CA Inter Auditing & Ethics
Chapter 4 – Audit Evidence
Part 2 – SA 610: Using the Work of Internal Auditors
SA 610 – USING THE WORK OF INTERNAL AUDITORS
Introduction
An external auditor may use the work of the Internal Audit Function if it is appropriate to do so. However, the responsibility for the audit opinion always remains with the external auditor.
Exam Keyword: The external auditor’s responsibility is not reduced by using the work of internal auditors.
Definition of Internal Audit Function
Internal Audit Function is:
A function of an entity that performs assurance and consulting activities designed to evaluate and improve the effectiveness of governance, risk management, and internal control processes.
Simple Meaning
Internal auditors are employees (or outsourced professionals) who continuously evaluate whether the organization’s controls and systems are working effectively.
Objectives of Internal Audit Function
Internal audit aims to improve:
- Governance
- Risk Management
- Internal Controls
- Operational Efficiency
- Compliance with Laws
Activities of Internal Audit Function
There are 3 major areas.
1. Activities Relating to Governance
Internal auditors evaluate:
- Ethics and values
- Accountability
- Performance management
- Communication between:
- Management
- Board of Directors
- External Auditor
- Internal Auditor
Example
Checking whether Audit Committee meetings are conducted regularly.
2. Activities Relating to Risk Management
Internal auditors:
- Identify business risks
- Evaluate risks
- Recommend improvements
- Assist in fraud detection
- Improve financial reporting process
Example
Identifying cyber security risks.
3. Activities Relating to Internal Control
Internal auditors evaluate:
- Design of controls
- Operation of controls
- Effectiveness of controls
- Compliance with laws
- Financial reporting
Examples
- Reviewing bank reconciliation
- Testing authorization controls
- Checking compliance with GST
Summary Flowchart
Internal Audit Function │ ├── Governance │ ├── Risk Management │ └── Internal Controls
How Can External Auditor Use Internal Audit?
External auditor can use internal audit in 3 ways.
(1) Obtain Information
Internal audit reports help understand:
- Business
- Internal controls
- Risks
- Fraud risk
(2) Use Internal Audit Work
External auditor may rely on work already performed by internal audit.
Example
Internal audit already tested inventory controls.
External auditor may evaluate and use that work.
(3) Direct Assistance
Internal auditors may perform audit procedures under the direction, supervision and review of the external auditor.
Remember
This is called Direct Assistance.
Scope of SA 610
SA 610 covers:
(A)
Using work of internal audit function.
(B)
Using internal auditors for direct assistance.
Very Important Principle
Even after using internal auditors,
✔ Audit opinion belongs only to External Auditor.
✔ Responsibility cannot be transferred.
ICAI Favourite Point
External Auditor has sole responsibility for the audit opinion.
Objectives of External Auditor
If internal audit exists, external auditor should determine:
Step 1
Can internal audit work be used?
↓
Step 2
If Yes,
Which areas?
↓
Step 3
To what extent?
↓
Step 4
Is the work adequate?
↓
Step 5
Can direct assistance be taken?
Evaluation of Internal Audit Function
Before relying on internal audit,
External auditor evaluates 3 factors.
1. Objectivity
Meaning
Ability to perform work without bias.
Factors Affecting Objectivity
- Reporting structure
Better if reports to Audit Committee.
- Freedom from management influence
- No operational responsibilities
- No conflict of interest
- Proper authority within organization
Example
Internal auditor should not also be Production Manager.
Otherwise,
Objectivity is lost.
2. Competence
Meaning
Knowledge, skill and experience of internal auditors.
Factors Affecting Competence
- Professional qualification
- Training
- Experience
- Technical knowledge
- Resources available
- Knowledge of Financial Reporting Framework
3. Systematic & Disciplined Approach
Internal audit should have
- Audit manual
- Audit planning
- Working papers
- Documentation
- Quality control
- Proper reporting system
Memory Trick
OCS
O
Objectivity
C
Competence
S
Systematic Approach
Objectivity vs Competence
| Objectivity | Competence |
|---|---|
| Independence | Skill |
| Freedom from bias | Technical knowledge |
| Organizational status | Experience |
Important ICAI Concept
Objectivity and Competence are like a continuum.
Higher Objectivity
Higher Competence
↓
Greater reliance by external auditor.
But,
High competence cannot compensate for lack of objectivity.
Similarly,
High objectivity cannot compensate for lack of competence.
When Internal Audit Work Cannot Be Used
External auditor shall not rely if:
1.
Objectivity is poor.
2.
Competence is insufficient.
3.
Systematic approach is absent.
Nature & Extent of Work That Can Be Used
External auditor considers:
- Nature of work
- Scope
- Relevance
- Audit strategy
- Audit plan
Examples of Work That Can Be Used
✔ Testing controls
✔ Inventory observation
✔ Compliance testing
✔ Tracing transactions
✔ Limited substantive procedures
When External Auditor Should Perform More Work Himself
External auditor should reduce reliance if:
1. Significant Judgment Required
Example
Estimating provisions.
2. High Risk of Material Misstatement
Higher risk
↓
More direct audit work.
3. Weak Objectivity
4. Low Competence
Memory Trick
JROC
J
Judgment
R
Risk
O
Objectivity
C
Competence
Using Internal Audit Work
If relying on internal audit,
External auditor should:
1.
Discuss planned use.
2.
Read internal audit reports.
3.
Perform audit procedures to evaluate adequacy.
Coordination Between External & Internal Auditor
Effective coordination includes:
- Regular meetings
- Sharing findings
- Sharing reports
- Discussing risks
- Sharing significant issues
Topics Discussed During Coordination
- Timing
- Nature of work
- Audit coverage
- Materiality
- Sample size
- Documentation
- Reporting
Direct Assistance
Meaning
Internal auditors perform audit procedures
under
- Direction
- Supervision
- Review
of external auditor.
Before Allowing Direct Assistance
External auditor evaluates:
- Objectivity
- Competence
- Threats to independence
Direct Assistance Not Allowed When
1.
Significant threats to objectivity.
2.
Internal auditor lacks competence.
Internal Auditor Cannot Perform
The following work cannot be delegated:
(A)
Significant audit judgments.
Example
Materiality decisions.
(B)
High-risk audit areas.
(C)
Areas already audited and reported by internal audit.
(D)
Any area prohibited by law.
Comparison
| Internal Auditor | External Auditor |
|---|---|
| Employee of entity | Independent professional |
| Reports to management/Board | Reports to shareholders |
| Improves controls | Expresses audit opinion |
| Continuous audit | Periodic audit |
| Not independent | Independent |
Flowchart of SA 610
Internal Audit Exists │ ▼Evaluate OCS(ObjectivityCompetenceSystematic Approach) │ ▼Suitable? Yes │ ▼Use WorkORDirect Assistance │ ▼External Auditor Reviews │ ▼External Auditor Gives Opinion
Exam-Oriented Points
External Auditor’s Responsibility
Always remains with external auditor.
Cannot be delegated.
Three Evaluation Criteria
- Objectivity
- Competence
- Systematic Approach
Three Uses of Internal Audit
- Information
- Audit Evidence
- Direct Assistance
Four Cases Where More Direct Work Is Needed
- More judgment
- Higher risk
- Lower objectivity
- Lower competence
ICAI Keywords
- Assurance activities
- Consulting activities
- Governance
- Risk Management
- Internal Control
- Objectivity
- Competence
- Systematic and Disciplined Approach
- Direct Assistance
- Sole Responsibility
- Professional Judgment
One-Mark Revision
- SA 610 deals with Using the Work of Internal Auditors.
- External auditor retains sole responsibility for the audit opinion.
- Internal audit function performs assurance and consulting activities.
- Three evaluation factors: Objectivity, Competence, Systematic Approach (OCS).
- Internal audit work cannot be used if objectivity, competence, or systematic approach is inadequate.
- Direct assistance means internal auditors work under the direction, supervision, and review of the external auditor.
- Internal auditors cannot perform procedures involving significant judgment, high-risk areas, work they have already reported on, or work prohibited by law.
Memory Tricks
- OCS = Objectivity, Competence, Systematic Approach
- JROC = Judgment, Risk, Objectivity, Competence (factors requiring more direct work by the external auditor)
- GRI = Governance, Risk Management, Internal Controls (main activities of the internal audit function)
This completes the detailed notes for SA 610 – Using the Work of Internal Auditors in an exam-oriented format.

Leave a comment