RELEVANT TO ACCA QUALIFICATION PAPER P1
Thinking about the internal audit (IA) function as the control of controls is useful for making sense of the way in which the topic appears in Paper P1. IA features in the Paper P1 Study Guide in the section on internal control and review – specifically internal control, audit and compliance in corporate governance – but you will find it mentioned in almost all the chapters of a Paper P1 study text. Think about how the topic of control arises when Paper P1 covers the board of directors. It is best practice that ‘the board should maintain sound risk management and internal control systems’ and ‘should establish formal and transparent arrangements for considering how they should apply the corporate reporting and risk management and internal control principles’ (UK Corporate Governance Code). The detailed provisions of the code then specify that there should be an audit committee that ‘review[s] the company’s internal control and risk management systems’ and ‘should monitor and review the effectiveness of the internal audit activities’. It goes on to say that ‘where there is no internal audit function, the audit committee should consider annually whether there is a need for an internal audit function and make a recommendation to the board, and the reasons for the absence of such a function should be explained in the relevant section of the annual report’. Decision to have an internal audit department At each stage of the process the board faces a number of decisions: setting the firm’s risk appetite, assessing risks, and then choosing which risks to accept, transfer, reduce or avoid. If a risk reduction response is adopted, the board must then design an appropriate set of controls, possibly including establishing an internal audit function. In most jurisdictions, especially where corporate governance is principles-
© 2012 ACCA
2 INTERNAL AUDIT: THE CONTROL OF CONTROLS APRIL 2012
based, IA departments...