The first set of internal auditing Standards

The first
set of internal auditing Standards was not published by The Institute of
Internal Auditors (IIA) until 1978. They proved difficult to update and from
1978 were set in aspic until new Standards became effective on 1 January, 2002,
to which many amendments have been made subsequently.Astrength of the Standards
is that they are global, reflecting the organisation of the profession under
the international umbrella of the IIA. Weaknesses include their lack of
recognition, limited opportunities to enforce them and the variable extent to
which they are applied both geographically and from
to the IIA or to their Standards
in the new external audit standard on using the work of the internal
auditors (IAASB, 2012). Although the 2002 Standards have been regularly
revised, The Institute is now, as in 1978, at a crossroads. The issue is
whether the existing Standards can be the basis for further needed
enhancements or whether, once again, they should be completely re-engineered.

Internal audit provide constant review and
appraisal of the systems and procedures introduced by the management with the
intention to enable the management to control and utilise their resources
properly and effectively (Mu’azu Saidu Badara and Siti Zabedah Saidin, 2012).
In recent years, enterprise risk management has received a wider attention
(Beasley, Clune & Hermanson, 2006) and become an agenda in both public and
private sectors (Wood, 2009).

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!

order now

It used to be that internal auditing in the public
sector served as a simple administrative procedure comprised mainly of checking
accuracy of transactions, pre-payment verification and control, counting assets
and reporting on past events to various types of management, but in recent
times, governments moving toward higher levels of transparency must demonstrate
accountability in the use of public money and efficiency in the delivery of
services. Larger and more complex operations demand greater competency and
professionalism from internal auditors to minimize and manage risk (Deloitte,

Internal auditing is recognized as a control
mechanism that assists management and the board of directors to reach corporate
objectives (Mihret, 2014). Internal audit is defined as an objective assurance
with the aim ‘to evaluate and improve the effectiveness of risk management,
control and governance processes’ (IIA, 2010b). ‘Assurance’ is also used by the
international accounting body in tandem with auditing standards (IFAC, 2010).
Although auditing standards are applicable for audits of financial information,
the assurance standards are for other engagements.

Internal audit has also been described as an
independent appraisal of the effectiveness of internal control within an entity
of its management process in achieving set objectives and goals (Haron et al.,
2010). Internal auditing takes an important part in the process of
accountability as its main objective is to ensure and promote the effective
performance of accountability that management strives to achieve (Chun, 1997).
Demands from various stakeholders of organizations that the board of directors
and senior management should apply accepted governance principles, adhere to
sound risk management and demonstrate control of their organizations have
resulted in a big responsibility for the internal auditors (Sarens & De
Beelde, 2006a).

Internal auditing has over the years undergone
dramatic changes that have led up to today’s extended scope that allows for
internal auditing to make greater contributions to the organization (Fadzil,
Haron & Jantan, 2005). A Malaysian study completed by the Malaysian
Institute of Corporate Governance, the Institute of Internal Auditors Malaysia
revealed that internal auditors are among the best placed within an
organization to understand and give feedback on the organization’s business and
their help makes an organization run its operations more efficiently and
effectively which increases the chances of higher shareholder value (Fadzil et
al., 2005).

Hass, Abdolmohammadi and Burnaby (2006) state that the scope of internal
audit activities has clearly grown and now includes a wider spectrum of
services offered by internal auditors. They mention that the IIA in 2004
responded to this changing organizational environment by updating the
professional practices framework in order to include standards that would help
internal auditors to reach high quality in all different activities they now
engage in. Furthermore, Sarens and De Beelde (2006a) similarly argue that the
role of internal auditing has changed during the last decades in order to adapt
to a new economic environment.

Most internal auditors will acknowledge that their function is the right
choice for the risk management job. Internal auditors, almost by definition,
already possess good risk assessment skill sets and most have a reasonably
broad understanding of risk principles (Hespenheide & Funston, 2006). Based
on the history, the earliest “Statement of Responsibilities of the Internal
Auditor”, in 1947 had described internal audit as “a control which examines and
evaluates the existence and effectiveness of other controls and included the
internal auditor’s objective to improve all types of operational performance.

Gul and Subramaniam
(1994) provide some empirical support for internal auditors’ ability to resist
management pressure in situations when an audit committee is present. A direct
reporting line with the audit committee is considered to improve the status of
internal audit (Adamec et al., 2005) and to remove the possibility of a social
pressure threat when internal audit is required to report to management (Blue
Ribbon Committee, 1999; Cohen et al., 2004). Furthermore, Adamec et al. (1999,
p. 45) argue that it is not sufficient to merely have a direct reporting line
between internal audit and the audit committee. Rather, the relationship
between the two parties must have ‘substance’. The author’s list four
indicators that would signify whether the relationship has substance: the audit
committee has the authority to hire, fire and compensate the chief internal auditor;
the committee approves internal audit’s budget and scope; the committee has
frequent and private meetings with internal audit; and the committee approves
any internal audit support work (Adamec et al., 1999). Bailey (2007) likewise
argues that, in situations where the audit committee has authority to hire,
fire and compensate the chief internal auditor, internal auditors will have
less fear of retaliation when reporting on negative management behaviour.

Research has shown that board of directors and
internal auditors agree that the most important ways that internal audit
provides value to the organization are in providing objective assurance that
the major business risks are being managed appropriately and providing
assurance that the risk management and internal control framework is operating
effectively (Matyjewicz & D’arcangelo, 2004). Internal auditors sometimes
act in a consulting role, where they serve to facilitate improvements in the
organization’s Enterprise Risk Management process. In this capacity, internal
auditors may also promote development of a common understanding of Enterprise
Risk Management, coach management on Enterprise Risk Management concepts,
facilitate risk based workshops and provide tools and techniques to help
managers analyze risks and design control activities. Internal audit will
normally provide in three areas. Firstly, risk management process in which both
their design and how well they are working. Secondly, management of those risks
classified as “key” including the effectiveness of the controls and other
responses to them and finally, reliable and appropriate reporting and
classification of risks (Matyjewicz & D’arcangelo, 2004).