3. SCOPE OF THE INTERNAL AUDIT FUNCTION
|
EXECUTIVE SUMMARY:
How internal audit and business risk are connected. B.r. can not be eliminated, but it must be managed by the company
The internal audit has a twofold role in relation to business management:
-monitoring the overall risk management policy
-monitoring the strategies implemented to ensure that they continue to operate effectively
The responsibility of preventing and detecting fraud is on the directors and those charged with governance
The main limitation in internal audit are concerned with the independence/objectivity, dual reporting and qualification
|
What is the connection between internal audit and business risk?
Business risk refers to a threat to the company’s ability to achieve its financial goals. In business, risk means that a company’s or an organization’s plans may not turn out as originally planned or that it may not meet its target or achieve its goals.
Risks are inherent to every environment and business. They cannot be avoided and, therefore, must be addressed head-on to minimize their impact. The first step in risk management is to identify the risks in order to come up with a risk management strategy.
And, as we know, internal audit is responsible in ensuring that the company’s risk management operates effectively through monitoring. the key part of risk management is designing and operating internal control systems
Identify risks Determine company policy Implement strategy
What is the connection between internal audit and the error and fraud detecting functions?
Fraud is a key business risk. Since the internal audit is responsible for monitoring the risk management, it may assist in detecting fraud, although it is out of the scope of responsibility.
The internal audit may ensure the adequate control systems by conducting periodic checkings and, thus, help in preventing the fraud
What are the limitations of the internal audit function?
Independence/objectivity
As internal auditors are employed within the company, this might affect their ability to express independent opinion in reports to those charged with governance (because of perceived threats to their continued employability)
Dual reporting relationship
Best practice indicates reporting to both management and audit committee(who will pass it later to the board). If this practice is not implemented, management may be able to unduly influence the internal audit plan, scope and whatever possible.
Qualification
Internal auditors are not required to be professionally qualified and so there may be limitations to their knowledge and technical expertise.
Do'stlaringiz bilan baham: |