Question

Read the following Internal Audit Section of LDC Cloud Sytems Case study and answer the question:

INTERNAL AUDIT
CFO Arizmendi had hired Scott Tensar during the
run-up to the IPO for the purpose of creating and
heading the internal audit function, and Tensar
had continued to report directly to Arizmendi since
that time, with a secondary reporting relationship
to the board’s audit committee. Tensar, who was
well-qualified for the position, was responsible for
providing assurance that LDC’s major risks were
being appropriately addressed including financial,
operational, and reporting. This included reviewing
LDC’s internal control over financial reporting (ICFR)
that was designed to address the risk of fraud.
Tensar and his team had tested these controls and
provided assurance that they were designed and
operating effectively.
Tensar felt that his internal audit team possessed the
skills and experience that were typical for a billiondollar
company. The problem he faced, however,
was that he had a wide scope of risks to address.
Further, LDC’s business model was more complex
than was typical given the variety of customer
payment models the company pursued, and LDC
was growing rapidly and engaging with customers in
unusual ways because much of what was happening
at the intersection of cloud computing and the
sharing economy was unchartered territory for any
technology company. There were few models for the
company to follow. In Tensar’s view, it seemed like
everything his team reviewed was more complicated
and took a bit longer than he expected.
Tensar had requested a larger budget this past
year so he could hire two additional experienced
auditors for his team, but Arizmendi denied the
request. At the time Arizmendi told Tensar, “If the
company meets its current year growth targets, I will
recommend that internal audit get more people,” but
then added: “With the pressure we are under now,
there is no chance that LeDuc will approve more
staffing for support functions.”
Tensar had wanted the larger team so he could keep
up with all that was happening and to enable some
extra time for training and professional development.
At current staffing levels, there was hardly time for
him, or members of his team, to catch their breath.
Tensar also wanted time to be able to plan ahead.
He was sure that LDC’s internal audit function
was doing the best it could with its resources, but
he was concerned that the risks coming from the
company’s unique business model needed more
attention. Tensar recalled a recent conversation with
Arizmendi:
Tensar: “I wish I had more time to stop and think.
We complete an annual fraud risk assessment
but do we miss anything? If someone wanted to
commit accounting fraud here, how would they
do it? Are there weaknesses in our accounting
systems that I am not aware of?”
Arizmendi: “Because of our business model, our
finance and accounting systems are so unusual
that most of our own people can’t figure them out.
I doubt someone could learn enough to commit a
material fraud without being detected.”
Tensar: “You could be right,” he said, reluctantly
agreeing. “I have not seen any sign of accounting
fraud, but you can’t be too careful. By the way,
Lester Darnal (audit committee chair) stopped by
again last week. I like him. He shows real interest
in what we are doing and is always asking good
questions.”
Arizmendi: “Yes, Lester knows his stuff and he
loves to always know what is going on. Just be
careful with what information you volunteer. We
need to get our own work done, and the board
sometimes has its own agenda.”

Question:

Do you think that the internal audit function has the right level of staffing and resources? Why or why not?

Answer 1

As an independent, objective assurance and consulting activity designed to add
value and improve an organization's operations, internal audit helps an
organization accomplish its objectives by bringing a systematic, disciplined
approach to evaluate and improve the effectiveness of risk management, control,
and governance processes.
Internal auditing best addresses management’s strategic objectives when internal
audits are performed by competent professionals in conformance with the
Standards as promulgated by The IIA.
A fully resourced and professionally competent staff that is a key part of the
organization, whether in-house or outsourced, best provides internal audit
services. The IIA recognizes that many “partnering” arrangements with outside
providers have been effective in helping organizations obtain internal audit
services that contribute to the achievement of management’s strategic objectives.
In cases where total outsourcing is selected as the method for obtaining internal
audit services, oversight and responsibility for the internal audit activity cannot be
outsourced. An in-house liaison, preferably a designated chief audit executive or
optionally an executive or senior management-level employee, should be
assigned responsibility for “management” of the internal audit activity
For a number of reasons, appropriate internal audit resources may be scarce or unavailable in certain
situations. Whether selected as a temporary alternative or permanent solution, outsourcing may be necessary to acquire
competent and professional internal audit services.
Both large and small organizations may need to take
advantage of staffing alternatives. Common reasons include temporary staff shortages, specialty skill needs, coverage for
remote business locations, local language needs, special project work, and supplemental staff to meet tight deadlines. Also,
small organizations may find it necessary to explore outsourcing due to the inability to hire permanent or fulltime internal auditors.
In addition to the considerations discussed above, an analysis of the advantages and disadvantages to alternative staffing
solutions should be prepared. The extent and formality of the analysis, and subsequent reporting, should be commensurate with
the degree or extent of outsourcing contemplated. Greater documentation and more formal reporting and approval should be
obtained when a significant portion of the internal audit activities is outsourced. Although not all-inclusive, the sidebar titled
“Outsourcing Considerations” provides items that should be considered in the analysis.