- This topic has 3 replies, 2 voices, and was last updated 2 years ago by
.
- Posts
ma’am how does management threat arise when external auditor provides internal audit services also?
from what I remember audit committee assesses the need for internal audit department (IAD) and IAD is even responsible for reporting to audit committee, so then how exactly does a threat to assuming management responsibility arise when external auditor is proving internal audit services?
“Management threat” is not a separate category (see page 24 of the notes) – nor is it a term used in the Code.
There is a general prohibition in the Code that an audit firm should not assume a management responsibility for an audit client.
This is a para from the Code re the provision of internal audit services:
“605.4 A1 Paragraph R600.7 precludes a firm or a network firm from assuming
a management responsibility. Performing a significant part of the
client’s internal audit activities increases the possibility that firm or
network firm personnel providing internal audit services will assume a
management responsibility.”605.4 A2 Examples of internal audit services that involve assuming management
responsibilities include:
?? Setting internal audit policies or the strategic direction of
internal audit activities.
?? Directing and taking responsibility for the actions of the entity’s
internal audit employees.
?? Deciding which recommendations resulting from internal audit
activities to implement.
?? Reporting the results of the internal audit activities to those
charged with governance on behalf of management.
?? Performing procedures that form part of the internal control,
such as reviewing and approving changes to employee data
access privileges.
?? Taking responsibility for designing, implementing, monitoring
and maintaining internal control.
?? Performing outsourced internal audit services, comprising all
or a substantial portion of the internal audit function, where the
firm or network firm is responsible for determining the scope of
the internal audit work; and might have responsibility for one or
more of the matters noted above.ma’am from my understanding there are two possible responses in case of assuming management responsibility:
LISTED(any non-audit work)
The threats created would be so significant that no safeguards can be used to reduce it to an acceptable level.
UNLISTED CLIENT(any non-audit work)
-mgt accepts its responsibility for taking any actions based on recommendations from auditor
-mgt accepts its responsibility for oversight of services performed by auditor and monitoring of any reports produced.Can you please confirm them?
Assuming management responsibilities is one of the few things that is a “no no”. The relevant section (R600.7) has the heading “Prohibition on Assuming Management Responsibilities” and applies to ALL audit clients.
What you suggest are not safeguards as defined in the Code (they are not actions taken by the AUDITOR) – they are means to avoid assuming management responsibilities.
- You must be logged in to reply to this topic.