AUD679 - TUTORIAL PDF

Preview

Summary

S STRUCTURED ESSAY QUESTION 1: (20 marks)i) State the attribute of the following components in the Definition of Internal Auditing. Risk and management process are help identify and document the organization's risks in critical business processes and the internal controls within each process to miti...

Description

SSTRUCTURED ESSAY QUESTION 1: (20 marks) i)

State the attribute of the following components in the Definition of Internal Auditing.

-

Risk and management process are help identify and document the organization's risks in critical business processes and the internal controls within each process to mitigate those risks. In business, there are risks that exist and need to be identified and addressed in order to prevent or minimize losses.

-

Consulting activity designed to add value and improve an organization's operations by bringing a systematic, disciplined approach to evaluating and improving the effectiveness of risk management, control, and governance processes.

-

The systematic and disciplined approach requires that internal auditors identify, analyze, evaluate, and document information to support the results of an engagement and the internal auditors' conclusions. Standard 2310 defines the criteria of the information that must be identified.

-

independence means independence from parties whose interests might be harmed by the results of an audit. Specific internal management issues are inadequate risk management, inadequate internal controls, and poor governance.

ii)

Explain briefly the following differences between the internal auditors and external auditors

-

The external auditor is to carry out sufficient work to enable them to express an independent opinion to the members upon a set of the financial statements and whether these show a true and fair view. Internal audit must provide an annual internal opinion on the state of the organization’s arrangements in relation to risk management, governance and internal control.

-

The work of internal audit gives the audit committee and the board assurance to help them to fulfil their governance and stewardship duties to the organization and its various stakeholders.

-

For internal audit, its main function is to ensure reliable reporting process, hence they assess high-risk aspects of the internal control environment and recommend the design of a system of internal control that will mitigate the risk of fraud to below materiality level. For external audit; the primary objective is to enable the auditor to express an opinion. In the discharge of their duties, auditors (external) are only required to adopt an attitude of professional scepticism that a material misstatement due to fraud or error may indeed exist.

Question 2 (Internal Auditing in Corporate Governance)

i)

State four (4) importance for a close working relationship between the internal auditor and the audit committee.

By close communication and planning ensures that audit resources can be directed towards the area of most need example in high-risk areas of the organization. This means that internal audit can plan their work to minimize duplication with external audit testing and to provide assurance. over those systems and controls on which external audit may wish to place reliance, subject to appropriate review procedures being applied. Besides that,the audit teams can plan the timing of their work to minimize disruption and interference with key members of staff. Lastly, the audit team can share intelligence on key events, changes and plans that may impact on the risk profile of the organization and on their work.

ii)

four (4) activities that the audit committee can undertake in assisting the internal auditors in meeting their rights and duties. During audit execution, internal auditors obtain reliable information that includes process performance data as audit evidence which are documented for easy retrieval. Audit findings are reported to the relevant management level for appropriate corrective actions to eliminate root causes of weaknesses found. The internal audit process is monitored using self‐assessments and peer reviews of audit teams for performance improvements, such as upskilling in areas of information technology or risk management. As we know, internal audit process has four dimensions which is planning, execution, reporting, and monitoring. In line with reviews in the listing legislation, we investigated the effect of audit committee reviews on internal audit performance based on these dimensions. Overall internal audit performance comprises performance of activities in the four

dimensions.

iii)

five (5) typical important matters that are addressed by the CAE under functional reporting.

To ensure transparency and conflicts of interest, best practice indicates that the internal audit activity should have a dual reporting relationship. The CAE should report to executive management for assistance in establishing direction, support, and administrative interface and to the organization's most senior oversight group typically, the audit committee for strategic direction, reinforcement, and accountability.

Appropriate reporting relationships are critical in internal auditing to achieve the independence, objectivity, and organizational stature necessary to fulfill its obligations and mandate to effectively assess internal controls, risk management, and governance. As the independent eyes and ears of the audit committee or equivalent, it is important that the internal audit activity is structurally independent, and free from coercion by management. The requirement for the CAE to be truly independent is endorsed globally, and companies are working to bring reporting lines into line with The IIA s International Standards for the Professional Practice of Internal Auditing (Standards).

Question 3 (Risk and Control)

Board of directors. In Malaysia, based on the Malaysian Code on Corporate Governance clearly stated the role and responsibility of the BODs toward the risk management activities. The code highlighted for the BODs to have a system which effectively monitor and manage risks. This is an indicator of the importance of risk management and the oversight function of the BODs, even though there is no mandatory requirement for the establishment of the RMC The Board of Directors is ultimately responsible for the administration and the proper organization of the operations of the Company. According to good corporate governance, the Board also ensures that the Company has duly endorsed the corporate values applied to its operations. The Board approves the internal control, risk management and corporate governance policies. The Board establishes the risk-taking level and risk bearing capacity of the Company and re-evaluates them on a regular basis as part of the strategy and goal setting of the Company. The Board reports to the shareholders of the Company.

Chief executive officer The chief executive officer is ultimately responsible and should assume ownership. Other managers support the entity's risk management philosophy, promote compliance with its risk appetite,

and manage

risks within

their

spheres

of responsibility consistent

with risk tolerances. CEO oversees the risk management process of the Group and its continuous development, allocation of resources to the work, review of risk management policies as well as defining the principles of operation and overall process. CEO reports to the Board on risk management as part of the monthly reporting. CEO, and CFO, CLO, Segment Boards and the Presidents of the business segments, which operate under CEO, are responsible for the management of risks endangering the fulfillment of objectives set for the Company.

Chief risk officer The Chief risk officer are responsible towards identifying, measuring, managing and reporting risks. Besides, helping develop processes to better evaluate business-specific risk and monitor important as well as critical risk issues conducting risk and compliance assessments.

Financial executives. Financial executive is responsible in ensuring a setup of adequate control activities for business segments in cooperation with the business management, operative follow-up of the adequacy and effectiveness of control activities and ensuring that external reporting is correct, timely and in compliance with regulations.

ii)

Explain briefly four (4) roles of the internal auditors in risk management.

Provide objective assurance to the board on the effectiveness of risk management. Indeed, research has shown that board directors and internal auditors agree that the two most important ways that internal auditing provides value to the organization are in providing objective assurance that the major business risks are being managed appropriately and providing assurance that the risk management and internal control framework is operating effectively. Internal auditing may provide consulting services that improve an organization’s governance, risk management, and control processes. The extent of internal auditor’s

consulting in ERM will depend on the other resources, internal and external, available to the board and on the risk maturity of the organization and it is likely to vary over time. Besides, acting as the central point for coordinating, monitoring and reporting on risks and supporting managers as they work to identify the best way to mitigate a risk.

iii)

four (4) roles the internal auditors should not undertake in risk management, since the roles are confined to the management

The relationship between risk management and internal auditing in organizations from a risk management perspective to know how risk management values the role of internal auditing in risk management. Besides, The evaluation of risk management professionals in terms of misplacement and its effects on organizations’ risk management and internal control systems (advantages and disadvantages). To know why risk management has a very limited interaction in this issue....