CA Inter Auditing & Ethics Chapter 4 – Audit Evidence Part 2 – SA 610

Diagram outlining SA 610 framework for using internal auditors in audit evidence

CA Inter Auditing & Ethics

Chapter 4 – Audit Evidence

Part 2 – SA 610: Using the Work of Internal Auditors


SA 610 – USING THE WORK OF INTERNAL AUDITORS

Introduction

An external auditor may use the work of the Internal Audit Function if it is appropriate to do so. However, the responsibility for the audit opinion always remains with the external auditor.

Exam Keyword: The external auditor’s responsibility is not reduced by using the work of internal auditors.


Definition of Internal Audit Function

Internal Audit Function is:

A function of an entity that performs assurance and consulting activities designed to evaluate and improve the effectiveness of governance, risk management, and internal control processes.

Simple Meaning

Internal auditors are employees (or outsourced professionals) who continuously evaluate whether the organization’s controls and systems are working effectively.


Objectives of Internal Audit Function

Internal audit aims to improve:

  • Governance
  • Risk Management
  • Internal Controls
  • Operational Efficiency
  • Compliance with Laws

Activities of Internal Audit Function

There are 3 major areas.


1. Activities Relating to Governance

Internal auditors evaluate:

  • Ethics and values
  • Accountability
  • Performance management
  • Communication between:
    • Management
    • Board of Directors
    • External Auditor
    • Internal Auditor

Example

Checking whether Audit Committee meetings are conducted regularly.


2. Activities Relating to Risk Management

Internal auditors:

  • Identify business risks
  • Evaluate risks
  • Recommend improvements
  • Assist in fraud detection
  • Improve financial reporting process

Example

Identifying cyber security risks.


3. Activities Relating to Internal Control

Internal auditors evaluate:

  • Design of controls
  • Operation of controls
  • Effectiveness of controls
  • Compliance with laws
  • Financial reporting

Examples

  • Reviewing bank reconciliation
  • Testing authorization controls
  • Checking compliance with GST

Summary Flowchart

Internal Audit Function
├── Governance
├── Risk Management
└── Internal Controls

How Can External Auditor Use Internal Audit?

External auditor can use internal audit in 3 ways.


(1) Obtain Information

Internal audit reports help understand:

  • Business
  • Internal controls
  • Risks
  • Fraud risk

(2) Use Internal Audit Work

External auditor may rely on work already performed by internal audit.

Example

Internal audit already tested inventory controls.

External auditor may evaluate and use that work.


(3) Direct Assistance

Internal auditors may perform audit procedures under the direction, supervision and review of the external auditor.

Remember

This is called Direct Assistance.


Scope of SA 610

SA 610 covers:

(A)

Using work of internal audit function.

(B)

Using internal auditors for direct assistance.


Very Important Principle

Even after using internal auditors,

✔ Audit opinion belongs only to External Auditor.

✔ Responsibility cannot be transferred.

ICAI Favourite Point

External Auditor has sole responsibility for the audit opinion.


Objectives of External Auditor

If internal audit exists, external auditor should determine:

Step 1

Can internal audit work be used?

Step 2

If Yes,

Which areas?

Step 3

To what extent?

Step 4

Is the work adequate?

Step 5

Can direct assistance be taken?


Evaluation of Internal Audit Function

Before relying on internal audit,

External auditor evaluates 3 factors.


1. Objectivity

Meaning

Ability to perform work without bias.


Factors Affecting Objectivity

  1. Reporting structure

Better if reports to Audit Committee.

  1. Freedom from management influence
  2. No operational responsibilities
  3. No conflict of interest
  4. Proper authority within organization

Example

Internal auditor should not also be Production Manager.

Otherwise,

Objectivity is lost.


2. Competence

Meaning

Knowledge, skill and experience of internal auditors.


Factors Affecting Competence

  • Professional qualification
  • Training
  • Experience
  • Technical knowledge
  • Resources available
  • Knowledge of Financial Reporting Framework

3. Systematic & Disciplined Approach

Internal audit should have

  • Audit manual
  • Audit planning
  • Working papers
  • Documentation
  • Quality control
  • Proper reporting system

Memory Trick

OCS

O

Objectivity

C

Competence

S

Systematic Approach


Objectivity vs Competence

ObjectivityCompetence
IndependenceSkill
Freedom from biasTechnical knowledge
Organizational statusExperience

Important ICAI Concept

Objectivity and Competence are like a continuum.

Higher Objectivity

Higher Competence

Greater reliance by external auditor.

But,

High competence cannot compensate for lack of objectivity.

Similarly,

High objectivity cannot compensate for lack of competence.


When Internal Audit Work Cannot Be Used

External auditor shall not rely if:

1.

Objectivity is poor.

2.

Competence is insufficient.

3.

Systematic approach is absent.


Nature & Extent of Work That Can Be Used

External auditor considers:

  • Nature of work
  • Scope
  • Relevance
  • Audit strategy
  • Audit plan

Examples of Work That Can Be Used

✔ Testing controls

✔ Inventory observation

✔ Compliance testing

✔ Tracing transactions

✔ Limited substantive procedures


When External Auditor Should Perform More Work Himself

External auditor should reduce reliance if:


1. Significant Judgment Required

Example

Estimating provisions.


2. High Risk of Material Misstatement

Higher risk

More direct audit work.


3. Weak Objectivity


4. Low Competence


Memory Trick

JROC

J

Judgment

R

Risk

O

Objectivity

C

Competence


Using Internal Audit Work

If relying on internal audit,

External auditor should:


1.

Discuss planned use.


2.

Read internal audit reports.


3.

Perform audit procedures to evaluate adequacy.


Coordination Between External & Internal Auditor

Effective coordination includes:

  • Regular meetings
  • Sharing findings
  • Sharing reports
  • Discussing risks
  • Sharing significant issues

Topics Discussed During Coordination

  • Timing
  • Nature of work
  • Audit coverage
  • Materiality
  • Sample size
  • Documentation
  • Reporting

Direct Assistance

Meaning

Internal auditors perform audit procedures

under

  • Direction
  • Supervision
  • Review

of external auditor.


Before Allowing Direct Assistance

External auditor evaluates:

  • Objectivity
  • Competence
  • Threats to independence

Direct Assistance Not Allowed When

1.

Significant threats to objectivity.

2.

Internal auditor lacks competence.


Internal Auditor Cannot Perform

The following work cannot be delegated:


(A)

Significant audit judgments.

Example

Materiality decisions.


(B)

High-risk audit areas.


(C)

Areas already audited and reported by internal audit.


(D)

Any area prohibited by law.


Comparison

Internal AuditorExternal Auditor
Employee of entityIndependent professional
Reports to management/BoardReports to shareholders
Improves controlsExpresses audit opinion
Continuous auditPeriodic audit
Not independentIndependent

Flowchart of SA 610

Internal Audit Exists
Evaluate OCS
(Objectivity
Competence
Systematic Approach)
Suitable?
Yes
Use Work
OR
Direct Assistance
External Auditor Reviews
External Auditor Gives Opinion

Exam-Oriented Points

External Auditor’s Responsibility

Always remains with external auditor.

Cannot be delegated.


Three Evaluation Criteria

  • Objectivity
  • Competence
  • Systematic Approach

Three Uses of Internal Audit

  • Information
  • Audit Evidence
  • Direct Assistance

Four Cases Where More Direct Work Is Needed

  • More judgment
  • Higher risk
  • Lower objectivity
  • Lower competence

ICAI Keywords

  • Assurance activities
  • Consulting activities
  • Governance
  • Risk Management
  • Internal Control
  • Objectivity
  • Competence
  • Systematic and Disciplined Approach
  • Direct Assistance
  • Sole Responsibility
  • Professional Judgment

One-Mark Revision

  • SA 610 deals with Using the Work of Internal Auditors.
  • External auditor retains sole responsibility for the audit opinion.
  • Internal audit function performs assurance and consulting activities.
  • Three evaluation factors: Objectivity, Competence, Systematic Approach (OCS).
  • Internal audit work cannot be used if objectivity, competence, or systematic approach is inadequate.
  • Direct assistance means internal auditors work under the direction, supervision, and review of the external auditor.
  • Internal auditors cannot perform procedures involving significant judgment, high-risk areas, work they have already reported on, or work prohibited by law.

Memory Tricks

  • OCS = Objectivity, Competence, Systematic Approach
  • JROC = Judgment, Risk, Objectivity, Competence (factors requiring more direct work by the external auditor)
  • GRI = Governance, Risk Management, Internal Controls (main activities of the internal audit function)

This completes the detailed notes for SA 610 – Using the Work of Internal Auditors in an exam-oriented format.

Leave a comment