hktdc.com - Establishing an effective Internal Audit department

About HKTDC | Contact HKTDC |

Help

Within this section	Within hktdc.com

Advanced Search

Home > Market Intelligence > Design, Marketing & Licensing > Features

Design, Marketing & Licensing

Product/Service

Kitty K Y Chaw & Co

Accounting services, Auditing, Taxation (Hong Kong)

Kenneth S H Hsu & Co CPAs (Pracising)

Trade Event

Hong Kong - Jiangmen: Your Partners for Success in China
3 - 5 March, 2009

Product Magazine

HKTDC Electronics

Content provided by :

28 Sept 2009

Establishing an effective Internal Audit department

The internal audit (IA) function has evolved over time in response to the continuously changing business environment. In the past, it focused more on compliance and operational risks, such as violations of organisational policies and regulations, employee misconduct and theft. Today, it plays an increasingly crucial role in supporting an organisation’s viability and success. The Institute of Internal Auditors (IIA) defi nes internal auditing as “an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”

Given the current economic climate, the competitive market, and the increasingly regulated business environment, it has become even more critical for an organisation to establish an effective IA function which understands all aspects of its business and operating structure, and which helps management ensure that critical business risks are mitigated and business objectives are being met. To establish an effective IA function, an organisation needs to build the foundations, which, at a minimum, should include the following steps:

•   drawing up an IA Charter;
•   developing an IA organisational and reporting structure;
•   developing an IA delivery methodology;
•   determining the audit universe;
•   conducting a risk assessment and developing an IA audit plan;
•   developing standard work programmes for key processes; and
•   developing work papers and reporting standards and templates.

Drawing up an IA charter

According to the IIA, a charter for IA activity is “a formal document that defi nes the IA activity’s purpose, authority, and responsibility to the company. The charter establishes the IA activity’s position within the organisation and defi nes the scope of IA activities.” The charter should include the following elements: mission and scope of work, accountability of the Chief Audit Executive (CAE) to management and the audit committee, independence of the IA function, responsibilities of the IA function, the IA function’s range of authority (e.g. access to resources, records, etc.), and standards of audit practice to be met. The charter should be reviewed by management and approved by the board.

Developing an IA organisational and reporting structure

To promote the independence of the IA function, the CAE should report functionally to the audit committee and the board of directors. The CAE should have regular and direct communications with the board, along with open and direct access to the audit committee chairperson and members at any time.

Developing an IA delivery methodology

The purpose for developing a delivery methodology is to position the IA as an end-to-end engagement process. This process should be a standardised and robust, yet fl exible approach to performing IAs. Its workfl ow processes should be simple and they should be used to drive the design of audits. The delivery methodology should help the IA function simplify and align its services and role in supporting the organisation as it manages its business risks.