Summary AUI2601 STUDY NOTES UPDATED.

AUI2601 STUDY NOTES UPDATED. Internal Auditing: Theory And Principles. The purpose of the internal audit activity Internal auditors need to make a meaningful contribution to meet the needs of the organisation, which is mainly to achieve its objectives. The following features need to be included in the internal audit charter to grant them the necessary authority: Access to the books, records, vouchers and accounts This authority is included because the internal auditor must have access to all the information pertaining to the audit assignment at all times Obtaining information and explanations It is virtually impossible for an internal auditor to possess all the relevant knowledge required at all times. They should under no circumstances accept an explanation unless quite convinced of its correctness and, where possible, should always substantiate information received through explanations by auditees. Attending meetings Internal auditors need to keep abreast of matters concerning planning and policies within the organisation, so that they are able to perform their duties. Believing trusted officials Internal auditors are entitled to place reliance on any information supplied to them by trusted employees in the organisation. Independence of the internal auditor To prevent any possibility of his or her integrity, findings and recommendations being questioned, the internal auditor has to be independent of the staff and the operational activities on which he or she reports (refer to Standard 1000, The Internal Audit Charter). Organisational independence and objectivity are the primary means that internal auditors use to ensure their independence from the staff of the organisation and its normal business activities (refer to Standard 1100). The organisational independence and individual objectivity of internal auditors must be such that they always report to the highest authority. This is the only reliable way of ensuring that they remain independent and are respected throughout the hierarchy of the organisation. The audit committee plays an important role in making sure that the internal audit activity is independent. Constraints on the internal auditor Management can impose constraints on the internal auditor regarding access to records, explanations, independence, and so on. Unlike the external auditor, the internal auditor has no legal recourse in this regard. Therefore, where the internal auditor’s powers are restricted by management, he or she should state in the report that certain constraints were imposed on the audit, and explain how these affected the findings. The auditor should, however, continue to try to persuade management not to impose unnecessary restrictions, as these prevent him or her from carrying out his or her duties as effectively as possible. In the ideal reporting framework, internal audit would also be in a position to report such constraints to the audit committee of the board of directors. THE RESPONSIBILITY OF AN INTERNAL AUDITOR The objective of internal auditing is to assist members of the organisation in the effective discharge of their responsibilities and to add value and improve the organisation's risk management, control and governance processes. The internal auditor should use all the powers at his or her disposal and employ them in such a manner as to best execute his or her main task of assisting the members of the organisation. The duties of an internal auditor comprise more than mere review and reporting, and involve certain responsibilities: Responsibility to management As a consequence of their basic function, namely, to assist the management of the organisation in carrying out their responsibilities, internal auditors have special duties towards management. Responsibility regarding the execution of tasks In the execution of these responsibilities internal auditors are required to perform such tests, procedures or audit investigations that will provide adequate information to enable them to form a definite audit opinion on the specific audit, which must be included in the internal audit report. Responsibility toward employer In consequence of their contractual obligation as employees, internal auditors have an obligation toward their employer to act in good faith in the fulfilment of their duties. The following aspects are usually included in this contractual obligation: Internal auditors 1. may not use confidential information obtained in the performance of their duties for their own gain, or impart such knowledge to third parties. 2. should further the interests of their employer's business undertaking. 3. may not perform acts of dishonesty (fraud, theft) against their employer. 4. may not perform acts which are in competition with their employer. 5. may not perform acts of misconduct while performing their duties. THE LIABILITIES OF AN INTERNAL AUDITOR In South Africa, the liability of internal auditors derives mainly from legal system principles. Liability towards the employer Internal auditors are responsible for fulfilling their duties as contracted with their employer. They should perform these duties in a capable manner and without negligence. The auditor is guilty of breach of contract if he or she contravenes the stipulations of the contract of service, or should he or she be found to be incompetent or negligent. In the case of breach of contract, the employer has the following legal remedies: 1. In terms of the general principles of the law of contract, appeal to the court to issue an order forcing the internal auditor to abide by the stipulations of the contract. 2. Claim compensation for all losses sustained from the breach of contract by the internal auditor. 3. When the breach of contract is considered to be very serious, summarily terminate the internal auditor's contract of service. Liability towards third parties The liability of internal auditors toward third parties for wrongful acts, originates from negligent or deliberate misrepresentation by them in the performance of their duties. There is no contractual relationship, nor any relationship of confidence between the internal auditor and third parties. Because the internal auditor does not report on the fairness of the financial statements of the undertaking, no liability can originate via the financial statements. For liability to ensue, the internal auditors must have been aware that third parties were going to rely on their recommendations. Presumably third parties will hold the undertaking responsible for an act of negligence committed by the internal auditors in the performance of their duties. In this case the undertaking should be able to institute legal action against the internal auditor. A third party, however, has a definite claim for compensation from the internal auditor personally if the internal auditor is found to be guilty of deliberate misrepresentation. In this case the third party could even hold the undertaking and the internal auditor jointly and separately responsible. In the case of wrongful acts through negligence or deliberate misrepresentation by the internal auditor, the onus of proof rests with the third party. The third party will have to prove that – 1. there was misrepresentation (an act) 2. the internal auditors were negligent in the performance of their duties, that is, that the misrepresentation was wilful or negligent (guilt desideratum) 3. the loss sustained by the third party resulted from his or her dependence on the misrepresentation (causality) 4. the third party sustained a monetary loss as a result of the misrepresentation (damage) 5. the internal auditors were aware of the dependence of the third party when they committed the misrepresentation (wrongful desideratum). INTERNATIONAL PROFESSIONAL PRACTICE FRAMEWORK (IPPF)  A framework is a basic skeletal structure for classifying and organizing concepts or various elements.  The IPPF provides a structure for the internal audit profession’s technical guidance The IPPF Ensures:  Clarity-What is authoritative, mandatory or vice-versa.  Transparency  Timeliness-Defined processes Definition Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Code of Ethics Principles Internal auditors are expected to apply and uphold the following principles: 1. Integrity The integrity of internal auditors establishes trust and thus provides the basis for reliance on their judgment. 2. Objectivity Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others in forming judgments. 3. Confidentiality Internal auditors respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so. 4. Competency Internal auditors apply the knowledge, skills, and experience needed in the performance of internal audit services. Rules of Conduct 1. Integrity Internal auditors:  Shall perform their work with honesty, diligence, and responsibility.  Shall observe the law and make disclosures expected by the law and the profession.  Shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or to the organization.