Internal audit integrity stays the number one among the four internal audit codes of ethics. Based on the code of ethics, integrity simply means honesty to their own ethic, company’s policy, shareholders, and public (For some cases).
Integrity will help the internal auditors to earn better trust in their professional judgments by other departments or stakeholders. It also helps the auditor to the need for internal audit definition.
Since honesty is one of the most important things that internal auditors want from employees to the company as well as shareholders; therefore, it also one of the most important things that internal auditors need to possess.
Here is the example of internal audit integrity:
- Internal auditors should perform their works honestly to the company. They should respect the company’s policy, decision as well as procedure, and manual. They should also need to disconnect themselves from any illegal act that is committed by the company or supervisor.
- The internal auditor should perform their work responsibly. For example, execute an internal audit plan effectively and efficiently. The audit concludes the resulting base on facts and support from the strong evidence.
- The internal audit might review whether the entity is complying with the applicable law and regulation or not. In case, the internal auditor found that certain laws and regulations do not comply, they should report the finding.
- Internal audit should not involve any case that might impair the entity’s credibility.
Once integrity is promoted in an internal audit environment, the impact is not only staying only there. The employees, other departments, or the entity as a whole will subsequently impact and benefit from it.
When integrity is powerfully promoted in the entity, value is not added only to the entity but also to the customers, potential investors, potential employees, and shareholders. Integrity contribute significantly to keeping entity growth
Internal audit competency is one of the four-element of the internal audit code of ethics. This code required internal audit have the necessary skill, knowledge, and experiences to conduct the internal audit services.
The code also required the internal auditors to perform internal audit service or internal audit activities in accordance with the International Standard for the Professional Practice of Internal Auditing.
This standard could help the internal auditors to maintain the quality of internal audit and making the internal audit services could really add value to the entity.
Internal audit competencies also required internal audit to contusing obtain, maintain, and develop the necessary skill that could help internal audit have enough knowledge, skill, and qualification to perform audit works.
For example, if you are the internal auditor of an entity, you need to make sure that you have enough knowledge about the nature of the business of those entities.
This could be obtained by joining the internal training. Internal auditors also need to have enough knowledge in accounting skills as well as necessary accounting standard.
Audit objectives vary base on the types of audit engagement and the scope of the audit. The internal audit might have different objective from an external audit or statutory audit.
For example, the objective of audit on financial statements basically is to assess the financial statements that prepare by the audit’s client are true and fair or not.
The external auditor needs to ensure that the supporting documents that they obtain are sufficient and appropriate enough to help them express their opinion. This is the main objective of statutory audit.
Internal audit, however, might have different objective from the external audit. In general, the objective of the internal audit is to exercise audit activities independently and objectively to add value to the organization.
This objective might meet through the review in many different areas like operational audit, financial audit, compliant audit, as well as 3Es audit.
In this article, we will discuss in detail about the main objective of external audit and internal audit. Here are they:
The objective of external audit:
The main objective of external auditors or financial audit is to let auditors be able to perform their audit on financial statements independence and objectively and let them issued opinion whether:
- Financial Statements that prepare by managements are true and fair view in all material respects in all material respect, and
- Whether those financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework.
And to meet this objective, external audits are required to strictly follow the guideline from IFAC and another related professional body. Sometimes, the external auditor also needs to follow local professional body which is established by the governments.
Internal policies and internal manual that prepare by their own firm also could help to make sure that all audit assignments are performed at the required quality.
In most case, the form is required to have them and more importunately, follow them. The audit standard that related to the objective of audit on financial statements is ISA 200. You might want to check here, ISA 200.
The objective of the audit on financial statements can be found in the audit engagement letter. this letter plays as contract and it contains much important information include audit objective, the scope of the audit, timing, audit fee, auditor right and obligation, management right and obligation, etc.
It is good to note that the external audit that mentions above refer to the audit professional audit form that authorized by the authority and run by CPA member. Big four audit firms are the best example of an external audit.
The objective of the internal audit:
The best answer to the question about what is the objective of internal audit is why does this department exist in the entity?
In general, there are two main reasons why it exists. First, for some entity, it is required by law or regulation where the entity operating in. Second, it is part of the risks entity risks managements.
Setting up the internal audit department is some time to meet the requirement of local law. For example, most of the listed companies are required to set up internal audit department to review and assess internal control both operation and internal control over financial reporting.
This internal audit must be independent and people who manage this department must be qualified. In some country, recruitment of the head of internal audit department or chief of internal audit needs to get some approval from certain local authority or body to ensure that the quality of this department is meet the requirement.
Existing of some internal audit departments are sometimes part of the board of directors as the result of risks management. This is not required by law.
In this case, the objective and scope of the internal audit department are set by the board of directors or those charge with the government. This department is normally under the control of the audit committee. In most case, the objectives of internal audit are determined and defined in The Internal Audit Charter.
In summary, the main objective of internal is to help the organization to assess and manage risks through its independence and objectivity with highly disciplined and systematic work.
So, the audit objectives are different based on the types of audit engagements as well as the scope of the audit. The objective of audit on financial statements is to let independence to express their opinion on the financial statements based on their independence and professional examination. Normally, there are four types of audit opinion that auditor will express.
The internal audit objective is to act independently and objectively to add value to the company by introducing the high discipline approach to the organization.
To ensure that internal auditor could meet this objective, the internal auditor needs to ensure high discipline need to be introduced and in case there is an impairment on this, audit committee needs to review internal audit department again.
Audit strategy generally means the combination of audit approach to be used, resources management and allocation, timing of the audit, and the way how the audit engagement is managed.
For example, the auditor will use risks based audit approach or top-down approach to conduct audit assignment.
Another example, auditors just engage with the new audit clients and they decided not to rely on the internal control financial statements by deciding not to test of control. They just go to a substantive test. This is how the audit strategy means.
Audit strategy normally identifies and sets after the audit objective but before or at the same time with the audit plan is performed. Managing the time frame of the audit assignment is also part of the audit strategy.
The right audit strategy could lead to minimize auditor risks, meet audit deadlines, and using audit resources efficiently.
The auditor will have to make sure that the audit assignment is not only complete with the time as required by its client, but they have to make sure that there is sufficient time to ensure that the maximum audit quality is maintained.
The following is a detail explanation of audit strategy and the way how to set audit strategy. Once you complete this explanation, you will be able to figure out how the audit strategy means.
Audit strategy is very important for the success of audit engagement. Good audit strategy, based on ISA 300 should contain the following key importance points:
How to set audit strategy?
- In the audit strategy, the auditor should Identify the characteristics of the engagement and define the scope of the audit. This is a very important point before starting further works. For example, audit client’s financial statements based on international auditing standards, and the client’s financial statements are prepared based on US GAAP.
- The auditor should also identify the reporting objectives of audit engagement to that they could set the timing of the audit and figure out the nature of the communications that should require. For example, the audit report is required by the parent company and it will not publish online. In most cases. auditor state the disclaimers in the audit report.
- It is part of the audit strategy that auditors should identify or figure out what are the key factors or key areas in the audit engagement that required high professional judgment. If there are any factors or areas required for professional judgment, the auditor might consider if they have enough resources with high competency to do the job or not. If not, maybe withdraw from engagement or seeking other resources.
- Assess if the knowledge that auditors gain and the result of their pre-analytical review our consistency. This is normally done by comparing the auditor’s knowledge which normally obtained by sit down with management and understand the nature of business against the result of the audit team perform the pre-analytical review in the financial statements that obtain from clients. If the result is consistent, then the question of management integrity should be okay. But, in case, the result is different, then auditors might take more skeptical on any management answer.
- Audit evidence is very important. The auditor should consider the possibilities that they could obtain the audit evidence, the nature of audit evidence, and any restrictions on that.
Objective and Purpose of Audit Strategy:
- To set the scope of the audit engagement
- To establish the time frame of the audit
- To manage and arrange the audit effectively and correctly
- To set the right audit approach
- Documentation about Audit methodology
In conclusion, audit strategy is the way in which auditors understand and set audit scope, the timing of audit engagement, and set out the strategy on directing audit engagement, and develop an audit plan to the success of audit engagement. The audit plan and audit strategy are different.
Written by Sinra
Internal audit and external audit are both the watchdog of entity and shareholders; however, there are some key differences between internal and external audit for some perspectives.
For example, purpose, employment, legal requirement, reporting and so on. The following are the key differences and similarity of internal audit and external audit:
The Different of External and Internal Audit
1) Purpose of Audit
The purpose of an external audit is to let auditor examine the entity’s financial statements and express their opinion on its.
The external auditor examines the reports and expresses their opinion if the entity’s financial statements are free from any kind of material (error or fraud).
The purpose of an external audit is sometimes required by law, regulation, shareholders or sometimes required by the bank.
External audit reports provide assurance on the financial statements and helping users of financial statements feel comfortable with the reports they are using.
However, the internal auditor is not express their opinion on the financial statements.
Instead, they are reviewing the internal control over financial reporting to ensure that the good internal controls are in place to ensure that the financial reports are prepared in all material respect. This is the internal audit in the financial report perspective.
In general, the purpose of internal audit is to review and assess the major internal control of the entity, not only internal control over financial reporting.
Internal audit also reviews the effectiveness, efficiency, and economy of an entity’s use of its resources.
Check out the Purpose of Audit on Financial Statements:
External auditors are the employee of audit firms like KPMG, PWC, and EY. They are not the employee of the entity they are auditing.
So basically, the employment contracts, training, compensation, and performance review are all with the firms.
Internal audit is the employee of the entity and normally they are working in the internal audit department or internal audit division.
However, sometimes internal audit activities are outsourced from external auditors or consulting firm who have professional skill and resources. So, the employment contracts, training, compensation, and performance review are all with the entity.
Check out what does audit plan mean,
External audit reports are reporting to those charged with governance (TCWG). ISA 260 is the standard that we should refer to and actually, the standard does not say specifically about the exact person that external auditor reports, but it uses the word “governance”.
Be careful, when you do the research about who the hell external auditor reporting to on the internet and you found many different results.
Well, Those Charged With Governance includes someone or a group of people at the highest level of management of an entity. Those people include executive, non-executive, committee, or board of directors.
Internal audit work in the entity has some different reporting line from the external auditor. For administrative purpose, the internal auditor might report to the CEO or other executives in the entity.
For example, administrative expenses, staff turnover, recruitment plan or similar. Reporting result of internal audit and other relevance maters are directly reporting to the audit committee, owner, or board of directors.
In other words, reporting to people or ground of people who manage the executive management in the entity.
Check out what do Audit Strategy Mean?
In the external audit report, there is an opinion of external auditor expressing on the financial statement as the result of their audit. These opinions include the unqualified, qualified, disclaimer, and adverse opinion.
For limited assurance, the external auditor also issued their opinion, but not like positive assurance.
Internal audit, by the ways, does not express an opinion on the true and fair of entity’s financial statements even those they tested those fs.
But, they online issued finding along with the rating of those finding based on the impact and likelihood of findings found.
5) Legal perspective
If the external audit issued their opinion negligently, and the negligent cost the entity, then external auditor face the legal action with the entity at the both of company level.
The entity could not sue the employee in the external auditor, but audit partner, maybe depending on the law in that jurisdiction.
However, if the internal auditor does something against the entity policies and regulation, then the employee might face some action based on entity policies.
6) Standard use
The internal auditor normally uses the audit standard issued by the local regulator or body and adoption of International Standard on Auditing (ISA) which is issued by IFAC.
Sometimes, it also follows the requirement of other related bodies like security exchange to be able to audit the entity’s financial statements listed in the stock exchange.
Internal audit is followed internal manual which adopts best practice and IIA Standard. In general, an internal audit is adopted and use the standard which is issued by IIA (International Professional Practices Framework (IPPF))
Work in an external audit firm as normal staff are not required to hold ACCA, CPA, CA, but if you hold one of them, your credit is better than others.
However, the audit firm required its partner to hold the CPA at least one. Sometimes, it depends on local regulation, one or two people holder CPA and also registers in the local authority that controls CPA firms.
Internal auditor; however, is not required CPA. But most of the people who manage the internal audit department required good experiences in internal audit or sometimes, require someone who has experiences from the external audit firm preferable big four.
CIA is also one of the most popular professional internal audit qualification. Having the CIA could help you gain more credit and get a better opportunity in internal audit.
8) Scope of works
Scope of the external audit depends on the services request by entity and availability services in the firm.
In general, if we talk about the scope of external audit on auditing financial statements, the scopes include the period of engaged financial statements, the standard use to prepare financial statements
Scope of internal audit is a bit different from the external audit. The internal audit might cover the areas and determine by the audit committee.
However, it is generally cover internal control both operation and internal control over financial reporting, investigation on fraud, compliant review again company policies or local regulation, examine on management report, and 3Es audit (economy, efficiency, and effectiveness)
External audit responsibilities are defined in ISA 200, and their main responsibilities are:
- Audit entity’s financial statements based on required standards
- Maintain ethical requirement related to the audit of financial statements; for example, keep professional judgment, professional skepticism,
- Make sure audit risk are properly assessed and audit strategy is applicable to those.
- Report to audit committee if there is any problem related to independent and conflict of interest.
Responsibilities of internal audit are defined in the audit charter and they might be a bit different from one company to others. In general, an internal audit is responsible only for auditing only one company or under the group.
They are responsible for reviewing and assessing the internal control of the entity, compliant review, and fraud investigation.
They are also responsible for reporting any significant errors, fraud, or problems found to the audit committee and board of directors.
10) Code of Ethics
External audit code of ethics is defined by IFAC and they are tailor by the firm for internal use. However, those internal codes of ethics also need to follow IFAC.
The internal audit code of ethics is generally set in the internal audit charter or policies. However, IIA also issued an internal audit code of ethics that should follow by the internal auditor.
The Similarity of External and Internal Audit
Both internal audit and external audit are working independence from the operation. Independence here means both Independence in mind and physical.
Both internal audit and external audit issues their report after they complete their tasks. Yet, their reports have different format and objective.
Both of audit cost the entity. This is the big challenging for some small entity to engage audit firms to audit its financial statements.
Standard of works
Internal audit and external audit requirements to maintain a high quality of works to ensure that the result of their audit is trust-able and reliable by related parties.
Internal Audit Opinion:
Internal auditors normally issue their reports to related parties such as the auditee, audit committee, and board of directors. Internal audit normally not provide the opinion like external audit, but it normally provides the conclusion on what they actually found during the cause of internal audit.
For example, the significant internal control matters, non-compliance with internal policies and regulation. In general, the conclusion of the opinion of the internal audit is prepared mainly based on the scope of the internal audit and its objective.
If auditors assign to review the internal control over inventories management of the entity, then at the end of their audit, they will raise out all the internal control weakness and significant matter found related to inventories management along with their recommendation and implication.
Here is the quote of Internal audit Opinion based on Internal Audit Standard,
The rating, conclusion, and/or other description of results of an individual internal audit engagement, relating to those aspects within the objectives and scope of the engagement.
Check out the complete article related to Internal Audit here,
For example, the internal audit department is assigned to conduct internal audit activities in the payroll department as the result of some concerns from the audit committee and board of directors.
Then, after the cause of its audit activities, the internal audit department needs to issue an audit report, maybe base on the structure of the entity, to the GM or Director and also head of HR on the result of their audit.
This report should provide the conclusion of significant problems found and the rating of relevance control. The internal audit report also needs to communicate to the audit committee and board of directors.
So, in conclusion, the internal audit did not issue the opinion like external audit but it also issued the audit report which raises out all the finding, implication, and recommendation along with the audit rate. Audit rating is provided based on the nature of risks and subsequent risks that might affect.