,AUI3703 – The internal audit process: Specific Audit Assignments and Reporting
Explain the terms governance, risk management and control
Governance is the process conducted by the board of directors to authorise, direct and oversee management
towards the achievement of the organisation’s objectives.
Risk Management is the process conducted by management to understand and deal with uncertainties (risks and
opportunities) that could affect the organisation’s ability to achieve its objectives.
Control is the process conducted by management to mitigate risks to acceptable levels.
Difference/differentiate between assurance and consulting services
Assurance services – An objective examination of evidence for the purpose of providing an independent assessment
on risk management, control, or governance processes for the organisation. Examples may include financial,
performance, compliance, system security, and due diligence engagements.
Consulting services – Advisory and related client service activities, the nature and scope of which are agreed with
the client and which are intended to add value and improve an organisation’s governance, risk management, and
control process without the internal auditor assuming management responsibility. Examples include counsel, advice,
facilitation, and training.
CODE OF ETHICS
The purpose of the Institute’s code of ethics is to promote an ethical culture in the profession of internal auditing
and is based on the IIA’s definition of internal auditing (nature and scope):
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve
an organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined
approach to evaluate and improve the effectiveness of risk management, control and governance processes.
The basic principles of the IIA’s code of ethics
1. Integrity – The integrity of internal auditors establishes trust and thus provides the basis for reliance on their
judgement. Integrity is the price of admission for internal auditors. It is so fundamental that, without it, an
individual cannot serve as an internal audit professional.
2. Objectivity – Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating and
communicating information about the activity or process being examined. Internal auditors make a balanced
assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others in
forming judgements.
3. Confidentiality – Internal auditors respect the value and ownership of information they receive and do not
disclose information without appropriate authority unless there is a legal or professional obligation to do so.
Management must have confidence that the internal auditor will not inappropriately disclose or use data in such
a manner that harms the organisation.
4. Competency – Internal auditors apply the knowledge, skills and experience needed in the performance of
internal audit services. There are specific standards requiring internal auditors to be competent and
continuously strive for improvement.
How to formulate an audit procedure
Effectiveness
“To identify (formulation of audit procedure — can also use “to evaluate”, “to inspect” or “to identify”) factors that
impeded the achievement of results (theoretical knowledge regarding effectiveness) throughout the XXX (e.g.
manufacturing) department of ABC Ltd (application to question)”
To identify
To evaluate
To inspect
Page 1 of 20
, Briefly describe qualities and abilities that a successful internal auditor should possess
Curiosity
Analytical qualities
Qualities of persuasion
Good business judgement
Logical thinking
Objectivity
Good communication skills
Good human relations
Independence
Self-confidence
Initiative in developing techniques
Competencies needed to excel as an internal auditor
Inherent personal qualities
Knowledge, skills and credentials
THE PURPOSE AND NATURE OF VARIOUS FORMS OF INTERNAL AUDITING
Compliance audits: Compliance can be defined as conformity and adherence to applicable laws and regulations
as well as policies, plans, procedures, contracts or other requirements.
Financial audits: During a financial audit, an internal auditor looks for evidence relating to the reliability and
integrity of financial information. When such audits are conducted by an internal auditor, the information is
normally intended to be used by management for internal decision-making purposes. The audit may include
both operating and financial data.
Performance audits: Performance auditing involves firstly determining management’s objectives, then
establishing whether the management controls that exist lead to effectiveness, efficiency and economy.
Environmental audits: During a typical environmental audit, a team of qualified inspectors conducts a
comprehensive examination of a plant or other facility to determine whether it is complying with environmental
laws and regulations.
Fraud audits: Fraud auditing involves assisting management in creating an environment that encourages the
detection and prevention of fraud in commercial transactions.
Quality audits: Quality auditing may be defined as a systematic and independent examination to determine
whether quality-related activities are implemented effectively and comply with the quality systems and/or
quality standards.
Programme results audits: Programme results auditing is auditing the accomplishment of established goals and
objectives for operations and programmes.
IT/IS audits: IT audits come in a variety of forms. Any of the above types of internal audit could involve the use
of computers or, for that matter, the audit of computer systems.
Application audits: Application audits such as the auditing of inventory, payrolls, procurement, sales, treasury
and other specific business functions have their own specific characteristics and the audit programme will
typically involve a certain degree of standard audit tests.
TOPIC 3: PERFORMANCE AUDITING
The following terms may be regarded as synonyms for performance auditing:
• management auditing
• operational auditing
• value for money auditing
• functional auditing
Page 2 of 20
Explain the terms governance, risk management and control
Governance is the process conducted by the board of directors to authorise, direct and oversee management
towards the achievement of the organisation’s objectives.
Risk Management is the process conducted by management to understand and deal with uncertainties (risks and
opportunities) that could affect the organisation’s ability to achieve its objectives.
Control is the process conducted by management to mitigate risks to acceptable levels.
Difference/differentiate between assurance and consulting services
Assurance services – An objective examination of evidence for the purpose of providing an independent assessment
on risk management, control, or governance processes for the organisation. Examples may include financial,
performance, compliance, system security, and due diligence engagements.
Consulting services – Advisory and related client service activities, the nature and scope of which are agreed with
the client and which are intended to add value and improve an organisation’s governance, risk management, and
control process without the internal auditor assuming management responsibility. Examples include counsel, advice,
facilitation, and training.
CODE OF ETHICS
The purpose of the Institute’s code of ethics is to promote an ethical culture in the profession of internal auditing
and is based on the IIA’s definition of internal auditing (nature and scope):
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve
an organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined
approach to evaluate and improve the effectiveness of risk management, control and governance processes.
The basic principles of the IIA’s code of ethics
1. Integrity – The integrity of internal auditors establishes trust and thus provides the basis for reliance on their
judgement. Integrity is the price of admission for internal auditors. It is so fundamental that, without it, an
individual cannot serve as an internal audit professional.
2. Objectivity – Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating and
communicating information about the activity or process being examined. Internal auditors make a balanced
assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others in
forming judgements.
3. Confidentiality – Internal auditors respect the value and ownership of information they receive and do not
disclose information without appropriate authority unless there is a legal or professional obligation to do so.
Management must have confidence that the internal auditor will not inappropriately disclose or use data in such
a manner that harms the organisation.
4. Competency – Internal auditors apply the knowledge, skills and experience needed in the performance of
internal audit services. There are specific standards requiring internal auditors to be competent and
continuously strive for improvement.
How to formulate an audit procedure
Effectiveness
“To identify (formulation of audit procedure — can also use “to evaluate”, “to inspect” or “to identify”) factors that
impeded the achievement of results (theoretical knowledge regarding effectiveness) throughout the XXX (e.g.
manufacturing) department of ABC Ltd (application to question)”
To identify
To evaluate
To inspect
Page 1 of 20
, Briefly describe qualities and abilities that a successful internal auditor should possess
Curiosity
Analytical qualities
Qualities of persuasion
Good business judgement
Logical thinking
Objectivity
Good communication skills
Good human relations
Independence
Self-confidence
Initiative in developing techniques
Competencies needed to excel as an internal auditor
Inherent personal qualities
Knowledge, skills and credentials
THE PURPOSE AND NATURE OF VARIOUS FORMS OF INTERNAL AUDITING
Compliance audits: Compliance can be defined as conformity and adherence to applicable laws and regulations
as well as policies, plans, procedures, contracts or other requirements.
Financial audits: During a financial audit, an internal auditor looks for evidence relating to the reliability and
integrity of financial information. When such audits are conducted by an internal auditor, the information is
normally intended to be used by management for internal decision-making purposes. The audit may include
both operating and financial data.
Performance audits: Performance auditing involves firstly determining management’s objectives, then
establishing whether the management controls that exist lead to effectiveness, efficiency and economy.
Environmental audits: During a typical environmental audit, a team of qualified inspectors conducts a
comprehensive examination of a plant or other facility to determine whether it is complying with environmental
laws and regulations.
Fraud audits: Fraud auditing involves assisting management in creating an environment that encourages the
detection and prevention of fraud in commercial transactions.
Quality audits: Quality auditing may be defined as a systematic and independent examination to determine
whether quality-related activities are implemented effectively and comply with the quality systems and/or
quality standards.
Programme results audits: Programme results auditing is auditing the accomplishment of established goals and
objectives for operations and programmes.
IT/IS audits: IT audits come in a variety of forms. Any of the above types of internal audit could involve the use
of computers or, for that matter, the audit of computer systems.
Application audits: Application audits such as the auditing of inventory, payrolls, procurement, sales, treasury
and other specific business functions have their own specific characteristics and the audit programme will
typically involve a certain degree of standard audit tests.
TOPIC 3: PERFORMANCE AUDITING
The following terms may be regarded as synonyms for performance auditing:
• management auditing
• operational auditing
• value for money auditing
• functional auditing
Page 2 of 20
