- 15 Marks
Question
In the apex bank‟s regulatory supervisory report to Dutse Bank Limited, the management has been directed to ensure institution of an Internal Audit Unit. Prior to this time, the bank believed that internal audit staff might be colluding with other staff to suppress information on fraudulent transactions and as such the desired result might not be achieved. Apart from this, it was considered that savings could be made from transport, hotel and other allowances to be paid to staff when on official assignments. The independent auditor had earlier mentioned the need for this in the audit report but management was of the view that it is acceptable to cross-train employees in different departments to be able to audit departments other than their own. In the opinion of management, this
will provide a more independent and unbiased view through checks and balances. The audit function they perform through multitasking will best add value to the progress of the organisation. It is also the belief of management that the basic processes of both accounting and auditing are similar. The two systems use essentially the same procedures and techniques of bookkeeping, computation and analysis. To them, accounting and auditing strive to ensure that the financial statements and records provide a fair reflection of the actual financial position of an organisation. Both activities are inter-related and go hand in hand, especially in setting up processes in the organisation, hence, there is no need for any Internal Audit Unit or duplication of efforts.
As the independent auditor of the bank, you were shown the regulatory supervisory report and you have been asked to make presentation to the Board of Directors on the necessity for the Internal Audit Unit in the bank.
Required:
a. Explain the need for the internal audit functions in an organisation. (5 Marks)
b. State the various measures that can be taken to protect the independence of internal auditors. (5 Marks)
c. Explain the weaknesses and limitations of internal audit. (5 Marks)
Answer
a) The need for internal audit function include:
i. Monitoring of internal control: The establishment of adequate internal control system is a responsibility of management and is an important aspect of good corporate governance. Because the internal control system needs to be monitored on a continuous basis, large companies are likely to establish internal audit function to assist management in this role. Internal audit is therefore usually given specific responsibility by management for reviewing internal controls, monitoring their operation and recommending improvements via reports to those charged with governance;
ii. Examination of financial and operating information: This may include the review of the means used to identify, measure, classify and report such information or specific inquiry into individual items, including detailed testing of transactions, balances and procedures;
iii. Review of the economy, efficiency and effectiveness of operations. This could include a review of non-financial controls;
iv. Review of compliance with laws, regulations and other external requirements and with internal requirements, such as management policies and directives; and
v. Special investigations into particular areas such as suspected fraud.
b) Measures to protect internal audit independence include:
i. Reporting lines – The internal auditor should report to the audit committee or those charged with governance;
ii. Deciding the scope of internal audit work – The scope of work carried out by the internal auditors should not be decided by the Finance Director or line management responsible for the operations that might be subjected to audit. This is to avoid the risk that the internal auditors might be assigned to investigation of non-contentious areas of the business. The scope of internal audit work should be decided by the Chief Internal Auditor or by the audit committee.
iii. Rotation of internal audit staff – Internal auditors should not be allowed to become too familiar with the operations that they audit or
the management responsible for them. To reduce the familiarity threat, internal auditors should be rotated regularly, say every three to five years, and at the end of this period, they should be assigned to other audit assignments within the entity;
iv. Appointment of the head of internal audit – The head of internal auditor should not be appointed by a senior executive who may have some self interest in wishing to appoint an internal auditor that can
easily be controlled. Instead, the audit committee should be responsible for appointing a new head of internal audit, subject perhaps to approval by the board of directors;
v. Designing internal controls – The internal auditors should not be responsible for the design of internal controls within the entity. If they
did, they would then be auditing their own work, which will amount 50 to a self review threat and this is unacceptable. Senior management in accounting and finance or line management should have responsibility for the design and implementation of internal controls, taking advice where appropriate from the external auditors when
control weaknesses are identified during the external audit; and
vi. Professionalism- It is advisable to appoint someone who is professionally qualified to head the internal audit function to assist in maintenance of independence.
c) Weaknesses and limitations of internal audit
Since internal audit is not a regulatory requirement, there is no requirement for internal auditors to be professionally qualified for the work they do (although there may be a professional institute or association of internal auditors). It is therefore a matter for the entity setting up the
internal audit function what qualifications or experience it requires of the members of its internal audit team.
In contrast, the external auditor must comply with regulations set by government and his professional body covering technical and professional
standards and qualifications. However, internal auditors who are members of a professional body (such as the ICAN) will need to comply with the
requirements of that body in any work that they do.
Limitations to having an internal audit unit include:
i. The cost of having one; and
ii. The problems that may arise with ensuring the independence of the internal auditors.
operation and recommending improvements via reports to those charged with governance;
- Tags: Audit Independence, Audit Limitations, Corporate Governance, Internal Audit
- Level: Level 2
- Uploader: Cheoli