Professional Practice Of Internal Auditing Research Articles

Administrative-legal and organization-management conditions of audit in the public finance sector units

Internal audit is performed in a diverse legal and cultural environment, for organizations that differ in their goals, size, complexity and structure. Internal auditing is performed by people both inside and outside the organization. Although the aforementioned differences may affect the practice of auditing in different environments, the application of the International Standards for the Professional Practice of Internal Auditing is an essential condition for the internal auditor and internal audit to fulfill their duties. Internal control is an immanent feature of the management process. In the functional sense, it is performed by each employee, in the institutional sense by a separate internal cell. Hence, the control system consists of: internal cells in the organizational structure, internal regulations, procedures and other control mechanisms in the enterprise/unit. Internal control operates on an ongoing basis and can respond immediately to any irregularities. Financial control is a special type of internal control - it deals with finances. Internal audit comes into contact with internal control during one of the many activities it undertakes, namely the examination and evaluation of the effectiveness of the existing internal control system.

Використання можливостей внутрішнього аудиту при оцінюванні якості трудових відносин та процесів формування і розвитку кадрового потенціалу суб’єктів господарювання

The purpose of this study is to specify the specifics of internal audit in the field of labor relations and human resources, taking into account the current requirements of the International Standards for the Professional Practice of Internal Auditing, and to substantiate the main types of engagements to be performed by internal auditors. It is substantiated that the engagements performed by internal audit are actually represented by two large groups: assurance engagements and consulting services. These trends correspond to the development of the content of the audit (transition to a broad interpretation and transformation into an assurance engagement) and a fundamental change in the role of the audit - a combination of the advisory and assurance functions. The author proposes to define internal audit in the field of labor relations in order to be fully in line with international standards, which is proposed to be considered as an independent, objective activity to provide assurance on the compliance of labor processes (human resources, personnel management) with the established evaluation criteria and advisory services that should benefit the organization, increase its value and improve its performance. The purposes that can be set for the internal audit service in the field of labor relations and human resources are highlighted and possible evaluation criteria and their limitations are identified. The distribution of functions and responsibilities in the performance of assurance engagements by the internal audit service is specified. The presented developments should form the basis of such a document as the internal audit charter, since the Atributes Standards of the International Standards for the Professional Practice of Internal Auditing (Section 1000 – Purpose, Authority, and Responsibility) stipulate that the purpose, authority, and responsibility of the internal audit function should be formally defined in the internal audit charter. It is substantiated that the development of such a document detailing the types of engagements to be performed by the internal audit service in the field of labor relations and human resources potentially possible for a particular enterprise is an important area for further research.

Використання можливостей внутрішнього аудиту при оцінюванні якості трудових відносин та процесів формування і розвитку кадрового потенціалу суб’єктів господарювання

The purpose of this study is to specify the specifics of internal audit in the field of labor relations and human resources, taking into account the current requirements of the International Standards for the Professional Practice of Internal Auditing, and to substantiate the main types of engagements to be performed by internal auditors. It is substantiated that the engagements performed by internal audit are actually represented by two large groups: assurance engagements and consulting services. These trends correspond to the development of the content of the audit (transition to a broad interpretation and transformation into an assurance engagement) and a fundamental change in the role of the audit - a combination of the advisory and assurance functions. The author proposes to define internal audit in the field of labor relations in order to be fully in line with international standards, which is proposed to be considered as an independent, objective activity to provide assurance on the compliance of labor processes (human resources, personnel management) with the established evaluation criteria and advisory services that should benefit the organization, increase its value and improve its performance. The purposes that can be set for the internal audit service in the field of labor relations and human resources are highlighted and possible evaluation criteria and their limitations are identified. The distribution of functions and responsibilities in the performance of assurance engagements by the internal audit service is specified. The presented developments should form the basis of such a document as the internal audit charter, since the Atributes Standards of the International Standards for the Professional Practice of Internal Auditing (Section 1000 – Purpose, Authority, and Responsibility) stipulate that the purpose, authority, and responsibility of the internal audit function should be formally defined in the internal audit charter. It is substantiated that the development of such a document detailing the types of engagements to be performed by the internal audit service in the field of labor relations and human resources potentially possible for a particular enterprise is an important area for further research.

A risk-based internal audit methodology for Greek local government organizations

Internal audit activities have been expanded worldwide in order to protect local government organizations and, in particular, municipalities. Although several previous studies have examined internal auditing in local government organizations worldwide and provided further development in this area, none of them have developed a methodology for identifying and evaluating the possible risks when preparing an audit plan in municipalities in relation to Greece and elsewhere. This paper aims to address this gap and to ensure the adequate identification, assessment and linkage of the risks that characterize the municipality within the audit universe, leading to the corresponding preparation of an audit plan based on audit priorities. Further, the proposed methodology follows the International Professional Practices Framework and the International Standards for the Professional Practice of Internal Auditing.

TÜRKİYE’DE BAĞIMSIZ DENETÇİLERİN İÇ DENETÇİ ÇALIŞMALARINDAN FAYDALANMASI ÜZERİNE BİR ARAŞTIRMA

Uluslararası Denetim Standartları kapsamında bağımsız denetim risk odaklı bir yaklaşım ile yürütülmektedir. Bu anlayış çerçevesinde iş süreçlerinde finansal tablolarda önemli yanlışlığa sebep olabilecek yapısal riskler belirlenir, işletmenin bu riskleri yönetebilmek için geliştirdiği kontroller tespit edilir ve bu kontrollerin test edilmesi suretiyle de önemli yanlışlık riski değerlendirilmiş olur. Bağımsız denetçinin uygulayacağı müteakip denetim prosedürlerinin kapsam ve içeriği belirlenmiş olan önemli yanlışlık riskine göre şekillenir. Uluslararası İç Denetim Standartları çerçevesinde yürütülen bir iç denetim çalışmasında da iş süreçlerindeki riskler ve ilgili kontroller değerlendirilir, mevcut ve potansiyel riskler için öneriler geliştirilir ve bu değerlendirme sonucunda denetim planındaki öncelikli alanlar belirlenir. Farklı bakış açılarıyla yürütülüyor olmasına rağmen, her iki denetimde de risk odaklı bir denetim anlayışı vardır ve özellikle iş süreçlerinin incelenmesi, risklerin ve kontrollerin belirlenerek test edilmesi aşamalarında benzer çalışmalar yürütmektedirler. Dolayısıyla, bağımsız denetçi ve iç denetçi arasındaki işbirliği, verimliliği artıracak, kaynak israfını önleyecektir. Bağımsız denetim standartları, bağımsız denetçilerin iç denetçi çalışmalarından faydalanmaları konusunda gerekli düzenlemeleri yapmıştır. Bu çalışma ile Türkiye’de denetim şirketleri üzerinden bir anket çalışması yapılarak bu işbirliğinin ne düzeyde olduğu, bağımsız denetçilerin iç denetçi çalışmalarından denetim sürecinin hangi aşamasında ve ne kapsamda faydalandığı ortaya konmaya çalışılmıştır.

Conceptual framework for risk-based internal audit. Risk-oriented terminological and visual apparatus

The article discusses the conceptual foundations of riskbased internal audit, basic terms and definitions. The topic of the article is relevant given the development of corporate governance practices in Russian companies in accordance with the recommendations of the Corporate Governance Code. The International Framework for the Professional Practice of Internal Auditing defines the mission of internal audit as preserving and increasing the value of the organization by conducting objective internal audits based on a risk-based approach, providing advice and sharing knowledge. The material of the article is presented taking into account the current regulatory framework, international auditing standards, the International Foundations for the Professional Practice of Internal Auditing, and expert explanations.

Statistical Techniques for Planning Internal Audit Engagements and Analytical Procedures Selection

The planning an audit engagement is the most important component that determines the effectiveness of internal audit services, both from the standpoint of improving the efficiency of the company and users of the results of the internal audit work. The use of statistical tools during the planning phase of the audit engagement can be considered as a component of a risk-based approach to internal audit. This research applies such statistical instruments as the normal distribution, the Kolmogorov–Smirnov test and regression analysis. The methodological support improvement of the internal audit process is one of the ways to perfect a guarantees quality and advice provided by the internal audit unit, as well as to minimize labor costs at the stage of planning an audit and determining the scope of the audit. There had being used such general methods of scientific knowledge as observation and comparison of data, analysis and synthesis, scientific abstraction during the research course. The proposed risk-based methodology for defining the scope and objectives of internal audit engagements using statistical tools was developed in conformity with the International Framework for the Professional Practice of Internal Auditing (Supplementary Guide “Planning an Audit Engagement: Defining Objectives and Scope”). The scope of analytical procedures formed in the process of planning the audit engagement allowed to cover the areas of the process that are most at risk of deviations. The practical significance of the study is considered by the possibility of applying the proposed methodology to define the audit assignment scope and its purpose, select the most effective analytical procedures, and minimize the labor costs of the working group. The developed methodology can be used for the work process organization in internal audit departments of business entities; some of its provisions can be applied in order to conduct a self-assessment of the effectiveness of the internal audit function. The use of statistical data analysis tools and publicly available information processing tools can improve the effectiveness of the internal audit function by the way of focusing on the most risky areas of the audited process. The developed methodological support is based on a risk-oriented approach.

The role of internal audit standardization in improving the audit quality

Object: The object of the article is to consider the issues of building an internal audit and control system based on international standards of internal audit.Methods: The research used the methods of system analysis, comparative analysis, grouping method, content analysis.Findings: As a result of the study, the relationship between the goals of the organization, risks and controls in internal audit was determined. The most likely areas of risk during the audit were identified. It has been shown that the most useful for the company are controls that identify and prevent negative events for the company before they occur.Possible directions of use of international standards for the professional practice of internal auditing (International Professional Practices Framework (IPPF) in the development of internal auditing standards of an organization have been identified. A range of standards that can be developed on the basis of the IPPF in the organization is determined. The content and structure of applied standards based on the IPPF for internal audit of an enterprise are proposed.Conclusions: The application of international standards in auditing allows an organization to implement a systematic and consistent approach to the audit process. The development of internal standards of an organization based on international ones will help to improve the accuracy of the assessment of control procedures at each stage of verification, to solve problems in the field of risk management and to increase the efficiency of business processes.

Use of information technologies in internal audit

The article reveals the essence and importance of internal audit in adding value to the organization and its stakeholders by assessing and providing recommendations for improving corporate governance, risk management and control, promoting economic efficiency, sustainable growth and financial stability. The main current trends in the development of internal audit on the use of modern technologies in auditing and the growing need for internal auditors to acquire knowledge and skills of IT technologies, work with big data, knowledge in the field of cybersecurity, analytical and critical thinking skills. Using the provisions of the International Standards for the Professional Practice of Internal Auditing, the functions of internal audit to assess the adequacy and effectiveness of controls in accordance with the risks in the field of information systems of the organization. It is emphasized that internal auditors must have sufficient knowledge of the key risks and controls of information technology, as well as technological audit methods, and some of them must have the competence of the auditor, whose main responsibility is the audit of information technology. The essence, evolution of the development of the concept of information technology audit, as well as its application in the management system of the business entity, are revealed. The classification of functional types of IT audits is covered, in particular: information security audit; IT quality audit; IT project audit; systems development audit; data analysis as part of the financial audit; audit of control measures; judicial audit. It is indicated that IT audit is a separate type of audit at the enterprise, and can also be part of the financial audit process. The advantages of using computer tools and technologies in the audit, which improves internal audit processes, as well as the need and prospects for the development of computerization in the audit, are considered.

THE ROLE OF INTERNAL AUDIT IN THE FIGHT AGAINST CYBER CRIME

The internet is constantly changing the way we live and conduct business. Global business surroundings impose all organizations across to have a secure digital infrastructure for fighting against cybercrime. Cyber crime is on the raise in this decade. Cyber crime is a criminal activity that is focused against compromising security of information systems in enterprises, in order to acquire certain profits, or to incur damage, theft or loss. Types of cyber crime include theft, evasion, or using information in order to unlawfully obtain profits from them. This paper will present certain information about cyber crime and most common types of it. According to international standards for internal audits, internal auditors are authorized for fight against fraud, which means authorization for fight against cyber crime. Main purpose of this paper is to find model for organizing internal audit for purpose of fighting cyber crime. Therefore, it is necessary to determine: internal audit standards that your organization must adhere to in fight against cybercrime, identify security requirements for standards, determine the goals, risks and security policy of the organization, raise employee awareness of the dangers of cybercrime, involve top management in the orbit against cybercrime, conduct employee training on data security and the like. Cyber security is basically about managing future risk, and requires insight into current and future vulnerabilities and how to prevent or reduce them, the likelihood of threats and costs associated with potential outcomes, and how to mitigate them. Internal auditors must be aware of impending regulatory changes based on IIA standards (The International Standards for the Professional Practice of Internal Auditing) related to computer security. Internal auditors should understand the impact of cyber threats on the organization. In particular, they should include this in their internal audit plan based on the risk of cybercrime. Internal auditors should have a strong partnership with the CIO (Chief Information Officer) and CISO (Chief Information Security Officer), for the sake of a trusted advisor in the fight against cybercrime. Internal auditors should provide an independent overview of the cyber security strategy. Modal will be based on COSO (The Committee of Sponsoring Organizations of the Treadway Commission’s) Internal Control — Integrated Framework and will feature five core principles: 1) creating control environment for fighting against cyber crime, 2) risk assessment for cyber crime, 3) projecting and implementing activities for fighting against cyber crime, and 5) monitoring activities. Research results will show new scientific facts and knowledge about methods for fighting cyber crime worldwide. Managers and internal auditors will have practical benefit from research results for implementing cyber crime prevention programs.

Značaj uvažavanja interne revizije u sklopu donošenja odluka top menadžmenta poljoprivrednog preduzeća

The top management's decision-making in an agricultural enterprise should be based on valid information gathered within the enterprise itself. Collecting timely business information is done daily by all sectors of the enterprise. Merely improving the security of information gathering and the safety of all parts of the enterprise is a task performed by trained internal control and internal audit personnel in the company, appointed by top management. In performing their duties on a regular basis, internal auditors should apply procedures and methodologies that are consistent with International Standards on the Professional Practice of Internal Auditing in their work. The aim of the paper is to emphasize the importance of implementing the adopted methodology of work of internal auditors in agricultural companies. The author points out those standards that are in line with best audit practice should be applied in internal audit work. The contribution of the study authors is to emphasize the importance of applying the internal audit profession in the regular operation of agricultural enterprises, which is in line with the general objective of improving the regular business operation.

Peran Satuan Kerja Audit Internal Dalam Mendeteksi Fraud Pada Perbankan Syariah Di Indonesia

Sharia Banking in Indonesia continues to strive to be able to maintain transparency and prevent fraud. The audit committee is a tool for the board of commissioners to help maintain the professionalism of the bank. Also Internal Audit or Unit of Work of Internal Audit (SKAI) in Sharia banking is needed to ensure that the company is operating in accordance with the Bank's Regulations and operational standards owned by each bank. Based on the International Standards for the Professional Practice of Internal Auditing, internal audit has a consulting and assurance role. Therefore, internal audit must have the skills, professional, independent and objective in carrying out its role. As one of the roles of assurance, internal audit can detect fraud. Fraud is an act of cheating that can be done by many groups, ranging from employees to top management that can harm the stakeholders. Several factors cause fraud, namely arrogance, competence, opportunity, pressure and rationalization. Types of fraud that can occur are corruption, misuse of assets, manipulation of financial statements and cybercrime.

An examination of the impact of compliance with internal audit standards on financial reporting quality

PurposeThe purpose of this study is to explore the impact of internal audit (IA) compliance with the International Standards for the Professional Practice of Internal Auditing (ISPPIA) on financial reporting quality (FRQ).Design/methodology/approachData were gathered from 142 chief audit executive from Saudi listed companies, and also from the annual reports of the participating companies. Two proxies are used to measure FRQ, namely, discretionary accruals and accruals quality.FindingsThe findings reveal that companies demonstrating higher IA compliance with standards have better FRQ. They also indicate that the interaction between IA competency and its compliance with standards has an impact on FRQ. Further, the findings provide evidence that FRQ is higher in companies where IA departments have formal documentation, that is, entirely consistent with the ISPPIA. These results retain their robustness after further analysis.Originality/valueIn offering these findings, the paper contributes to the existing IA literature by introducing evidence from a Middle Eastern context, namely, Saudi Arabia, of the link between IA compliance with the ISPPIA and FRQ. It confirms the role of IA in FRQ, and hence, as an element of corporate governance, information, which is valuable for both the institute of internal auditors and companies.

IMPROVEMENT OF THE MODEL OF USING ANALYTICAL PROCEDURES AT INTERNAL AUDITING OF A BANK

From 2014 the number of banks in Ukraine essentially decreased from 180 to 76 for 01.07.2019. The unstable situation was traced in the country for this period of time. Liquidation of 104 banks demonstrated that they couldn’t manage their risks and make correct managerial decisions timely, and also the system of internal control functioned badly. Just this system includes a subdivision of internal auditing that didn’t cope with timely revelation of inexactitudes, so reasonable recommendations as to managerial decisions weren’t elaborated. For providing functions of internal auditing of a bank, the subdivision uses auditing procedures. They include analytical procedures that, in their turn, are principal for attaining aims of an auditing task. The article considers most urgent questions of using analytical procedures in internal bank auditing. The essence of the definition of “analytical procedures” has been considered and specified. Analytical procedures have been separated from the composition of auditing ones, and their theoretical aspect has been analyzed. The classification of methods of analytical procedures has been analyzed for getting auditing evidences. Analytical procedures consist of methods of internal system estimation and bank financial condition analysis and also analysis of their business-processes. Advantages and defects of methodical components of analytical procedures have been presented and analyzed. The stages of an auditing task have been studied. Analytical procedures are considered at three stages of internal auditing: planning, performing the engagement and resulting, demonstrated through the prism of economic analysis. International standards of the professional practice of internal auditing that regulate it are considered. Questions of working papers that generalize a result of using analytical procedures are separated.

ДОКУМЕНТУВАННЯ РЕЗУЛЬТАТІВ ДІЯЛЬНОСТІ ВНУТРІШНЬОГО АУДИТУ БАНКУ

The article deals with the need to document of an assurance engagement of internal auditors of the bank and the organization of this process by the internal audit department. The purpose of the research is to analyze the latest requirements for documenting the results of the internal audit work in accordance with the International Standards for the Professional Practice of Internal Auditing. The object of research – the documents of an assurance engagement of internal auditors. The methods used of the research: analysis and synthesis, induction, methods of scientific knowledge. The hypothesis of research: a professional judgment is formed on documented provides receiving audit evidence for individuals who use an assessment of the activities of the internal audit department for specific purposes. The statement of basic material: the results of the analysis identify the documents used by the internal auditor to substantiate the findings of the audit findings. On the basis of the organization of the documentation process, the documents that selected to the implementation of an assurance engagement of internal auditors at each stage of the internal audit are selected and grouped. The originality and practical significance of the research is to develop of documents that will improve the organization and execution of an assurance engagement of internal auditors and will provide an evidence base for the results in the audit report. Conclusions of the research. Established that the implementation of documentation provides receiving audit evidence for the development of recommendations for decrease of risk and risk management, improving the system of internal control of banking activities and promoting the improvement of governance.

The impact of foreignness on the compliance with cybersecurity controls

This study examines whether and how foreignness affects internal auditors’ compliance with the International Standards for the Professional Practice of Internal Auditing (the Standards) from social and culture perspective. It demonstrates that foreignness, such as language and relational social capital, has a significant impact on auditors’ compliance with the Standards, especially with respect to cybersecurity, independence and objectivity, individual objectivity, and governance of the Standards. The Partial Least Squares Structural Equation Modelling (PLS-SEM) is used to analyze the survey data. This study highlights that external factors such as social capital affect the internal auditors’ compliance with the Standards.

Internal auditor’s compliance to code of ethics

PurposeThe purpose of this study was to determine the professional competency levels acquired by internal auditors in detecting unethical behaviour, to evaluate the position of internal auditors on objectivity and integrity in dealing with unethical behaviour and to examine the extent of their awareness on ethical issues in government-linked companies (GLCs).Design/methodology/approachData were collected via questionnaires that were randomly distributed to the internal auditors of the selected GLS in Malaysia. These questionnaires were constructed from the Certified Internal Auditor (CIA) Examination Paper and The Institute of Internal Auditors (IIA) Competency Framework.FindingsThis study found that internal auditors of the GLCs had a high level of competency in performing audit engagements and were able to detect unethical practices in the companies. The majority of the internal auditors also had a high level of objectivity and integrity when faced with unethical behaviour during audit engagements.Research limitations/implicationsThis study provided strong evidence that the internal auditors of Malaysian GLCs strongly complied with IIA Code of Ethics. Besides, they were also aware of the unethical behaviour which occurred within their organizations. However, this study is limited to the internal auditors in GLCs, while the questions of the survey instrument are restricted to the elements of integrity, objectivity and professional competencies of internal auditors.Practical implicationsThis study highlights the level of internal-auditor competency and adherence to the IIA’s International Standards for the Professional Practice of Internal Auditing (ISPPIA) and IIA’s Practice Guide to identify unethical behaviour within the Malaysian GLCs.Originality/valueThis study is original as it focusses on GLCs which did not get much attention from previous researchers, particularly the GLCs that operate in a developing country such as Malaysia.

Cultural Differences and Similarities between German and Chinese Internal Audit Functions

Cultural differences influence the behavior of companies, including management styles, relationships with employees, stake- and shareholders or social responsibility. Obviously, the concept of corporate governance encompassing the Internal Audit Function (IAF) is seen differently in different cultures. Therefore, conformance with the globally effective “International Standards for the Professional Practice of Internal Auditing” (IIA, 2016) presuming a culture-free, completely homogeneous IAF with uniform working standards worldwide, seems more than difficult. Consequently, empirical results in the following study reflect more (culturally influenced) differences than similarities between the German and Chinese IAF.

The escalating relevance of internal auditing as anti-fraud control

PurposeThe purpose of this paper is to discuss critical success factors for the enormous development that internal auditing (IA) as “third line of defense” (IIA, 2016) and one of the strongest anti-fraud controls has reached within the past decades. Additionally, weaknesses of IA are identified and evaluated to allow further improvement.Design/methodology/approachThe anti-fraud requirements stipulated in the “International Standards for the Professional Practice of Internal Auditing” are confronted with empirical data about the current situation of the IA as anti-fraud control. The empirical data were extracted from global sources such as “Fraud Reports” (Association of Certified Fraud Examiners – ACFE) and “common body of knowledge (CBOK)” studies. The Institute of Internal Auditors (IIA).FindingsOver the years, IA has been continuously increasing its auditing quality and effectiveness with new analytical methods, specialized software tools and professional certifications. But all these efforts have hardly been reflected in statistical or research data, especially not in the listing of the top sources of fraud detection. The “ACFE-Fraud Report 2016” revealed that IA is now – for the first time ever – second among the initial detections of occupational frauds (financial statement fraud, corruption and asset misappropriation) worldwide. This positive trend of global anti-fraud auditing was probably no “one-hit wonder”, but a result of a lengthy process of professionalization of IA.Originality/valueIt is hoped that this paper will facilitate the discussion about the value that IA can add within an anti-fraud management system.

A Theoretical Discussion of Internal Audit Effectiveness in Kuwaiti Industrial SMEs

This paper aims to scrutinise the association between the internal audit effectiveness and the four factors associated with International Standards for Professional Practice of Internal Auditing (ISPPIA): independence of internal auditors, scope of internal auditors, management support, and audited cooperation. The relationship between these factors and Satisfaction of internal auditors is also examined. Further, the moderating effect on the relationship between these factors (if present) and the effectiveness of IA among industrial SMEs in Kuwait are investigated through satisfaction of internal auditors. By ascertaining the effectiveness of IA at the industrial firms via theories as well as variables, this paper broadens the available literature on the effectiveness of IA.