INTERNAL AUDITKELAS/ABSEN : P / 35 SUMMARY (FOR WEEK 2)
CHAPTER 1: FOUNDATIONS OF INTERNAL AUDITING
Internal auditing is a broader and often more interesting field. An
internal auditor independently reviews and assesses operations in a wide variety of areas, such as accoutning office procedures or manufacturing quality processes. The IIA defines the practice of internal auditing in this way: Internal auditing is an independent appraisal function established within an organization to examine and evaluate its activities as a service to organization. The term auditing include all range of levels of service, such as detailed checking to the higher level appraisals. And the term internal defines works carried on witthin on enterprise; by its own employee. The reminder of the IIAs definiton of internal auditing covers a number of important terms that apply to the profession: Independent : Used for auditing, that is free of any restrictions that could significantly limit the scope and effectiveness of any internal auditor review. Appraisal : Confirms that the need for an evaluation that is the thrust of internal auditors. Established : Confirms that internal audit is a formal, definitive function in the modern enterprise. Examine & Evaluate: Describes the active roles of internal auditors. Its activities : Confirms that the board jurisdictional scope of internal audit work that applies to all of the activites of the modern enterprise. Service : Reveals that the help and assistance to the management, audit committee, and other member of enterprise, is the end product of internal auditing work. To the organization : Confirms that internal audits total service scope pertains to the entire enterprise.
CHAPTER 2: INTERNAL AUDITS COMMON BODY OF KNOWLEDGE
A Common Body of Knowledge described as the major or common
knowledge requirements of todays modern internal auditor. Some of these (COBK) are areas where an internal auditor must have a strong knowledge and understanding. Others are area where an internal auditor should develop a goodl general awareness. A CBOK focuses on the minimal knowledge needed by any professionsl in that discipline to perform effectively. A knowledge or understanding is an important internal audit skill, wheter it is planning a comprehensive plan of internal audits over the year or outlining the requirements and tasks for a specific audit. For internal audit, a CBOK will cover a wide variety of internal audit- specific practice areas but must also be linked with general management knowledge and practice disciplines as well as application knowledge areas. The IIA Research Foundations (IIARF) launched a major effort to develop such a CBOK for the internal audit profession. Its preliminary result, published in mid-2007, describe the state of internal auditing professional practices throughout the world including: The knowledge and skills that internal audit possess The skill and organizationl levels used for the practice of internal auditing work The actual duties perfomed by interal audtiors The structure of internal audit organizations The types of industries which practice internal audit The regulatory environment of various countries For all internal auditors, materials such as Committee of Sponsoring Organizations (COSO) framework for internal controls, or discussion of planning and performing internal audits, and the IIA internal audit standards, are essentials. More expererienced internal auditors generally specialize in some areas and have a greater levels of specific industry knowledge.
CHAPTER 4: SARBANES-OXLEY AND BEYOND
The Sarbanes-Oxley Act (SOx) is a US law enacted in 2002 to
omprove financial reporting audit processes and to mandate new board of director, public accounting, and other enterprise governance practices. It has had a major impact on businesses first in the US and now worldwide. Sox became a law in the US as a response to a series of accouting misdeeds and financial failures at several once-major corporations such as Eron and WorldCom. Internal auditors should be particularly aware of the requirements for Sox Section 404 review. The Sox requirements, on Section 404 for reviews of internal accounting, have caused much toil and turmoil in corporations. In Section 404, an enterprise is made responsible for reviewing, documenting, and testing its own internal accounting controls, with those review results passed on the enterprises external audtiors who are charged with then reviewing and attesting to that work as part of their audit of the reported financial statements. Sox Section 404 requires the preparation of annual internal control report as part of an enterprises SEC-mandated 10K annual report. Section 404 requirements call for two information: 1. A formal management statement acknowledging the enterprises responsibility for establishing and maintaining and adequate internal control structure and procedures for financial reporting. 2. An assessment, as of the end of the most recent fiscal year, of the effectiveness of the enterprises internal control structure and procedures for financial reporting. Simply put, management is required to report on the quality of its internal controls, and its public accounting firm must audit or attest to that management developed internal controls report in addition to the normal financial statement audit. Internal audits role in Section 404 reviews can take three forms: 1. Internal auditors can act as internal consultants for the enterprise by identifying key processes, documenting their internal controls, and performing appropriate tests of those controls. This review work would be subject to management approval for subsequent attention by external audit. 2. Internal auditors can review and test internal control processes similiar to their normal internal audit reviews but acting as assistants or contractors for extenral auditors. 3. Internal auditors can work and help other corporate resources, either internal or external, that are performing the Section 404 reviews but not get directly involved with those reviews. This approach allows internal audit to devote more time and resources to other internal audit projects.