Question

ISA 315 requires the auditor to gain an understanding of the business information systems (including the accounting systems) used by management to the extent that they may affect the financial reporting process.

Required: Determine what you would identify and understand about your client’s information processing system.

In carrying out your work as the external auditor, you intend relying on the work of the internal auditor after checking on the reliability of the internal auditor’s work.

Required: What would you consider in checking the reliability of the work of the internal auditor.

Answer 1

International Standard on Auditing (ISA), Using the Work of Internal Auditors was revised and published in 2013. This standard focuses on whether the external auditor can use the work of the internal audit function for purposes of audit, and the revised version of the standard, clarified whether the internal auditors could be used to provide direct assistance to the external auditor.

As a starting point the external auditor should consider the amount of judgment needed in (i) planning and performing relevant audit procedures and (ii) evaluating audit evidence gathered. The greater the level of judgment required, the narrower the scope of work that can be assigned to internal auditors. The following activities are deemed to involve significant judgment and therefore are not expected to be assigned to internal auditors providing direct assistance:

• Assessing risks of material misstatements
• Evaluating the sufficiency of tests performed
• Evaluating significant accounting estimates, and
• Evaluating the adequacy of disclosures in the financial statements and other matters affecting the auditor’s report.

Competence of the internal audit function is likely to be deemed satisfactory where it can be evidenced that the function as a whole operates at the level required to (i) enable assigned tasks to be performed diligently and (ii) in accordance with applicable professional standards. To make such evaluation, the external auditor can take into consideration the following factors:

• Whether there are established policies for hiring, training and assigning internal auditors to internal audit engagements
• Whether the internal auditors have adequate technical training and proficiency in auditing (eg with relevant professional designation and experience)
• Whether the internal auditors possess the required knowledge relating to the entity’s financial reporting and the applicable financial reporting framework
• Whether the internal audit function possesses the necessary skills (for example, industry-specific knowledge) to perform work related to the entity’s financial statements.