RIAM:Overview: Overview of the Scope of Work

From RiskWiki
Jump to: navigation, search

What is the Scope of Work for Internal Audit?

The Institute of Internal Auditors Standard 300 states Internal Audit's scope of work has five specific objectives of audit opinion formation:

These are explained in turn on the following pages.

Compliance with policies, plans, procedures, legislation and directions etc

Management is responsible for creating systems which ensure compliance with Co-operative policies, plans and relevant legislation while the Internal Auditor evaluates whether the systems thus created comply with management's objectives and the law, and ultimately determines whether operations comply with the systems model.

Legal compliance extends beyond the Public Service Acts, Insurance Acts and Corporations Law to the various operational statutes covering issues such as handling of dangerous chemicals, workplace safety, equal employment opportunity, education policy, import and transport regulations and offsets programs.

Accomplishment of established goals and objectives for plans, procedures, operations and programs

Management is responsible for establishing operating and program objectives and goals while the Internal Auditors should verify whether the department or section is achieving them.

Internal Auditors can assist management in developing and evaluating these objectives and goals by evaluating whether their underlying assumptions are appropriate, accurate, and consistent with the stated objectives, and whether current and relevant information is available and being used. Commonly referred to as effectiveness, this role includes evaluating the existence and method of measurement/feedback systems for goal achievement.

Reliability and integrity of information

Information systems whether manual or computerised provide data for decision making, control and compliance with external requirements. It is therefore essential that the financial and operating records contain accurate, reliable, timely, complete and useful information. In addition the controls over the record keeping and reporting must be complete and effective.

Economical and efficient use of resources

Management is also responsible for setting operating standards to measure economical and efficient use of resources. Internal auditors are responsible for determining that:

  • these standards have been established;
  • these standards are understood and are being met;
  • departures from these standards are being identified, investigated and corrected; and
  • the action has taken place to ensure the departures are not repeated.

Audits should identify:

  • under-utilised resources;
  • non-productive work or work practices;
  • uneconomical procedures;
  • inappropriate staffing; and
  • ineffective organisation design.

In addition to issues such as organisation design, IT resource utilisation, personnel management and fleet management; are the pure financial areas of treasury management and financial management reporting systems.

Safeguarding assets

This refers, firstly, to the protection of assets from theft, fire, improper, unauthorised or illegal activities and exposure from nature (eg. sunshine, rain and wind etc); and secondly to the application of assets. It is commonly formulated as an assertion:

"Assets are appropriately protected and applied."

Remembering that cash is an asset, the breadth of this objective includes the appropriate security and application of cash resources. Properly protecting and applying cash includes such matters as cash flow management, solvency and liquidity risk control.


Back To The RIAM : Overview (Main)