Exam Questions answers - AUI2601

Oct/Nov 2014

I) Internal audit should NOT take take on this task task or responsibility responsibility.. The bank reconciliation is a routine accounting procedure that is the responsibility of the accounting department. The performance of the reconciliation is, in itself, an internal control which may from time to time be “internally audited” to determine whether the control is operating as it i t was designed to. II) Internal Internal should carry out this procedure. procedure. s per standard standard !"#$." % The internal audit acti&ity must assist the organisation by e&aluating the ade'uacy and e(ecti&eness of controls regarding the reliability and integrity of nancial and operational information. III) Internal audit should not be part of the monthly internal control routines such as in&entory counts. Internal audit should attend and obser&e cycle counts and indeed perform a sample of test counts, but this would be to e&aluate the company*s in&entory controls. I+) Internal audit should not be in&ol&ed in “head “ head hunting”, because this is a human resource function. t a later stage internal audit might be re'uired to audit work performed by the person they had “head hunted” doing the “head hunting” themsel&es would impair their independence.

+) Internal audit could take responsibility for this re&iew. re&iew. It can be conducted as a compliance audit. +I) t most the internal internal audit acti&ity could assist assist in the design of the risk management process but in a way that does not compromise independence. The nature of an internal audit is one of “e&aluation” and “re&iew” rather than one of creating systems. systems. It does this by identifying identifying and e&aluating e&aluating the organisation-s eposure to risk, assessing the risk during the course of engagements and impro&ing the risk management process. Internal audit can pro&ide ad&ice to management on risk management. +II) Internal audit should conduct conduct this procedure. It falls under the consulting ser&ices pro&ided by internal audit.

!.!." /uality audits !.!.! 0inancial audits !.!.# 1erformance audits !.!.2 3n&ironmental audits

+) Internal audit could take responsibility for this re&iew. re&iew. It can be conducted as a compliance audit. +I) t most the internal internal audit acti&ity could assist assist in the design of the risk management process but in a way that does not compromise independence. The nature of an internal audit is one of “e&aluation” and “re&iew” rather than one of creating systems. systems. It does this by identifying identifying and e&aluating e&aluating the organisation-s eposure to risk, assessing the risk during the course of engagements and impro&ing the risk management process. Internal audit can pro&ide ad&ice to management on risk management. +II) Internal audit should conduct conduct this procedure. It falls under the consulting ser&ices pro&ided by internal audit.

!.!." /uality audits !.!.! 0inancial audits !.!.# 1erformance audits !.!.2 3n&ironmental audits

Engagement working papers generally: 4 id in the planning, performance, and re&iew of engagements. 4 1ro&ide the principal support for engagement results. 4 5ocument whether engagement ob6ecti&es were achie&ed. 4 7upport the accuracy and completeness of the work performed. 4 1ro&ide a basis for the internal audit acti&ity-s 'uality assurance and impro&ement program. 4 0acilitate third%party re&iews.

#.!." 8lear % Clear communications are easily understood and logical, avoiding unnecessary unnecessary technical language and providing all signifcant and relevant inormation. #.!.! ccurate % Accurate communications communications are ree rom rom errors and distortions and are aithul to the underlying acts. #.!.# 8oncise % Concise communications are to the point and avoid unnecessary elaboration, superuous detail, redundancy, and wordiness. #.!.2 8onstructi&e % Constructive communications are helpul to the engagement client and the organisation and lead to improvements where needed.

Objective communications are air, impartial, and unbiased and are the result o a air-minded and balanced assessment o all relevant acts and circumstances. Complete  communications lack nothing that is essential to the target audience and include all signifcant and relevant inormation and observations to support recommendations and conclusions.  communications are opportune and expedient, depending on the  Timely  communications signifcance o the issue, allowing management to take appropriate corrective action.

#.#." 9isk : G %  The possibility of an e&ent occurring that will ha&e an impact on the achie&ement of ob6ecti&es. 9isk is measured in terms of impact and likelihood. #.#.! 8hief audit eecuti&e : D % 8hief audit eecuti&e describes a person in a senior position responsible for e(ecti&ely managing the internal audit acti&ity in accordance with the internal audit charter and the 5enition of Internal uditing, the 8ode of 3thics, and the tandards. #.#.# 8onsulting ser&ices : E % d&isory and related client ser&ice acti&ities, the nature and scope of which are agreed with the client, are intended to add &alue and impro&e an organisation-s go&ernance, risk management, and control processes without the internal auditor assuming management responsibility. #.#.2 8ontrol :A % ny action taken by management, the board, and other parties to manage risk and increase the likelihood that established ob6ecti&es and goals will be achie&ed. #.#.; Ob6ecti&ity % F % n unbiased mental attitude that allows internal auditors to perform engagements in such a manner that they belie&e in their work product and that no 'uality compromises are made. #.#.< Independence %  % The freedom from conditions that threaten the ability of the internal audit acti&ity to carry out internal audit responsibilities in an unbiased manner. #.#.= 8ontrol processes %  ! %  The policies, procedures >both manual and automated), and acti&ities that are part of a control framework, designed and

operated to ensure that risks are contained within the le&el that an organisation is willing to accept.

2.".". ttribute 2.".!. 1erformance 2.".# 1erformance

2.".2 Implementation 2.".; ttribute

2.!."

"ermissi#le/ Not "ermissi#le Not permissible

$e%erence to ""F

$easons

""#$ : Impairment to Independence or Ob6ecti&ity

Impairment to organisational independence and indi&idual ob6ecti&ity may include, but is not limited to, personal con?ict of interest, scope limitations, restrictions on access to records, personnel, and properties, and resource limitations, such as funding.

""!$ : Indi&idual Ob6ecti&ity

""#$.8! : If internal auditors ha&e potential impairments to

independence or ob6ecti&ity relating to proposed consulting ser&ices, disclosure must be made to the engagement client prior to accepting the engagement. Internal auditors must ha&e an impartial, unbiased attitude and a&oid any con?ict of interest. 2.!.!

Not permissible

8ondentiality >par #.")

Internal auditors shall be prudent in the use and protection of information ac'uired in the course of their duties.

2.!.#

1ermissible

!!$$ : 3ngagement 1lanning

Internal auditors must de&elop and document a plan for each engagement, including the engagement-s ob6ecti&es, scope, timing, and resource allocations.

2.!.2

Not permissible

"#!! : 5isclosure of Non%conformance

@hen non%conformance with the 5enition of Internal uditing, the 8ode of 3thics, or the tandards impacts the o&erall scope or operation of the internal audit acti&ity, the chief audit eecuti&e must disclose the non%conformance and the impact to senior management and the board.

2.!.;

Not permissible

"!#$ : 8ontinuing 1rofessional 5e&elopment

Internal auditors must enhance their knowledge, skills, and other competencies through continuing professional de&elopment.

• • • • •

ccess to the books, records, &ouchers and accounts Obtaining information and eplanations ttending meetings Aelie&ing trusted oBcials Independence of the internal auditor

d&antagesC  This le&el of reporting gi&es the internal audit acti&ity a high degree of organisational independence and accessibility because it is reporting to a body with more authority than top eecuti&e management, and the ma6ority of members are not in&ol&ed in the operational matters of the company >eecuti&e functions). 5isad&antagesC ". Aecause the audit committee does not meet fre'uently enough, they do not ha&e the time to support the internal audit acti&ity on a day%to%day basis as an independent reporting facility. udit committees meet on a&erage four times a year. !. Aecause of its function, the audit committee, by its &ery nature, is apart from the main stream of business acti&ities. s a result, the internal auditor does not always recei&e necessary information and directi&es which might enable him to function e(ecti&ely.

#. The audit committee also has a functional rather than an operational role and it is, therefore, undesirable that members should be in&ol&ed with the operational or household details of the internal audit acti&ity. Their proper functions would include the nal authorisation of audit plans and audit ndings, the coordination of audit e(orts and the formulation of audit policy.

5ual 9eporting

4 The chief audit eecuti&e should ha&e the following dual%reporting responsibilitiesC functionally to the audit committee, and o administrati&ely to the chief eecuti&e oBcer. o 4 The chief audit eecuti&e should ha&e ready access to the audit committee. 4 The chief audit eecuti&e should ha&e direct and regular communication with the audit committee. 4 The chief audit eecuti&e should attend audit committee meetings. 4 The chief audit eecuti&e should regularly meet pri&ately with the audit committee >without management*s representati&es in attendance). 4 The audit committee should appro&e the appointment or remo&al of the chief audit eecuti&e. 4 The audit committee should be ad&ised by the chief audit eecuti&e concerning his or her relationship with the eternal auditors >and on how the internal and eternal audits are progressing).

 The role of the internal audit acti&ity in in&estigations needs to be dened in the internal audit charter, as well as in the fraud policies and procedures. 0or eample, internal auditing may ha&e the primary responsibility for fraud in&estigations, may act as a resource for in&estigations, or may refrain f rom in&ol&ement in in&estigations. Internal auditing may refrain from in&ol&ement because it is responsible for assessing the e(ecti&eness of in&estigations or because it lacks the appropriate resources to be in&ol&ed in in&estigations. ny of these is acceptable, as long as the impact of these acti&ities on the independence of internal auditing is recognised and handled appropriately. In addition to ad&ising management, internal auditors may become in&ol&ed in in&estigations byC

4 monitoring the in&estigation process to help the organisation follow rele&ant policies, procedures, and applicable laws and statutes >where internal auditing was not responsible for conducting the in&estigation). 4 locating andDor securing the misappropriated or related assets. 4 supporting the organisation-s legal proceedings, insurance claims, or other reco&ery actions. 4 e&aluating and monitoring the organisation-s internal and eternal post% in&estigation reporting and communication plans and practices. 4 monitoring the implementation of recommended control enhancement.

 &'ne/&'ly 2014

!."." ssurance !.".! consulting !.".# consulting !.".2 assurance !.".; consulting

 The personal characteristics re'uired of an internal auditor areC •

knowledge and competence

• • • • • • • • •

awareness of new de&elopments good human relations diligence and patience ob6ecti&ity and condence practical approach professionalism independence and sound 6udgment due professional care integrity and pleasant personality

4 ppro&ing the internal audit charter 4 ppro&ing the risk based internal audit plan 4 9ecei&ing communications from the chief audit eecuti&e on the internal audit acti&ity*s performance relati&e to its plan and other matters 4 ppro&ing decisions regarding the appointment and remo&al of the chief audit eecuti&e 4 Eaking appropriate in'uiries of management and the chief audit eecuti&e to determine whether there are inappropriate scope or resource limitations.

Eanagement is accountable to the board for designing, implementing and monitoring the process of risk management, and for integrating it into the day%to%day acti&ities of the company. The internal audit acti&ity should assist the board, directors and management through consultation and facilitation in identifying, e&aluating and assessing signicant risks and by pro&iding independent assurance as to the ade'uacy and e(ecti&eness of related internal controls and the risk management process.

•

•

• •

Consider fraud risks in the assessment of internal control design and determination of audit steps to perform. Have sufficient knowledge of fraud to identify red flags indicating fraud may have been committed. Be alert to opportunities that could allow fraud, such as control deficiencies. Evaluate whether management is actively retaining responsibility for oversight of the fraud risk management program, that timely and sufficient corrective

•

•

measures have been taken with respect to any noted control deficiencies or weaknesses, and that the plan for monitoring the program continues to be adequate for the program’s ongoing success. Evaluate the indicators of fraud and decide whether any further action is necessary or whether an investigation should be recommended. ecommend investigation when appropriate.

The planning steps that should be followed for each audit are: !. "btain background information of the audit area. #preliminary survey$. %. &dentify the engagement ob'ective#s$ to be achieved. (. Consider the audit risk. ). *etermine the allocation of engagement resources. +. Compile the detailed engagement #audit$ programme.

a) e&idence generated by the internal auditor b) physical e&idence c) oral e&idence d) documentary e&idence e) physical e&idence

a) 8ause. It is the reason for the di(erence between the epected and actual conditions >why the di(erence eists). The auditor epects to nd that the 5O was update regularly or when there is a change in personnel or responsibilities : this is not the case and it is the cause of the situation. b) 8ondition. This is factual e&idence that the internal auditor has found in the course of the eamination >what does eist). c) 3(ect. This is risk or eposure the organisation or others encounter because the condition is consistent with the criteria. d) 8riteria. This should be the standard used to e&aluate or &erify what should eist.

he following aspects are usually included in this contractual obligation- &nternal auditors!. may not use confidential information obtained in the performance of their duties for their own gain, or impart such knowledge to third parties. %. should further the interests of their employers business undertaking. (. may not perform acts of dishonesty #fraud, theft$ against their employer. ). may not perform acts which are in competition with their employer. +. may not perform acts of misconduct while performing their duties.

!he internal audit charter is a ormal document that defnes the internal audit activity"s purpose, authority, and responsibility. !he internal audit charter establishes the internal audit activity's position within the organisation , including the nature o the chie audit executive#s unctional reporting relationship with the board$ authorises access to records,  personnel, and physical properties relevant to the performance of engagements $ and defnes the scope of internal audit activities. %inal approval o the internal audit charter resides with the board.

!. / common audit methodology. %. 0oint training programmes. (. 0oint planning of audit work. ). *irect assistance with each other’s pro'ects. +. E1change of audit reports 2. *irect support in that working papers are at each others disposal. 3. 4eriodic meetings 5. / professional attitude 6. he evaluation by internal and e1ternal auditors of the effectiveness of each others work and reporting on this to management.

2.".". 7trongly recommended guidance 2.".! 5enition 2.".# International standards 2.".2 1osition papers 2.".; 1ractice d&isories

2.!. "

2.!. !

"ermissi#le/ Not "ermissi#le Not permissible

Not permissible

$e%erence to ""F Ob6ecti&ity >par !.#)

$easons

Integrity >par ".!)

Internal auditors shall obser&e the law and make disclosures epected by the law and the profession. Internal auditors shall engage only in those ser&ices for which they ha&e the necessary

8ompetency >par 2.")

Internal auditors s hall disclose all material facts known to them that, if not disclosed, may distort the reporting of acti&ities under re&iew.

2.!. #

1ermissible

2.!. 2

Not permissible

1rociency and 5ue 1rofessional 8are Ob6ecti&ity >par !.")

Ob6ecti&ity >par !.!)

2.!. ;

1ermissible

Oct/Nov 201)

Integrity >1ar ".!)

knowledge, skills, and eperience. 3ngagements must be performed with prociency and due professional care. Internal auditors shall not participate in any acti&ity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those acti&ities or relationships that may be in con?ict with the interests of the organisation. Internal auditors shall not accept anything that may impair or be presumed to impair their professional 6udgment. This scenario falls under this prohibition, since the auditor-s ob6ecti&ity would be impaired. Internal auditors shall obser&e the law and make disclosures epected by the law and the profession. Thus, the internal auditor is legally bound to respond to a court order. The re'uirement not to use information in any manner detrimental to the legitimate and ethical ob6ecti&es of the company does NO( o&erride the legal obligation to respond to a court order.

he main ob'ective of internal auditing is determined by the needs of the board of directors and management of an organisation so as to assist them in improving the governance, risk management and control processes as well as the effective discharge of its responsibilities. he internal auditor must ensure that these needs are addressed in the internal audit report that should be issued after each audit engagement. he internal auditor seeks to advise management on whether its ma'or operations have sound systems of risk management and internal controls. he uncovering of errors and fraud is an ancillary ob'ective.

Element

!. he *efinition of &nternal /uditing %. he Code of Ethics (. he &nternational 8tandards for the 4rofessional 4ractice of &nternal /uditing #8tandards$ ). 4ractice /dvisories +. 4osition 4apers 2. 4ractice 9uides

Mandatory/Strongly recommended 7andatory 7andatory 7andatory 8trongly recommended 8trongly recommended 8trongly recommended

!.# Organisational independence % The chief audit eecuti&e must report to a le&el within the organisation that allows the internal audit acti&ity to full its responsibilities. The chief audit eecuti&e must conrm to the board, at least annually, the organisational independence of the internal audit acti&ity.

Indi&idual ob6ecti&ity % Internal auditors must ha&e an impartial, unbiased attitude and a&oid any con?ict of interest. !.2 A*vantages o% t+is level o% reporting are t+at: 4 It guarantees access to a high%le&el oBcial. 4 It pro&ides a reasonable measure of independence for the internal auditor. 4 Eanagement may feel less threatened because the accessibility of the internal auditor is at a lower le&el than if he were to report to the Aoard of 5irectors Disa*vantages: 4 If the in?uence and authority of the internal auditor is such that audit matters recei&e the attention of the 83O, to the detriment of other management matters, the eBciency of management will su(er and distrust might increase. 4 7ince a 83O is normally &ery busy, the 83 might nd that he or she does not recei&e the guidance and support necessary to perform his or her task e(ecti&ely.

!.; he role of the internal audit activity in investigations needs to be defined in the internal audit charter, as well as in the fraud policies and procedures. :or e1ample, internal auditing may have the primary responsibility for fraud investigations, may act as a resource for investigations, or may refrain from involvement in investigations. &nternal auditing may refrain from involvement because it is responsible for assessing the effectiveness of investigations or because it lacks the appropriate resources to be involved in investigations.  /ny of these is acceptable, as long as the impact of these activities on the independence of internal auditing is recognised and handled appropriately. &n addition to advising management, internal auditors may become involved in investigations bymonitoring the investigation process to help the organisation follow relevant policies, procedures, and applicable laws and statutes #where internal auditing was not responsible for conducting the investigation$. locating and;or securing the misappropriated or related assets. supporting the organisation’s legal proceedings, insurance claims, or other recovery actions. evaluating and monitoring the organisation’s internal and e1ternal post83). The 83 obtains the support of the board to coordinate audit work e(ecti&ely.

No.

Audit phase/step

#a$ 9ather audit evidence #b$ &dentify opportunities for making significant improvements to the human resource function’s risk management and control systems. #c$ *istribute the audit report. #d$ 4erform a preliminary survey for the recruitment process to identify the ob'ectives and significant risks and evaluate the resources. #e$ Complete the audit working papers. #f$ Compile a list of the auditing engagement’s ob'ectives that must be achieved.

4erforming the engagement #fieldwork$ 4lanning the internal audit #engagement planning$

#g$ Evaluate the recruitment process based on the risk assessment. #h$ *etermine the audit risk and indicate how it will influence the audit engagement. #i$ 4erform the audit procedures. #'$ =rite the audit report.

/udit reporting and follow up 4lanning the internal audit #engagement planning$ 4erforming the engagement #fieldwork$ *etermining audit assignment.

4lanning the internal audit #engagement planning$ 4lanning the internal audit #engagement planning$ 4erforming the engagement #fieldwork$ /udit reporting and follow up

he C/E has not complied with the >proficiency? requirement of 8tandard !%!@. &nternal auditors must possess the knowledge, skills, and other competencies needed to perform their individual responsibilities. he internal audit activity collectively must possess or obtain the knowledge, skills, and other competencies needed to perform its responsibilities. &n the scenario given, there is no qualified internal auditor even though one person is studying towards a degree in auditing. herefore the chief audit e1ecutive must decline the consulting engagement or obtain competent advice and assistance if the internal auditors lack the knowledge, skills, or other competencies needed to perform all or part of the engagement.

he following factors directly determine the nature and scope of audit sampling or testingthe effectiveness of the system of internal control the more effective, the smaller the sample. materiality of the transactions the more material, the larger the sample. volume of transactions #population siAe$ does not affect the siAe of the sample method of record keeping relative risk associated with the transactions nature of the evidence suggestion of irregularities unusual items in the population 

      

 /nswer8ufficient- 8ufficient information is factual, adequate and convincing, so that a prudent, informed person would reach the same conclusions as the auditor. Evidence is sufficient if it is so factual, adequate and convincing that it would lead a prudent, informed person to the same conclusions as the internal auditor. &t requires ob'ective 'udgement on the internal auditors part. eliable- eliable evidence is the best attainable through the use of appropriate 



engagement techniques. 8o, for e1ample, an original document is more conclusive #reliable$ than a copy, and direct evidence is more acceptable than hearsay evidence.





elevant- elevant information supports engagement observations and recommendations and is consistent with the ob'ectives for the engagement. he facts and opinions used to prove an issue must bear a logical relationship to that issue. :or e1ample, an original purchase order, properly approved and issued, has no relevance if the auditor wants to determine whether the goods have actually been received. seful- his term refers to information that helps the organisation meet its goals.

Control #a$ alarms #b$ personnel access cards #c$ procedure manuals #d$ use of carbon paper #e$ guidelines #f$ physical stock count #g$ reconciliations #h$ company policy #i$ training programmes

Type of Control *etective 4reventative *irective 4reventative *irective *etective *etective *irective *irective

Question

).!

Permissible/not permissible ! mar"#

ot permissible

$eference to %PP& ' mar"s#

&ntegrity #par !.($ Confidentiality #par (.!$

).%

ot permissible

!%(@ D Continuing 4rofessional *evelopment Competency #par ).($

).(

4ermissible

).)

ot permissible

).+

ot permissible

$easons ! mar"#

&nternal auditors shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or to the organisation. &nternal auditors shall be prudent in the use and protection of information acquired in the course of their duties. &nternal auditors must enhance their knowledge, skills, and other competencies through continuing professional development.

&nternal auditors shall continually improve their proficiency and the effectiveness and quality of their services. %2@@ D =hen the chief audit e1ecutive Communicating the concludes that management has  /cceptance of accepted a level of risk that may be isks unacceptable to the organisation, the chief audit e1ecutive must discuss the matter with senior management. &f the chief audit e1ecutive determines that the matter has not been resolved, the chief audit e1ecutive must communicate the matter to the board. "b'ectivity #par &nternal auditors shall not accept %.%$ anything that may impair or be presumed to impair their professional  'udgment. !(%! D se of he internal audit activity conforms with >Conforms with the the 8tandards when it achieves the &nternational outcomes described in the *efinition of 8tandards for the &nternal /uditing, Code of Ethics, and 4rofessional 8tandards. he results of the quality 4ractice of &nternal assurance and improvement program  /uditing? include the results of both internal and e1ternal assessments. /ll internal audit activities will have the results of internal assessments. &nternal audit activities in e1istence for at least five years will also

have the results of e1ternal assessments.

 &'ne/&'ly 201)

!." Not permissible. "!#$ : 8ontinuing 1rofessional 5e&elopment and 8ompetency >par 2.#). &nternal auditors must enhance their knowledge, skills, and other

competencies through continuing professional development. &nternal auditors shall continually improve their proficiency and the effectiveness and quality of their services.

!.! Not permissible. "b'ectivity #par %.%$. &nternal auditors shall not accept anything that may impair or be presumed to impair their professional 'udgment. %.( ot permissible. !!%@ D &ndividual "b'ectivity. &nternal auditors must have an impartial, unbiased attitude and avoid any conflict of interest.

!.2 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

!.; Not permissible. Ob6ecti&ity >par !.#). Internal auditors s hall disclose all material facts known to them that, if not disclosed, may distort the reporting of acti&ities under re&iew.

!. he assistance rendered to the management of the organisation to help them attain their ob'ectives. %. he internal audit report provides management with the assurance that management policy, standards and procedures are satisfactory that they are being e1ecuted and adhered to and that the risk management, control and governance processes are adequate and effective. (. /ny deviations or discrepancies or unsatisfactory aspects from which deductions for reand on how the internal and eternal audits are progressing).

".  common audit methodology. !. Goint training programmes. #. Goint planning of audit work. 2. 5irect assistance with each other-s pro6ects. ;. 3change of audit reports par !.") Internal auditors s hall not participate in any acti&ity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those acti&ities or relationships that may be in con?ict with the interests of the organisation. Internal auditors shall not accept anything that may impair or be presumed to impair their professional 6udgment. 1reparing a personal ta return for a di&isional manager for a fee falls under this prohibition, since the auditor-s ob6ecti&ity would be impaired. !.!.! Not permissible. 8ondentiality >par #."). Internal auditors shall be prudent in the use and protection of information ac'uired in the course of their duties. Internal auditors respect the &alue and ownership of information they recei&e and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so. This auditor had no legal or professional obligation to gi&e out that information and therefore did not protect the information ac'uired in the course of his duties. !.!.# 1ermissible. Integrity >par ".!). Internal auditors shall obser&e the law and make disclosures epected by the law and the profession. Thus, the internal auditor is legally bound to respond to a court order. The re'uirement not to use information in any manner detrimental to the legitimate and ethical ob6ecti&es of the company does NO( o&erride the legal obligation to respond to a court order.

d&antagesC  This le&el of reporting gi&es the internal audit acti&ity a high degree of organisational independence and accessibility because it is reporting to a body with more authority than top eecuti&e management, and the ma6ority of members are not in&ol&ed in the operational matters of the company >eecuti&e functions). 5isad&antagesC ". Aecause the audit committee does not meet fre'uently enough, they do not ha&e the time to support the internal audit acti&ity on a day%to%day basis as an independent reporting facility. udit committees meet on a&erage four times a year. !. Aecause of its function, the audit committee, by its &ery nature, is apart from the main stream of business acti&ities. s a result, the internal auditor does not always recei&e necessary information and directi&es which might enable him to function e(ecti&ely. #. The audit committee also has a functional rather than an operational role and it is, therefore, undesirable that members should be in&ol&ed with the operational or household details of the internal audit acti&ity. Their proper functions would include the nal authorisation of audit plans and audit ndings, the coordination of audit e(orts and the formulation of audit policy.

4 It guarantees access to a high%le&el oBcial. 4 It pro&ides a reasonable measure of independence for the internal auditor. 4 Eanagement may feel less threatened because the accessibility of the internal auditor is at a lower le&el than if he were to report to the Aoard of 5irectors Disa*vantages: 4 If the in?uence and authority of the internal auditor is such that audit matters recei&e the attention of the 83O, to the detriment of other management matters, the eBciency of management will su(er and distrust might increase.

4 7ince a 83O is normally &ery busy, the 83 might nd that he or she does not recei&e the guidance and support necessary to perform his or her task e(ecti&ely.

o achieve the degree of independence necessary to effectively carry out the responsibilities of the internal audit activity, the chief audit e1ecutive has direct and unrestricted access to senior management and the board. his can be achieved through a dual0ieldwork) 1hase 2 : udit reporting and follow%up >monitoring progress)

I @orkers can work ecessi&e o&ertime where not needed. II 8alculation errors will not be picked up. III The che'ue amount can be increased to pay out more than the total net wages I+ 3mployees can claim that they were not paid

I Inspection II 9ecalculation III 9outine checkingDtransaction audit I+ Obser&ation

Standard !'!(.A' ) Internal auditors must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organisation, but are not expected to have the expertise of a person whose primary responsibility is detecting and investigating fraud. here are references to the responsibility of internal audit regarding fraud in various &nternal /uditing 8tandards. &n this regard, the following 8 tandards are also of particular importanceF &&/ 8tandard !%@@- 4roficiency and *ue 4rofessional Care F &&/ 8tandard !%%@- *ue 4rofessional Care F &&/ 8tandard %@2@- eporting to 8enior 7anagement and the Board F &&/ 8tandard %!%@- isk 7anagement F &&/ 8tandard %%!@- Engagement "b'ectives