Nicodemus, Daena D.

A-331 AAPRINCIPLES

Journal 16: Internal Auditing (Auditing and Assurance Principles)

1. Describe the nature of work of an internal auditor. Identify necessary items

of performance of an internal audit charter.

In Nature and Scope of Internal Audit (n.d.), the nature of Internal Audit

are enumerated and described as follows:

a. Independent – This means that the auditor should work independently

wherein the audit work should be pree from restrictions that may have

a significant impact on the effectiveness and the scope of the review

process as well as on the reporting of the conclusions and findings.

With independence, the internal audit work is detached from the

organization’s day to day operations.

b. Appraisal – It means a critical assessment and evaluation of the

existing operations and controls of the business enterprise. There

should be appraisal made by the internal auditor on the basis of the

appropriate criteria.

c. Established – Established is the nature of internal audit in which it

states that the management should organize an independent internal

audit department and that the duties should be assigned specifically to

the department.

d. Examine and Evaluate – This is when the terms of the examination

and also that of evaluation describe the two fold functional roles and

responsibilities of the internal auditor. The internal auditor should make

an examination and inquiry for fact finding and that he should make

judgmental evaluation after thorough examination.

e. Activities of the Organization – Internal audit aims at conducting a

systematic examination of procedures, operations, and records of an

organization. With this, the internal auditor must also carefully examine

the controls established inside the organization in which this is control

over other controls and controls are essential for every organization.

f. Service – Internal audit is a service to the whole organization in which

the internal auditor is an employee of the organization.

g. To the Organization – The primary concern of the internal auditor is to

render any service to the management not only top management but

all other managerial as well as the operating staff.

The internal audit charter must define at minimum the internal audit’s

purpose within the organization, responsibility, position within the organization,

and its authority (Insitute of Internal Auditors, 2019).

It must also contain the following as stated by the ACA Compliance Group

(2019):

a. Mission and Purpose

b. Adherence to the International Standards for the Professional Practice

of Internal Auditing

c. Authority

d. Independence and Objectivity

e. Scope of Internal Audit Activities

f. Responsibility

g. Quality Assurance and Improvement Program

2. What are the roles of an internal auditor in various scenarios on risk

management?

The core role of an internal auditor in terms of enterprise-wide risk

management or ERM is to provide objective assurance to the board with regards

to the risk management’s effectiveness. However, with regards to the specific

roles of internal auditors in ERM, according to the Institute of Internal Auditors

(2009), the specific roles are:

a. Core internal audit roles in regard to ERM

 Giving assurance on the risk management process

 Giving assurance that risks are correctly evaluated

 Evaluating risk management processes

 Evaluating the reporting of key risks

 Reviewing the management of key risks

b. Legitimate internal audit roles with safeguards

 Facilitating identification and evaluation of risks

 Coaching management in responding to risks

 Co-ordinating ERM activities

 Consolidated reporting on risks

 Maintaing and developing the ERM framework

 Championing establishment of ERM

 Developing RM strategy for board approval

c. Roles internal audit should not undertake

 Setting the risk appetite

 Imposing risk management processes

 Management assurance on risks

 Taking decisions on risk response

 Implementing risk responses on management’s behalf

 Accountability for risk management

3. What are the roles of an internal auditor in the following?

1. Business continuity process

As stated by Bailey (2005), with regards to the business continuity

process, auditors must evaluate the business if it is ready for continuity. The

internal audit must also assess the business continuity process of the

organization on a regular basis. Internal auditors also play a role in the

planning of the organization to include risk management in which the internal

audit activyt can help by means of the assessment of the internal and external

environment of an organization. There also exists the role of internal audit to

evaluate the BCP/DRP during the formulation wherein internal auditors are

expected to have an thorough understanding of the business as well as of

indeoendent relationships and individual functions.

Internal audit also has the role of reviewing the proposed business

continuity and disaster recovery plans for completeness, the design, and

overall adequacy in which during the recovery period, internal Internal audit

should monitor the effectiveness of the recovery and control of operations,

recommend improvements to the BCP, internal audit can also provide support

during the recovery activities, and internal auditors can assist in identifying

the lessons learned from the disaster and the recovery operations. Lastly,

there must be periodical audit of the BCPs/DRPs of the organization wherein

adequacy to ensure the timely resumption of operations and processes after

adverse circumstances, and it reflects the current business operating

environment.

2. Evaluating an organization’s privacy network

In the privacy framework, internal audit plays a vital role as it is able to

evaluate the privacy framework that consists of the procedures, controls, and

policies wherein it also identifies significant risks, and makes

recommendations that are appropriate to enhance the privacy framework.

According to the Institute of Internal Auditors (2012), the following must be

considered in terms of internal auditing’s role in the privacy network:

a. Liaising with legal counsel to understand legal implications:

 Laws and regulations in all jurisdictions in which business is

conducted.
Nicodemus, Daena D. A-331 AAPRINCIPLES

 Impact of laws and regulations in all jurisdictions in which

personal information transverses, is collected, or is stored.

 Determine whether the privacy assessment should be under

attorney-client privilege.

b. Liaising with persons responsible for privacy within the organization

to understand:

 Internal privacy policies and guidelines.

 Privacy policies intended for customers and the public.

 The maturity of the organization’s privacy controls.

c. Liaising with IT specialists and business process owners to

understand information security implications:

 Internal security policies and procedures.

 Security policies communicated to customers and the public.

 Information flows, system controls, storage, and use of

personal information.

 Incident response programs and plans.

3. Use of Personal Information

According to Cross Country Consulting (2020), when it comes to the

use of personal information, the role of internal auditing is to enable

organizations to comply effectively by engaging early and frequently in the

data protection lifecycle, as through advising on the status of controls that are

current, performing detailed testing of systems that hold personal data, and

performing privacy risk assessments. Furthermore, an internal audit team that

is highly involved in advising business units on data issues, while not

designing or implementing controls, can safely leverage data to its full value

and also help meet regulatory requirements.

References

ACA Compliance Group. (2019, October 4). 7 Vital Components of an Internal Audit

Charter. [Link]

audit-charter

Bailey, D. (2005). The Role of Internal Audit in Business Continuity Planning.

[Link]

presentations/archived/The%20Role%20of%20Internal%20Audit%20in

%20Business%20Continuity%[Link]

Cross Country Consulting. (2020, May 27). Data Privacy and Internal Audit: Partners in

Compliance. [Link]

internal-audit-partners-in-compliance

Institute of Internal Auditors, (2009). IIA Position Paper: The Role of Internal Auditing in

Enterprise-Wide Risk Management. [Link]

guidance/Public%20Documents/PP%20The%20Role%20of%20Internal

%20Auditing%20in%20Enterprise%20Risk%[Link]

Institute of Internal Auditors. (2012). Auditing Privacy Risks.

[Link]

Institute of Internal Auditors. (2019). The Internal Audit Charter: A Blueprint to

Assurance Success. [Link]

[Link]
Nicodemus, Daena D. A-331 AAPRINCIPLES

Nature and Scope of Internal Audit. (n.d.). Account Learning.

[Link]

%20Audit%20is%20a%20control,like%20waste%2C%20loss%2C%20etc.