audit

​Identify whether the internal audit activity has any impairments to its independence

Audit and impairment
Spread the love

One of the most important aspects of internal auditing is the independence of the internal audit activity. Independence means that the internal audit activity is free from any undue influence or interference that could compromise its objectivity and integrity. Independence also enables the internal audit activity to provide unbiased and reliable assurance and advice to the organization.

However, independence is not always easy to maintain or demonstrate. There may be situations where the internal audit activity faces impairments to its independence, either actual or perceived. Impairments can arise from various sources, such as:

– The organizational structure and reporting lines of the internal audit activity
– The scope and authority of the internal audit activity
– The resources and competencies of the internal audit staff
– The relationship and communication with the audit committee and senior management
– The involvement of the internal audit activity in non-audit activities
– The external pressures and expectations from stakeholders

Therefore, it is essential for the internal audit activity to identify whether it has any impairments to its independence, and if so, how to address them. This blog post will provide some guidance on how to do so, based on the International Standards for the Professional Practice of Internal Auditing (the Standards) issued by the Institute of Internal Auditors (IIA).

According to the Standards, the internal audit activity must be independent, and internal auditors must be objective in performing their work. The chief audit executive (CAE) must confirm to the board, at least annually, the organizational independence of the internal audit activity. The CAE must also disclose any interference and related implications in performing work or communicating results.

To identify whether the internal audit activity has any impairments to its independence, the CAE should consider the following steps:

– Review the organizational structure and reporting lines of the internal audit activity. The CAE should report functionally to the board and administratively to senior management. Functional reporting means that the board approves the internal audit charter, budget, plan, staffing, and compensation of the CAE; receives regular reports from the CAE; and evaluates the performance of the CAE. Administrative reporting means that senior management provides day-to-day oversight of the internal audit activity and facilitates its operations. The CAE should have direct and unrestricted access to the board and senior management.
– Review the scope and authority of the internal audit activity. The scope and authority of the internal audit activity should be defined in a written charter that is approved by the board. The charter should establish the purpose, objectives, responsibilities, and accountability of the internal audit activity. The charter should also grant the internal audit activity full access to all records, personnel, and physical properties relevant to its engagements. The CAE should ensure that the charter is periodically reviewed and updated to reflect any changes in the organization or in the profession.
– Review the resources and competencies of the internal audit staff. The CAE should ensure that the internal audit staff has sufficient resources and competencies to perform its work effectively and efficiently. Resources include adequate funding, staff, tools, and training. Competencies include knowledge, skills, experience, and professional certifications. The CAE should assess the resource needs and competency gaps of the internal audit staff on a regular basis and take appropriate actions to address them. The CAE should also promote a culture of continuous learning and improvement within the internal audit staff.
– Review the relationship and communication with the audit committee and senior management. The CAE should establish and maintain a constructive and cooperative relationship with the audit committee and senior management. The CAE should communicate with them regularly and timely on matters such as:

– The status and results of the internal audit plan
– The significant risks and control issues identified by the internal audit activity
– The recommendations for improvement and corrective actions
– The follow-up on agreed actions
– The quality assurance and improvement program of the internal audit activity
– Any significant changes in the internal audit charter, resources, or scope
– Any impairments or interferences in performing work or communicating results

The CAE should also solicit feedback from them on their expectations, satisfaction, and concerns regarding the internal audit activity.

– Review the involvement of the internal audit activity in non-audit activities. Non-audit activities are those activities that are not related to providing assurance or advice on governance, risk management, or control processes. Examples of non-audit activities include:

– Performing operational duties for other units or functions
– Implementing systems or processes
– Preparing financial statements or records
– Conducting investigations or audits on behalf of external parties

The involvement of the internal audit activity in non-audit activities may impair its independence or objectivity if it creates a conflict of interest or a self-review threat. Therefore, such involvement should be avoided or minimized as much as possible. If unavoidable.