审计风险外文文献
Independent audit risk analysis and preventive measures Abstract
Previous studies have utilized a variety of approaches to determine appropriate criteria to evaluate the effectiveness of the internal audit function. For example, considered the degree of compliance with standards as one of the factors which affects internal audit performance. A 1988 research report from the IIA-United Kingdom(IIA-UK ,1988)focused on the perceptions of both senior management and external auditors of the value of the internal audit function. The study identified the difficulty of measuring the value of services provided as a major obstacle to such an evaluation. Profitability, cost standards and the effectiveness of resource utilization were identified as measures of the value of services. In its recommendations it highlighted the need to ensure that audit work complies with SPPIA.
In the US, Albrecht et al.(1988)studied the roles and benefits of the internal audit function and developed a framework for the purpose of evaluating internal audit effectiveness. They found that there were four areas that the directors of internal audit departments could develop to enhance effectiveness: an appropriate corporate environment, top management support, high quality internal audit staff and high quality internal audit work. The authors stressed that management and auditors should recognize the internal audit function as a value-adding function to the organization. In the UK, Ridley and D’Silva (1997) identified the importance of complying with professional standards as the most important contributor to the internal audit function adding value.
Key words
Audit,Risk, Internal Control, Auditing
Compliance with SPPIA
A number of studies have focused on the SPPIA standard concerned with independence.Clark et al.(1981) found that the independence of the internal audit department and the level of authority to which internal audit staff report were the two most important criteria influencing the objectivity of their work. Plumlee (1985) focused on potential threats to internal auditor objectivity,
particularly whether participation in the design of an internal control system influenced judgements as to the quality and effectiveness of that system. Plumlee found that such design involvement produced bias that could ultimately threaten objectivity.
The relationship between the internal audit function and company management more generally is clearly an important factor in determining internal auditor objectivity. Harrell et al. (1989) suggested that perceptions of the views and desires of management could influence the activities and judgement of internal auditors. Also, they found that internal auditors who were members of the IIA were less likely to succumb to such pressure.Ponemon (1991) examined the question of whether or not internal auditors will report sensitive issues uncovered during the course of their work. He concluded that the three factors affecting internal auditor objectivity were their social position in the organization, their relationship with management and the existence of a communication channel to report wrongdoing.
The independence of internal audit departments
Commentators and standard setters identify independence as being a key attribute of the internal audit department. From the questionnaire responses 60 (77%) of the internal audit departments stated that there was a written document defining the purpose, authority and responsibility of the department. In nearly all instances where there was such a document the terms of reference of the internal audit department had been agreed by senior management (93%), the document identified the role of the internal audit department in the organization, and its rights of access to individuals, records and assets (97%), and the document set out the scope of internal auditing (90%). Respondents were asked to assess the extent to which the relevant document was consistent with the specific requirements of SPPIA. In those departments where such a document existed 27 (45%) claimed full compliance with SPPIA, 23 (38%) considered their document to be partially consistent with SPPIA. In more than one-third of the departments surveyed either no such document existed (n =18,
23%) or the respondent was not aware whether or not the document complied with SPPIA (n =10, 13%).
SPPIA suggests that independence is enhanced when the organization’s board of directors concurs with the appointment or removal of the director of the internal audit department, and that the director of the internal audit department is responsible to an individual of suitable seniority within the organization. It is noticeable that in 47 companies (60%) their responsibilities with regard to appointment, removal and the receipt of reports lay with non-senior management, normally a general manager. SPPIA recommends that the director of the internal audit department should have direct communication with the board of directors to ensure that the department is independent, and provides a means for the director of internal auditing and the board of directors to keep each other informed on issues of mutual interest. The interviews with directors of internal audit departments showed that departments tended to report to general managers rather than the board of directors. Further evidence of the lack of access to the board of directors was provided by the questionnaire responses showing that in almost half the companies, members of the internal audit department have never attended board meetings and in only two companies did attendance take place regularly.
Unrestricted access to documentation and unfettered powers of enquiry are important aspects of the independence and effectiveness of internal audit. The questionnaire responses revealed that 34 (44%) internal audit directors considered that they did not have full access to all necessary information. Furthermore, a significant minority (n =11, 14%) did not believe they were free, in all instances, to report faults, frauds, wrongdoing or mistakes. A slightly higher number (n =17, 22%) considered that the internal audit function did not always receive consistent support from senior management.
SPPIA identifies that involvement in the design, installation and operating of systems is likely to impair internal auditor objectivity. Respondents were asked how often management requested the assistance of the internal audit department in the performance of non-audit duties. In 37 internal audit
departments (47%) surveyed such requests were made sometimes, often or always, and only 27 (35%) departments never participated in these non-audit activities. The interviews revealed that in some organizations internal audit staff was used regularly to cover for staff shortages in other departments.
Woodworth and Said (1996)sought to ascertain the views of internal auditors in Saudi Arabia as to whether there were differences in the reaction of auditees to specific internal audit situations according to the nationality of the auditee. Based on 34 questionnaire responses from members of the IIA Dhahran chapter, they found there were no significant differences between the different nationalities. The internal auditors did not modify their audit conduct according to the nationality of the auditee and cultural dimensions did not have a significant impact on the results of the audit.
Given the importance of complying with SPPIA, the professional and academic literature emphasizes the importance of the relationship between the internal audit department and the rest of the organization in determining the success or otherwise of internal audit departments (Mints,1972;Flesher,1996;Ridley & Chambers,1998 and Moeller & Witt,1999). This literature focuses on the need for co-operation and teamwork between the auditor and auditee if internal auditing is to be effective.Bethea (1992) suggests that the need for good human relations’ skills is important because internal auditing creates negative perceptions and negative attitudes. These issues are particularly important in a multicultural business environment such as Saudi Arabia where there are significant differences in the cultural and educational background of the auditors and auditees Woodworth and Said (1996). Reasons for not having an internal audit department
Of the 92 company interviews examining the reasons why companies do not have an internal audit function, the most frequent response from 52 companies (57%) was that reliance on the external auditor enabled the company to obtain the benefits that might be obtained from internal audit. Typically, interviewees argued that the external auditor is better, more efficient and saves money. Interviews with the external auditors revealed that client companies could not
distinguish clearly between the work and roles of internal and external audit. For example, one external auditor said,
there is a misperception of what the external auditor does, they think the external auditor does everything for the company and must discover any problem.
Having said this, one external auditor doubted that an internal audit function would add value in all circumstances. When referring to the internal control system he stated,
as long as they are happy with the final output, I think the internal audit function will not add value. External auditing eventually will highlight any significant internal control weakness.
The second most frequent reason mentioned by interviewees (23 firms, 25%) for not operating an internal audit department was the cost/benefit trade-off. Specifically, 17 firms considered that the small size of the company and the limited nature of its activities meant that it would not be efficient for them to have an internal audit department. The external auditors interviewed were of the opinion that the readily identifiable costs as compared with the more difficult to measure benefits was a factor contributing to this decision.
A number of other reasons were given by interviewees for not having an internal audit department. As a consequence of the high costs of conducting internal audit activities, 14 firms used employees who were not within a separate internal audit department to carry out internal audit duties. Eight companies did not think there was a need for internal audit because they believed their internal control systems were sufficient to obviate the need for internal audit. Five companies did not think that internal audit was an important activity and three felt that their type of the business did not require internal audit. Three respondents mentioned that they did not operate an internal audit department because professional people could not be found to run the department, and six companies did not provide a reason for not having an internal audit department. In 10 companies an internal audit d
Internal audit risks include the inherent risks and control risks. The inherent risks is the assumption that has nothing to do with internal accounting
controls, the units being audited financial statements and the overall balance of the account of a business or the possibility of a major error, that is caused by the audit unit economic characteristics of business and accounting work itself the formation of the lack of audit risk. Some enterprises such as the lack of due attention to the accounting system, account system complex, reducing clarity of accounting information, reports, use of difficulty, cost, cost of lack of cost accounting concepts. Control risk refers to as a result of inadequate internal control system perfect, weak internal control behavior, not timely detection and correction of a business account or a major error in the formation of audit risk. Sometimes, even if the auditors audited units to confirm the internal control system is unreasonable or out of control in key areas, the amendments proposed by the audit can really suitable for operating activities, but will also create a risk amendment.
First, the internal audit risk causes
1. The independence of the internal audit agency enough
Internal audit body is set up units in institutions, in the unit under the leadership of the responsible persons to work as a unit of service. Therefore, the independence of internal audit as social audit, the audit process, inevitably affected the interests of the unit constraints. OIA staff faced with the unit leadership was among the leadership and the leadership of the relationship, as well as with various sections, the relationship between colleagues, people are not involved in the leadership of my colleagues is, non-directly related to also indirectly related to the audit process and conclusions will inevitably involve the interests of specific individuals, which inevitably affected the audit process for all categories of personnel interference.
2. Internal audit operations personnel ill-equipped
The quality of auditors is to determine the size of audit risk factors. The quality of the audit including those engaged in the audit of the policies and regulations need to level of expertise, experience, skills, audit professional ethics and work responsibilities.
Audit experience, the audit staff should have an important skill, the need for the audit practice of the accumulation of experience. China's internal audit staff, many people only familiar with the financial and accounting operations, some auditors do not understand the business activities of this unit and internal controls, audit limited experience. In addition, the internal audit staff responsibilities and professional ethics is the impact of audit risk factors. Because of China's internal guidelines for the work of norms and ethical standards still some gaps, and many internal organs and personnel lack of occupational norms bound and guidance. In short, China's overall quality of the low OIA staff and directly affected the internal audit work carried out by the depth and breadth. Faced with the complexity of today's OIA object and content development, internal audit staff and powerful single force book, which will directly lead to the selection of audit risk.
3. Internal audit of the scientific method is not strong
China's system of internal audit is the basis of the audit, with the internal operation and management of environmental complicated models are not suited to carry out this audit internal management audit of the needs, because it is overly dependent on the internal management of enterprises controlled test, in itself a huge potential the risk of internal audit generally use statistical sampling methods, as a result of the sample itself is based on a sample audit of the results of the review can be inferred from the general characteristics, therefore, between the samples and the overall form is bound to a certain degree of error, the formation of audit sampling risk. With the degree of information technology improved, the audited accounting information will be more and more errors and false accounting information doped them, and failed to investigate the possibility of also increasing. Although the survey sample is built on the solid foundation of mathematical theory, but its existence is to allow a certain degree of audit risk. Similarly, a large number of analytical review will also have associated risks, so that the composition of the contents of audit risk is more complicated.
4. Internal Audit management systems
Internal audit management system construction and implementation of internal audit is the prerequisite and foundation. Sound and effective internal management system to detect and control of enterprise economic activity occurring in a variety of errors and fraud. To ensure the quality of internal audit, internal audit organizations should establish a perfect quality control system, however, some audit institutions still lack of prior audit plan, a matter of auditing procedures and audit review of the reporting period; the audit working papers incomplete, generally only Records of audit matters, not the recording of audit staff that the correct audit matters, making the audit review, audit quality control no way; to coordinate the relationship between the audit report as a starting point to certain performance-based, qualitative ambiguous issues. More than the existence of the status quo, making the internal audit quality assurance become an empty talk, let alone ward off risks.
Second, reduce the risk of internal audit ways
1. Strengthen the internal audit of the legal system
Improve and perfect the legal system for the audit of internal audit is the basis of risk control measures. Audit norms, the audit staff code of conduct and guidelines, not only to control and reduce audit risk, but also to measure auditors liability standards. China's internal audit late start compared with Western countries in the relevant system-building there are many imperfections. In order to adapt to the continuous development of modern internal audit requirements, it is necessary to strengthen the audit work of legalization and standardization construction to minimize the audit work of blindness and randomness.
2. To ensure the independence of internal audit
The independence of the internal auditor can make a fair and impartial professional judgment, which is appropriate to carry out the audit work is essential. The independence of internal audit bodies connotation should be reflected mainly in the form of independence and de facto independence in two
ways. Formal independence requirements of internal audit in the organization of organizations with high status, the internal auditor should have access to senior management and board of directors support. Essentially refers to an independent internal audit staff in the spirit of the need to maintain the necessary independence, should be a fair and just manner and avoid conflicts of interest, in carrying out internal audit work, to maintain an honest belief in compliance with the Code of Ethics for the entire audit process does not make a significant compromise.
Access to senior management and board of directors support. Essentially refers to an independent internal audit staff in the spirit of the need to maintain the necessary independence, should be a fair and just manner and avoid conflicts of interest, in carrying out internal audit work, to maintain an honest belief in compliance with the Code of Ethics for the entire audit process does not make a significant compromise.
References:
[1] Qiu Jia: On the internal audit and internal control relationship. Consumer Guide, 2008.2:84
[2] Fan Wen-Yan ,etc: On the internal audit function of the advisory services. Network wealth 2008.06:52 ~ 53
[3] Duan Lin: Internal Audit: Risk Management grasps. China's oil companies, 2007.12:31 ~ 33
[4] Liu Li: Corporate Internal Audit Risk Analysis and Countermeasures to circumvent. Commercial accounting, 2008.12:46 ~ 47
[4] Zhao Qing: Reduce the risk of internal audit ways. Xi'an University of Architecture and Technology Journal, 2008.02:17 ~ 20
[5] Zhang Xiao-Lan,etc: internal audit risks and preventive measures. Leshan Teachers College Journal, 2007.08:52 ~ 53
[6]Zhou Li-Qiong: enterprise internal audit risk management. Entrepreneurs world, 2007.10:77 ~ 80