Professional Documents
Culture Documents
These changing roles require internal auditors to acquire new knowledge and skills sets to
keep pace with the changes and to succeed in the profession.
Molding Forces
Circumstances / events / forces which have helped to fuel increased demand for internal
audit services and helped shape internal auditing into what it is today:
Corporate scandals (for e.g., Enron, WorldCom, and Parmalat) which have brought
about new laws and regulations (for e.g., latest amendments to Malaysian Cos Act
1965 and amended Bursa Malaysias Listing Requirements issued on 31 January
2008: see textbook, page 1).
Globalization.
Increasingly complex corporate structures.
E-commerce and other technological advances.
These forces bring about new and different types of risks that can prevent an organization
from achieving its business objectives. To help an organizations senior management and
BODs understand and address these risks, internal auditors are increasingly being called
upon to help organizations strengthen their corporate governance, risk management, and
internal control processes.
Definition of Internal Auditing
The Institute of Internal Auditors (IIA) current definition of internal auditing:
Internal auditing is an independent, objective, assurance and consulting activity
designed to add value and improve an organizations operations. It helps an organization
accomplish its objectives by bringing a systematic, disciplined approach to evaluate and
improve effectiveness of risk management, control, and governance processes.
Lets look at the key components of the above definition in turn:
Helping the Organization Accomplish its Objectives
The overarching objective of the internal audit function is to help an organization achieve
its business objectives.
An organization exists for a number of purposes or business objectives, e.g., make
profits, increase shareholder wealth, add growth to stakeholders value, etc. Its success
depends on the accomplishment of these objectives. But events taking place may prevent
a company from achieving its objectives.
Understanding an organizations business objectives > helps an internal auditor
understand the risks of events arising that can potentially side-track or hinder
objectives being met > helps define the internal auditors own audit engagement
objectives (i.e. what it needs to do) in order to help the organization accomplish its
business objectives:
[See Exhibit 1-1]
2
Performing the engagement involves application of specific audit procedures, for e.g.,
making enquiries, observing operations, inspecting documents, and analyzing
information to gather evidence. Documenting the evidence. Evaluating the evidence.
Communicating outcomes of the engagement should be accurate, objective, clear,
concise, constructive, complete, and timely.
Types of Internal Audit Engagements
Operational audit
Programme audit
Fraud audit
Ethical business practices audit
Compliance audit
Information technology audit
Control self-assessment audit
Financial audit
Both are intimately tied up with the organizations systems of internal control.
Both are concerned with the occurrence and effect of errors and misstatement that
affect the nal accounts.
Both produce formal audit reports on their activities.
The Main Differences
The external auditor is an external contractor and not an employee of the organization
as is the internal auditor. Note, however, that there is an increasing number of
contracted-out internal audit functions where the internal audit service is provided by
an external body.
The external auditor seeks to provide an opinion on whether the accounts show a true
and fair view, whereas internal audit forms an opinion on the adequacy and
effectiveness of systems of risk management and internal control, many of which fall
outside the main accounting systems.
External audit is a legal requirement for limited companies and most public bodies,
while internal audit is not essential for private companies and is only legally required
in parts of the public sector.
Internal audit may be charged with investigating frauds and, although the external
auditors will want to see them resolved, they are mainly concerned with those that
materially affect the nal accounts.
Internal auditors cover all the organizations operations whereas external auditors
work primarily with those nancial systems that have a bearing on the nal accounts.
Internal audit may be charged with developing value-for-money initiatives that
provide savings and/or increased efciencies within the organization.
The internal auditor reviews systems of internal control in contrast to the external
auditor who considers whether the state of controls will allow a reduced amount of
testing.
Internal audit works for and on behalf of the organization whereas the external auditor
is technically employed by and works for a third party, the shareholders.
The internal audit cover is continuous throughout the year but the external audit tends
to be a year-end process even though some testing may be carried out during the year.
(See also main textbook, pages 5-6)
13. The changing roles require internal auditors to acquire new sets of skills and
competencies to keep pace with the changes and to succeed in the profession. What
new skills and competencies should the modern internal auditors acquire?