Business Services Industry
A different set of standards - Letters - led
Internal Auditor, August, 2003
Although Bill Craven's comments ("Letters," June 2003) regarding "A Caution Light For Government Auditors" (April 2003) were heartfelt, his saying that The Institute of Internal Auditors (IIA) is the "problem" is at best an oversimplification and at worst outright wrong. Craven's comments seem to reflect that the U.S. General Accounting Office's (GAO's) Yellow Book standards are the solution to corporate fraud. I would caution, however, that The IIA is an international organization, with many members and constituencies that do not need to comply with Yellow Book standards.
The Yellow Book standards were designed for a specific constituency--U.S. federal contractors--who have at best a checkered past in accuracy and honesty in dealing with the federal government. I don't doubt that these standards must be stricter. But for Craven to criticize The IIA because of federal contractor failings is inappropriate, and believing that any internal audit department can provide truly independent opinions to management or governance is pushing the envelope beyond reason. If you work for and are paid directly by an organization, you cannot be considered independent in any real sense. I believe that Craven confuses independence and objectivity.
With 27 years of auditing experience, I welcomed the changes The IIA has made both within the standards and the internal audit definition--they were long overdue. I believe that we have much more to offer an organization than tic-and-tie services that any two-year experienced public accountant can provide. The IIA was reasonable and prudent in making the changes they did when they did. However, if internal auditors want to be nothing more than in-house financial compliance auditors, that's fine--go for it.
That the bubble burst on corporate fraud not long after the changes were made by The IIA is no more an indictment of IIA changes than it is of the internal auditors at the various companies most deeply involved--as the continuing saga of Enron, WorldCom (MCI), Tyco, and others are showing. It's not as simple as, "if the internal auditors had been doing their job (financial compliance audit) this would never have happened."
I encourage The IIA to continue to be forward looking, not tied to the past for the sake of past glories. Keep up the good work!
DON HOLDEGRAVER, CPA, CFE
Director--Operations Analysis
University of Nebraska, Lincoln
The divergence of The Institute of Internal Auditors (IIA) and U.S. General Accounting Office (GAO) standards only serves to point out the obvious--if one follows GAO/American Institute of Certified Public Accountants (AICPA) auditing standards, one, by definition, is not practicing internal auditing. I have worked in public accounting as a government regulatory auditor and as an internal auditor in both the government and the private sectors. My more than 30 years of experience informs me that internal auditing has nothing other than the word "audit" in common with the other practice forms of the auditing professional.
Senior management and board members want to know one thing: "How are we doing? Do we have a reasonable comfort level that the mission and objectives we set out can be achieved?" Although the system of management control--for example, the Committee of Sponsoring Organizations of the Treadway Commission's (COSO) framework--provides that comfort level, the evaluation of that process is only one of three of internal auditing's primary assurance functions--the other two being evaluation of governance processes and evaluation of risk management processes.
At its core, internal auditing is about evaluating the management process. Our fundamental job is to ask what the senior executive would ask of an operational unit's director if he or she had the time to do so: "What do you hope to achieve? What challenges do you face?" The focus is internal, the customer is internal. That's the meat of internal auditing--an evaluation of the state of control, governance, and risk management processes at a given time--and frameworks such as COSO provide the rationale for making the necessary evaluations.
The GAO--and by incorporation AICPA--audit standards are meant to assure third-party stakeholders that program outcomes--providing expected deliverables at the expected cost--are being achieved and reported accurately. Under the GAO standards, evaluation of internal control only serves to determine the amount of testing required to form an opinion--for example, high inherent risk/high control risk mandates more extensive testing than low inherent risk/low control risk. Although a GAO/AICPA-based audit process may also serve to point out control strengths and weaknesses, that is not its primary purpose, and it never has been. Its focus is completely different from that of internal auditing.
Those who perform GAO/AICPA audit work from within an organization may be performing audits using internal personnel, but they are not practicing internal auditing. That's an important distinction to make in educating senior leadership, board members, legislators, and other interested parties about what it means to be an internal audit professional and how we can best serve our organizations.
- 5 Rules for Immediate Annuities
- Death in the Family: 12 Things to Do Now
- Dumbest Things You Do With Your Money
- 6 Online Networking Mistakes to Avoid
- 401(k) Mistakes to Avoid
- 5 Economic Scenarios to Keep You Up at Night
- The Real ‘Best Places to Retire’
- Best Credit Cards for You
- 12 Tough Questions to Ask Your Parents
- The Real ‘Best Colleges’
- Home Buyer Tax Credit: How to Cash In
- Why You Shouldn't Bash Cash
- 8 Phony 'Bargains' and Better Alternatives
- Danger: 3 Debit Card Scams to Avoid
- 6 Myths About Gas Mileage
- 29 Fees We Hate Most
- Quick and Easy Ways to Boost Returns
- Best Stocks to Buy Now
- Lower Your Taxes: 10 Moves to Make Now
- New Jobs: 8 Lessons from Real-Life Career Switchers
- The New Job Market: Who Wins and Who Loses?
- Health Care Reform's Public Option: Everything You Need to Know
- Volunteer Work When Unemployed: Should You Work for Free?
- Whose Recovery Is This?
- Long-Term-Care Insurance: 4 Biggest Risks to Avoid
Content provided in partnership with
Most Recent Business Articles
- "Do not rely on a single economy" ; Larsen and Toubro (L and T) was affected due to the slowdown particularly the products businesses, which include switchgears, construction equipment and industrial bars.
- "The first deliberate call we took was not to lay off anybody" ; The diversified group decided to reskill all surplus workers.
- "Government had to step up its demand" ; The downturn affected the government as much as India Inc. The outgoing advisor to the Government of India details its impact and its lessons.
- "Help your customers even in difficult times" ; Oil was at an all-time high at over $135 per barrel just before the financial meltdown. Then oil crashed to a low of $35 per barrel in January this year, bringing down any fresh demand for pipes fr
- "You have to be visible as a leader" ; Transparency is a standard operating procedure for communications during a downturn.
Most Recent Business Publications
Most Popular Business Articles
- 7 tips for effective listening: productive listening does not occur naturally. It requires hard work and practice - Back To Basics - effective listening is a crucial skill for internal auditors
- Using object-oriented analysis and design over traditional structured analysis and design
- FAS 109: a primer for non-accountants - Financial Accounting Standards Board's "Statement 109: Accounting for Income Taxes"
- Design a commission plan that drives sales - Sales Commissions
- The best time to buy a car: December is not the only time to get a new set of wheels. We'll show you when to make your move to the dealer's showroom
