Internal auditors banned from engagement teams
FRC bans auditors from using internal audit staff on engagement teams; IIA recommends scope of internal audit should be unlimited
AUDITORS are to be banned from using internal audit staff as members of audit engagement teams under new rules announced by the reporting watchdog.
The new requirement is one of a number of revisions to standards that govern external auditors’ use of the work of internal audit outlined by the IAASB last year.
UK reporting watchdog the FRC is adopting the changes, subject to the timing of implementation, with the aim of preserving auditor independence.
“Direct assistance involves some of the audit being undertaken by individuals that are not independent of the audited entity. Shareholders generally expect that external auditors should be seen to be free from threats to their independence,” said Nick Land [pictured], FRC board member and chairman of the Audit and Assurance Council.
“Permitting the direct use of internal auditors involves agreeing lower independence standards for some members of the audit engagement team, which leans against this expectation,” Land added.
The improvements reflect changes to the IAASB’s international standards on auditing, the aim of which was to enable better use of internal audit findings and strengthen external auditors’ evaluation of the work of the internal audit.
Separately, the the Chartered Institute of Internal Auditors (IIA) has published a draft code that will expand the scope of internal audit within financial services.
The draft code, produced by a committee chaired by Roger Marshall, chair of the FRC’s accounting council, builds on guidance recently issued by the Basel Committee and the US Federal Reserve Bank.
It recommends that the scope of internal audit should be unlimited and that internal auditors should not be barred from assessing the management of any risk in any part of the business; that the primary reporting line of internal audit should be to the chairman of the board of directors, not to the chief executive and that internal audit should assess whether the organisation’s processes and actions are in line with its values, ethics, risk appetite and policies.
“This will help clarify internal audit’s role in relation to, for example, the quality of information on which boards base their decisions, or whether the risks associated with key decisions such as on takeovers, are properly managed,” said Marshall.