Primary navigation:

QFINANCE Quick Links
QFINANCE Topics
QFINANCE Reference
Add the QFINANCE search widget to your website

Home > Auditing Best Practice

Auditing Best Practice

Best Practice

Internationally renowned finance leaders, experts and educators distil and summarize the most important aspects of finance best practice. Each Best Practice essay has an Executive Summary for quick reference, outlining the main points. The Making It Happen feature illustrates practical applications, and where relevant authors have provided illustrative case studies and definitions.

  • Advancing Your Business with an Effective Internal Audit Department
    by Bonita K. Peterson Kramer, Hugh D. Pforsich
    The internal audit department is a critical part of corporate governance. It helps top management and the audit committee meet their governance responsibilities in many ways, including by providing:systematic analyses of business processes and related controls;an unbiased evaluation of existing risk within the company;evaluations of the accomplishment of company goals;reviews of financial and operational performance;recommendations for internal...
  • Aligning the Internal Audit Function with Strategic Objectives
    by Ilias G. Basioudis
    Given today’s complex and rapidly changing management climate, companies must implement continuous improvements to achieve efficiency, and assure investors and other concerned parties of solid corporate governance.The recent scandals at Enron, Worldcom, Parmalat, and others have raised the profile of corporate governance across the globe. Trust in the process of financial accounting, corporate governance, and auditing has been undermined by...
  • An Auditor’s Approach to Risk-Based Auditing: What to Audit and When
    by Paul J. Sanchez
    Each year the senior audit manager in a corporate internal audit department is faced with the difficult task of presenting the audit committee with a schedule of audit coverage for the coming year. The senior audit manager must decide what to audit and when. This crucial assignment for the internal audit function sets in place the audit schedule for the year. The schedule should focus on the areas of risk that, if not controlled, will most...
  • Auditing Islamic Financial Institutions
    by Roszaini Haniffa
    The purpose of the statutory or financial statement audit is to enhance the degree of confidence of intended users of the financial statements as to whether the financial statements are prepared in accordance with an applicable financial reporting framework. The most widely accepted and adopted auditing standards are those issued by the International Federation of Accountants (IFAC).Following the emergence and phenomenal growth of Islamic...
  • Auditor Sensitivity to Source Reliability
    by Denise Cicchella, Stuart Gardner
    The auditor is always playing catch-up. Both external and internal auditors have to review the work of people who do the same job day-in, day-out and who, if competent, are usually intimately familiar with the processes, systems, and information that are under their control. Looking at the transactions on a historical basis further hampers the certified public accountant, chartered accountant, or other audit professional. These difficulties have...
  • Best Practices in Risk-Based Internal Auditing
    by Sheryl Vacca
    In designing risk-based auditing and monitoring activities, it is important that the internal auditor works closely with the organization’s senior leadership and the board, or committee of the board, to gain a clear understanding of auditing and monitoring expectations and how these activities can be leveraged together to help minimize and mitigate risks for the organization. These discussions should also include leadership from the legal,...
  • Charting a Company-Specific Path Toward Continuous Auditing and Monitoring
    by Joe Oringel
    Continuous auditing has seemingly been the “next great thing” in internal audit for nearly 20 years. From its roots in embedded audit routines that would send notifications from IT systems to an auditor’s email box, to more modern software for continuous control monitoring or continuous transaction monitoring, continuous auditing has been as much about hype as reality. PricewaterhouseCoopers’ annual state of the internal audit profession surveys...
  • Compliance and Corporate Audit
    by Helen Roybark
    Every public company must have an annual integrated audit completed by an external auditor that is registered with the Public Company Accounting Oversight Board (PCAOB), so how does an organization ensure regulatory compliance? The independent audit is the cornerstone of public confidence in the US capital market (Sutton, 2002). The significance of the public audit was identified in United States v. Arthur Young & Co. (1984), when the US Supreme...
  • Considerations when Outsourcing Internal Audit
    by Peter Tickner
    Outsourcing the internal audit function is a major step and one that should not be taken for the wrong reasons. Wrong reasons include a personality clash between the chief internal auditor and the person taking the decision to outsource, and a decision based on the perceived ineffectiveness of an under-resourced inhouse audit team that would struggle to perform well even if the most outstanding employees in the organization were assigned to...
  • Continuous Auditing: Putting Theory into Practice
    by Norman Marks
    The Institute of Internal Auditors (IIA) has issued an excellent global technology audit guide (GTAG) on the topic of continuous auditing. The guide, which we will refer to as GTAG-3, covers a lot of ground, including this definition of continuous auditing:1“Continuous Auditing is any method used by auditors to perform audit-related activities on a more continuous or continual basis. It is the continuum of activities ranging from continuous...
  • Data-Driven Continuous Risk Assessment: How Internal Audit Keeps Pace with the Speed of Business
    by Joe Oringel
    Professional standards issued by the Institute of Internal Auditors (IIA)1 require that a documented risk assessment be undertaken at least annually. In practice, this risk assessment results in the identification and prioritization of risks and a response (i.e. an internal audit plan) to measure and mitigate these risks. This process is documented in a written internal audit plan for the organization. Figure 1 shows the steps in the internal...
  • Effective Financial Reporting and Auditing: Importance and Limitations
    by Andrew Higson
    The major problem with financial reporting is that people with limited financial knowledge can look at a set of accounts and, by attempting to interpret the numbers, feel that they understand what is happening in an organization. While in simpler times this may have been true, the scale and complexity of modern business, together with the limitations of what can be portrayed in financial statements, means that today’s statements may have the...
  • Engaging Senior Management in Internal Control
    by Philip Ratcliffe
    Top managers in any organization have many calls on their time and attention. Vying for their attention will be customers, suppliers, employees, consultants, and many others. Internal controls can easily be squeezed out of their agenda. The problem this can create is that if senior management does not take control seriously, the “tone from the top” will be wrong—and if the people in charge don’t care, then why should anyone else in the...
  • Full-Spectrum Accounting—Unlocking Strategic Value through Deeper Environmental, Social, and Governance (ESG) Practices
    by Henning Dräger
    The path to a fully fleshed out concept of environmental, social, and governance (ESG) concerns has been a long and illustrious one spanning many centuries, a myriad of philosophies and political concepts, and the refinement of ethical behavior and practices. That decisions about potential investments, asset valuation, risk appraisal, and partnerships should be based on more than financial returns has found proponents in many corners over time,...
  • Has Financial Reporting Impacted on Internal Auditing Negatively?
    by Andrew Chambers
    It was unfortunate that the Institute of Internal Auditors (IIA) released its first consulting Standards, to add to its already existing assurance Standards, at exactly the time when Enron collapsed. “Implementation Standards” set out how the “Attribute Standards” and “Performance Standards” should be applied in the context of either assurance or consulting work. In 2007 the IIA announced that it had no plans to release further sets of...
  • How Can Internal Audit Report Effectively to Its Stakeholders?
    by Andrew Cox
    Internal audit has a variety of stakeholders who rely on its work. These include: the board of directors; the audit committee; the chief executive officer; senior executives such as the chief financial officer, chief information officer, chief risk officer, etc.; the external auditors; in some cases, regulatory bodies; and stockholders—who, in the case of government organizations, could be the public.All these stakeholders are seeking assurance...
  • How Internal Auditing Can Help with a Company’s Fraud Issues
    by Gail Harden
    Regulatory oversight is increasing, as are penalties. A passive attitude in an organization toward oversight and the topic of fraud, antifraud programs, and controls would be a strong indicator of a significant deficiency in its system of internal controls.Economic factors can increase the occurrence of fraudulent practices. When the economy is in a downturn the risk of fraud increases due to personal financial pressures, the stagnation of...
  • Implementing an Effective Internal Controls System
    by Andrew Chambers
    In some jurisdictions law or regulation may require effective systems of internal control, with serious penalties for irresponsible failure. The Sarbanes–Oxley Act (2002) requires CEOs and CFOs of companies with listings in the United States to certify their assessment of the effectiveness of internal control over reported disclosures (s302) and financial reporting (s404), with penalties of up to $1 million and ten years imprisonment for...
  • Incorporating Operational and Performance Auditing into Compliance and Financial Auditing
    by Andrew Cox
    “The truth is, “audit gets no respect.” Quite frankly, if the audit department in question is using yesterday’s approach in today’s company, has not manoeuvred top management and the board into focusing on the company’s top five or ten risks, has not caused management to quantify these risks, and has not succeeded in developing authorized bounds of risk tolerance, then it doesn’t deserve any respect.” Larry Small, President, Fannie Mae,...
  • Integrated Reporting Requires Integrated Assurance
    by Robert G. Eccles, Michael P. Krzus, Liv A. Watson
    Interest in integrated reporting is growing around the world. It is now required in South Africa by the approximately 450 companies listed on the Johannesburg Stock Exchange on a “comply or explain why not” basis.1 Although other countries may follow South Africa’s lead and mandate integrated reporting over the next several years, today it is an otherwise entirely voluntary activity by companies. Nevertheless, a growing number of companies are...
  • Internal Audit and Partnering with Senior Management
    by Bruce Turner
    “The internal audit function has evolved from corporate cop to that of a savvy in-house consulting service.”1Internal auditing in the twenty-first century imposes even greater demands on the professional internal audit staff, whose role has expanded to combine both an assurance and a consulting service to management. Internal audit charters have been broadened considerably to reflect these demands.The chief executive of the Institute of Internal...
  • Internal Audit Planning: How Can We Do It Better?
    by Michael Parkinson
    Internal audit is an information service. Internal auditors do not—indeed, must not—make decisions for the managers of organizations. They are a highly skilled and expensive resource that exists to serve the best interest of the organization and yet, on the surface, they do not directly contribute to organizational performance. They examine processes and produce reports; they attempt to capture good practice and identify poor; and they design...
  • Internal Auditors and Enterprise Risk Management
    by Ian Fraser
    Traditionally, internal auditors have been “policemen,” and their efforts have been concentrated on the more detailed, and arguably less appealing, aspects of financial auditing within organizations. Often, therefore, internal auditors have been regarded in the past as the poor relations of their external auditor cousins. This no longer applies, however, as the purpose of many internal audit functions has evolved over time.From a concern with...
  • Managing the Relationships between Audit Committees and the CAE
    by Richard E. Cascarino
    The audit committee is intended, overall, to assist an organization to achieve an effective internal control structure derived directly from the tone at the top. The authority of an audit committee is drawn from the board of directors, the rules and regulations of the organization, and any relevant governance legislation of the country or countries within which the organization operates.This role, of necessity, involves ensuring that the risk...
  • New Assurance Challenges Facing Chief Audit Executives
    by Simon D'Arcy
    Looking back over the last 15 to 20 years, it does seem that at one time the biggest challenge facing the profession of internal auditing was whether the unique scope and contribution of internal audit was clearly defined, understood, or indeed actually needed. Much of the thought leadership around internal auditing in recent years has focused on this challenge. Two publications by PricewaterhouseCoopers in 2007,1 and a heads of internal audit...
  • Optimizing Internal Audit
    by Andrew Chambers
    Internal auditing is defined by The Institute of Internal Auditors (IIA) as follows:“Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”1It is widely accepted...
  • Pros and Cons of Using External Auditors for Internal Auditing and Other Services
    by Curtis C. Verschoor
    For many decades, independent auditing firms have employed the strategy of achieving growth in size and, more importantly, profitability, by expanding the scope and range of services they offered to new and existing clients. In addition to conducting audits of the effectiveness of internal controls over financial reporting as well as financial statements and expressing their opinion thereon, firms in the public accounting industry have offered...
  • Starting a Successful Internal Audit Function to Meet Present and Future Demands
    by Jeffrey Ridley
    In 1998 on the occasion of the fifty-year celebration of the establishment of the Institute of Internal Auditors (IIA)’s five chapters in the United Kingdom, I wrote:1“We need to be seen as innovators in the world of regulation, control and auditing. Creativity, innovation and experimentation are now key to our professional success. They must be the vision of all internal auditing functions. This means improving old and developing new products...
  • The Assurance versus Consulting Debate: How Far Should Internal Audit Go?
    by Michael Parkinson
    Internal auditors have described their discipline as an “assurance and consulting activity.” Such a definition immediately begs the question: what is the difference, and what should the balance be?Assurance has been variously defined. The dictionary definition, “a statement or indication that inspires confidence,” differs quite considerably from the statement to be found in Assurance Standards (quoted here from the Australian Assurance Standards...
  • The Complex World of International Auditing Regulation
    by Christopher Humphrey, Anne Loft
    The development of international audit regulation is closely linked to the development of international accounting regulation. Both have been significantly associated with the globalization of capital markets and growth in importance of international investors. Such investors expect the financial reports of the companies they are investing in to be fair and reliable, with auditors playing a critical role—famously categorized by Paul Volcker in...
  • The Internal Audit Role—Is There an Expectation Gap in Your Organization?
    by Jeffrey Ridley
    Establishing the internal audit role in any organization requires formality to ensure that it is understood not only by the board and management but also by its customers across the organization and, where necessary, those external to the organization. The internal audit assurance and consulting role should be explained clearly in a charter to minimize any expectation gaps at board and organization levels. When the role is being established, it...
  • Threats to Auditor Independence and Possible Remedies
    by Gilad Livne
    The external auditor is nominated to carry out audit work on behalf of the audited company’s shareholders. Being a proxy for the shareholders fundamentally requires the external auditor to be independent of the audited firm’s managers. Auditing standards require independence both in mind and in appearance. Independence implies the ability and willingness of the auditor to identify a range of deficiencies during the audit process and then to...
  • Total Quality Management and Internal Auditing
    by Jeffrey Ridley
    The 1980s and 1990s saw a worldwide increase in the teaching and implementation of quality schemes. Most of these programs focused on economics and customer satisfaction, with controlled processes, key performance indicators, and feedback mechanisms. All involved a need for continuous improvement. All required total commitment. Many evolved from existing quality control and assurance functions, and many were new, established because of...
  • What Is the Range of the Internal Auditor’s Work?
    by Andrew Cox
    Internal auditing is an evolving profession. It has been around for a very long time, probably since the pharaohs in Egypt. But it wasn’t until 1947—when the foremost professional body for internal auditing, the Institute of Internal Auditors (IIA), was formed—that internal auditing was set on its path to emerging as a profession.Subsequently, professional standards and a code of ethics for internal auditing have been established, and in 1974...
  • World-Class Internal Audit
    by Robin Pritchard
    The world in which we live and work today has the most complex, diverse, and challenging demographics ever known to man. Not only have we developed an appetite for travel, trade, and communication across all boundaries, but the technological advancement, awareness of the dimensions of security, and the conflicts arising from political direction and change represent a demanding challenge for everyone. This encompasses both issues that are...

Back to top

  • Bookmark and Share