Auditing Criteria

• Exercise of due diligence does not imply the infallibility of the internal auditor, but to perform work tasks efficiently and give reasonable assurance, taking into account the following:

– The extent of work necessary to achieve the objectives of the mission.

– The cost of the audit procedures and the expected return from them.

– Important and influential items, taking into account the relative importance of the review items.

– Efficiency and effectiveness of internal controls and risk management.

– The possibility of significant risks and the possibility of major errors, fraud or non-compliance with policies and legislation for some items.

• Internal audit tasks must be accomplished skilfully and with due professional care.

• Internal auditors must possess the necessary skills and competencies to carry out their individual responsibilities. The internal auditor activity in general must collectively possess the skills and other competencies necessary to carry out their responsibilities. Example:

– The audit team reviews a contracting activity and assigns one of the auditors the task of reviewing the account of letters of guarantee and does not have previous experience in the types of letters of guarantee and how to deal with each of them or review the proof of revenue without making sure that the auditor is familiar with the accounting standard for construction contracts, knowing that there is a precedent of great experience with the auditor in financial instruments and the existence of transactions in the company in securities .

• The Chief Audit Officer should seek advice and assistance from qualified persons if the internal auditors lack the expertise and various skills necessary to carry out all or part of the audit assignment, such as hiring external experts to help do the required part.

• Internal auditors must have the knowledge to assess fraud risks and how the organization manages those risks. But they are not expected to have the same experience as the person whose main responsibility is to detect and investigate fraud.

Internal auditors should consider the use of technology-based auditing and other data analysis to assist them in performing audit tasks.

• Internal auditors should be aware of key IT risks and controls

However, not all internal auditors are expected to have the expertise of an internal auditor whose primary responsibility is an IT audit.

– The internal audit manager should ensure that the people assigned to each task collectively possess both the (knowledge-skill-other competencies) necessary to conduct the task appropriately and encourage internal auditors to demonstrate their competence by obtaining professional certificates and qualifications.

– Internal auditors must exert the necessary professional care during the completion of consulting tasks, taking into account the needs of the client, including the nature, cost and timing of reaching the required results and the degree of complexity compared to the return from them, such as reviewing an item of the income statement by 100% or reviewing a technical tender that requires the use of external expertise, in this case, the time required to implement the task and its cost must be determined for approval before starting.

Internal auditors should improve their skills and other competencies through continuing professional education.

• If internal auditors do not possess the skills or competencies required to perform a particular advisory assignment or part of it, then the Chief Auditor Executive Officer must either not accept that assignment or seek the assistance of qualified persons.

• The Chief Audit Officer must be sure that the internal audit activity has the necessary competence to perform its tasks by setting foundations and standards in training courses and in the appropriate experience to fill internal audit positions.

• The Chief Audit Officer shall prepare and maintain a quality assurance and improvement program covering all aspects of the internal audit activity.

– The Quality Assurance and Improvement Program is designed to assess the conformity of the internal audit activity with the standards.

– It also enables the assessment of the extent to which internal auditors adhere to the Code of Ethics.

– This program includes an assessment of the effectiveness and adequacy of internal audit activity and the identification of opportunities for improvement.

A quality assurance and improvement program should have both internal and external assessments.

- Continuous supervision of the performance of the internal audit activity of colleagues on each other, such as making a checklist after the completion of the periodic review task.

- Conduct an evaluation at least annually for the members of the audit team, each according to his specialization and competencies, to know the internal audit activity, skills and other competencies required, and to identify areas of opportunity that can be addressed either through training and development, appointment or use of an external service provider.

An external evaluation must be done at least once every five years by a qualified and independent auditor or review team from outside the facility, and in this context, the Chief Audit Officer must discuss with the Board of Directors - Internal Audit Committee: - 1- The form and frequency of external evaluation.

The qualifications and independence of the auditor or external audit team, including the possibility of any conflict of interest.

- Responsibilities must be separated so that no employee can do any fraud or embezzlement and has the ability to hide it and the extent of separation of responsibilities is one of the most important elements of internal control and to achieve the efficiency and effectiveness of control.

- Any documentary transaction has three functions that must be separated, namely the authority to approve and approve the transaction - to register the transaction - the custody officer, and in all cases the cost and return must be taken into account when separating transactions and increasing tasks and employees in companies with a small volume of transactions.

- Documentary courses can be described and summarized in the following five documentary cycles:

1. Sales and warehouse exchange cycle.

2. Procurement and supply cycle store.

3. Cycle of cash receipts, incoming checks and others.

4. Cash payments, outgoing checks and others.

5. Payroll cycle

6. The separation of each of these cycles in the tasks, such as separating the authority to register the purchase order from the authority to approve the purchase order from the authority of the person who receives the quantities and supplies them to the store and the conformity of the trustee of the received quantity with the purchase order, for example, in the procurement cycle, as well as in the sales cycle by separating the person who made the sales order from the person responsible for approving the sales order and the warehouse exchange order from the warehouse exchange official as responsible for the custody and matching the existing in the sales order with the one in the exchange order Certified.

7. Some tasks can be integrated into SMEs, but in this case the internal auditor should review the efficiency of segregation of duties.

8. Separation of tasks and powers

9. The task of accreditation must be separated from the registration task from the custody officer, and they are three tasks that must be separated in any company to make an efficient control tool within the company, and the auditor must confirm and recommend this in the absence of it and then verify its effectiveness.

To complete the external review article (click here)

( For our servicesclick here)

( To get a free demo from the program or orderclick here)