Professional Documents
Culture Documents
AUDITING AND
MEETING THE
CHALLENGES
INTAUD1 - H008
(For In ternal Use Onl y)
The Environmental Auditing Process
Caring for the environment has assumed an important place in the
American and Filipino culture. We have become aware of the impact that the
pollution of air, ground, and water can have on the quality of life, on the
enjoyment of the earth’s beauty and on the physical well-being of its
inhabitants.
However, the internal auditor is also interested in the controls that are
in place or that should be in place to ensure that environmental problems are
kept to a minimum, that environmental operations are efficient and effective,
that waste management operations are proper, and that environmental decisions
are based on factual information.
Page | 1
Environmental Risks
The CAE includes environmental, health, and safety (EHS) risks in
any organization-wide risk management assessment. These activities are
assessed in a balanced manner relative to other types of risk associated with an
organization’s operations. Among the risk exposures to be evaluated are the
following:
1. If the CAE finds that the exposures are not adequately managed and
residual risks exist, changes in the internal audit activity’s plan of
engagements and further investigations are normal results.
Page | 2
Research Findings
A research study of EHS auditing found the following risk and
independence issues:
Page | 3
Role of the CAE
The CAE fosters a close working relationship with the chief
environmental officer and coordinates activities with the plan for environmental
auditing.
1. When the environmental audit function reports to someone other
than the CAE, the CAE offers to review the audit plan and the
performance of engagements.
The CAE evaluates whether the environmental auditors, who are not
part of the CAE’s organization, are conforming to recognized professional
auditing standards and a recognized code of ethics. The CAE evaluates the
organizational placement and independence of the environmental audit function
to ensure that significant matters resulting from serious risks to the organization
are reported up the chain of command to the board. The CAE also facilitates the
reporting of significant EHS risk and control issues to the board.
NOTE: The internal audit activity has an established place in the organization
and normally has a broad scope of work permitting ready assimilation of the
new function. Thus, it is an advantage to conduct environmental audits under
the direction of the internal audit activity because of its position within the
organization.
Page | 4
Environmental Auditing
An organization subject to environmental laws and regulations having a
significant effect on its operations should establish an environmental
management system. One feature of this system is environmental auditing,
which includes reviewing the adequacy and effectiveness of the controls over
hazardous waste. It also extends to review of the reasonableness of contingent
liabilities accrued for environmental remediation.
Page | 5
2. Environmental issues may arise from practices that were legal when
they were undertaken. Environmental management systems audits
determine whether systems are in place and operating properly to
manage future environmental risks.
Page | 6
b) TSDF audits are conducted on facilities the organization owns,
leases, or manages, or on externally owned facilities where the
organization’s waste is treated, stored, or disposed. Thus, when
an outside vendor is used for these purposes, the audit should
consist of such procedures as:
Reviewing the vendor’s documentation on hazardous
material,
Reviewing the financial solvency of the vendors,
Reviewing the vendor’s emergency response planning
Determining that the vendor is approved by the
governmental organization that is responsible for
environmental protection,
Obtaining the vendor’s permit number, and
Inspecting the vendor’s facilities.
Page | 7
7. Product audits determine whether products are environmentally
friendly and whether product and chemical restrictions are being met.
This process may result in the development of a) Fully recyclable
products, b) Changes in the use and recovery of packaging materials,
and c) The phase-out of some chemicals.
Page | 8
audit knowledge business knowledge
catalyst change facilitator
transaction processes
control activities management controls
This sets the new dimensions of internal auditing as the concepts on the
right-hand side become a benchmark for each chief audit executive to consider.
Globalization
One real development in internal auditing coincides with the way
business (and public services) are becoming increasingly internationalized.
Physical location is no longer an issue as buying activity is moving away
from the local high street as it launches into hyperspace through the
Internet.
The IIA has grasped this new thinking and is developing the profession
into a global internal auditing organization whose broad business objectives
include:
Establishing global standards for the practice of internal auditing.
Promoting the professional certification of internal auditors
worldwide.
Fostering the development of the profession around the globe.
Representing and promoting internal auditing across national
borders.
Facilitating the timely sharing of information among Member
associations.
Searching for globally applicable products and services.
Page | 9
The Evangelist Some 48% of respondents fell into this group. They
believed that the move towards risk-based auditing has not had a
negative impact on the traditional work of internal audit and should
continue unfettered.
The Doomsayer Some 24% of respondents fell into this group. They
believe that the move towards risk-based auditing has damaged the
traditional work of internal audit and should not continue.
The Pragmatists Some 18% of respondents fell into this group. They
felt that the move to risk-based auditing had changed the traditional
work of the internal audit, but said that the trend should continue
nonetheless.
The Doubters Some 5% of respondents fell into this group. They felt
that the move to risk-based auditing had not damaged the traditional
work of internal audit but said that the trend should not continue.
Page | 10
that investors, liability insurers, and other stakeholders have not questioned the
decision to do without internal auditing more often. . . There is no simple
checklist showing everything internal auditors can do to add value, because, at
times, techniques for adding value are as unique and personalized as the
organisations for which we work.
One does not have to sit in the boardroom or occupy the CEO’s chair to
recognize the rapid-fire changes going on in today’s corporate environment.
The business pages regularly contain reports of mergers, acquisitions, and other
organizational restructurings; electronic commerce and other information
technology breakthroughs; privacy invasions; and plain old-fashioned frauds.
And things are likely to get even more frenetic.
Page | 11
The challenges of today’s changing world introduce great opportunities
for management and the board and point to the necessity for competent
internal auditing. Especially in these times of constant change, internal
auditing is critical to efficient operations, effective internal controls and risk
management, strong corporate governance, and in some cases, the very survival
of the Organization.
Our view of the changing world of the internal auditor is quite simple,
and it is summed up in the following dimensions that move through stages 1–7;
from old- to new-look contexts:
Page | 12