Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

What would be our course of action as an Internal Auditor?

you are the Internal auditor and your auditee/staff refuses to provide data, what would be your course of action?? a) cancel the engagement b) give qualified/disclaimer opinion c) give resignation d) others plz explain

user-image
Question added by Fraz Mehmood , Financial Analysis , Alfahim
Date Posted: 2013/09/29
Muhammad Sohail Anwar
by Muhammad Sohail Anwar , Finance Manager , The Food Concepts

The objective of the internal auditor is to minimise the risk of the organisation & safeguard the assets by suggesting appropriate controls and checking the existence of control system and making sure the controls are followed.

KEITH JOHNSTON
by KEITH JOHNSTON , Various from Senior Internal Auditor to Internal Audit Manager to ERM/GRC Consultant , Both Public & Private Sector

In order to respond/advise on this professionally the circumstances need first to be established -

 

1.Does the Internal Audit Charter, approved by the Audit Committee and Board of Directors make it clear Internal Audit's3rd Line of Defence role and resultant authority to perform reviews to fulfil this role?

 

2. Is the particular review in question part of an Internal Audit plan, a draft of which was discussed with Senior Management prior to being submitted to the Audit Committee for approval, and then forwarded to Board members for information?

 

3. Did the approved plan make clear the intended risks and relevant business objectives to be addressed in each review and proposed scheduling of completion?

 

4. Was the detailed scope, timing and mode of completion forf the review finalised with relevant executive management prior to its commencement during pre-planning phase?

 

Assuming the answer to all the above is 'Yes' [If not then IA role/processes need to be enhanced accordingly] the auditee/staff need to be given an opportunity to explain why they are not complying with IA's request in accordance with the Board approved IA Charter.  Whatever reason for not providing the data needs to be considered by IA Management [calmly] and a determination made as to whether continue, re-schedule the review is justified or, if not, referral to the relevant Senior Executive management to inform them that in the absence of completing the review IA will not be able to render assurance to Audit Committee/Board.

 

If items1 -4 above have been conducted professionally, and the Head of IA has a constructive relationship with Senior Executive management hopefully the situation depicted in the question should rarely, if ever, occur. All staff should want to ensure that risk management arrangements are adequate and effective in practice.

 

Keith R Johnston.MBA, CPFA, CMIIA

 

 

More Questions Like This