Internal audit refers to the department located within a business that monitors the efficacy of its processes and controls. The internal audit function is especially necessary in larger organizations with high levels of process complexity, where it is easier for process failures and control breaches to occur. Show
What is an External Audit?An external audit is an examination that is conducted by an independent accountant. This type of audit is most commonly intended to result in a certification of the financial statements of an entity. This certification is required by certain investors and lenders, and for all publicly-held businesses. Comparing Internal and External AuditsThere are multiple differences between the internal audit and external audit functions, which are as follows:
In short, the two functions share one word in their names, but are otherwise quite different. Larger organizations typically have both functions, thereby ensuring that their records, processes, and financial statements are closely examined at regular intervals. External audit and internal audit are clearly separate and distinct in their respective functions and duties but there should be regular communication between the two. In this the second of two articles, I look at the working relationship between the internal auditor and the external auditor. 1. Statutory right of access by an auditorAn auditor of a company (this refers to the external auditor) has a right of access to information (Companies Act 2006, section 499) and this would include finalised internal audit reports, the supporting working papers and the right to obtain information and explanations from any employee and officer, including internal auditors, of the company. The internal audit function should also have an unrestricted right of access to all information, explanations and records required to carry out their work. This right should be clearly stated in the organisation’s internal audit charter approved by the audit committee. 2. Under International Standards on Auditing (ISAs) (UK)The relationship is described in several of the ISAs (UK) - namely ISAs 240, 315, 600, and above all, ISA(UK) 610.
Internal audit may also be able to provide insight in relation to weaknesses in counter-fraud controls and/or fraud risk indicators within the organisation.
The external auditor will want to know as a minimum the following regarding the internal audit function:
The external auditor will also want to read copies of the reports issued during that financial year and meet with the Chief Internal Auditor, or equivalent.
Paragraphs 21 to 25 of ISA (UK) 610 state that “If the external auditor plans to use the work of the internal audit function, the external auditor shall discuss the planned use of its work with the function as a basis for coordinating their respective activities.” ISA(UK) 610 places restrictions on how far the external auditors can place reliance on work carried out by internal audit. The use of direct assistance is prohibited per Para 5-1 of ISA(UK) 610 which states that “The use of internal auditors to provide direct assistance is prohibited in an audit conducted in accordance with ISAs(UK)”. Direct assistance is defined in the International Auditing and Assurance Standards Board as: “the use of internal auditors to perform audit procedures under the direction, supervision and review of the external auditors”. Paragraph 30 of ISA (UK) 610 states that “the external auditor shall not use internal auditors to provide direct assistance to perform procedures that:
For example, if stock/inventory is a material item, and is considered by the external auditor to be an area of higher risk, it would be acceptable for the external auditor to request that internal audit review the processes and controls relating to stock management, but it would not be appropriate for them to request that internal audit assess the adequacy of stock provisions as this would involve more than limited judgement. 3. Advantages of coordination and collaboration between external and internal audit
4. Challenges that may arise within a collaboration between external and internal audit
5. Examples of good practice of effective communication between external and internal auditTo have a smooth working relationship between the two sets of auditors, it is crucial that there is effective and regular communication between the Chief Internal Auditor (or senior team member) and the External Auditor (e.g. the audit engagement partner or one of the senior team members). This will be helped by: Can external auditor rely on internal audit work?The external auditor can use internal auditors who may have relevant expertise in particular areas, and. The external audit team can focus on the more significant audit issues.
Can the external auditor use and rely on the work of the internal auditor to reduce his testing and costs?From the perspective of the PCAOB, an external auditor that appropriately relies on the work of others such as internal auditors can achieve enhanced audit efficiency without a loss of effectiveness (PCAOB, 2007b).
Can an auditor use the work of another auditor?Work of other auditor including internal audit may be used in planning and examination phase of the audit. The auditor should perform appropriate procedures to determine reliability of such evidence.
Is it wise for an external auditors to use others work internal auditors and experts for audit purpose?If restricted by the law, external auditors must not use the work of internal auditors under any circumstances.
|