Module 1: Introduction

to Internal Auditing

MU1: Internal Auditing and Controls

Welcome to MU1!
Instructor Intro

90 Minute weekly interactive webinars

Read material prior to the weekly webinars get ready to
ask and answer questions!
Use the Academic Support discussion board to:

Share interesting points/articles

Ask me questions or seek clarification on course material
Look for solutions to the weekly M/C webinar practice questions
Stay informed of any Instructor News
DO NOT use the Academic Support board to try and
obtain solutions for assignment questions and/or post
your assignment.

CERTIFIED
GENERAL
ACCOUNTANTS

Class Poll
Please select your familiarity with Auditing:

a)
b)
c)
d)

I have work experience in external auditing

I have work experience in internal auditing
I have work experience in both external & internal auditing
My experience is limited to studies

CERTIFIED
GENERAL
ACCOUNTANTS

Have you asked yourself any of the questions

below regarding MU1?
What is Internal Auditing?
How does this course differ from External Auditing?
What are the responsibilities of Internal Auditors?
How do they fit into an organization?

CERTIFIED
GENERAL
ACCOUNTANTS

What is Internal Auditing?

Internal auditing is an independent, objective assurance
and consulting activity designed to add value and improve
an organizations operations. It helps an organization
accomplish its objectives by bringing a systematic,
disciplined approach to evaluate and improve the
effectiveness of risk management, control, and governance
processes.
In other wordsInternal Auditing provides assurance that:
1) Organizational objectives can be met
2) Internal controls can adequately mitigate risk
CERTIFIED
GENERAL
ACCOUNTANTS

Key Terms in the Definition of Internal Auditing

Keywords (underlined in prior slide):

Independence and Objectivity

Assurance and Consulting Activity
Systematic, disciplined approach
Risk Management
Control
Governance

Are you familiar with any of the above terms?

As you review Module 1 try to foresee how they will be
applied to Internal Audit.

CERTIFIED
GENERAL
ACCOUNTANTS

Internal Auditing vs. External Auditing

Internal Auditing

External Auditing

Primarily responsible to the board and

management

Primarily responsible to shareholders,

creditors, and the general public

Objective is to evaluate and improve

the effectiveness of risk management,
control, and governance processes

Objective is to issue an opinion as to

whether the financial statements of
an organization are presented fairly

Concerned with a broad range of

organizational activities, not limited to
financial data and output

Concerned with financial statements

final output of financial systems

Internal auditors must be

independent from the functions they
are auditing

External auditors must be

independent from the
organization itself

CERTIFIED
GENERAL
ACCOUNTANTS

M/C Practice
The following represent differences between external and internal
auditing except:

a) External Auditing is primarily concerned with financial statements,

whereas the scope of Internal Auditing goes beyond financial data.
b) External Auditors must be independent, whereas Internal Auditors
are not required to be independent.
c) Internal Auditors are responsible to management, whereas External
Auditors are responsible to shareholders.
d) Internal Auditors are focused on evaluating and recommending
improvements, whereas External Auditors offer opinions.

CERTIFIED
GENERAL
ACCOUNTANTS

Key Terms in the Definition of Internal Auditing

Independence and Objectivity

Assurance and Consulting Activity
Systematic, disciplined approach
Risk Management
Control
Governance

CERTIFIED
GENERAL
ACCOUNTANTS

Assurance vs. Consulting Activity

ASSURANCE

CONSULTING

Purpose

Provides feedback on risk,

control and governance

Designed to add value & improve

Parties
Involved

Three:
1) The Internal Auditor
2) The process owner
3) The user (e.g. board or
audit committee)

Two:
1) The Internal Auditor
2) The process owner
(engagement client)

Direction

IA determines nature & scope

Client determines nature & scope

with IAs agreement

Output

Assessment, opinion or
conclusion

Advice/Counsel

Blended Engagements: Both Assurance & Consulting

Lets take a look at some examples of
activities/assignments in the following 2 slides

CERTIFIED
GENERAL
ACCOUNTANTS

Types of Internal Audit Assignments

Compliance Audits
Are legislative requirements being met?
Are the stated controls in place and operating as intended?
Provides Yes/No responses to whether specific standards are being met (e.g. ISO 9000)

Internal Financial Audits

Focus is on accounting system and output. Is it accurate?
Increased importance since SOX/C-SOX
Provides conclusion on whether there are well designed, effective controls in place for the
processing and reporting of financial data

Operational Audits
Evaluates an organizations effectiveness, efficiency, and economy

Comprehensive Audits
Mainly in the public sector and involve three types: financial,
compliance, and performance

CERTIFIED
GENERAL
ACCOUNTANTS

Types of Internal Audit Assignments (contd)

IT and Integrated Audits
Evaluates the risks and controls over computer systems
Can include involvement with the systems development process and/or evaluating system input,
processing and output of data, including access rights, etc. (Module 7)

Fraud Audits
Special investigations that determine the existence and extent of detected or
suspected fraud.
Variety of individuals involved in process including internal auditors, lawyers, investigators,
security, and other specialists from inside or outside the organization

Environmental Audits
Compliance-like
Establish the extent to which the organization complies with
legislative and regulatory requirements on environmental matters.
CERTIFIED
GENERAL
ACCOUNTANTS

M/C Practice
Scenario A: The Internal Auditing department has been asked
to review and evalute a proposed organizational restructuring
to reflect the most economical alignment.
Scenario B: The Internal Auditing department is beginning a
review of system access following a recent organizational
restructuring.
Which of the following accurately reflects the scenarios:
a) Scenario A is an assurance activity and Scenario B is a
consulting engagement
b) Both scenarios A and B are assurance activities
c) Both scenarios A and B are consulting engagements
d) Scenario A is a consulting engagement and Scenario
B is an assurance activity

CERTIFIED
GENERAL
ACCOUNTANTS

M/C Practice
Which of the following options accurately lists different types of
audits?
a) Compliance, Investigative, and Operational
b) Investigative, IT, and Operational
c) Fraud, IT, and Operational
d) Process, IT, and Operational

CERTIFIED
GENERAL
ACCOUNTANTS

Example of Internal Audit BC Hydro

BC Hydro Internal Audit
Discussion & Viewpoint Questions:
a) What type of audit (engagement) was performed?
b) Assuming the article has presented the facts accurately, do you feel there
is a risk that BC Hydro is not meeting their goal? What risk exists? What
would you suggest for improvement?

CERTIFIED
GENERAL
ACCOUNTANTS

Key Terms in the Definition of Internal Auditing

Independence and Objectivity

Assurance and Consulting Activity
Systematic, disciplined approach
Risk Management
Control
Governance

CERTIFIED
GENERAL
ACCOUNTANTS

What is the Systematic, Disciplined Approach?

Systematic is defined as:
1. having, showing, or involving a system, method, or plan: a systematic course of reading; systematic
efforts.
2. given to or using a system or method; methodical: a systematic person.
3. arranged in or comprising an ordered system: systematic theology.
4. concerned with classification: systematic botany.
5. pertaining to, based on, or in accordance with a system of classification: the systematic names of
plants
Disciplined is defined as:
1. training to act in accordance with rules; drill: military discipline.
2. activity, exercise, or a regimen that develops or improves a skill; training: A daily stint at the
typewriter is excellent discipline for a writer.
3. punishment inflicted by way of correction and training.
4. the rigor or training effect of experience, adversity, etc.: the harsh discipline of poverty.
5. behavior in accord with rules of conduct; behavior and order maintained by training and control:
good discipline in an army. (Source: http://dictionary.reference.com)

Conclusion
Internal Auditing must be defined by a specific methodology
and Auditors accountable for their performance.

CERTIFIED
GENERAL
ACCOUNTANTS

What is the Systematic, Disciplined Approach?

International Standards for the Professional
Practice of Internal Auditing (Standards)
These are included throughout your course notes
Will be discussed in depth during Module 2

Principles/Standards introduced and applied throughout

course modules

TIP: Focus on understanding the principle within each

standard in order to enhance your ability to apply to
assignment/exam questions or real-life application.
CERTIFIED
GENERAL
ACCOUNTANTS

Key Terms in the Definition of Internal Auditing

Independence and Objectivity

Assurance and Consulting Activity
Systematic, disciplined approach
Risk Management
Control
Governance

CERTIFIED
GENERAL
ACCOUNTANTS

Nature of Work (Standard 2100)

The IIA released International Standards for the Professional
Practice of Internal Auditing which clearly indicate that:

Auditors must be familiar & proficient with

Risk
Control

Governance

CERTIFIED
GENERAL
ACCOUNTANTS

Scope of Internal Auditing

Risk
Assessment

Reliability and
integrity of financial
information
Effectiveness and
efficiency of
operations

Governance
Safeguarding of
assets

Control
Compliance with
laws, regulations,
and contracts

How can the Auditor be proficient without

understanding management functions and the
organizations objectives?

CERTIFIED
GENERAL
ACCOUNTANTS

Management and Objective Setting

Planning

Developing long-term and short-term objectives and creating

strategies to meet those objectives

Organizing

Structuring the organization with rules, reporting lines, and

responsibilities

Directing

Communicating objectives throughout the organization and

motivating employees to help meet those objectives

Controlling

Measuring actual performance against objectives and taking steps

to correct for any deviations
CERTIFIED
GENERAL
ACCOUNTANTS

Risk Management
The process of identifying, assessing, managing, and controlling
enterprise risk.
Risk is defined as the possibility of an event occurring that
will have an impact on the achievement of objectives.
Enterprise risk (business risk) is risk as it applies to
businesses or organizations

CERTIFIED
GENERAL
ACCOUNTANTS

Control
Action taken to manage risk, increasing the likelihood that
established objectives and goals will be achieved. (IIA)
Remember:
Only provides reasonable assurance

Managements Responsibility

CERTIFIED
GENERAL
ACCOUNTANTS

Governance
Combination of processes and structures implemented by the
Board to inform, monitor and direct activities of the organization
towards accomplishing objectives. (IIA)
Remember:

Must start at the top

Critical relationships

Organizational Structure

Extends to customers, general community, etc.

CERTIFIED
GENERAL
ACCOUNTANTS

Key Terms in the Definition of Internal Auditing

Independence and Objectivity

Assurance and Consulting Activity
Systematic, disciplined approach
Risk Management
Control
Governance

CERTIFIED
GENERAL
ACCOUNTANTS

The Internal Auditor and Ethics

Key requirement in role as consultants to both senior
management and the board of directors
Strong ethical requirement due to:
Access to information
Adherence to ethical code
Trusted to better organization

CERTIFIED
GENERAL
ACCOUNTANTS

Blog on Ethics (Source: IIA)

Chambers on the Profession Blog: Ethics

Click on the link and notice the 7 ethical questions
that an Internal Auditor may be faced with.

CERTIFIED
GENERAL
ACCOUNTANTS

Ethics M/C Practice

Which of the following best describes the responsibilities of the internal auditor? (Dec 08
Exam)

a) Internal auditors are responsible for ensuring compliance and enforcement of all an
organizations policies, especially ethical policies relating to a corporate conflict of
interest policy.
b) Internal auditors are expected to carry out fraud investigation assignments as long as
management is willing to support the internal audit function.
c) As with any other employee, internal auditors access to information in the organization
is restricted to their specific area of responsibility; accordingly, internal auditors must
follow the ethical principle of respecting the confidentiality of financial, operational, and
personal information when they seek information from other employees.
d) Internal auditors may be asked by management for an interpretation of relevant ethical
standards, such as conflict of interest rules or corporate and professional codes of ethics.
CERTIFIED
GENERAL
ACCOUNTANTS

In Your Own Words

You may have noticed several job postings on career boards for
Internal Auditors. What benefit does an Internal Auditor
provide that makes it attractive role to add to an organization?

Source: CGA
Employment
Referral
Service

CERTIFIED
GENERAL
ACCOUNTANTS

In Summary
Internal Audit describes a variety of assurance and
consulting activities

The Internal Auditing function acts as a link between the

Board and Management teams to help an organization
meets objectives through evaluation of:
Risk
Control
Governance
Governed by the Standards
CERTIFIED
GENERAL
ACCOUNTANTS