt of client company and be paid a handsome fee (self
interest threat)
if suitable CG measures are not in place
- SEEN to be independent – ‘appearance’

IA
- Audit charter – detailed the responsibilities of IA, their right of access to info, the parties they are reporting
to and frequency of reporting (all board members sign)
- degree of IA’s independence dependent on
(a) organizational status – line of reporting – should report to highest authority (board/AC) – enhance
independence and secure cooperation from auditees – perform work free from interference
(b) personality of the senior mgnt and head of IA dept (mindset)
-objective professional judgements

2
- IA not seen independent :
1. Paid by and promoted by mgnt (applicable if IA is insourced)
2. Scope of work determined by mgnt – approved by board i.e. AC
3. Authority comes from mgnt – from the audit charter prepared
4. Responsible to mgnt – report to board

VS

- EA – statutory auditor
1. Paid by firm and promotion is by firm mgnt
2. Determines scope of own work
3. Authority given by statute – law – Companies Act
4. Responsible to no particular class of persons

3
THREATS TO AUDITOR’S INDEPENDENCE
EA
- Relies on company’s mgnt to secure its appointment and reappointment as company’s auditor – self interest
threat – though responsibility of auditor appointment delegated to AC (INED) – opinions of senior mgnt
particularly the FD are often decisive in the matter of auditor selection

- Rely on mgnt for info and explanations – in the form of letter of representation for those areas where
auditor fail to obtain suff app evidence - involved mgnt jugdement and estimation

- Rely on a single company for a large proportion of its total fee income – undue dependence on a single audit
client – impair objectivity – self interest threat - ACCA rules state fee income from a single audit client
should not exceed 15% of gross practice income – if 15% for consecutive 2yrs – hot review

- audit partner should not hold shares in a client company – self interest threat (financial interest)

- mutual biz interest/close personal relationship – familiarity threat – this threat is only applicable if the r/ship
concerned involve senior personnel from the client company and the accounting firm –
work of junior auditor subject to review ; junior in client company not responsible for F/S

- perform management functions / management decisions – self review threat – when the firm audits
transactions recommended by its consultancy arm – unlikely to take an independent view –
self interest threat could exists if fee dependency is high bcos of the provision of audit and recurring non-
audit services

- non-audit work – erection of chinese wall – the effectiveness of the chinese wall is being questioned in the
legal case Prince Jeffrey Vs. KPMG in which the House of Lord had claimed that the use of modern gadgets
made disclosure of confidential info easy despite the separation of teams – this is especially so when forensic
audit is involved

- provision of non-audit services – low balling – auditors pricing the cost of audit at a loss-making amount to
win consultancy business at much higher and lucrative fee – a firm will not be accussed of practicing low
balling if the client is not misled over :
(a) lvl of service that the fee will cover
(b) lvl of fees that will be charged on other non-audit services

IA
- auditing an activity for which they had authority or responsibility – self review threat -
IA should therefore not be involved in the company operation to avoid this threat

- persons transferred to or temporarily engaged by IA dept should not assigned to audit those activities they
previously performed until a reasonable peroid of time has elapsed – refer to cooling period – essential to
ensure r/ship btw the seconded staff and his or her colleagues is no longer close to avoid familiarity threat

- designing, installing, operating systems and drafting of procedures for systems impair auditor objectivity –
due to assuming mgnt responsibilities

- however IA’s objectivity is not adversely affected when the auditor recommends standards of control for
systems or review procedures before they’re implemented

4
AUDIT COMMITTEE never tested – put some attn
- Sir Robert Smith
- last one to approve the F/S
- liaison with EA & IA
- composition – ALL independent non executive directors – at least one member has recent and relevant
financial experience

ROLE of AC generally 5%
- 2 main roles
a) Financial Reporting
b) Internal Control
- Review the scope and outcome of the audit – ensure auditors’ objectivity is maintained (for both EA & IA)
- Review audit fee and fees paid for non-audit work and general independence of auditors (EA only)
- Provide a useful bridge btw both IA and EA and the board – without the AC, both EA and IA may feel
embarrassed to criticise the board and could have fear that their actions can have implication on their
reappointment and their career in the company respectively
- Review arrangements for whistleblowers – AC will be the parties that will be responsible for receiving
allegations involving senior mgnt in the company
- In the absense of RM committee, the AC should assess the systems in place to identify and manage risks in
the company (risk mgnt cum audit committee) – the problem w such combination is that the members of the
joint committee are all INED which may not allow them to effectively manage the risk due to
infamiliarisation with the co’s bis

OVERSEEING IA FUNCTION
1) Monitor and review IA activities - if no IA function – AC should consider annually whether there is a need for
an IA function and recommend to board – the reasons for absence of such a function should be explained in
the annual report
2) Review and approve their IA’s function remit (rights and responsiblities) – ensure IA function has the
necessary resources and access to information (depending on the organisational status of the IA)
3) Approve appointment or termination of appointment of head of IA
4) Review the work of IA function
a) Ensure IA has direct access to board chairman and AC
b) Review and access the annual IA work plan
c) Receive a report on the results of the IAs’ work on a periodic basis
d) Review and monitor management’s responsiveness to the IA findings and recommendations – would
provide AC with an impression of the strengths of the control environment
e) Meet with head of IA at least once a year without management presence
f) Monitor and assess the role and effectiveness of the IA function – focusing on value creation by IA

RELATIONSHIP WITH EA higher chances tested

- Beginning (appointment) to the end (issuance of report)
1) Appointment
- recommendation to the board – thence to S/Hs for their approval in general meeting
- if board does not accept – directors’ report shall include a statement from the AC explaining its
recommendation – shall set out reasons why the board has taken a different position
- annual assessment
- if EA resigns – investigate the issues giving rise to such resignation – consider any action required

5
2) Terms and remuneration
- approve the terms of engagement and the level of fee payable in respect of audit services provided
- level of fee payable – appropriate – an effective audit can be conducted for such a fee – AC would ensure
that the low fee is not associated with the practice of low balling

3) Independence
- rotation of audit partners – familiarity threat
- lvl of fees company pays in proportion to the overall fee income of the firm – self interest threat
- consider all relationships btw the company and the audit firm (including provision of non-audit services)
- agree with the board – company’s policy for employment of former employees of the EA
- develop and recommend to board – company’s policy in relation to the provision of non-audit services
 From which EA are excluded
 For which EA can be engaged without referal to the AC – referring to those services that are not
relating to financial services or generation of financial info for preparing F/S
 From which case-by-case decision is necessary

4) Annual audit cycle

- consider planned levels of materiality – would have implications on the amount of work to be carried out
therefore the cost of audit as well as the risk involved
- consider proposed resources – should be adequate to ensure that the deadline would be met
- review with EA the findings of their work – in this aspect, AC is concerned with possible window dressing of
the F/S and would want to derive assurance from the EA that it is not the case
- review the letter of rep – the contents of the LOR should only relate to those matters where auditor fail to
obtain sufficient appropriate audit evidence
-review the management letter (LOW) and monitor management’s responsiveness to EA’s findings and
recommendations (strength of control environment – receptive?)
-assess effectiveness of audit process