FOUNDATIONS OF INTERNAL AUDITING
Traditionally, internal auditors had been concerned with both accounting and
financial processes, and some expertise in these areas had generally been considered
to be essential. Coverage of accounting and financial controls and processes
also provided an opportunity for expanding the range of internal audit services
into the broader operational areas. Since accounting and financial records directly
or indirectly reflect all operational activities, financially oriented internal audit
reviews often open doors to the other activities. This combination of operational
and financial internal audit practices as well as information systems auditing will
be considered throughout this book. In terms of strategy, an internal audit abandonment
of accounting and financial areas can create a vacuum that would invite
the emergence of other audit-type functions.
“Internal Audit Quality
Assurance and ASQ Quality Audits” for example, will discuss how many traditional
internal auditors in the past ignored the International Organization for
Standardization (ISO) “quality” movement in its early days, leading to an almost
separate profession of quality auditors.
An internal audit function today needs to have an adequate coverage of key
accounting and financial areas, and the responsibilities of whomever does that
will inevitably spill over into an overview of broader operational areas. The failure
to cover key financial areas was one of the arguments external audit firms
made to senior management when they offered to provide internal audit outsourcing
services. For some years leading up to the enactment of SOA, it almost
appeared that the public accounting firms were taking over internal auditing
through their outsourcing arrangements. Now, an organization’s external auditors
are prohibited from also performing internal audits for the same organization.
In the wake of SOA and the internal control assessment requirements of the
Act’s Section 404 requirements about internal audits’ roles
and responsibilities are changing again as we move through the first decade of
the twenty-first century. Internal auditors today are a much more important element
in an organization’s overall internal control framework than they were not
that many years in the past. To be effective here, an internal auditor must gain a
strong understanding of internal controls, and any internal audit involvement
with SOA Section 404 reviews require some understanding of generally accepted
accounting principles (GAAP) and their related financial controls. Therefore,
internal auditors today need to understand financial and operational as well as
information systems controls. An objective of this book is to cover all three of
these areas, but to cover them in a manner whereby they are not considered separate
internal audit practices, but represent skills and knowledge that should be
used by all internal auditors.
No comments:
Post a Comment