Basics of internal audit assurance
Audits and reviews are necessary for shareholders and other stakeholders to have a reliable and independent source of financial information to assess a company’s and its management’s performance. This is particularly important for shareholders of listed companies who are other than separate from those managing and governing their own companies. Other stakeholders, such as creditors, lenders, employees, analysts, prospective shareholders, regulators, governments, and communities, also need this information to make assessments and decisions, such as investing, divesting, lending or contracting with the company, with confidence and on a consistent basis.
What is Internal Audit Assurance?
Assurance is a term that refers to an assurance practitioner expressing a conclusion to increase users’ confidence in a given subject matter. An audit is a one type of assurance engagement that provides an opinion giving reasonable assurance on a financial report. An auditor, who is an assurance practitioner, conducts the audit and provides a conclusion that increases users’ confidence in the company’s financial report. Depending on the type of work that the assurance practitioner performs, there are varying levels of assurance, which result in the various different types of conclusions.
In Australia, the internal audit function is regulated by the Institute of Internal Auditors Australia (IIA-Australia) along with the Australian Securities and Investments Commission (ASIC).
Purpose of Internal Audit Assurance
The purpose of internal audit assurance is to provide stakeholders with reasonable assurance that an organiszation’s operations are effective, efficient, and comply with applicable laws and regulations. It evaluates and improves the an organiszation’s governance, risk management, and internal control processes.
It also includes reviewing the reliability and integrity of financial and operational information, and can be provided through a range of activities, including internal audit, internal review, and consulting engagements.
Internal Audit Assurance Process
The internal audit assurance process typically involves the following steps:
a. Planning:Internal auditors develop a risk-based audit plan that outlines the objectives, scope, and resources required for the audit. The audit plan is based on an assessment of the organiszation’s risks and control environment.
b. Fieldwork:Internal auditors gather and analysze information through interviews, documentation review, and testing. The fieldwork phase includes the testing of controls, compliance with policies and procedures, and the identification of control deficiencies and opportunities for improvement.
c. Reporting:Internal auditors communicate the results of the audit to management in a formal report. The report includes the findings, recommendations, and management’s response to the audit. The report also includes an opinion on the adequacy and effectiveness of internal controls.
d. Follow-up:Internal auditors follow up on the implementation of recommendations and the resolution of control deficiencies identified in the audit. The follow-up process ensures that management has taken appropriate corrective actions.
Internal Audit Assurance Standards in Australia
The IIA has established the International Standards for the Professional Practice of Internal Auditing (Standards), which provide guidance on the proper conduct of internal audit assurance services. The Standards are mandatory for IIA members and are recogniszed as the global benchmark for the internal audit profession.
The Standards comprise two categories: attribute and performance standards. Attribute standards describe the characteristics of organiszations and individuals that provide internal audit assurance services. Performance standards define the internal audit assurance services’ nature and provide criteria for evaluating the effectiveness of the internal audit function.
In addition to the Standards, the IIA has developed Practice Advisories and Practice Guides to provide supplemental guidance on specific topics related to internal audit assurance services. The Practice Advisories and Practice Guides are recommended for use by internal auditors and are intended to help them meet the Standards.