The Fastest Growing Auditor
Directory on the Internet

 
The website dedicated to helping you build your business by attracting new clients as well as assisting people in need of finding a local Auditor
 
HOME
ASK AN AUDITOR/BLOG
LIST YOUR FIRM
ABOUT US
CONTACT US
LOGIN
  
 

Main Menu
Find an Auditor
IRS Auditors
PCAOB Auditors
Insurance Auditors
Private Equity Auditors
Privately Held Auditors
Find a CPA
Business
Personal
Find a Bookkeeper
Business
Personal
Should Internal Audit Report to the CFO?

Should Internal Audit Report to the CFO?

(continued)

The auditing strategy should be timely and comprehensive, covering all auditable units. Moody's agrees with companies that categorize their auditable areas by level of risk (such as high, medium, low) to decide how often to conduct an audit (high-risk areas should be audited at least annually). At the same time, companies need to audit their low-risk areas at least once within a four-year period, Moody's recommends, to avoid any problems. For example, many companies figured their process of administering stock-options grants was a low-risk area, although it turned out not to be: in the past year, questionable grant dates of stock options have resulted in financial restatements and dozens of investigations by the Securities and Exchange Commission.

The audit plan should be holistic and risk-based. The audit team needs to go beyond focusing solely on financial reporting risks, the main concern of external auditors, Moody's says. Audit committees should evaluate current and prospective risks, including reputational, operational, financial, legal, IT, and compliance risks. From executives, audit committees need an inventory of all risks, Key says, as they need to consider the risk areas no one is considering, such as how a health pandemic would affect a company.

Audit committees should make sure audit reports are followed up on effectively and in a timely way. Moody's recommends that executives' pay be docked if they take too long to respond to an audit evaluation that is critical of their department.

Companies should keep their internal audit function in-house. While acknowledging that using third-party audit professionals can have its benefits, such as ensuring the auditors' independence within the organization, Moody's believes doing so brings up too many corporate-governance issues: outsourced auditors do not have enough access to the audit committee, they have less stature within the company to do their job effectively, and their work may be cut back because of budget constraints since they are paid on an hourly basis, Moody's says.

In addition, outsourced auditors will likely miss connecting the dots between the many issues and risks that can pop up at a company, according to Richards. Internal auditors who actually work inside the company day-to-day are more aware of the inner-workings and see the interrelationships between processes and departments, therefore strengthening an organization's risk-management strategy, he says.

Audit committees should agree on the audit function's role with regard to Sarbanes-Oxley's Section 404. Audit teams, warns Moody's, should not be so entrenched in 404 that they are not concentrating on their traditional duties, and they should not play a role in designing controls or becoming part of the control process.

 
Featured Firm

Featured Article
You Bought It, Now Audit
You Bought It, Now Audit Your technology infrastructure can be audited -- and probably should be. Bob Violino CFO IT June 15, 2004 These days, au...
Read More
 
Copyright 2008 Auditors.com - A Member of The Directory.com Network
 
Find an Auditor | About Us | Contact Us | FAQ's | Privacy Policy