lOMoAR cPSD| 48680473
Page 1 of 20
Downloaded by Vincent kyalo
()
, lOMoAR cPSD| 48680473
AUI3703 – The internal audit process: Specific Audit Assignments
and Reporting
Explain the terms governance, risk management and control
Governance is the process conducted by the board of directors to
authorise, direct and oversee management towards the achievement of
the organisation’s objectives.
Risk Management is the process conducted by management to
understand and deal with uncertainties (risks and opportunities) that
could affect the organisation’s ability to achieve its objectives.
Control is the process conducted by management to mitigate risks to
acceptable levels.
Difference/differentiate between assurance and consulting services
Assurance services – An objective examination of evidence for the
purpose of providing an independent assessment on risk management,
control, or governance processes for the organisation. Examples may
include financial, performance, compliance, system security, and due
diligence engagements.
Consulting services – Advisory and related client service activities, the
nature and scope of which are agreed with the client and which are
intended to add value and improve an organisation’s governance, risk
management, and control process without the internal auditor assuming
management responsibility. Examples include counsel, advice,
facilitation, and training.
CODE OF ETHICS
The purpose of the Institute’s code of ethics is to promote an ethical
culture in the profession of internal auditing and is based on the IIA’s
definition of internal auditing (nature and scope):
Internal auditing is an independent, objective assurance and consulting
activity designed to add value and improve an organisation’s operations.
Page 2 of 20
Downloaded by Vincent kyalo ()
, lOMoAR cPSD| 48680473
It helps an organisation accomplish its objectives by bringing a
systematic, disciplined approach to evaluate and improve the
effectiveness of risk management, control and governance processes.
The basic principles of the IIA’s code of ethics
1. Integrity – The integrity of internal auditors establishes trust and thus
provides the basis for reliance on their judgement. Integrity is the
price of admission for internal auditors. It is so fundamental that,
without it, an individual cannot serve as an internal audit
professional.
2. Objectivity – Internal auditors exhibit the highest level of
professional objectivity in gathering, evaluating and communicating
information about the activity or process being examined. Internal
auditors make a balanced assessment of all the relevant circumstances
and are not unduly influenced by their own interests or by others in
forming judgements.
3. Confidentiality – Internal auditors respect the value and ownership
of information they receive and do not disclose information without
appropriate authority unless there is a legal or professional obligation
to do so. Management must have confidence that the internal auditor
will not inappropriately disclose or use data in such a manner that
harms the organisation.
4. Competency – Internal auditors apply the knowledge, skills and
experience needed in the performance of internal audit services.
There are specific standards requiring internal auditors to be
competent and continuously strive for improvement.
How to formulate an audit procedure
Effectiveness
Page 3 of 20
Downloaded by Vincent kyalo
()
, lOMoAR cPSD| 48680473
“To identify (formulation of audit procedure — can also use “to
evaluate”, “to inspect” or “to identify”) factors that impeded the
achievement of results (theoretical knowledge regarding effectiveness)
throughout the XXX (e.g.
manufacturing) department of ABC Ltd (application to question)”
▪ To identify
▪ To evaluate
▪ To inspect
Briefly describe qualities and abilities that a successful internal
auditor should possess
• Curiosity
• Analytical qualities
• Qualities of persuasion
• Good business judgement
• Logical thinking
• Objectivity
• Good communication skills
• Good human relations
• Independence
• Self-confidence
• Initiative in developing techniques
Competencies needed to excel as an internal auditor
▪ Inherent personal qualities
▪ Knowledge, skills and credentials
THE PURPOSE AND NATURE OF VARIOUS FORMS OF
INTERNAL AUDITING
• Compliance audits: Compliance can be defined as conformity and
adherence to applicable laws and regulations as well as policies,
plans, procedures, contracts or other requirements.
Page 4 of 20
Downloaded by Vincent kyalo ()
Page 1 of 20
Downloaded by Vincent kyalo
()
, lOMoAR cPSD| 48680473
AUI3703 – The internal audit process: Specific Audit Assignments
and Reporting
Explain the terms governance, risk management and control
Governance is the process conducted by the board of directors to
authorise, direct and oversee management towards the achievement of
the organisation’s objectives.
Risk Management is the process conducted by management to
understand and deal with uncertainties (risks and opportunities) that
could affect the organisation’s ability to achieve its objectives.
Control is the process conducted by management to mitigate risks to
acceptable levels.
Difference/differentiate between assurance and consulting services
Assurance services – An objective examination of evidence for the
purpose of providing an independent assessment on risk management,
control, or governance processes for the organisation. Examples may
include financial, performance, compliance, system security, and due
diligence engagements.
Consulting services – Advisory and related client service activities, the
nature and scope of which are agreed with the client and which are
intended to add value and improve an organisation’s governance, risk
management, and control process without the internal auditor assuming
management responsibility. Examples include counsel, advice,
facilitation, and training.
CODE OF ETHICS
The purpose of the Institute’s code of ethics is to promote an ethical
culture in the profession of internal auditing and is based on the IIA’s
definition of internal auditing (nature and scope):
Internal auditing is an independent, objective assurance and consulting
activity designed to add value and improve an organisation’s operations.
Page 2 of 20
Downloaded by Vincent kyalo ()
, lOMoAR cPSD| 48680473
It helps an organisation accomplish its objectives by bringing a
systematic, disciplined approach to evaluate and improve the
effectiveness of risk management, control and governance processes.
The basic principles of the IIA’s code of ethics
1. Integrity – The integrity of internal auditors establishes trust and thus
provides the basis for reliance on their judgement. Integrity is the
price of admission for internal auditors. It is so fundamental that,
without it, an individual cannot serve as an internal audit
professional.
2. Objectivity – Internal auditors exhibit the highest level of
professional objectivity in gathering, evaluating and communicating
information about the activity or process being examined. Internal
auditors make a balanced assessment of all the relevant circumstances
and are not unduly influenced by their own interests or by others in
forming judgements.
3. Confidentiality – Internal auditors respect the value and ownership
of information they receive and do not disclose information without
appropriate authority unless there is a legal or professional obligation
to do so. Management must have confidence that the internal auditor
will not inappropriately disclose or use data in such a manner that
harms the organisation.
4. Competency – Internal auditors apply the knowledge, skills and
experience needed in the performance of internal audit services.
There are specific standards requiring internal auditors to be
competent and continuously strive for improvement.
How to formulate an audit procedure
Effectiveness
Page 3 of 20
Downloaded by Vincent kyalo
()
, lOMoAR cPSD| 48680473
“To identify (formulation of audit procedure — can also use “to
evaluate”, “to inspect” or “to identify”) factors that impeded the
achievement of results (theoretical knowledge regarding effectiveness)
throughout the XXX (e.g.
manufacturing) department of ABC Ltd (application to question)”
▪ To identify
▪ To evaluate
▪ To inspect
Briefly describe qualities and abilities that a successful internal
auditor should possess
• Curiosity
• Analytical qualities
• Qualities of persuasion
• Good business judgement
• Logical thinking
• Objectivity
• Good communication skills
• Good human relations
• Independence
• Self-confidence
• Initiative in developing techniques
Competencies needed to excel as an internal auditor
▪ Inherent personal qualities
▪ Knowledge, skills and credentials
THE PURPOSE AND NATURE OF VARIOUS FORMS OF
INTERNAL AUDITING
• Compliance audits: Compliance can be defined as conformity and
adherence to applicable laws and regulations as well as policies,
plans, procedures, contracts or other requirements.
Page 4 of 20
Downloaded by Vincent kyalo ()
