While the Institute of Internal Auditors (IIA) has provided standards and guidelines for the practice of internal audit through the International Professional Practice Framework (IPPF), internal auditors and Chief Audit Executives (CAEs) continue to experience difficulties when attempting to balance the requirements of the IPPF with management expectations. The true challenge for any internal auditor is to appropriately apply the Standards while exerting adequate independence and objectivity in the face of management pressure.
In Leading the Internal Audit Function, Lynn Fountain presents lessons learned from her extensive experience as an internal auditor, internal audit manager, and CAE to help internal auditors understand the challenges, issues, and potential alternative solutions when executing the role. The book identifies more than 50 challenges for auditors and discusses potential alternative actions the auditor can take when they experience a similar challenge. The book explains how to:
- Build a value-oriented function that abides by the standards and supports the objectives and goals of the organization.
- Execute the many aspects of the internal audit, including assurance and consulting work.
- Build a risk-based audit process.
- Develop and sustain the internal audit team.
- Develop and manage relationships with management and the audit committee.
- Manage internal audit’s role in corporate governance, compliance, and fraud.
Leading the Internal Audit Function includes real-life examples, scenarios, and lessons learned from internal auditors and CAEs to emphasize the importance of carefully managing all aspects of the internal audit. The author summarizes her many lessons learned into ten "commandments" for both CAEs and internal auditors. By following the guidelines in this book, you should be well-equipped to gain management support, perform effective and ethical audits, and uphold IIA Standards.
Lessons of an Auditor
Introduction
Management’s View
Section 1: Lessons Learned
Introduction
Lesson 1: Clarify/Define Management Expectations for Internal Audit
Lesson 2: Balance Management Expectations with the International Institute of Auditors Standards
Lesson 3: Validate the Internal Audit Charter Is Fact and Not Fiction
Lesson 4: Clarify the Purpose and Execution of Risk-Based Auditing
Lesson 5: Define "Independent Risk Assessment" in Relation to the Audit Plan
Lesson 6: Add Value while Maintaining Independence
Scenario: When the CAE Is Expected to Be a Yes Man/Ma’am
Lesson 7: Serve the Audit Committee
Verbal Communication
Lesson 8: Communication of Issues When Management Objects
Lesson 9: Understand How the CAE Role and Audit Department Are Viewed
Lesson 10: Gaining a "Seat at the Table"
Section 2: Is It Legal or Is It Ethical?—The CAE’s Dilemma
Introduction
Everyone Is Responsible
Tone at the Top Is Essential
Honesty Is Still the Best Policy
Integrity Can Be a Measure of Ethics
Corporate Responsibility and Communications Must Be Prevalent
Silence Is Not Acceptable
Summary
Defining the Purpose of the Internal Audit Function
Introduction
Section 1: Understanding the Definition and Purpose of Internal Audit
Challenge 1: Independence and Objectivity
Challenge 2: Assurance and Consulting Activity
Challenge 3: Add Value and Improve an Organization’s Operation
Challenge 4: Disciplined Approach to Evaluate and Improve the Effectiveness of Risk Management, Control, and Governance Processes
Summary: Internal Audit Definition Challenges
Scope of Internal Audit
Professional Standards—Principles for Internal Auditor Effectiveness
Section 2: The Internal Charter—Reality or Fiction?
Introduction
Challenge 5: Internal Audit Charter
Challenge 6: Positioning and Authority
Section 3: Internal Audit versus Quality Assurance Functions
Introduction
Internal Audit versus Quality Assurance—The Reality
Mini-Audit Functions
Scenario: "Mini-Audit" Process
Challenge 7: Internal Audit versus Quality Assurance
Section 4: Management Expectations versus Standards
Introduction
Management Expectations and the Standards
Certified Internal Auditor
Challenge 8: Attribute Standards Integrity and Ethical Values
Challenge 9: Attribute Standards Proficiency and Due Care
Challenge 10: Attribute Standards Quality Assurance and Improvement
Section 5: Performance Standards
Introduction
Challenge 11: Performance Standard 2000
Section 6: Standards and Report Writing
Introduction
Challenge 12: Performance Standard 2400 Communicating Results
Section 7: Realities of Embracing Risk-Based Auditing
Introduction
Challenge 13: Risk-Based Auditing
Section 8: Internal Audit as Governance Pillar
Introduction
Challenge 14: Internal Audit’s Role in Governance
Summary
Building an Internal Audit Team
Introduction
Team First and the Leader Within
Section 1: Internal Audit Resourcing, Staffing, and Building a Team
Challenge 15: Internal Audit Team Structure
Challenge 16: Department Sourcing Methods
Challenge 17: Resourcing to Address Significant Risks
Section 2: Skills Requirements for an Effective Internal Auditor
Introduction
Technical versus Soft Skills
Balanced Skill Set
Challenge 18: Defining the Required Skill Set for Internal Auditors
Section 3: Internal Audit as a Management Training Ground
Introduction
Challenge 19: Internal Audit as a Management Training Ground
Section 4: Outsourcing, Co-sourcing, and In-sourcing
Introduction
Challenge 20: Outsourcing
Challenge 21: Co-sourcing
Challenge 22: In-sourcing
Summary
Section 5: Internal Audit Skill Sets and Knowledge
Introduction
Challenge 23: Maintaining Appropriate Skill Sets
Summary
Audit Plan
Introduction
Section 1: Developing an Independent Audit Plan
Introduction
Challenge 24: Audit Plan Time Frame
Challenge 25: Audit Plan Resource Allocation
Challenge 26: Audit Plan Development Approach
Challenge 27: Audit Plan Results
Section 2: The Risk Assessment Approach
Introduction
Challenge 28: Enterprise Risk Management Assessment
Challenge 29: Executing the Enterprise Risk Management Process
Challenge 30: Enterprise Risk Management Reporting versus Internal Audit Reporting
Executing Internal Audit Responsibilities
Introduction
Section 1: Aligning the Concept of Risk-Based Auditing
Introduction
Step 1: Understand the Process
Challenge 31: Audit Planning Phase
Step 2: Identify the Control Structure
Challenge 31 Potential Actions: Audit Planning Phase
Challenge 32: Individual Audit Area Control Environment
Challenge 33: COSO as Part of the Risk-Based Audit Process
Step 3: Understand, Identify, and Assess the Risks
Challenge 34: Understanding, Identifying, and Assessing Risk
Step 4: Measuring the Risk Impact
Challenge 35: Risk Tolerance versus Risk Appetite
Risk Appetite
Step 5: Summarizing Results and Identifying Risk- Mitigating Actions
Challenge 36: Summarizing Results and Identifying Risk-Mitigating Actions
Section 2: Internal Audit’s Role in Corporate Governance
Introduction
Challenge 37: Evaluating the Board of Directors
Board and Internal Control
Summary
Section 3: Internal Audit’s Role in Fraud Processes
Introduction
Pre-Sarbanes–Oxley Issues
Post-Sarbanes–Oxley
Challenge 38: Internal Audit’s Role in Fraud Awareness
Challenge 39: Internal Audit’s Role in Fraud Risk Assessment
Challenge 40: Internal Audit’s Role in Fraud Investigation
Summary
Section 4: Performing Consulting Engagements
Introduction
Challenge 41: Internal Auditors as Consultants
Internal Audit Reporting and Communication
Introduction
Section 1: Internal Audit Reporting Methods
Introduction
Challenge 42: Internal Audit Reporting Format
Challenge 43: Internal Audit Report Writing
Challenge 44: Management Action Plans versus Management Response
Challenge 45: Providing an Overall Internal Audit Opinion
Challenge 46: Management Representation at the Audit Committee Meeting
Section 2: Functional and Administrative Reporting Lines
Introduction
Challenge 47: Reporting to CFO or CLO
Challenge 48: Reporting to the CEO
Challenge 49: Reporting to the Audit Committee and Keys to Building Relationships
Section 3: Legal, Regulatory, and Discovery Concepts
Introduction
Challenge 50: Understanding the Legal Privilege
Section 4: When Adequate Management and Audit Committee Support Is Lacking
Challenge 51: Management and the Audit Committees’ View of Internal Audit Are Extremely Different from the Standards and Those of the CAE
Chapter 7 Final Word
Introduction
Ten "Potential" Commandments for Auditors
Biography
Lynn A. Fountain, CGMA, CRMA, MBA has over 35 years of experience in the business profession, which includes public and industry accounting and over 20 years within internal and external auditing combined. She is a nationally recognized trainer and speaker and also a published author of both a personal book and professional books. Ms. Fountain is a subject matter expert and specializes in internal audit, Sarbanes-Oxley, Enterprise Risk Management, fraud, governance, ethics, and compliance. Ms. Fountain has held two Chief Audit Executive positions for international companies. She has also been instrumental in the establishment of ERM, Sarbanes-Oxley, and governance frameworks. Ms. Fountain obtained her BSBA from Pittsburg State University and her MBA from Washburn University in Kansas. She also holds her certificate in Certified Public Accountancy.