1st Edition

Leading the Internal Audit Function

By Lynn Fountain Copyright 2015
    316 Pages 7 B/W Illustrations
    by Auerbach Publications

    312 Pages 7 B/W Illustrations
    by Auerbach Publications

    While the Institute of Internal Auditors (IIA) has provided standards and guidelines for the practice of internal audit through the International Professional Practice Framework (IPPF), internal auditors and Chief Audit Executives (CAEs) continue to experience difficulties when attempting to balance the requirements of the IPPF with management expectations. The true challenge for any internal auditor is to appropriately apply the Standards while exerting adequate independence and objectivity in the face of management pressure.

    In Leading the Internal Audit Function, Lynn Fountain presents lessons learned from her extensive experience as an internal auditor, internal audit manager, and CAE to help internal auditors understand the challenges, issues, and potential alternative solutions when executing the role. The book identifies more than 50 challenges for auditors and discusses potential alternative actions the auditor can take when they experience a similar challenge. The book explains how to:

    • Build a value-oriented function that abides by the standards and supports the objectives and goals of the organization.
    • Execute the many aspects of the internal audit, including assurance and consulting work.
    • Build a risk-based audit process.
    • Develop and sustain the internal audit team.
    • Develop and manage relationships with management and the audit committee.
    • Manage internal audit’s role in corporate governance, compliance, and fraud.

    Leading the Internal Audit Function includes real-life examples, scenarios, and lessons learned from internal auditors and CAEs to emphasize the importance of carefully managing all aspects of the internal audit. The author summarizes her many lessons learned into ten "commandments" for both CAEs and internal auditors. By following the guidelines in this book, you should be well-equipped to gain management support, perform effective and ethical audits, and uphold IIA Standards.

    Lessons of an Auditor
    Management’s View
    Section 1: Lessons Learned
    Lesson 1: Clarify/Define Management Expectations for Internal Audit
    Lesson 2: Balance Management Expectations with the International Institute of Auditors Standards
    Lesson 3: Validate the Internal Audit Charter Is Fact and Not Fiction
    Lesson 4: Clarify the Purpose and Execution of Risk-Based Auditing
    Lesson 5: Define "Independent Risk Assessment" in Relation to the Audit Plan
    Lesson 6: Add Value while Maintaining Independence
    Scenario: When the CAE Is Expected to Be a Yes Man/Ma’am
    Lesson 7: Serve the Audit Committee
    Verbal Communication
    Lesson 8: Communication of Issues When Management Objects
    Lesson 9: Understand How the CAE Role and Audit Department Are Viewed
    Lesson 10: Gaining a "Seat at the Table"
    Section 2: Is It Legal or Is It Ethical?—The CAE’s Dilemma
    Everyone Is Responsible
    Tone at the Top Is Essential
    Honesty Is Still the Best Policy
    Integrity Can Be a Measure of Ethics
    Corporate Responsibility and Communications Must Be Prevalent
    Silence Is Not Acceptable

    Defining the Purpose of the Internal Audit Function
    Section 1: Understanding the Definition and Purpose of Internal Audit
    Challenge 1: Independence and Objectivity
    Challenge 2: Assurance and Consulting Activity
    Challenge 3: Add Value and Improve an Organization’s Operation
    Challenge 4: Disciplined Approach to Evaluate and Improve the Effectiveness of Risk Management, Control, and Governance Processes
    Summary: Internal Audit Definition Challenges
    Scope of Internal Audit
    Professional Standards—Principles for Internal Auditor Effectiveness
    Section 2: The Internal Charter—Reality or Fiction?
    Challenge 5: Internal Audit Charter
    Challenge 6: Positioning and Authority
    Section 3: Internal Audit versus Quality Assurance Functions
    Internal Audit versus Quality Assurance—The Reality
    Mini-Audit Functions
    Scenario: "Mini-Audit" Process
    Challenge 7: Internal Audit versus Quality Assurance
    Section 4: Management Expectations versus Standards
    Management Expectations and the Standards
    Certified Internal Auditor
    Challenge 8: Attribute Standards Integrity and Ethical Values
    Challenge 9: Attribute Standards Proficiency and Due Care
    Challenge 10: Attribute Standards Quality Assurance and Improvement
    Section 5: Performance Standards
    Challenge 11: Performance Standard 2000
    Section 6: Standards and Report Writing
    Challenge 12: Performance Standard 2400 Communicating Results
    Section 7: Realities of Embracing Risk-Based Auditing
    Challenge 13: Risk-Based Auditing
    Section 8: Internal Audit as Governance Pillar
    Challenge 14: Internal Audit’s Role in Governance

    Building an Internal Audit Team
    Team First and the Leader Within
    Section 1: Internal Audit Resourcing, Staffing, and Building a Team
    Challenge 15: Internal Audit Team Structure
    Challenge 16: Department Sourcing Methods
    Challenge 17: Resourcing to Address Significant Risks
    Section 2: Skills Requirements for an Effective Internal Auditor
    Technical versus Soft Skills
    Balanced Skill Set
    Challenge 18: Defining the Required Skill Set for Internal Auditors
    Section 3: Internal Audit as a Management Training Ground
    Challenge 19: Internal Audit as a Management Training Ground
    Section 4: Outsourcing, Co-sourcing, and In-sourcing
    Challenge 20: Outsourcing
    Challenge 21: Co-sourcing
    Challenge 22: In-sourcing
    Section 5: Internal Audit Skill Sets and Knowledge
    Challenge 23: Maintaining Appropriate Skill Sets

    Audit Plan
    Section 1: Developing an Independent Audit Plan
    Challenge 24: Audit Plan Time Frame
    Challenge 25: Audit Plan Resource Allocation
    Challenge 26: Audit Plan Development Approach
    Challenge 27: Audit Plan Results
    Section 2: The Risk Assessment Approach
    Challenge 28: Enterprise Risk Management Assessment
    Challenge 29: Executing the Enterprise Risk Management Process
    Challenge 30: Enterprise Risk Management Reporting versus Internal Audit Reporting

    Executing Internal Audit Responsibilities
    Section 1: Aligning the Concept of Risk-Based Auditing
    Step 1: Understand the Process
    Challenge 31: Audit Planning Phase
    Step 2: Identify the Control Structure
    Challenge 31 Potential Actions: Audit Planning Phase
    Challenge 32: Individual Audit Area Control Environment
    Challenge 33: COSO as Part of the Risk-Based Audit Process
    Step 3: Understand, Identify, and Assess the Risks
    Challenge 34: Understanding, Identifying, and Assessing Risk
    Step 4: Measuring the Risk Impact
    Challenge 35: Risk Tolerance versus Risk Appetite
    Risk Appetite
    Step 5: Summarizing Results and Identifying Risk- Mitigating Actions
    Challenge 36: Summarizing Results and Identifying Risk-Mitigating Actions
    Section 2: Internal Audit’s Role in Corporate Governance
    Challenge 37: Evaluating the Board of Directors
    Board and Internal Control
    Section 3: Internal Audit’s Role in Fraud Processes
    Pre-Sarbanes–Oxley Issues

    Challenge 38: Internal Audit’s Role in Fraud Awareness
    Challenge 39: Internal Audit’s Role in Fraud Risk Assessment
    Challenge 40: Internal Audit’s Role in Fraud Investigation
    Section 4: Performing Consulting Engagements
    Challenge 41: Internal Auditors as Consultants

    Internal Audit Reporting and Communication
    Section 1: Internal Audit Reporting Methods
    Challenge 42: Internal Audit Reporting Format
    Challenge 43: Internal Audit Report Writing
    Challenge 44: Management Action Plans versus Management Response
    Challenge 45: Providing an Overall Internal Audit Opinion
    Challenge 46: Management Representation at the Audit Committee Meeting
    Section 2: Functional and Administrative Reporting Lines
    Challenge 47: Reporting to CFO or CLO
    Challenge 48: Reporting to the CEO
    Challenge 49: Reporting to the Audit Committee and Keys to Building Relationships
    Section 3: Legal, Regulatory, and Discovery Concepts
    Challenge 50: Understanding the Legal Privilege
    Section 4: When Adequate Management and Audit Committee Support Is Lacking
    Challenge 51: Management and the Audit Committees’ View of Internal Audit Are Extremely Different from the Standards and Those of the CAE

    Chapter 7 Final Word
    Ten "Potential" Commandments for Auditors


    Lynn A. Fountain, CGMA, CRMA, MBA has over 35 years of experience in the business profession, which includes public and industry accounting and over 20 years within internal and external auditing combined. She is a nationally recognized trainer and speaker and also a published author of both a personal book and professional books. Ms. Fountain is a subject matter expert and specializes in internal audit, Sarbanes-Oxley, Enterprise Risk Management, fraud, governance, ethics, and compliance. Ms. Fountain has held two Chief Audit Executive positions for international companies. She has also been instrumental in the establishment of ERM, Sarbanes-Oxley, and governance frameworks. Ms. Fountain obtained her BSBA from Pittsburg State University and her MBA from Washburn University in Kansas. She also holds her certificate in Certified Public Accountancy.