A.
Internal Audit and the Audit Committee
1. Describe the relationship between internal audit and the audit committee? (2)
The relationship between the audit committee and the internal auditors is important for
both parties to fulfill their job commitments. The internal auditors provide the committee
with the necessary information to which they have direct access, same as the
organization’s management, in order to enable the audit committee to accomplish its
oversight and monitoring mission. On the other hand, the audit committee supports the
position of the internal audit function and submits management’s irregularities and other
relevant managerial and financial issues to the board of directors, after discussing such
issues with the internal auditors and relevant other parties. Therefore, the relationship
between the two is mutual because both of them are working together and benefitting
from each other.
2. The Chief Audit Executive (Internal Audit Office, reports administratively to the CEO,
this administrative reporting line is necessary for Internal Audit to carry out efficiently its
role or mandate. What are the typical inclusions in the administrative reporting of
internal audit to the CEO? (2)
Administrative reporting is the relationship within the organization's management
structure that facilitates day-to-day operations of the internal audit activity and provides
appropriate interface and support for effectiveness. The administrative reporting line to
the CEO would typically include budgeting and management accounting; human
resource administration; internal communications; and internal administrative matters
such as expense approvals, leave approvals and logistics
3. In the conduct of internal audit engagement, how does internal audit obtain and
sustain the expertise it needs? (2)
Internal auditing calls for a diverse set of knowledge, skills and experience. It is critical
that the internal audit staff have the skills, industry knowledge and experience
(supplemented where necessary by external resources) to provide the control
assurance and related advice that the Audit Committee requires. Chief Audit Executives
should not plan or accept assignments unless they are able to staff them competently,
as this can provide false assurance or weaken the function’s reputation. Consideration
should be given to using the expertise of other corporate staff, engaging outside experts
or outsourcing where the necessary skills do not reside within Internal Audit. Internal
Audit should periodically report to the Audit Committee on its staff capabilities including
academic and professional qualifications and years of audit, industry and organizational
experience.
4. How is the internal audit plan developed and what does the internal audit plan not
cover? (2)
The Chief Audit Executive prepares an annual audit plan based on a comprehensive
review and analysis of the organization’s business activities and associated risks.
�Where an enterprise risk management process is already in place, this will provide a
critical basis for developing an audit plan aligned with corporate priorities. The Chief
Audit Executive seeks management input and agreement on the scope and priority of
the proposed audit projects. The external auditors are consulted and their input and
audit scope considered in developing the plan. They also receive a copy of the final
audit plan. The Audit Committee reviews the audit plan and assesses its adequacy
based on their knowledge of the industry and the organization. Before they approve the
final audit plan they satisfy themselves that it covers the areas of risks for which they
require independent assurance from Internal Audit. The Chief Audit Executive informs
the Audit Committee of any significant changes to the audit plan during the year.
Omissions from the audit plan may expose the organization’s CEO and Board to
unnecessary risk. Ideally, the committee, senior management and the Chief Audit
Executive should agree on those areas of risk that will not be audited and the reasons.
Audit Committee members should be alert to the possibility of under-funding of the
internal audit function.
5. How are internal audit findings reported? How corporate managers required to
respond to internal audit findings and recommendations? Please elaborate (2)
Audit reports, as historical records of audit work and findings, are in writing and include
the scope and objectives of the audit, the findings and recommendations for improving
control. The Chief Audit Executive provides summaries of audit reports to senior
management and the Audit Committee. The level of detail depends on the size of the
organization but is sufficient to allow the Audit Committee to understand the types and
frequency of control issues that Internal Audit raises and how management is
responding to them. Periodically, the Audit Committee asks to see a detailed internal
audit report to understand the methodology and quality of reporting.
6. Who audits the Internal Audit? (2 pts)
The International Professional Practice Framework (IPPF)’s mandatory elements
recognized in IA charters require internal audit functions to develop and maintain a
Quality Assurance and Improvement Program (QAIP) that covers all aspects of IA
activity. According to the IPPF Implementation Guides, the QAIP is designed to
evaluate the IA activity’s conformance with the International Standards for the
Professional Practice of Internal Auditing (the Standards, for short) and the internal
auditor’s compliance with the IIA’s Code of Ethics. As such, it must include ongoing and
periodic internal assessments as well as external assessments by a qualified
independent assessor or assessment team.
B. Types of Audit
7. Please answer the following questions pertaining to the different types of audit?
a. Environmental Audit - Give at least 3 reasons why businesses should improve their
environmental performance. (3 pts)
� 1. Cost savings and improved productivity
2. Legal compliance
3. Greater investment opportunities
b. Due Diligence Audit - As auditors, we anticipate that the due diligence process will
cause us to identify checklist and additional items that we will need to request and
review. Example of this is the acquisition of a 5- hectare raw land intended to construct
a power plant. Why the conduct of due diligence audit in this particular example? What
are the elements that should be looked into prior to any decision to close the deal? (4
pts)
The due diligence audit is applicable to the example because it is about an undertaking
of a major purchase, which is the land. As what I have read, due diligence audit is about
investigation by or on behalf of an intended buyer of a business to check that it has the
desired assets, turnover, profits, market share positions, technology, customer
franchise, patents and brand rights, contracts, and other attributes required by the buyer
or claimed by the seller.
When buying land, due diligence on the seller and the land itself is a must. Do not rely
solely on the title furnished by the seller. One must conduct his own investigation by
going to the Land Registration Authority (LRA) and verify the title himself. The LRA has
microfilms of land titles in the Philippines. One must also ascertain if the land is subject
of litigation. Pertinently, one must also personally conduct an ocular inspection of the
land to see if there are occupants, lessees and informal settlers. It must be noted that
the buyer is obliged to respect the existing lease on the property. More importantly, one
cannot just forcefully evict the occupants therein but must instead lodge the necessary
unlawful detainer or forcible entry case before the courts.
c. Program Results Audit - One of a typical example of this is Retrenchment Program
of affected employees due to automation. The important processes that HR undertakes
are the following: a. Planning and implementation; Managing complex layoffs;
Communication planning; Planning checklist; Resources to help employees. Assuming
that the company has just implemented its automation project; Why do the auditor
considers with utmost confidentiality the conduct of this particular audit? (4 pts)
In order to let internal auditors, know what is happening early in the process, it may be
necessary to require that they keep the information confidential until, for example,
disclosure has been made to markets, other financial partners, or shareholders. This
can be a difficult route to take, as the internal auditors may feel an obligation to talk with
the workforce to try to gauge their reaction.
d. Compliance Audit - Give 2 examples of an audit engagement and state the
purposes for the conduct of compliance audit (4)
1. Assessing organization’s compliance - Social compliance and sustainability
codes of conduct define employee working rights, health and safety rights, and
environmental sustainability standards. Audits verify that suppliers and facilities
� in a supply chain adhere to the guidelines. Nonconformities may trigger
sanctions, including loss of brand business.
2. Evaluating Entity’s policy, procedure, and processes - The compliance auditor
also performs its audit again entity’s internal policy, procedure, and processes.
Those internal policies and procedures are very important to the entity for
sustainable growth. Fail to comply with the internal policy and procedure might
lead to a waste of time and resources. Serious in-compliance could lead to
serious fraud.
e. Financial Audit - Some cases involved the auditor’s failure to examine relevant
supporting documents (for example, examining a draft, instead of a final, sales contract)
or failure to perform steps listed in the audit program. Overall, this failure contributed to
management’s success in overstating assets, the most common fraud technique.
You're therefore to give statements at least 2 on those issues that the auditor failed to
apply in the audit of the financial statements. (4 pts)
The most common deficiencies all reflect engagement management problems affecting many
areas of the audit: a failure to gather sufficient, competent evidence, lack of due care and lack of
professional skepticism. In many cases, the best remedy for such problems is for auditors to
develop a properly designed and executed quality control system. Such a system creates a
culture that encourages all members of the audit team to maintain a baseline acceptable level of
performance, regardless of perceived day-to-day engagement and firm pressures.
CPA firms should evaluate their own quality control systems to ensure policies and procedures
emphasize the importance of proper audit planning, supervision and review, including timely
involvement by engagement and concurring partners. Additionally, firms should reexamine
existing quality control procedures to make sure they are detailed enough to assure firm leaders
that audit teams are examining appropriate documentation (final documentation, not drafts) and
that teams complete all audit program steps. Those procedures should emphasize that auditors
should corroborate management representations with additional evidence and not overuse
management inquiry as a form of audit evidence.
f. Operations Audit - Listen carefully and please share your takeaways on The Rise and Fall of
Nokia specifically its "FALL". (6) pts)
After watching the video, which is about the rise and fall of Nokia, I realized how important it is
for an organization to have an operational audit to safeguard its success. As what I have
understood from the discussions in the class and from the articles that I have read, operations
audit is a forward looking process. The findings of operational audits are intended to diagnose
which areas need attention and to safeguard assets by averting potential future risks. This aids
organizations in attaining continuous improvement, which Nokia definitely lacks.
In the video, Nokia was the largest mobile phone in the world. It has achieved consistent sales
and market leadership for many years that it thought won’t last. With the emergence of Android
and iOS phones, Nokia slowly losing its name as the “market leader” for phones. While Nokia is
falling from its dominance in the market – it has lost huge amount of sales, cut large number of
�its employees, changed its organizational structure, led its shares’ value falling down, shut down
its last factory in Finland, and finally lost its company to Microsoft.
This fall of Nokia, I guess, is a result of failure to recognize the essence of having an operations
audit within its organization.
