1、In the coining years, internal auditors may be expected to expand their role to assume more responsibilities in improving risk management, reducing organizational complexity and costs, and participating in developing strategic and governance processes. For example, the U.S. Securities and Exchange C
2、ommissions (SEC,s) Proxy Disclosure Enhancements rules released in December require companies listed on U.S. exchanges to disclose their governance measures, including their board structure, the boards oversight of risk management, and its relationship with executive compensation policies and practi
3、ces. Richard Chambers, II A president and CEO, recently told WebCPA, The new proxy requirements will place greater pressure on boards to demonstrate their role in the oversight of risk management, and by extension, this presents both challenges and opportunities for chief audit executives (CAEs) and
4、 their internal audit teams.nThe proxy disclosure rules create opportunities for internal auditors to report on and provide their opinions about their organizations compliance with its own governance and risk assessment requirement. In particular, auditors may need to express opinions in the areas o
5、f corporate governance, risk management,and internal controls.In expressing an opinion on these three areas, internal auditors can follow guidance set out in The IF A Practice Guide, Formulating and Expressing Internal Audit Opinions (see Expressing Opinions on page 49).Moreover, The II As Internal
6、Audit Standards Board has recently proposed a new professional practices standard, Standard 245Q:Overall Opinions, that details requirements for the work that internal auditors must do if they choose to provide an overall opinion. In addition, proposed Standard 2010.A2 requires CAEs to determine sta
7、keholder expectations for internal audit opinions and other conclusions, including the levels of assurance required, through discussion with senior management and the board.Expressing OpinionsAs more and more internal audit departments have begun providing audit opinions to stakeholders, a need for
8、guidance has been arisen. Proposed II A Standard 2450 takes a step in that direction by describing the work auditors must do before they express an opinion. In addition, an II A Practice Guide, Formulating and Expressing Internal Audit Opinions, provides considerable information and advice that audi
9、tors should study before they embark on offering audit opinions. The content below summarizes some of the Practice Guides key recommendations.RelevanceThe Practice Guide guidance for internal auditors, boards, executive and operating management, regulatory bodies,and other assurance providers who ha
10、ve an obligation to form, review, or assess an opinion on an organizations governance, risk management, and internal control systems. Internal audit opinions are important because they address stakeholders concerns. Those opinions are likely to be disclosed to the public, which makes them a crucial
11、communication channel. The criteria used to develop audit opinions should be transparent and stated in the audit report.PlanningCertain factors need to be considered when planning for the opinion: Auditors should assess whether it will be a macro-level opinion based on the results of multiple audit
12、projects, or a micro-level opinion based on a single project or a series of short-term projects. If the opinion is positive, then more evidence and a broader work scope arerequired. Auditors should determine what kind of evidence they will need to prove that their opinion is correct. There should be
13、 agreement on the criteria that will be used in forming the opinion. Auditors should consider carefully the time that the opinion is issued and the scope of the coverage. There must be appropriate management support for the internal audit plan. Evidence GatheringWhen expressing macro-level opinions,
14、auditors should: Specify the purpose for which the opinion will be used. Detail the audit procedures and guidance that is used in formulating and expressing internal audit opinions. Gather sufficient and competent evidence relevant to the management of a strategic risk-assessment process. Identify t
15、he criteria for satisfactory performance.It is possible to express a limited macro-level opinion if auditors arent able to collect sufficient evidence; however, the potential for a limited opinion should be recognized in advance during the planning process. All the appropriate methodologies should b
16、e established in advance.When expressing micro-level opinions, auditors should: Establish a clear criteria framework for drawing conclusions. Using a grading scale on any level requires a well-defined evaluation structure, and the scales must be consistent over the course of years in which the audit
17、 is conducted.ReportingThe chief audit executive is the best individual to provide assurance on a macro-level opinion. Positive assurance implies a lot of responsibility and should be used with caution and consideration.Grading or color coding is an appropriate way to formulate an opinion. Gradesuse
18、d in expressing an opinion should be agreed upon by the intended users.Ideally, prior recommendations also should be included in opinions. An opinion may be qualified, which means that it is satisfactory overall but there are some concerns and reservations.When the results are ready for evaluation,
19、auditors should consider: MaterialityResidual risk that the business objective will not be achieved should be assessed. ImpactIt is important to understand what kind of impact audit opinions will have on the business. The scope of the issues is also important.Moreover, overall audit opinion should b
20、e expressed on corporate governance measures, internal controls, and risk assessments.Corporate GovernanceCorporate governance can be understood in the context of the needs of and the relationship to the stakeholders of an organization. The II A Standards define governance processes as the procedure
21、s utilized by the representations of the organizations stakeholders to provide oversight of risk and control processes administered by management.Corporate governance has changed fundamentally over the last decade due to numerous large business failures, some of them in the wake of massive managemen
22、t fraud. Huge financial losses have led to an increasing focus and demands on organizational structure from investors, creditors, and other constituencies. In this context,it has become important to inquire as to how organizations assure that planned activities and guidelines are in fact being imple
23、mented and are functioning as intended. Internal audit can take on important roles in providing such assurance, thus promoting corporate governance.Improving corporate governance and enhancing the reliability of financial statements are receiving significant attention from lawmakers, regulators, the
24、 financial community, standards-setting bodies, and the accounting profession. This well-deserved attention stems from the financial crisis of the past two years, widelypublicized business failures, high-profile financial statement frauds, the lack ofvigilant oversight by boards of directors and aud
25、it committees, irresponsible management, inadequate governance structures, and ineffective audit functions.A close working relationship between the audit committee and internal auditing can improve the effectiveness of corporate governance. First, the independence and objectivity of auditors can be
26、strengthened when they report their findings and opinions directing to the audit committee. Second, by reviewing internal audit opinions before they are disseminated to the full board, management, regulatory bodies, and other intended users, audit committees can fulfill their oversight responsibilit
27、ies related to financial reporting, internal controls, risk management, external auditing, whistleblowing, ethics, and taxes.Historically, publicly listed companies have not reported their corporate governance activities to the extent that they report their financial activities. As that has begun to
28、 change in recent years, corporate governance reporting has gone beyond the mandatory periodic financial reports to encompass the organizations vision, strategies, mission, and board effectiveness. Internal auditors can form an opinion on their organizations corporate governance and communicate thei
29、r findings to interested stakeholders, including the board, executives, external auditors, regulatory agencies, and investors. These opinions should disclose all relevant information about the effectiveness of the organizations corporate governance and focus on its sustainability performance in all
30、areas of financial, social, ethical, and environmental activity. Moreover, they should provide transparent financial and nonfinancial information on key performance indicators and their impact on all stakeholders as well as assess the organizations responsiveness to the needs of those parties.Risk ManagementOrganizations of all types, sizes, and complexity are facing a variety of risks that affect the reliability of financial statements and effectiveness of internal controls. Effective assessment and appropriate reporting on the organizations risk management requires in
copyright@ 2008-2022 冰豆网网站版权所有
经营许可证编号:鄂ICP备2022015515号-1