Question

Technical Solutions Inc, is expanding and reorganizing its Internal Audit (IA) function. Currently the Director of Internal Audit, Sharon Kalafut, reports to the corporate controller, who receives and reviews all internal audit reports. Kalafut forwards copies of the internal audit reports to the audit committee of the board of directors and to the manager directly responsible for the function being audited.

An issue of contention among the management team pertains to which department or function the Director of Internal Audits should report. Martin Stevens the CEO wants to ensure that Technical Solutions complies with the SOX and that the internal audit department is structured such that it strengthens the company’s internal control system. Also, an overarching objective for the reorganized audit function is that the external auditors are able to rely on the work performed by the internal audit department to a substantial degree. Arguments put forth by interested parties as to where the IA department should be organization[1]ally located are presented below:

* Chief Operations Officer (COO). John Sweeney, the COO of Technical Solutions, believes that the Director of IA should report to him. Under this arrangement the IA staff members would be  involved in the preparation of policy statements on internal control regarding safeguarding of assets  and in the design of business processes.

 

* Chief Information Officer (CIO). Larry Rich, the CIO, has pushed hard to have the IA function report to him and take on an active role in the design, installation, and initial operation of a new computerized systems. IA staff will be primarily concerned with the design and implementation of internal accounting controls and conduct the evaluation of these controls during the test runs and audits.

* Corporate Controller. The controller Linda Johnson, believes the [A group should remain within her functional area. Currently the IA staff performs a number of controller related tasks. These include:

* Internal auditors reconcile bank statements of the corporation each month. The controller believes this strengthens the internal control function because the internal auditor is not involved in either the receipt or the disbursement of cash.

* Internal auditors review the annual budget each year for relevance and reasonableness before the budget is approved. At the end of each month, the controller’s staff analyzes the variances from budget and prepares explanations of these variances. These variances and explanations are then reviewed by the internal audit staff.

* Finally, the internal auditors make accounting entries for complex transactions when employees of the accounting department are not adequately trained to handle such transactions. The controller believes this gives an added measure of assurance to the accurate recording of such transactions.

 

Required

a. Define independence as it relates to the internal audit function.

b. For each of the proposed tasks to be performed by the IA function, explain whether Technical Solutions’ internal audit independence will be materially impaired. Consider each manager’s arguments independently.

c. To maintain independence, where should the Director of Internal Audits report? Explain your answer.

Answer 1

INTERNAL AUDITOR INDEPENDENCE

Response:  

a.

Internal auditor independence implies no subordination of judgment to another and arises from an independent mental attitude that views events on a factual basis without influence from organizational units to which IA is subordinate. 

 

b.

i. The internal auditor’s independence is not impaired by the preparation of policy statements on internal control. The preparation of policy statements to guide others in the development and implementation of internal controls is a responsibility of the internal audit staff. 

 

ii. Auditor independence is impaired to the extent that the internal auditor is involved in the design and installation of computerized internal accounting controls being tested.  Little confidence can be placed in audit findings issued by the individual who designed and installed the system being audited.

iii. The internal auditor’s independence is impaired by reconciling bank statements. To maintain independence, the auditor should not perform operational assignments that are included as part of the independent evaluation and verification of a proper system of internal control. Separation of duties must be maintained. 

iv. Objectivity is not impaired in the review of the budget for relevance and reasonableness if the internal auditor has no responsibility for establishing or implementing the budget. However, the review of variances and explanations would impair objectivity as this is an area that would normally be reviewed during an operational audit. 

v. The preparation of complex accounting transactions will materially impair the internal auditor’s objectivity by involving the auditor in day-to-day operations. 

c.

The Director of Internal Audits should report to the Board of Directors Audit Committee.

The independence and competence of the internal audit staff determine the extent to which external auditors may cooperate with and rely on work performed by internal auditors. When the internal audit department reports directly to a department, such as the controller, the internal auditor’s independence is compromised, and the external auditor is prohibited by professional standards from relying on evidence provided by the internal auditors. In contrast, external auditors may rely in part on evidence gathered by internal audit departments that are organizationally independent and report to the board of directors’ audit committee.