Internal Auditing: Fundamental Principles and Best Practices analyzes the development of internal auditing, the importance and visibility of which have expanded as a result of the increased emphasis on corporate governance since enactment of the Sarbanes-Oxley Act of 2002. The work also describes best practices useful in accomplishing internal auditing's expanded mission.
This Portfolio is organized as follows. Section I describes its purpose and scope. Section II surveys the practice of internal auditing. Section III relates the historical development of internal auditing practices, from the earliest traditional views, through ‘modern’ perceptions, to the contemporary consideration of internal auditing as a part of governance. Section III also traces the historical development of internal auditing guidance, primarily the pronouncements of The Institute of Internal Auditors (IIA).Section IV describes outside influences that have affected the development and practice of internal auditing. These influences include rules of stock exchanges, the U.S. Sentencing Guidelines and recommendations of prominent groups. Section V discusses the various provisions of the Sarbanes-Oxley Act of 2002 and implementing regulations pertinent to internal auditing.
The critically important relationship of internal auditing to the audit committee and board of directors is described in Section VI. This section describes ongoing communications that a company's Chief Audit Executive (CAE) should have with the audit committee. The section also explains the CAE's responsibility to develop an appropriate annual internal auditing work plan for approval by the senior management and the audit committee as a condition precedent to the audit committee supporting allocation of adequate resources.
Section VII identifies the most important attributes and key best practices that distinguish a first class internal audit activity. These distinguishing characteristics relate to the charter of the activity and various hallmarks including independence of both the activity and the individual auditor. The section continues by detailing how the activity performs its mission; subjects include planning and scheduling audits for best results, staffing the activity (including cosourcing and outsourcing), and managing internal audits. Sections VIII, IX, X, and XI explore in greater depth four subjects of importance to internal auditing: Risk Management, Governance, Internal Control, and Fraud.
This Portfolio may be cited as BNA Tax and Accounting Portfolio 5406, Verschoor and Dittenhofer, Internal Auditing: Fundamental Principles and Best Practices (Accounting Policy and Practice Series).This Portfolio is included in the Accounting Policy & Practice Series, a comprehensive series of titles which explain, explicate, and offer commentary on a wide range of accounting and financial management topics, including revenue recognition, income taxes, leasing, business combinations, debt instruments, risk management, internal controls and more.
Portfolio Description
Authors
Description
Detailed Analysis
I. Purpose and Scope of Portfolio
A. Purpose of Portfolio
B. Scope of Portfolio
1. Organization
2. Limitations on Scope
II. The Practice of Internal Auditing
Introductory Material
A. Definitions of Internal Auditing
1. Overall Definitions
2. Components of Current Definition
B. Major Categories of Services
1. Distinguishing Characteristics
2. Assurance Services
3. Consulting Services
C. Major Characteristics of Internal Auditing
1. Elements of Professionalism
2. Variations Among Internal Auditing Functions
3. Staffing of an Internal Audit Activity
a. Establish a Dedicated In-house Internal Audit Team
b. Maintain Dedicated In-house Internal Audit Team Augmented by Rotational Staffing
c. Maintain Dedicated In-house Internal Audit Team Augmented by Cosourcing
d. Outsource Internal Audit Activity to an External Provider
4. Characteristics of the Chief Audit Executive (CAE)
5. Practice Objectives of Internal Auditing
D. Internal Auditing Compared With External Auditing
1. Major Focus and Approach
2. Regulatory Influences
3. Independence
4. Objectivity
5. Work Products - Reports
6. Responsibilities to Detect Fraud
7. Techniques Used by External and Internal Auditors
E. Participation of Internal Auditing in an Integrated Audit
1. External Auditor Responsibilities Concerning Reliance on Internal Auditors
a. Gaining an Understanding of the Internal Audit Function
b. Assessing Competence and Objectivity
c. External Auditor Responsibility Notwithstanding Reliance on Internal Auditing
2. Application of General Principles to Audits of Internal Controls Over Financial Reporting
a. In General
b. Implications
3. Using Internal Auditing in the Performance of a Walkthrough
F. Specialized Internal Auditors
G. Trends Shaping the Future of Internal Auditing
III. Development of Internal Auditing Practices and Guidance
A. Development of Practices
1. "Traditional" vs. "Modern" Practices
a. "Traditional" Internal Auditing: Prior to the Early 1970s
b. "Modern" Internal Auditing: Circa Mid-1970s
2. Internal Auditing Extended Beyond Serving Management
3. Internal Auditing as a Part of Governance
B. Role of The Institute of Internal Auditors Inc. (IIA)
1. History and Organization of the IIA
2. Functions Performed by the IIA
a. Professional Practices Framework
b. Ethics and Discipline
c. Other Professional Services
d. Certified Internal Auditor Program
C. IIA Codes of Ethics
1. Original Code of Ethics (1968)
2. Code of Ethics (Revised 1988)
3. Code of Ethics (2000)
a. Principles
b. Rules of Conduct
D. Statements of Responsibilities
1. Responsibility Statement (1947)
2. Responsibility Statement (Revised 1957)
3. Responsibility Statement (Revised 1971)
4. Responsibility Statement (Revised 1981)
5. Responsibility Statement (Revised 1990)
E. IIA Professional Standards
1. Professional Standards for the Practice of Internal Auditing (1978)
a. General Standards
b. Specific Standards
c. Guidelines
2. Revisions of Professional Standards and Guidelines (1983-1997)
3. Codifications of Professional Standards (1989, 1993, 1995, 1998)
F. IIA Professional Practices Framework (2001)
G. IIA International Professional Practices Framework (2009)
1. IIA Professional Standards
a. Attribute Standards
b. Performance Standards
c. Implementation Standards
2. Practice Advisories
3. Position Papers and Practice Guides
H. Educational Materials
IV. Outside Influences Affecting Internal Auditing
A. New York Stock Exchange Requirement for an Internal Audit Activity
1. Substantive Rule
2. Enforcement Mechanism
B. Legislation Concerning Evaluation of Internal or Disclosure Controls
1. The Federal Deposit Insurance Corporation Improvement Act of 1991 (FDICIA) and the Banking Industry
2. Foreign Corrupt Practices Act of 1977
C. Support in Compliance With Governance Processes
1. Ethics and the U.S. Sentencing Guidelines
2. Initiatives from Caremark Derivative Litigation
3. Industry Specific Initiatives
a. Agricultural Industry
b. Defense Industry
c. Health Care Industry
D. Recommendations of Prominent Groups on Internal Auditing
1. Report of the Conference Board Commission on Public Trust and Private Enterprise
2. Report of the National Commission on Fraudulent Financial Reporting (Treadway Commission)
3. Conclusions
V. Influences of the Sarbanes-Oxley Act
A. Relevant Provisions of the Act
B. Certification of Financial Reports and Related Disclosure Controls
1. Disclosure of Corporate Responsibility for Financial Reports
2. Internal Auditing's Role in Management's Certification
a. Assist Management in Certification of Disclosures
i. Disclosure Committee
ii. Possible Independence Issues
b. Recommend Improvements in Quarterly Reporting
C. Management Report on Internal Controls Over Financial Reporting
1. Sarbanes-Oxley § 404(a), Management's Assessment of Internal Controls
2. SEC Implementing Rules
3. Internal Auditing's Role in an Entity's Compliance With § 404
D. External Auditor Attestation of Management's Assessment Concerning Internal Controls
E. Disclosure of Code of Ethics Including Compliance Provisions
1. Sarbanes-Oxley § 406, Code of Ethics for Senior Financial Officers
2. Stock Exchange Requirements Relating to Code of Conduct
a. NYSE
b. National Association of Securities Dealers Automated Quotations (NASDAQ)
3. Internal Auditing's Role in Complying With § 406 and the Stock Exchange Requirements
F. Confidential Anonymous Reporting by Employees
1. Mandated Protection of Whistle-blowers
2. Internal Auditing's Role in Establishing and Monitoring the Whistle-blowing Process
G. Audit Committee Financial Expert
1. Sarbanes-Oxley § 407, Disclosure of Audit Committee Financial Expert
2. Internal Auditing's Role in Disclosure of the Audit Committee Financial Expert
H. Other Impacts of Sarbanes-Oxley on Internal Auditing
1. Evaluating Membership of Audit Committee
2. Evaluating the Performance of the Audit Committee and Supporting Its Actions
3. Providing Assurance About Sarbanes-Oxley Compliance
4. Providing Assurance About Compliance With External Auditor Requirements
VI. Relationships With the Audit Committee and Board of Directors
A. Reporting Relationship to the Audit Committee and Board
1. Importance of Reporting to the Board (Audit Committee)
2. Relationship Between Reporting Lines and Independence
B. Key Interactions With the Board and Audit Committee
1. Significant Categories of Interactions With the Audit Committee
2. Importance of Audit Committee and Internal Auditing Charters
3. American Institute of Certified Public Accountants (AICPA) Guidance for Audit Committee Evaluation of Internal Auditing
C. Communicating With the Audit Committee
1. Ongoing Communications
2. Follow-up Communications
D. Developing the Annual Internal Auditing Work Plan
1. Objective
2. Professional Guidance on Planning
E. Communicating Plans and Resource Requirements to the Audit Committee and Board of Directors
F. Communicating Information Concerning Fraud to the Audit Committee
VII. Best Practices for Accomplishing the Mission of Internal Auditing
A. The Internal Auditing Charter
1. Professional Guidance on the Internal Auditing Charter
a. Adoption
b. Ongoing Assessment
2. Scope of Services
b. Scope Limitations
3. Nature of Services
a. Internal Auditing Should Provide Systematic and Disciplined Services
B. Ethics, Independence, and Objectivity
1. Definitions
2. American Institute of Certified Public Accountants (AICPA) Code of Professional Conduct and the Institute of Internal Auditing (IIA) Code of Ethics
3. Principles From Other Codes of Ethics
a. U.S. Government Accountability Office
b. Health Care Compliance Association
c. International Federation of Accountants
4. Enforcement of Ethical Standards
5. Independence in the Performance of Assurance or Consulting Services
6. Independence and Objectivity for the Individual Auditor and the Audit Activity
a. IIA Guidance for the Individual Auditor
b. Guidance for the Internal Audit Activity as a Whole
7. Impairments to the Independence or Objectivity of the Internal Audit Activity
a. IIA Guidance on Impairments
b. Comparison to Government Auditing Standards
8. Objectivity
9. Recommendations on Independence and Objectivity by Blue Ribbon Committee on Audit Committee Effectiveness
C. Risk Management, Control, and Governance Responsibilities
1. Risk Management
a. Responsibilities
b. Professional Guidance Generally
c. Coordination With Enterprise Risk Management
2. Internal Control
b. Professional Guidance
3. Governance
4. Internal Auditing Responsibilities for Compliance
5. Information Technology Aspects of Internal Auditing Responsibilities
D. Organization of the Internal Audit Activity
E. Planning and Scheduling Tasks of the Internal Audit Activity
1. Professional Guidance
b. Coordination With External Auditor
2. Long-Range Planning
a. General Considerations
b. Typically Significant Elements
3. Short-Range Planning
F. Staffing the Internal Audit Activity
1. Required Knowledge and Skills
2. Personal Qualities
3. Staffing the Activity With Contract Auditors
a. Relative Advantages and Disadvantages
G. Engagement Planning
H. Engagement Processes and Objectives
I. Control in the Internal Audit Activity
J. Work Paper Standards
K. Monitoring Progress on Reported Recommendations
L. Quality Assessment and Improvement
M. Six Methodologies of Internal Audit Field Work
N. Elements of Internal Audit Field Work
1. The Preliminary Survey
a. Initial Study
b. Interviewing
c. Walk-Through
d. The Report
2. The Audit Program
3. Testing
4. Analytical Review
a. Uses
b. Types
5. Sampling
6. Audit Evidence
7. Work Papers
8. Audit Findings
9. Exit Interview or Conference
O. Communicating Results of Internal Audit Engagements
1. Variations
2. Common Elements
3. Recommended Practices
4. Importance of Follow-up
P. Communicating Sensitive Information
Q. Information Protected by Attorney-Client Privilege
VIII. Risk Management
A. Types of Risks
B. Measurement of Risk Exposure
C. Definition of Risk Management
D. Significance of Risk in Evaluating Internal Control
E. Examples of Risk Mitigation Methods
F. Audit Approaches to Risk Management Engagements
G. Behavioral Aspects of Risk Management Engagements
H. Risk Management Engagement Audit Techniques
I. Information Technology Aspects of Risk Management Engagements
IX. Internal Control
A. The Concept of Control
B. Definitions of Control
1. COSO Definition
2. IIA Definitions
3. Other Definitions of Internal Control
C. How Controls Work
1. Design of Controls
2. Control Techniques
D. Control Evaluation Techniques
1. Evolution of Techniques for Assessing Controls
2. Sources of control evaluation techniques
a. Techniques Contained in IIA Professional Guidance
b. Techniques From COSO
c. Techniques From Other Sources
E. Self-Assessment of Controls
F. Internal Control and Consulting Services
G. Evaluation of Characteristics of Controls
H. Why Controls May Not Work
X. Corporate Governance
A. Concepts Represented by the Term ‘Governance'
B. Governance Evaluation Techniques
1. Techniques Contained in Professional Guidance
2. Work of the Open Compliance & Ethics Group (OCEG)
C. Best Corporate Governance Practices
D. Conditions Under Which Governance Might Fail
E. Tone at the Top
F. Exposures and Risks Relating to Corporate Governance
G. Internal Controls and Governance
XI. Fraud
A. Definitions
B. Characteristics of Fraud
C. The Role of Internal Auditing
D. Fraud Detection and Prevention
E. Management Fraud
F. Behavioral Aspects of Fraud
G. Managing Fraud Risk
H. Conclusion
Working Papers
TABLE OF WORKSHEETS
Worksheet 1 Glossary of Terms - Glossary Defining Significant Terms and Acronyms Used in Portfolio
Worksheet 2 The Institute of Internal Auditors Inc., Code of Ethics
Worksheet 3 History and Organization of The Institute of Internal Auditors Inc. (IIA)
Worksheet 4 U.S. Government Accountability Office Report 08-166, IRS's Fiscal Years 2007 and 2006 Financial Statements
Worksheet 5 IIA International Standards for the Professional Practice of Internal Auditing and Their Interpretations
Worksheet 6 Listing of IIA Practice Advisories
Worksheet 7 Listing of Global Technology Audit Guides (GTAG)®
Worksheet 8 Sample Disclosure Committee Charter
Worksheet 9 Microsoft Corporation Audit Committee Charter (Excerpts)
Worksheet 10 Sample Audit Committee Charter
Worksheet 11 Evaluating the Internal Audit Team: Guidelines and Questions
Worksheet 12 Internal Audit Department Charter of Domtar Corporation
Worksheet 13 ALLTEL, Internal Control System Survey
Worksheet 14 EL PASO Control Assessment Survey
Worksheet 15 Example of an Internal Audit Report (Highway Transportation Department)
Worksheet 16 Example of an Internal Audit Report (Bank)
Worksheet 17 Report to Senior Management and The Audit Committee
Bibliography
OFFICIAL
Federal Statutes
Regulations
UNOFFICIAL
IIA Professional Practices Framework
International Standards for the Professional Practice of Internal Auditing
Selected Performance Standards
Selected Implementation Standards
Selected Practice Advisories
Selected Position Papers
Selected Practice Guides
Selected Practice Guides - GAIT (Guide to the Assessment of IT Risk)
Selected Practice Guides- GTAG® (Global Technology Audit Guide)
Books and Non-Periodical Materials