Leading the Internal Audit Function: 1st Edition (Hardback) book cover

Leading the Internal Audit Function

1st Edition

By Lynn Fountain

Auerbach Publications

293 pages | 7 B/W Illus.

Purchasing Options:$ = USD
Hardback: 9781498730426
pub: 2015-10-28
SAVE ~$15.19
eBook (VitalSource) : 9780429183973
pub: 2016-04-05
from $37.98

FREE Standard Shipping!


While the Institute of Internal Auditors (IIA) has provided standards and guidelines for the practice of internal audit through the International Professional Practice Framework (IPPF), internal auditors and Chief Audit Executives (CAEs) continue to experience difficulties when attempting to balance the requirements of the IPPF with management expectations. The true challenge for any internal auditor is to appropriately apply the Standards while exerting adequate independence and objectivity in the face of management pressure.

In Leading the Internal Audit Function, Lynn Fountain presents lessons learned from her extensive experience as an internal auditor, internal audit manager, and CAE to help internal auditors understand the challenges, issues, and potential alternative solutions when executing the role. The book identifies more than 50 challenges for auditors and discusses potential alternative actions the auditor can take when they experience a similar challenge. The book explains how to:

  • Build a value-oriented function that abides by the standardsand supports the objectives and goals of the organization.
  • Execute the many aspects of the internal audit, including assurance and consulting work.
  • Build a risk-based audit process.
  • Develop and sustain the internal audit team.
  • Develop and manage relationships with management and the audit committee.
  • Manage internal audit’s role in corporate governance, compliance, and fraud.

Leading the Internal Audit Function includes real-life examples, scenarios, and lessons learned from internal auditors and CAEs to emphasize the importance of carefully managing all aspects of the internal audit. The authorsummarizes her many lessons learned into ten "commandments" for both CAEs and internal auditors. By following the guidelines in this book, you should be well-equipped to gain management support, perform effective and ethical audits, and uphold IIA Standards.

Table of Contents

Lessons of an Auditor


Management’s View

Section 1: Lessons Learned


Lesson 1: Clarify/Define Management Expectations for Internal Audit

Lesson 2: Balance Management Expectations with the International Institute of Auditors Standards

Lesson 3: Validate the Internal Audit Charter Is Fact and Not Fiction

Lesson 4: Clarify the Purpose and Execution of Risk-Based Auditing

Lesson 5: Define "Independent Risk Assessment" in Relation to the Audit Plan

Lesson 6: Add Value while Maintaining Independence

Scenario: When the CAE Is Expected to Be a Yes Man/Ma’am

Lesson 7: Serve the Audit Committee

Verbal Communication

Lesson 8: Communication of Issues When Management Objects

Lesson 9: Understand How the CAE Role and Audit Department Are Viewed

Lesson 10: Gaining a "Seat at the Table"

Section 2: Is It Legal or Is It Ethical?—The CAE’s Dilemma


Everyone Is Responsible

Tone at the Top Is Essential

Honesty Is Still the Best Policy

Integrity Can Be a Measure of Ethics

Corporate Responsibility and Communications Must Be Prevalent

Silence Is Not Acceptable


Defining the Purpose of the Internal Audit Function


Section 1: Understanding the Definition and Purpose of Internal Audit

Challenge 1: Independence and Objectivity

Challenge 2: Assurance and Consulting Activity

Challenge 3: Add Value and Improve an Organization’s Operation

Challenge 4: Disciplined Approach to Evaluate and Improve the Effectiveness of Risk Management, Control, and Governance Processes

Summary: Internal Audit Definition Challenges

Scope of Internal Audit

Professional Standards—Principles for Internal Auditor Effectiveness

Section 2: The Internal Charter—Reality or Fiction?


Challenge 5: Internal Audit Charter

Challenge 6: Positioning and Authority

Section 3: Internal Audit versus Quality Assurance Functions


Internal Audit versus Quality Assurance—The Reality

Mini-Audit Functions

Scenario: "Mini-Audit" Process

Challenge 7: Internal Audit versus Quality Assurance

Section 4: Management Expectations versus Standards


Management Expectations and the Standards

Certified Internal Auditor

Challenge 8: Attribute Standards Integrity and Ethical Values

Challenge 9: Attribute Standards Proficiency and Due Care

Challenge 10: Attribute Standards Quality Assurance and Improvement

Section 5: Performance Standards


Challenge 11: Performance Standard 2000

Section 6: Standards and Report Writing


Challenge 12: Performance Standard 2400 Communicating Results

Section 7: Realities of Embracing Risk-Based Auditing


Challenge 13: Risk-Based Auditing

Section 8: Internal Audit as Governance Pillar


Challenge 14: Internal Audit’s Role in Governance


Building an Internal Audit Team


Team First and the Leader Within

Section 1: Internal Audit Resourcing, Staffing, and Building a Team

Challenge 15: Internal Audit Team Structure

Challenge 16: Department Sourcing Methods

Challenge 17: Resourcing to Address Significant Risks

Section 2: Skills Requirements for an Effective Internal Auditor


Technical versus Soft Skills

Balanced Skill Set

Challenge 18: Defining the Required Skill Set for Internal Auditors

Section 3: Internal Audit as a Management Training Ground


Challenge 19: Internal Audit as a Management Training Ground

Section 4: Outsourcing, Co-sourcing, and In-sourcing


Challenge 20: Outsourcing

Challenge 21: Co-sourcing

Challenge 22: In-sourcing


Section 5: Internal Audit Skill Sets and Knowledge


Challenge 23: Maintaining Appropriate Skill Sets


Audit Plan


Section 1: Developing an Independent Audit Plan


Challenge 24: Audit Plan Time Frame

Challenge 25: Audit Plan Resource Allocation

Challenge 26: Audit Plan Development Approach

Challenge 27: Audit Plan Results

Section 2: The Risk Assessment Approach


Challenge 28: Enterprise Risk Management Assessment

Challenge 29: Executing the Enterprise Risk Management Process

Challenge 30: Enterprise Risk Management Reporting versus Internal Audit Reporting

Executing Internal Audit Responsibilities


Section 1: Aligning the Concept of Risk-Based Auditing


Step 1: Understand the Process

Challenge 31: Audit Planning Phase

Step 2: Identify the Control Structure

Challenge 31 Potential Actions: Audit Planning Phase

Challenge 32: Individual Audit Area Control Environment

Challenge 33: COSO as Part of the Risk-Based Audit Process

Step 3: Understand, Identify, and Assess the Risks

Challenge 34: Understanding, Identifying, and Assessing Risk

Step 4: Measuring the Risk Impact

Challenge 35: Risk Tolerance versus Risk Appetite

Risk Appetite

Step 5: Summarizing Results and Identifying Risk- Mitigating Actions

Challenge 36: Summarizing Results and Identifying Risk-Mitigating Actions

Section 2: Internal Audit’s Role in Corporate Governance


Challenge 37: Evaluating the Board of Directors

Board and Internal Control


Section 3: Internal Audit’s Role in Fraud Processes


Pre-Sarbanes–Oxley Issues


Challenge 38: Internal Audit’s Role in Fraud Awareness

Challenge 39: Internal Audit’s Role in Fraud Risk Assessment

Challenge 40: Internal Audit’s Role in Fraud Investigation


Section 4: Performing Consulting Engagements


Challenge 41: Internal Auditors as Consultants

Internal Audit Reporting and Communication


Section 1: Internal Audit Reporting Methods


Challenge 42: Internal Audit Reporting Format

Challenge 43: Internal Audit Report Writing

Challenge 44: Management Action Plans versus Management Response

Challenge 45: Providing an Overall Internal Audit Opinion

Challenge 46: Management Representation at the Audit Committee Meeting

Section 2: Functional and Administrative Reporting Lines


Challenge 47: Reporting to CFO or CLO

Challenge 48: Reporting to the CEO

Challenge 49: Reporting to the Audit Committee and Keys to Building Relationships

Section 3: Legal, Regulatory, and Discovery Concepts


Challenge 50: Understanding the Legal Privilege

Section 4: When Adequate Management and Audit Committee Support Is Lacking

Challenge 51: Management and the Audit Committees’ View of Internal Audit Are Extremely Different from the Standards and Those of the CAE

Chapter 7 Final Word


Ten "Potential" Commandments for Auditors

About the Author

Lynn A. Fountain, CGMA, CRMA, MBA has over 35 years of experience in the business profession, which includes public and industry accounting and over 20 years within internal and external auditing combined. She is a nationally recognized trainer and speaker and also a published author of both a personal book and professional books. Ms. Fountain is a subject matter expert and specializes in internal audit, Sarbanes-Oxley, Enterprise Risk Management, fraud, governance, ethics, and compliance. Ms. Fountain has held two Chief Audit Executive positions for international companies. She has also been instrumental in the establishment of ERM, Sarbanes-Oxley, and governance frameworks. Ms. Fountain obtained her BSBA from Pittsburg State University and her MBA from Washburn University in Kansas. She also holds her certificate in Certified Public Accountancy.

About the Series

Internal Audit and IT Audit

Learn more…

Subject Categories

BISAC Subject Codes/Headings:
BUSINESS & ECONOMICS / Management Science
BUSINESS & ECONOMICS / Information Management
COMPUTERS / Information Technology
COMPUTERS / Security / General