TIAPS Module 1 Audit and Assurance workbook
B.3 Threats to Independence and Objectivity Threats to independence and objectivity occur when the requirements described in B.1 are not in place or are under strain. An appearance of a lack of independence or a conflict of interest can be just as much of an impairment as something more concrete. Threats to independence may arise for the following reasons: • The head of internal audit reports functionally to a senior manager with responsibility for activities to be audited who tries to limit the scope or influence the findings of an audit. • The internal audit function’s resources are determined by a senior manager with responsibility for activities to be audited who tries to limit the scope or influence the findings of an audit. • The head of internal audit has or has had recent responsibility for activities to be audited by members of the internal audit function. • The head of internal audit has limited access to the governing body to discuss any topics of interest or concern freely without the presence of management who might otherwise inhibit or deflect such discussions. • The internal audit charter, approved by the governing body, specifically restricts the internal audit function’s access to areas the governing body considers to be “unimportant” or “too sensitive.” Threats to objectivity may arise for the following reasons: • Self-interest. The auditor stands to gain personally from a particular outcome of the audit. • Adverse interest. The auditor stands to lose personally from a particular outcome of the audit. • Duress: The auditor in some other way is under pressure to conduct or conclude the audit in a particular way. • Familiarity. The auditor is overly acquainted with the activity under review through recent or extensive involvement. • Self-review. The auditor is reviewing an area for which they have or have recently had significant influence. • Management participation. The auditor is responsible for the activity under review or managers who are responsible are involved in undertaking parts of the audit. • Advocacy threat. The auditor is acting or has recently acted as an advocate for those responsible for the activity under review. • Undue influence. The auditor in some other way has too much influence over the activity, perhaps by virtue of close relationships. • Lack of competence: The auditor may not be sufficiently skilled or experienced to apply the necessary professional skepticism, open-mindedness, and disciplined approach to ensure findings and recommendations are objective. • Lack of independence of the internal audit function: The auditor is part of an internal audit function whose independence is compromised. 36
When independence or objectivity are impaired (in fact or in appearance) this should be disclosed to appropriate parties, especially with management and the governing body, in accordance with Standard 1130 – Impairment to Independence or Objectivity. The organizational environment in both the private and public sectors can be highly politically charged and this can impact internal auditing. The function can be sidelined or under-resourced as a way of limiting its scope and influence. The governing body may not have time, skill, or inclination to provide adequate oversight and there may be no audit committee to act as a champion for independent and impactful internal auditing. Pressure may be applied on individuals to steer clear of certain areas or activities or to moderate their findings and reports. Reports that identify significant weaknesses in politically sensitive areas may be suppressed or “buried.” Former chair of The IIA Global Board of Directors Patty Miller has written extensively on this topic and the need for auditors to have political awareness and moral courage. 33 33 See, for example, Organizational Political Pressure and the Impact on Internal Audit, Patty Miller, 2017. 37
- Page 1 and 2: Module 1: Audit and Assurance TIAPS
- Page 3 and 4: Table of Contents Module 1: Audit a
- Page 5 and 6: Relevant Standards Reference is mad
- Page 7 and 8: • Close scrutiny. The activities
- Page 9 and 10: A.2 Public Sector Governance IIA In
- Page 11 and 12: The need for governance arises for
- Page 13 and 14: Although developed for government a
- Page 15 and 16: A.3 Governance Models When evaluati
- Page 17 and 18: defensive aspects to minimize negat
- Page 19 and 20: A.3.3 CIPFA International Framework
- Page 21 and 22: 8. Ensure that its arrangements for
- Page 23 and 24: • Consideration of overlapping in
- Page 25 and 26: A.3: Reflection Which model or mod
- Page 27 and 28: Although they are related, the prin
- Page 29 and 30: B.1.1 Independence, Objectivity, an
- Page 31 and 32: B.1: Reflection Is it possible to
- Page 33 and 34: According to The IIA Position Paper
- Page 35: B.2: Reflection When was the last t
- Page 39 and 40: B.4 Safeguards for Independence and
- Page 41 and 42: In other cases, there is no audit c
- Page 43 and 44: C. Assurance and Advisory Engagemen
- Page 45 and 46: It is common to build an allowance
- Page 47 and 48: The following list is taken from Sa
- Page 49 and 50: helping managers developing control
- Page 51 and 52: C.1.5 Internal Audit Opinions Audit
- Page 53 and 54: Leadership and Communication Intern
- Page 55 and 56: C.2 Auditing Governance The IIA Sup
- Page 57 and 58: C.2: Reflection How does your inter
- Page 59 and 60: Fraud may be perpetrated via measur
- Page 61 and 62: circumstances (unethical and often
- Page 63 and 64: Management Issues • Lack of area
- Page 65 and 66: Risk management techniques can be a
- Page 67 and 68: IT controls may be manual, automate
- Page 69 and 70: The IIA’s Cybersecurity Toolkit d
- Page 71 and 72: C.3: Reflection Fraud: How are susp
- Page 73 and 74: Global Perspectives and Insights -
- Page 75: CIPFA: 77 Mansell Street, London E1
B.3 Threats to Independence <strong>and</strong> Objectivity<br />
Threats to independence <strong>and</strong> objectivity occur when the requirements described in B.1 are<br />
not in place or are under strain. An appearance of a lack of independence or a conflict of<br />
interest can be just as much of an impairment as something more concrete.<br />
Threats to independence may arise for the following reasons:<br />
• The head of internal audit reports functionally to a senior manager with responsibility<br />
for activities to be audited who tries to limit the scope or influence the findings of an<br />
audit.<br />
• The internal audit function’s resources are determined by a senior manager with<br />
responsibility for activities to be audited who tries to limit the scope or influence the<br />
findings of an audit.<br />
• The head of internal audit has or has had recent responsibility for activities to be<br />
audited by members of the internal audit function.<br />
• The head of internal audit has limited access to the governing body to discuss any<br />
topics of interest or concern freely without the presence of management who might<br />
otherwise inhibit or deflect such discussions.<br />
• The internal audit charter, approved by the governing body, specifically restricts the<br />
internal audit function’s access to areas the governing body considers to be<br />
“unimportant” or “too sensitive.”<br />
Threats to objectivity may arise for the following reasons:<br />
• Self-interest. The auditor st<strong>and</strong>s to gain personally from a particular outcome of the<br />
audit.<br />
• Adverse interest. The auditor st<strong>and</strong>s to lose personally from a particular outcome of<br />
the audit.<br />
• Duress: The auditor in some other way is under pressure to conduct or conclude the<br />
audit in a particular way.<br />
• Familiarity. The auditor is overly acquainted with the activity under review through<br />
recent or extensive involvement.<br />
• Self-review. The auditor is reviewing an area for which they have or have recently<br />
had significant influence.<br />
• Management participation. The auditor is responsible for the activity under review or<br />
managers who are responsible are involved in undertaking parts of the audit.<br />
• Advocacy threat. The auditor is acting or has recently acted as an advocate for those<br />
responsible for the activity under review.<br />
• Undue influence. The auditor in some other way has too much influence over the<br />
activity, perhaps by virtue of close relationships.<br />
• Lack of competence: The auditor may not be sufficiently skilled or experienced to<br />
apply the necessary professional skepticism, open-mindedness, <strong>and</strong> disciplined<br />
approach to ensure findings <strong>and</strong> recommendations are objective.<br />
• Lack of independence of the internal audit function: The auditor is part of an internal<br />
audit function whose independence is compromised.<br />
36