School of Management: Blekinge Institute of Technology
School of Management: Blekinge Institute of Technology
School of Management: Blekinge Institute of Technology
By
Asare Baffour
Supervisor
Eva Wittbom
PAGES
CHAPTER 1-BACKGROUND OF THE STUDY------------------------------------------------1
1.1 Introduction -------------------------------------------------------------------------------------------1
1.2 Statement of the Problem ---------------------------------------------------------------------------3
1.3 Objective of the Study -------------------------------------------------------------------------------4
1.4 Relevance of the Study ------------------------------------------------------------------------------4
1.5 Organisation of the Study ---------------------------------------------------------------------------4
1.6 Summary-----------------------------------------------------------------------------------------------4
CHAPTER 2- LITERATURE REVIEW-----------------------------------------------------------6
2.1 Introduction--------------------------------------------------------------------------------------------6
2.2 Functions of Internal Audit -------------------------------------------------------------------------6
2.3 Objectives of Internal Audits-----------------------------------------------------------------------7
2.4 Ethical Guidelines------------------------------------------------------------------------------------7
2.4.1 Independence ------------------------------------------------------------------------------8
2.4.2 Organisational Status ---------------------------------------------------------------------8
2.4.3 Objectivity ---------------------------------------------------------------------------------8
2.5 The Role of Internal Auditors-----------------------------------------------------------------------9
2.6 Critical Elements of Internal Audit---------------------------------------------------------------12
2.6.1 The “where” element -------------------------------------------------------------------13
2.6.2 The “What” Element --------------------------------------------------------------------13
2.6.3 The “How” Element- Audit Scope ----------------------------------------------------15
2.6.4 The “When” Factor ---------------------------------------------------------------------15
2.6.5 The “Who” Element --------------------------------------------------------------------16
2.6.6 How to Review --------------------------------------------------------------------------17
2.7 Coordination with other Auditors-----------------------------------------------------------------17
2.8 Means of Achieving Internal Control ------------------------------------------------------------18
2.8.1 Board of Directors or Audit Committee----------------------------------------------21
2.8.2 Authority and Responsibility ----------------------------------------------------------22
2.8.3 Organizational Structure ---------------------------------------------------------------22
2.9 Challenges for Internal Audit----------------------------------------------------------------------23
2.10 Conclusion -----------------------------------------------------------------------------------------24
CHAPTER 3- PROFILE OF THE COMPANY-------------------------------------------------25
3.1 I Introduction ----------------------------------------------------------------------------------------25
Page i
3.2 Vision and Corporate Mission-------------------------------------------------------------------- 25
3.3 Core Values--------------------------------------------------------------------------26
3.4 Organisational Structure --------------------------------------------------------------------------26
3.5 Executive Management Team ------------------------------------------------------------------- 26
3.6 Operations -------------------------------------------------------------------------------------------27
3.7 Insurance Products ---------------------------------------------------------------------------------28
CHAPTER 4- THE METHODOLGY OF THE STUDY--------------------------------------30
4.1 Introduction to the Methodology of the study --------------------------------------------------30
4.2 Sources of Data--------------------------------------------------------------------------------------30
4.3 Data Collection Tools------------------------------------------------------------------------------30
4.3.1 Questionnaire ----------------------------------------------------------------------------30
4.3.2 Observation ------------------------------------------------------------------------------32
4.3.3 Relevant Corporate Documents -------------------------------------------------------33
4.4 Data Analysis and Presentation -------------------------------------------------------------------33
4.5 Limitations of the Study ---------------------------------------------------------------------------33
4.6 Safeguards--------------------------------------------------------------------------------------------34
Page ii
CHAPTER 6 SUMMARY, RECOMMENDATIONS AND CONCLUSION
6.1 Introduction -----------------------------------------------------------------------------------------45
6.2 Summary --------------------------------------------------------------------------------------------45
6.2.1 Functions and Role of the Internal Audit Department ---------------------------45
6.2.2 Ethical Guidelines -----------------------------------------------------------------------45
6.2.3 Challenges --------------------------------------------------------------------------------45
6.3 Recommendations-----------------------------------------------------------------------------------46
6.4 Recommendation for Further Studies. ----------------------------------------------------------48
6.5 Conclusion-------------------------------------------------------------------------------------------48
REFERENCE------------------------------------------------------------------------------------------- 49
APENDIX 1----------------------------------------------------------------------------------------------56
APENDIX 2--------------------------------------------------------------------------------------------- 60
Page iii
Tables and figures
Tables page
Table 4.1- Analysis of questionnaire administered……………………………………….30
Table 5.1 - Analysis of the what element- Audit staff response………………………….37
Table 5.2 -Analysis of What element -Non Audit staff response………………………...37
Table 5.3 - Analysis of Audit scope- responses from audit staff…………………………38
Table 5.4 - Analysis of audit scope- Response from Non-Audit Staff…………………...39
Table 5.5 - Rating of Audit performance by non-Audit Staff……………………………39
Table 5.6 - analysis of when factor- response from Audit staff………………….……….40
Table 5.7 – analysis of the rate of auditing………………………………….…………….40
Table 5.8- analysis of when factor- Response from Non-audit staff……………….…….40
Table 5.9 - Audit plan for 2008…………………………………………………….………41
Figures
1.0 star assurance logo ………………………………………………………….….….….…25
2.0 star assurance organogram …………………………………………………….…..…….29
3.0 structure of star Assurance audit department ………………………………….…..…….44
Page iv
Abstract
This study investigated the compliance or non-compliance of organisations with the critical
elements required for setting up and operating an internal audit department as expected by the
Institute of Internal Auditors UK. Compliance with the Standards is mandated by the IIA for
every individual who provides internal audit services The researcher used a case study to
explain the relationship between the variables: the case of the internal audit department of
Star Assurance Company. The researcher employed both primary and secondary data,
qualitative and quantitative research methods were also used to examine the internal audit
department of Star Assurance Company Ltd (SAC). A number of data collection methods
were combined to verify the reliability and accuracy of the data as suggested by Yin(2003).
The study used a combination of data collection tools; a Survey, Questionnaire, Relevant
Corporate Documents and Observation.. Literature, which was relevant to the subject matter,
was reviewed to determine the benchmarks for an effective internal audit department. The
study discussed the key functions of an internal audit department and the major objectives of
internal audits. The study also discussed the independence, organizational status and
objectivity required for effective performance of the department. The study also discussed the
role of internal auditors and the critical elements required of every effective internal audit
department. The challenges faced by internal audit departments were also discussed. Useful
insights were taken from the Institute of Internal Auditors guidelines and also the Sarbanes
Oxley Act. A brief profile of the company, which was studied, was included in the work. The
research revealed that the company had made significant efforts to comply with the
requirements of the I.I.A. I concluded by making recommendations, which the company
could adopt to enable them, comply more extensively with the IIA guidelines
Page v
Acknowledgements
I thank the Almighty God who has given me the care, knowledge and the opportunity to
pursue education up to this level.
There are many people without whom this work could not have been undertaken.
I render my heart-felt thanks to my Supervisor, Eva Wittbom for her countless guidance,
advice and constructive criticisms throughout this work.
I would also thank my family for their patience and particularly my wife Victoria for her support
and encouragement.
The management and staff of Star Assurance have also been very helpful especially the Head
of internal audit department Jaspa Baidoo. I say thank you for the information you provided
me
To all of you including those not mentioned here, I ask for Gods guidance and mercies.
Thank you and God bless you
Page vi
Glossary
Motor insurance: this is a line of business which provides covers for vehicles only. Thius
includes, motor comprehensive, motor third party etc
Non-motor insurance: this is a line of business which provides covers for all other risks
except vehicles. This includes Fire and Allied Perils, house owners’ Comprehensive, Personal
Accident, Bankers Indemnity Policy etc.
BRC - Blue Ribbon Committee
CAE - Chief Audit Executive
CIMG - Chartered Institute of Marketing, Ghana
COSO – Committee of Sponsoring Organisationas of the Treadway Commission
IAA- Internal Auditing Activities
IAF – Internal Audit Functions
IIA - Institute of Internal Auditors
IIAM - Institute of Internal Auditors Malaysia
IT – Information Technology
ISPPIA - International Standard for the Professional Practices of Internal Auditing
MICG - Malaysian Institute of Corporate Governance
PPF - Professional Practice Framework
PA -The practice advisories
PNDCL – Provisional National Defence Council Law
POB - Public Oversight Board
SAC - Star Assurance Company Ltd
Page vii
CHAPTER 1
1.0 BACKGROUND OF THE STUDY
1.1 Introduction
Globalization of business, technological advancements, increasing business failures, and
widely publicized fraud have encouraged entities to place more emphasis on their internal
control systems and internal audit functions. (Zabihollah Rezaee, 1995). Thus Worldwide the
demand for internal auditors continues to grow due to the function of internal auditing as a
risk evaluation and management unit. At the same time many giant international companies
have collapsed because of weak auditing practices, the likes of Enron, Maxwell, Worldcom,
etc. Internal auditing has undergone dramatic changes that have expanded its scope in a way
that allows it to make greater contributions to the organization it serves (Fadzil et al, 2005).
Similarly, internal auditing is performed in diverse legal and cultural environments; within
organizations that vary in purpose, size, and structure; and also by persons within or outside
the organization. The growth in demand for the services of the internal auditor and the
growing complexities of internal audit functions has generated interest among stakeholders in
the field of Auditing. The Institute of Internal Auditors (IIA) has standards that constitute the
criteria by which the operations of an internal auditing department are evaluated and
measured and intended to represent the internal auditing practices, as it should be. While
diverse legal and cultural environments within organizations and variations in the purpose,
size and structure of organizations may affect the practice of internal auditing in each
environment, the IIA regards compliance with the International Standards for the Professional
Practice of Internal Auditing as essential if the responsibilities of internal auditors are to be
met (IIA, 2007, pp. 3-4).
The guidance taskforce of the IIA (2001) defines the internal audit function as: “An
independent objective assurance and consulting activity designed to add value and improve
organizations operations. It helps an organization accomplish its objectives by bringing a
systematic, disciplined approach to evaluate and improve the effectiveness of risk
management, control, and governance processes” The new definition shifts the focus of the
internal audit function from one of assurance to that of value added and attempts to move the
profession towards a standards-driven approach with a heightened identity. (Bou-Raod, 2000;
Krogstad et al; 1999).
A survey done by the Malaysian Institute of Corporate Governance (MICG),The Institute of
Internal Auditors Malaysia (IIAM) and Ernst and Young concluded that internal auditors are
best placed to understand and appreciate the business processes of a company and they act as
Page 1
management consultant to reduce risks. Internal auditors also help run a company more
efficiently and effectively to increase shareholders’ value (Fadzil et al, 2005). The profession
of internal auditing is a rich resource for organizations as the IAA monitors the adequacy and
effectiveness of management’s internal control framework and contributes to the integrity of
corporate governance; risk assessment; and financial, operating, and IT systems.(Burnaby
and Hass,2009).
In the light of the growth in its function, complexities, and demand for its services many have
called for internal auditors to be out in front, leading the business units with regards to the
internal control system and also focusing on strategic business objectives. According to
Sawyer and Vinten (1996), internal auditors also need to establish themselves as vital cogs in
their organizations, rather than as observers who watch from the periphery and wait for
events to impact them.
In all these developments, one issue that has emerged relating to the internal auditing
practices is; “what is a proper and sound measurement of the internal auditing practices?” In
the words of Barrett (1986), “effectiveness (of internal audit) can be described, but it is
difficult to quantify and in the final analysis, effectiveness is determined by the perception of
auditees”. In the company environment, management is the most important auditee of the
internal audit department since effectiveness of the internal auditing practices can be
described through the expectations of management with regard to the internal auditing. The
management will expect the internal auditors to perform their internal auditing practices to a
certain level that is complying with the Standards of international bodies like the IIA.
Compliance with Professional Practice Framework (PPF)), is therefore an indication of the
effectiveness of the Internal Audit Department.
This study seeks to find out if the expansions and growing complexities in the function of
internal auditing has had any impact on the internal auditing department of a small private
unlisted company like Star Assurance Company Ltd, and also to provide empirical evidence
whether the internal department of organizations are complying with internal auditing
practices designed to ensure an effective and efficient auditing system. The overriding issue
addressed in this thesis is whether or not the new definition of the IIA actually reflects the
operational activities of the internal audit department of oraganisations.
Page 2
1.2 Statement of the Problem
In recent years instances of fraudulent financial reporting have increased with such
frequency and in such dramatic ways that stakeholders at all levels have been astounded
(Myers, and Ziegenfuss,2006). Globalization of business, technological advancements,
increasing business failures, and widely publicized fraud demand that entities place more
emphasis on their internal control systems and internal audit functions(Zabihollah
Rezaee,1995).Auditing in corporate governance entails an independent and objective review
of the account of stewardship of an enterprise in order to express a neutral opinion as to the
prudence and judicious management or otherwise of the statements so prepared. The
collapses of high profile companies like Maxwell, Polly Peck in the United Kingdom raised
fundamental questions about corporate mechanisms for controlling and managing such
enterprise. The problem even heightened in the wake of the collapse at Enron and WorldCom
where serious doubts were cast upon the relevance and adequacy of audit in providing the
envisaged accountability of directors to shareholders or owners. These cases throw light on
the importance of the role of internal auditors, which was only recognised and emphasised
after irregularities were discovered.
The auditing profession, both internal and external, has come under increasing scrutiny since
the highly publicised collapse of energy trader, Enron (Vinten, 2003), and corporate
governance has also received increased attention in the accounting and auditing literature In
recent years, for e.g. the panel on Audit Effectiveness Report and Recommendations (Panel
on Audit effectiveness of Public Oversight Board, 2000) and the report and recommendations
of the Blue Ribbon Committee on improving the effectiveness of Corporate Audit Committee
(Blue Ribbon Committee on improving the effectiveness of Corporate Audit committees,
1999). Cadbury (1992) published reports related to controls and corporate governance in
1992 (Colbert L. Janet 2002). While these reports and others address, in varying degrees,
corporate governance and internal and external audit issues, very little, if anything has been
written which specifically focuses on private unlisted companies of which Star Assurance
Company is one.
Star Assurance as a corporate entity is equally at risk of collapse if proper systems of controls
are not put in place. In the light of this uncertainty, the study wishes to assess the problems
small companies face in their attempt to introduce internal audit functions and also draw their
attention to the benefits they may derive. This is also because with a lot of companies, the
owners are present which serves as a control measure and therefore they may not appreciate
the need for an internal audit department.
Page 3
1.3 Objective of the Study
The main objectives of the study are as follows:
1. To critically evaluate the internal audit department of Companies in Ghana and their
compliance with critical elements of internal audit operations as outlined by IIA.
2. Identify short-comings or weakness in the Internal Auditing practices of the Auditing
Departments if any.
3. Make recommendations to improve on weaknesses and short-comings of the internal
auditing departments..
1.6 Summary
This chapter has discussed the internal audit concept as stated by the IIA. The guidance
taskforce of the IIA (2001) defines the internal audit function as: “An independent objective
assurance and consulting activity designed to add value and improve organizations
operations. It helps an organization accomplish its objectives by bringing a systematic,
Page 4
disciplined approach to evaluate and improve the effectiveness of risk management, control,
and governance processes” The new definition shifts the focus of the internal audit function
from one of assurance to that of value added and attempts to move the profession towards a
standards-driven approach with a heightened identity. The chapter also discussed the three
main objectives and relevance of the study. A few limitations of the study were also
discussed. The study was organized in six chapters.
Page 5
CHAPTER 2
2.0 LITERATURE REVIEW
2.1 Introduction
This chapter reviews a range of literature and concepts relevant to the study. The literature
review is centered around the core aspects of internal auditing, these include the functions of
Internal Audit, objectives of internal audit, the role of internal auditors, Means of achieving
internal Control, the control environment, Board of Directors or Audit Committee, Authority
and Responsibility, Audit Committee Financial Expert, Organisational structure, and the
challenges of Internal auditing. The core components above, guide the establishment and
effective functioning of internal auditing departments and the Audit department of Star
Assurance Company Ltd. for that matter, and therefore to adequately treat the topic of
internal auditing and the case of the audit department of the Star Assurance Company. Ltd., it
is important that we understand these important aspects and the extent of work that have been
done on them.
According to Cai Chun, (1997) the function of internal audit is a vital and controversial
problem in auditing theory and practice worldwide. There has been a widespread view in the
western auditing circles that internal audit is an independent appraisal function. (Cai Chun,
1997)
In June 1999, the Institute of Internal Auditors (IIA) officially adopted a new definition of the
internal auditing function. The new definition was developed by the Guidance Task Force
and defines the internal audit function as:
‘An independent, objective assurance and consulting activity designed to add value and
improve an organisation’s operations. It helps an organisation accomplish its objectives by
bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk
management, control, and governance processes (IIA, 2001)
Page 6
2.3 Objectives of Internal Audits
Before the 1950’s internal audit activities in many organizations focused on financial audit,
and internal audit departments were heavily involved in the review of financial statements.
(Cai Chun, 1997)
At present, however internal audit takes on a much broader and deeper perspective just as
suggested in the IIA’s statement of responsibilities of internal auditors: The objective of
internal auditing is to assist all members of management in the effective discharge of their
responsibilities by furnishing them with analysis, appraisals, recommendations and pertinent
comments concerning activities reviewed (Cai Chun, 1997). Internal auditors are concerned
with any phase of business activity in which they may be of service to management. This
involves going beyond the accounting and financial records to obtain a full understanding of
the operations under review. But because the objective of internal audit must be consistent
with the function of internal audit itself, it should also be to ensure and promote the effective
performance of accountable management.
To achieve the functions and objective discussed previously, internal auditors must create and
provide at least, three conditions- independence, organizational status and objectivity, before
setting up and conducting internal audit. (Cai Chun, 1997)
Independence and objectivity is seen as an important attribute to the quality of internal audit
function (IIA, 2000; Bethea, 1992; Traver, 1991; Farbo, 1985; Clark et.al; 1980; Glazer and
Jaenicke, 1980). If internal auditors are not independent and objective, they are of little value
to those who demand their service (Clark et.al; 1980, Elliot and Willingham, 1980; Ward and
Robertson, 1980, Williams, 1978) the internal audit department must be granted the license to
carry out its responsibilities freely and objectively and also their judgments must be unbiased.
Page 7
2.4.1 Independence
The duty of internal auditors clearly requires them to be independent. (Ahmad and Taylor,
2009) The International Standard for the Professional Practices of Internal Auditing (ISPPIA,
2006) defines “independence” in terms of freedom from conditions that threaten objectivity
and the appearance of objectivity. The ISPPIA (2006) states that “objectivity” means internal
auditors are expected not to subordinate their judgment on audit matters to that of others,
especially management. Independence, based on the criterion of objectivity, is pivotal to the
internal auditing profession and internal auditors (Mutchler, 2003). Independence is
unavoidable for internal auditors (Vanasco, 1994). Internal auditors should not be placed in a
position where their independence can be questioned and feel unable to make objective
professional judgments (Vanasco, 1994). Ideally, internal auditors must be free to report
matters they audit as they are and their reporting activities are not subject to any influences
(Sawyer and Dittenhofer, 1996)
It is the essence of auditing-An internal auditor must be independent of both the personnel
and operational activities of an organization otherwise the integrity of the auditors opinions,
conclusions and recommendation would be suspect. So independence is necessary for the
effective achievement of the function and objective of internal audit. This independence is
obtained mainly from two characteristics-organisational status and objectivity. (Cai Chun,
1997)
2.4.3 Objectivity
The IIA’s statement deals with objectivity as follows:
Objectivity is essential to audit function. Therefore internal auditors should not develop and
install procedures, prepare records or engage in any other activity, which they would
Page 8
normally review and appraise and which could reasonably be construed to compromise the
independence of the internal auditor. Determining and recommending standards of control to
be applied in the development of the systems and procedures being reviewed need not
adversely affect the internal auditor’s objectivity, however. So internal auditors are certainly
not simply one of the organisational controls; they must be the control over all other
organisational controls.(Cai Chun, 1997).These conditions, if present, can make the internal
audit department effective.
(Sawyer and Vinten, 1996) wrote that internal auditors need to be out in front, leading the
business units with regards to the internal control system and also focusing on strategic
business objectives. The internal auditors also need to establish themselves as vital cogs in
their organizations rather than observers who watch from the periphery and wait for events to
impact them.
The effectiveness of internal audit can be described but it is difficult to quantify and in the
final analysis, effectiveness is determined by the perception of auditees. (Barrett, 1986)
In the company environment, management is the most important auditee of the internal audit
department since effectiveness of the internal auditing practice, can be described through the
expectations of management with regard to the internal auditing practices. The management
will expect the internal auditors to perform the internal auditing practices to a certain level
that is complying with the Professional Practice
Framework (PPF) since it can be easily described. Compliance with PPF is therefore an
indication of the effectiveness of the internal audit department.
Most internal audit professionals argue that an effective internal audit function unequivocally
correlates with an organizations success in meeting management objectives and whether the
internal control system is functioning as intended.
According to Fadzil et al, 2005, Internal auditors are often described as both a business
partner and a policemen because of his work as a business partner with client management
and also because he acts as an independent reviewer of management. As a business partner,
the internal auditor is expected to provide expertise to assist an organisation in meeting its
objectives while as a policemen, an internal auditor is often thought of as an adversary
looking for flaws.
Page 9
organization. It objectively examines, evaluates and reports on the adequacy on internal
control as a contribution to the proper economic, efficient and effective use of resources.
The IIA came up with a new definition of internal auditing in 1999, changing the focus of
internal audit towards a more risk –based, consultancy type activity and recognizing that
internal audit is not always within the organization, but can be an outsource activity. The
following are the element of the institute definitions.
The main role of internal audit according to Turnbull report published in 1999 is normally to
evaluate risk and monitor the effectiveness of the system of internal control.
The Turnbull Report identifies the following criteria as the basis of an effective Internal
Audit
• Assurance that the management processes are adequate to identify and monitor
significant risks
• Objective confirmation that the Board receives the right quality of assurance and
information from management and this information is reliable.
Page 10
be of service to management. This involves going beyond accounting and financial records to
obtain a full understanding of the operations under review
Sawyer and Vinten (1996) noted four benefits managers have gained from internal auditing
assistance. These benefits were providing managers with the bases for judgment and action,
helping managers by reporting weaknesses in control and performance and in recommending
improvements, providing counsel to managers and boards of directors on the solutions of
business problem’s, and supplying information that is timely, reliable and useful to all levels
of management.Additionally, the statement sets forth the types of services that should be
performed and the kinds of activities carried on by the internal audit function in attaining the
overall objective. Internal auditors should first review and appraise the soundness and
adequacy of the accounting, financial, and operating controls, and promote effective controls
at reasonable cost. Secondly, the internal auditors should ascertain the extent of compliance
with established policies, plans, procedures, laws and regulations, which could have a
significant impact on the company’s operations. Then the internal auditors review the means
of safeguarding assets and when appropriate, verify the existence of such assets and appraise
the economy and efficiency with which resources are employed. Lastly, the internal auditors
review operations or programs to ascertain whether results are consistent with established
objectives and goals and whether the operations or programs are being carried out as planned.
Reviewing and evaluating the adequacy and effectiveness of an organization’s internal
control system and the quality of performance in carrying out assigned responsibilities is
representative of several primary core activities of internal audit work. The purpose of the
review of the adequacy of the internal controls is to ascertain whether the established system
provides reasonable assurance that the organization’s objectives and goals will be met
efficiently and economically.
Adequate control is considered to be present if administrative management has planned and
organized in a manner, which provides reasonable assurance that the organization’s
objectives and goals will be achieved efficiently and economically. Reasonable assurance is
provided when cost-effective actions are taken to restrict deviations, such as improper or
illegal acts, to a tolerable level.
The role of internal auditing in the review of effectiveness of the system of internal control is
to ascertain whether the system is functioning as intended.(Fadzil et al, 2005) Effective
control is present when the administrative management directs the system in such a way as to
provide reasonable assurance that the organization’s objectives and goals will be achieved.
According to Fadzil et al, (2005) the purpose of the review for quality of performance is to
ascertain whether the organization’s objectives and goals have been achieved.
Page 11
The primary objectives of an organization’s system of internal control are to provide
administrative management with reasonable assurance that financial information is accurate
and reliable; the organization complies with policies, plans, procedures, laws, regulations and
contract; assets are safeguarded against loss and theft; resources are used economically and
efficiently; and established objectives and goals for operations or programs can be met.
Fadzil et al, 2005) Internal auditing focuses on an evaluation of this system or framework of
internal control.
A second type of audit work that internal auditors are guided to perform is reviewing the
accuracy and reliability of financial and operating information and the means used to identify,
measure, classify and report such information. Information systems provide data for decision-
making, control, and compliance with external requirement. Therefore, internal auditors
should examine information systems and determine whether financial and operating records
and reports contain accurate, reliable, timely, complete and useful information, and controls
over record keeping and reporting are adequate and effective. (Fadzil et al, 2005)
The performance of reviews of the systems established to ensure compliance with policies,
plans, procedures, laws, regulations and contracts represents a third element of audit activity
described by the standard. (Fadzil et al, 2005) Administrative management is responsible for
establishing the systems designed to ensure compliance with such requirements as laws,
rules, regulations, policies and procedures. The internal auditor’s role is to determine whether
the systems designed by management are adequate and effective and whether the activities
audited are complying with the appropriate requirements (Fadzil et al, 2005).
Further, as described by the standards, the internal auditor’s role includes providing
appraisals with recommendations regarding administering management established objectives
and goals for operations and programs. (Fadzil et al, 2005)
• Where to be placed
• What to do
• How much the department has to do
• When the things have to be done
• Who have to do things?
• How to review
Page 12
2.6.1 The “where” element
A study conducted by Liu et al. (1997) show that where the department is to be placed in the
chain of command or the hierarchical system is a very significant element. This should be the
first major question that needs to be addressed in setting up an internal audit department.(Liu
et al. (1997). The Research shown that, the internal audit department provides service to the
organization and therefore the implication is that its effectiveness will rest on the position it is
given in the organization both in actual and perceived cases. The research revealed that the
traditional view of auditors as being part of the finance or accounting function is now too
narrow to be accepted as a definition. This is implied from the fact that, the objectives of
internal audits are being increased to cover social, management, operational and ad hoc
audits. Consequently, to adhere to only its traditional philosophy is a waste of scarce
resources.(Liu et al. (1997).
The department should, therefore, enjoy a high profile from the start. It should be placed
high in the organization so that the internal audit staff can audit virtually any functional level
for compliance with strategic objectives and liaise with the strategic planning department in
relation to possible changes in objectives.
The department has to be linked to the top management, directors and the chief executive.
Page 13
should also submit to senior management and the board a summary of plans of work for the
upcoming year.
The summary should be approved by senior management and tendered to the board for
informational purposes. Such information helps the board ascertain if the work of internal
auditing supports the objectives and plans of the entity.
After completing the work, the internal audit department should present reports of its
activities to senior management and the board. Significant engagement observations and
recommendations are included in the report and this must be done at least annually.
Below are those items which the PAs suggest might constitute significant engagement
observations and therefore, should be communicated to the board.
• Irregularities
• Illegal acts
• Errors
• Waste
• Inefficiencies
• Ineffectiveness
• Conflicts of interest
• Control weaknesses
While it is the internal auditor’s responsibility to report significant engagement
observations, it is management’s duty to resolve those issues.
Management may decide to act by implementing recommendations made by the internal
auditors or by making other changes.
Alternatively, management may decide not to take action, thereby accepting whatever risk the
internal auditors have identified in the current situation. Regardless of which course
management chooses, the internal auditor is then responsible for informing the board as to
management’s actions or decisions.
The charter should also contain:
a. An outline of the assurance which the board expects to receive. These may include
assurance that there is surveillance of internal controls throughout the organization.
Also assurance that, the system of internal control is both sound and effective so that
the assets are safeguarded and the performance reporting can be accepted with
confidence.
b. The authority given to internal audit to examine all activities throughout the
organization for the purpose of evaluating internal control. This should specify
responsibilities to reassure accountable managers of the adequacy and efficiency of
Page 14
their internal controls, identifying any unsound commercial procedures to
management and offering recommendations for improving performance and
preventing future shortcomings. The charter should make clear to management at all
levels that internal audit is independent from the operations they audit and that, they
are empowered to make changes to systems, methods or staffing.
c. The various types of reviews or audits to be undertaken for e.g. efficiency reviews,
environmental audits, and operational audits.
d. The procedures for issuing, and responding to reports from internal audit. The audit
report may be dealt with as confidential documents to be delivered to and responded
to by the level of management who can take effective action on any recommendations
made.
Page 15
courses and contingencies. In addition to having an indication of the time each audit will
take, the exercise described above will also provide an indication as to how frequently an
audit should be carried out. If an organization wide system is operating in a number of
locations then it is not necessary to review every location on every audit.
With limited resources, it will be impossible for all systems to be audited every year.
Attention will need to be paid to risks such as exposure to fraud, vulnerability of systems, and
changing markets and trade patterns. Some systems will require more frequent reviews than
others.
Page 16
The internal auditor should cultivate a close working relationship with top management. This
will call for developing a management perspective, understanding how management has
developed its long-term strategies and how it hopes to implement them. Staff training should
alert the audit staff to improvements that could be made in specific areas such as sales and
customer communication process.
Finding new and improved motivational strategies that encourage increase productivity from
the staff should be a high priority. One of the keys to improving the performance of the
internal audit is to identify items that have the greatest potential to operate as positive. These
re-enforcers include: feedback, self-fulfillment, self-esteem and creativity and participation in
goal setting.It will be a good idea to make the management and staff aware of the potential
benefits that a successful internal audit department could bring.
Page 17
The internal audit standard goes on to indicate that, the internal auditor should anticipate that,
the external auditor would communicate with the board regarding various issues. The internal
auditor is advised to be prepared by having an understanding of the topics. (Colbert L. Janet
2002)
According to COSO, Management should take into consideration the five components of an
adequate and effective internal control defined in the COSO report. These interrelated
components of internal control must be present and functioning properly in order to have an
adequate and effective internal control system.( Zabihollah Rezaee,1995)
Page 18
communicated by appropriate means, including by official policies, code of conduct, and
example.
Another way to reduce the incidence of improper behavior is to remove or reduce the
incentive and temptations to engage in such behavior. For example, fraudulent financial
reporting has often resulted from situations in which employees were placed under undue
pressure to meet unrealistic performance goals. Inappropriate actions have been found to be
more likely when management’s compensation is heavily tied to the company’s reported
income. Increased temptation to commit improper acts may result from inadequate or
ineffective controls, such as a lack of segregation of duties, or a board of directors that does
not provide objective oversight of top management.
Employees should possess the skills and knowledge essential to the performance of their job.
If employees are lacking in skills or knowledge, they may be ineffective in performing their
assigned duties. This is especially critical when the employees are involved in performing
controls. Ideally, management should be committed to hiring employees with appropriate
levels of education and experience, and providing them with adequate supervision and
training. The control environment provides a basis to evaluate the adequacy and effectiveness
of internal control systems and assess an entity’s ability to ensure responsible corporate
governance and reliable financial reporting. The control environment serves as the foundation
for the other components. (Zabihollah Rezaee, 1995)
Risk assessment
According to Zabihollah Rezaee,(1995) Risk assessment requires identification and
investigation of both internal and external risks and acceptance of prudent business risk in
achieving an entity’s objectives. Risk assessment assists management and internal auditors to
be in control. Being in control requires sustaining the ability to identify, understand and react
in a timely manner to events, conditions, challenges, opportunities and risks pertaining to the
entity’s operational, financial reporting, and compliance objectives. The risk assessment
process involves determining the significance of the risk in monetary terms or in terms of the
image or reputation of the entity, the probability of risk occurring, and how to mitigate the
impacts of the risk to reduce exposures to acceptable levels.( Zabihollah Rezaee,1995) The
COSO report assists management and internal auditors to establish an ongoing process of
identifying changes in an entity’s business environment and to take actions as necessary to
manage risk.
Control activities
Page 19
Control activities are the policies, procedures, and rules that provide reasonable assurance
that internal control objectives are carried out properly and risks are being managed
effectively. According to Zabihollah Rezaee,(1995)These overlapping control activities are
divided into three categories of operating controls, financial information controls, and
compliance controls. Operating control activities are directed towards managing and
monitoring the entity’s operations. Financial information control activities are aimed at
ensuring reliable financial reporting process and safeguarding the entity’s assets. Compliance
control activities are geared towards ensuring compliance with applicable laws and
regulations as well as adherence to ethical guidelines and conduct
Monitoring
The monitoring component requires that internal control systems be monitored on both an
ongoing and periodic basis to remain effective. Ongoing monitoring is a continuous
assessment of various components of the internal control system through proper training and
evaluation of personnel, continuous supervision, and implementation of recommendations
provided by auditors. Periodic evaluation can supplement ongoing monitoring and should be
used on an ad hoc basis. The frequency and scope of periodic evaluation depend on the
effectiveness and results of ongoing monitoring as well as the assessment of risks associated
with the internal control system. (Zabihollah Rezaee, 1995)
The function of establishing criteria against which the internal control system is monitored
and evaluated is primarily management’s responsibility according to Zabihollah Rezaee,
1995 deficiencies should be identified through monitoring procedures, be reported to the
individual responsible for the function for corrective actions and to one level of management
Page 20
above the directly responsible person who has oversight responsibility to ensure that
corrective actions are being taken. Most importantly, internal auditors are responsible for
reporting serious internal control deficiencies directly to top management, the board of
directors, and audit committees.
Page 21
respect to corporate governance by overseeing financial reporting and internal control
matters.
The company must provide appropriate funding, as determined by the audit committee, for
the compensation of (i) the audit work and any related work of the company’s independent
auditor (ii) any other audit, review or attest services provided to the company by a public
accounting firm and (iii) any advisors engaged by the audit committee. The Act requires of
every reporting company that the audit committee approve all audit services. Additionally,
the audit committee must approve all permitted non-audit services to be provided by the
auditor or its associated person before the services are provided.
Page 22
department heads that are evaluated on the basis of the performance of their respective
departments.
According to Marco et al. (2006) the relationship with the audit committee and board of
directors needs to be reinforced and the assurance provided by internal audit should become
the best independent and objective assessment in terms of risk management, internal controls
and corporate governance. The activities of internal audit will be adapted to the new
requirements and evolve with the new legislation and the new challenges of the organization
according to the study conducted by Marco et al. (2006). The profile of the internal auditor is
evolving in order to meet the broader scope of activities. The profession still needs to become
more recognized within the company. The literature indicates changes in the activities
performed by internal auditors. The increasing complexity of business transactions, a more
dynamic regulator environment and significant advances in information technology, are
developments that have resulted in opportunities and challenges for internal auditors.
Page 23
2.10 Conclusion
The literature reviewed above, espousing and understanding the core aspects of internal
auditing and the work done on these aspects provide very valuable insights for the assessment
of the Audit department of Star Assurance Company Ltd. Some of the valuable insights the
literature review has given for the forthcoming analysis are as follows:
The functions of internal audit,Objective of internal audit, the ethical guideline of Internal
audit, the role of internal audit, the critical elements of internal audit, the means of achieving
control which highlited the control components in the COSO report and the challenges of
internal audit.
Page 24
CHAPTER 3
3.0 BRIEF PROFILE OF STAR ASSURANCE COMPANY LTD
The company was awarded “Best Insurance Company of the Year, 2001” by the Chartered
Institute of Marketing, Ghana (CIMG). The company has also been rate “A” by Global credit
rating. This rating means that the company has a high claim paying ability. In March 2005,
Star Assurance Company Limited was adjudged the best company in the insurance category
of the INDUTECH 2005 National Awards.(www.starassurance.com)
Star Assurance Company Limited is a member of “Ghana Club 100” – a group of the top 100
companies in Ghana.
Page 25
3.3 Core Values
The core values of Star Assurance Company Limited flow from their mission statement and
the guiding principles which govern decisions and define the manner in which day-to-day
business is conducted.
The values are:
Professionalism: - The Company applies deep skills and expertise and broad capabilities to
consistently deliver reliable service to our customers and ensure their needs are met.
(www.starassurance.com)
Innovation: - The Company is dedicated to continually improving their products, operations
and performance in order to deliver innovative solutions and extraordinary service to exceed
the highest expectations of our customers. (www.starassurance.com)
Teamwork: - The Company builds mutually beneficial relationships among staff, agents,
brokers, and other partners who share similar values and work in tandem to achieve high
performance, excellence and superior business results. (www.starassurance.com)
Ownership: - Enterprise culture is the philosophy through which the management and staff
develop a high sense of ownership by consistently making decisions in the best interest of the
company and its customers. Commitment is renewed by linking pay to performance.
(www.starassurance.com)
Winning Spirit: - The Company is action-oriented, constantly striving to deliver results create
possibilities and build a brighter future for all stakeholders. (www.starassurance.com)
Board of Directors
The Company has nine experienced Board of Directors:
The company has a five member management team made-up of the Managing Director, the
Deputy Managing Director, the Executive Director, the General Manager (Finance and
Administration) and Deputy chief Manager(Technical operation); whose expertise include
Page 26
Insurance management, business development, marketing, insurance, accounting and many
years of working experience.
3.6. Operations
The operations of Star Assurance are geared towards improved service delivery for our
mutual benefit. The Company has established a Business Information Communication
Technology Team comprising among other professionals, six (6) qualified Insurance
Professionals which has taken ownership of the critical service areas of the company’s
operations. In addition, the company is taking advantages of opportunities in the new
insurance law especially that relating to the Compulsory Fire and Liability policies for all
commercial concerns. The company has also strategically placed itself for insurances on the
oil discovered and the West African Pipeline Project.
The Work Group Concept
Previously the company’s operations were segmented along product lines i.e. Motor and
Non-Motor. This posed a challenge for clients in that they had to meet different sets of people
in different departments in order to
effect their insurances and process their claims. The work Group concept seeks to segment
operations in the way that customers see. The company’s operations have been segmented
along the following workgroups:
This work group system has been vital in helping the company obtain competitive advantage
in the industry by allowing the company to provide “a one stop shop” to their various
categories of clients. These work groups have been empowered and given authority limits in
business from prospecting, underwriting, client servicing, reinsurance placement, credit
control, commission payments and claims administration.
Each of these categories has its peculiar marketing and sales approach. It allows certain
clients who hitherto went unnoticed to be clearly visible and most importantly catered for.
Page 27
3.7 Insurance Products
Star Assurance offers a wide range of general insurance products. These include: Travel
Insurance, Marine, (Cargo and Hull) , Personal Accident ,Bankers Indemnity Policy, Motor
Insurance, Erection All Risks, Fire and Allied Perils, House owners’ Comprehensive etc.
Page 28
3.8 COMPANY’S ORGANOGRAM
STAR ASSURANCE COMPANY LIMITED
ORGANOGRAM Fig2.0 star assurance organogram
BOARD CHAIRMAN
MANAGING DIRECTOR
PERSONAL
ASSISTANT
HUMAN ACCOUNTS
RESOURCE & FINANCE
BUSINESS
IT MANAGER
DEVELOPMENT
The figure above shows the organogram of Star Assurance Company Ltd. The figure above
shows that the internal audit department is independent.
Page 29
CHAPTER 4
4.0 THE METHODOLGY OF THE STUDY
4.1 Introduction to the Methodology of the study
This chapter discussed how data was gathered, analysed, and interpreted to explain the
relationships between the various variables in relation to the objectives of the research paper.
The researcher used a case study to explain the relationship between the variables: the case of
the internal audit department of Star Assurance Company. The researcher employed both
primary and secondary data, qualitative and quantitative research methods were also used to
examine the internal audit department of Star Assurance Company Ltd. A number of data
collection methods were combined to verify the reliability and accuracy of the data as
suggested by Yin(2003). The study used a combination of data collection tools; a Survey,
Questionnaire, Relevant Corporate Documents and Observation.
Page 30
Table 4.1 shows the number of questionnaire administered and received and the category
of people the questionnaire were given. Two sets of questionnaires were designed: one for
the Internal Audit department staff and the other for non-audit staff whose activities the
internal auditors audit. That for the Internal Audit staff was in two sections (A-B). Section
A was to help find response on what to do element. Section B was to help find responses
on the “how” element: Audit scope. Thus, how much the department had to do. Each
section was separately designed to solicit responses to arrive at the first objective of the
study which is to critically evaluate the internal audit department of organisations and
their compliance with critical elements of internal audit operations as outlined by
IIA.Thus these questionnaires helped the researcher got information that helped him to
critically evaluate the internal audit department of the case company: Star Assurance
Company Ltd. and its compliance with critical elements of internal audit operations as
outlined by IIA.
On the other hand, that for the non Audit staff involves an array of questionnaires that were
administered to some heads of department and branch managers of Star Assurance Company
Ltd. to obtain information on internal auditing practices in the Company.
That for the non-audit staff was in four sections (A-D). Section A contained the personal
details of respondents. Section B was to help find responses on the “what to do” element,
Section C was to help find responses on the “how” element: audit scope. Thus, how much the
department had to do. Section D was to help find responses on the “when” factor. Each
section was separately designed to solicit responses to arrive at the second objective of the
study which is to identify short-comings or weakness in the Internal Auditing practices of the
Auditing Department of organisations if any. The information that the researcher obtained
from the heads of department and branch manager’s response whose activities the internal
auditor audit helped him to identify short-comings or weakness in the Internal Auditing
practices of the Audit Department of the case company: Star Assurance Company Ltd.
Questionnaires require careful design to ensure that key issues are included, whilst avoiding
ambiguous or confusing questions.
The questionnaire blended open-ended and closed questions to solicit information from the
respondents. This approach sought respondents’ creative input.
Questions were also kept as short as possible to make them easy to answer
The questionnaire was pre-tested with some respondents. The aim was to access the efficacy
of the items on the questionnaire and to allow for the possibility of rectification and
adjustment, if required to help arrive at the objectives of the study. After the pre-test, minor
changes were made to the final questionnaire where appropriate in order to enhance the
quality of the research.
Page 31
The final questionnaires have been attached (appendix 1 and 2)
Response rate
Table 4.1 shows that the total numbers of questionnaires administered are eight (8).
Three (3) questionnaires were administered to the audit staff and three (3) were received
which represent 100% response rate. Five (5) questionnaires were administered to the other
employee and five (5) were received and this represent 100% response rate.
Sampling Unit
The study covered the internal audit department of Star Assurance Company Ltd as well as
the other employees of the company who were in a position to give the appropriate
information the researcher needed.
Sample selection
The questionnaires for the audit staff were administered to all the staff of the internal audit
department.
The questionnaires for the non-Audit staff were administered to five heads of departments
and branch managers who were randomly selected.
4.3.2 Observation
Observation gives first-hand information regarding the subject understudy. The internal audit
department of Star Assurance Company was visited to observe and witness what they do and
how they are doing it based on my knowledge of the internal auditing requirements and
procedures.
Permission was sort from the Head of Internal audit department through the Human
Resource. A date and time was schedule. Much information was obtained from the visit.
Some of the information obtained includes the procedure for auditing which involve entry
audit conference with the department and post audit conference after auditing work is
complete. The procedure for writing audit report after each audit was also observed.
Information about the types of audit done in the department was given. These are: pre audit
which involves the auditing of all source documents like invoices, receipt, and payment
vouchers. Post auditing which involve auditing of the financial statements and final accounts.
Operational auditing which involve auditing of the operational activities of the various
branches nationwide. With the operational auditing, the physical presents of the internal
auditors are required. The visit also helped the researcher to observe the structure of the
internal audit department of Star Assurance Company.
Page 32
These first-hand information complemented the data collected through questionnaires and
confirm declarations made in the questionnaires to engender effective measurement of
compliance level.
The research was limited to Star Assurance Company Ltd. which is an unlisted company.
The researcher was constrained by time and financial resources and could not therefore apply
other methods of research aside Questionnaire, Relevant Corporate Documents and
Observation.
As with all surveys, a further limitation is that the results rely on the self-reports of
respondents and are therefore open to misinterpretation of the questions as well as to
subjectivity in the responses. Questionnaires require careful design, for example, to ensure
that key issues are included, whilst avoiding ambiguous or confusing questions. Bias may
arise from poor sampling or if respondents feel that they should give a ‘correct’ reply rather
Page 33
than their real view. Poor response may also lead to problems of non-response bias or
inadequate numbers for valid statistical analysis.
4.6 Safeguards
In this study, the problems raised above were addressed by:
1. Designing questionnaires that would be quick and simple to complete (appendix A) page.
This was meant to encourage more respondents to respond.
2. Reviewing the questionnaire with an expert prior to use. This provided the confidence that
the questionnaire was of a high standard.
3. Offering the respondents the opportunity to request a summary of the results. This action
was meant to encourage them to feel part of the project.
4. Assuring the respondents of confidentiality. This action was to encourage them to provide
information as truthfully as possible.
5. Distributing questionnaire to the entire relevant population, thus avoiding potential
sampling bias.
Page 34
CHAPTER 5
5.0 EMPIRICAL FINDINGS, ANALYSIS AND INTERPRETATION
5.1 Introduction
This chapter discusses the findings, analysis and interpretation of the study. With the
objectives of obtaining meaningful insight, this study conducted structured interviews with
the staff of the Internal Audit department of Star Assurance Company Limited which
addressed the following four areas of interest.
Page 35
One of the main duties of the internal auditors is to provide assistance in the deterrence of
fraud through examining and evaluating the adequacy and effectiveness of the system of the
internal control to commensurate the extent of potential exposure or risk in the various
segments of the organization’s operations (ISPPIA, 2006).my research revealed that Star
Assurance internal audit department is doing well in this direction. The department has been
able to detect so many frauds and recommended measures that are deterrence of fraud. For
example, one of the audits discovered fraudulent activities at the Tarkoradi branch office
which led to the dismissal of the branch manager.
Page 36
5.4.3 Objectivity/ The “What” Element
Table 5.2 shows the responses from the non audit staff from the questionnaire administered
with regards to the “what” element of the critical elements of the internal audit.
The study shows that the internal audit department is objective. It was observed that the
Head of Internal Audit is not part of management and so is not part of decision making of the
company. Table 5.1 shows that the audit staffs were aware of the duties of the internal audit
department. It was observed that most of the staff within the organisation understood the
Page 37
function of the internal audit department. The internal audit department is said to have put in
place some internal control mechanism and the study shows that these internal control
mechanisms were safeguarding the assets of the company. Table 5.2 shows that all
respondents were aware of the internal control mechanism put in place by the audit
department and they think the controls were safeguarding the assets of the company greatly.
My investigation revealed that, there was audit charter in place. Table 5.1 and 5.2 showed
that internal audit recommendations were implemented. It was also observed that the internal
auditor presents its report to management and the board and management acted on the
recommendations
Table 5.3 shows the responses from the audit staff from the questionnaire administered with
regards to the “how” element of the critical elements of the internal audit.
.
Page 38
Table 5.4 - Analysis of audit scope- Response from Non-Audit Staff
Question No. No. Of Total
Of NO Response
YES
Do you think the internal audit department understands the processes 5 0 5
and procedures of your department for effective auditing?
Do you think the internal audit department has sufficient access to 5 0 5
information, records people in the company in performing their duties?
Do you think the internal audit staff adopts professional and ethical 5 0 5
standards all the times?
Do you think the internal audit staff fosters constructive working 5 0 5
relationship with accountable management?
Table 5.4 shows the responses from the non-audit staff from the questionnaire administered
with regards to the audit scope.
Table 5.5 shows how the audit department is rated by the employees. The employees were
asked to rate the performance of the audit department. This enabled the researcher to see how
the employees perceived the audit department and their performance.
It was observed that the internal audit team had good knowledge of the business operations.
All the non-Audit staff respondents admitted that the internal audit department understands
the processes and procedures of their department and that they adopt professional and ethical
standards all the times in performance of their duties. For this reason, 60% of the respondent
Page 39
rated the performance of the audit department as “above average” and 40% rated them as
“excellent” as shown in table 5.5. It was also clear that the internal audit staffs foster
constructive working relationship with accountable management. The scope of the audit work
covers all the departments and branches of the company nationwide. The study also shows
that the internal audit department has sufficient access to information, records people in the
company in performing their duties. The study shows that the auditors feel protected in
performing their duties. There was no record of the review of the systems.
Table 5.6 shows the responses from the audit staff from the questionnaire administered with
regards to the “when” element of the critical elements of the internal audit. According to the
table, all branches and departments have been audit in the past 4 years
Table 5.7 shows the responses from the audit staff from the questionnaire administered with
regards to the rate of auditing of the various branches and department. According to table 5.7
every branch or department is audited once a year
Page 40
Table 5.8 shows the responses from the non-audit staff from the questionnaire administered
with regards to the “when” element of the critical elements of the internal audit
Table 5.9 shows an internal audit activities for the year 2008 prepared by the audit
department and approved by the board.
Table 5.9 shows an audit programme had been drawn up for the various audit activities. This
was used by the Head of Department to review the activities of the department. The
management and the board had also been provided with the audit plan which they
periodically use to assess the performance of the internal audit department. Table 5.9 shows
that there was a clear audit plan in place that specified the periods for visits to the various
branches and the number of days that will be spent. Provision had been made for holidays
and examination dates for the staff. The audit plan is prepared by the audit department and
presented to the board for approval. It was observed that the audit plan was not
communicated to the branch and department whose activities the internal auditors audit.
Table 5.8 shows that 80% of the respondents responded that they were not aware of the audit
plans for their branch/departments. Only 20% of the respondents responded that they were
aware of the audit plans for their branch/departments. The study shows that the branches and
departments are audited once a year according to table 5.7. Thus by the end of the accounting
year, every branch and department get audited. For example as of 31st December, 2008, all
branches and department had their operations and activities audited. There was no
department/branch which has never been audited before.
Page 41
5.4.6 The “Who” Element
There are three staff in the department and all of them were found to have the required
professional expertise for the job. All the internal audit staff were aware of the duties and
objectives of the internal audit department. There was also evidence of proper planning in the
performance of their duties.
The Head of the Department was found to have a close working relationship with
management. It was observed that the chief internal auditor was in high management position
but he was not part of the management team. Training programmes were outlined for the
department staff. It was evident that there was effective coordination between the internal and
external auditors.
The internal auditing profession is vital to an organization’s health and well-being. In order to
live up to such expectations, internal auditors should remain current and focus on areas which
are regarded as important now and in the future. They should ensure that they have or obtain
the skills and competencies necessary to meet their responsibilities as defined by the internal
audit definition and IIA Standards. My research revealed that, even though the audit staffs
have the requisite audit qualifications to perform their duties, they still embark on refresher
courses to remain current as suggested by Marais et al (2009)
Page 42
independent audit of the Company's financial statements. The members were found to have
wide range of experience in various sectors. It was also realised that the internal and external
auditors had access to the Board which was expected to provide to the board independence
opinions about the management of the company. The company has audit committee in place.
The primary function of the audit committee of Star Assurance Company Ltd is to assist the
board of directors in fulfilling its oversight responsibilities for
(1) The integrity of the company's financial statements,
(2) The company's compliance with legal and regulatory requirements,
(3) The independent auditor's qualifications and independence, and
(4) The performance of the company's internal audit function and independent auditors
In discharging its oversight role, the committee is empowered to investigate any matter
brought to its attention with full access to all books, records, facilities, and personnel of the
Company and the power to retain outside counsel, or other experts for this purpose
5.5.3 Organisational Structure
The company runs a partly centralised and partly decentralised system. The Head Office was
in Accra where all major transactions were initiated and executed. They also have branch
managers who manage the various branches but report to the Head Office for all major
decisions. At the Head Office, there was segregation of duties for the various transactions.
This was observed to be a good control measure.
The study also revealed that the internal audit department is well structured.
Page 43
Figure 3.0 structure of star Assurance audit department
Figure 3.0 shows the structure of the internal audit department of Star Assurance Company
Ltd.
It shows whom the department report to. It shows that the head od the audit department report
to the board.
Page 44
CHAPTER 6
6.0 RECOMMENDATIONS AND CONCLUSION
6.1 Introduction
This chapter discusses the conclusions and recommendations of the study which was
conducted on the compliance or non-compliance of organisations with the requirements of
the Institute of Internal Auditors. A case study of Star Assurance Company Ltd
6.2 Summary
6.2.1 Functions and Role of the Internal Audit Department
My research revealed that Star Assurance Company Limited has an internal audit department,
which could be said to be auditing its activities in accordance with the definition as specified
by the I.I.A. It was observed that the Internal Audit department assisted management in the
discharge of their responsibilities by furnishing them with analysis, recommendations and
pertinent comments concerning activities of the company, e.g. the Internal Audit department
was involved in assessment and review of the activities of all branches and departments
6.2.3 Challenges
The weakness observed was the number of staff in the department. There were only three
staff in the department and considering the number of transactions which had to be pre-
audited. It was difficult to audit all the various units as planned at the beginning of the year.
The staff and management did not know what the unit was expected to do and how they do it.
They did not also know the audit plan. Organisationally staff perceive audit as an attempt by
directors to institute spies on their duties which sometimes makes it difficult to get their
Page 45
support. Some audit recommendations were not implemented due to factor beyond the
implementer’s control. For example wrong opening balances were captured when migrating
to new software. In one of the auditors report, it was recommended that those opening
balance should be corrected but the software consultant said that will not be possible system
wise.
6.3 Recommendations
It is also recommended that, the internal auditor should submit to senior management and the
board a summary of the plan of work for the upcoming year.
The summary should be approved by senior management and tendered to the board for
informational purposes. Such information helps the board ascertain if the work of internal
auditors supports the objectives and plans of the entity
It was observed that, the internal auditor presents reports of its activities to senior
management which should be continued. Management has a duty to resolve issues raised.
Even though the company is not listed but, the company has puts in place an audit committee.
This ensured that corporate governance principles were adhered to.
The setting up of an internal audit department will need careful planning and a strategic
management process to monitor and evaluate the department. Research has indicated that
benchmarking methodologies can be used across a range of different organizations to
establish the benchmarks. However, Star Assurance will need to tailor certain critical success
elements to suit them, or identify which organizations that have similar processes to which
they can benchmark their effectiveness. This is particularly important in determining the
structure of the department, the use of audit committees, reporting lines, scope of work and
staffing requirements. Moreover, the research has revealed that charters of internal audits are
gradually broadening to cover the whole organization. Furthermore, dynamic change in the
competitive environment means that there is the need for strategic approach to setting up and
developing internal audit departments.
It is recommended that the department maintains its high position to gain a good perception
in the minds of people. The right of direct access to top or senior managers is critical to the
success of the department. The use of the audit committee is considered as very critical. A
membership size of five is adequate for a company with the size of Star Assurance Company
Ltd. The department should enjoy complete objectivity and independence.
The audit charter should outline the authority given to the department, various types of audit
to be undertaken and procedures for issuing, and responding to reports. How much the
department should do has to be properly defined to provide a source of reference and a
benchmark for future activities. There should be a procedure handbook for the department. In
Page 46
addition, the work of the department and its procedural guidelines should be well
documented. A systematic approach should be adopted to identify task areas as well as
prioritizing. Time allocation (for example, staff days per task) should be based on this system
after making allowances for contingencies, holidays, and study leave.
The research revealed the potential threat to quality work in the internal audit departments
due to a small number of staff. It is therefore recommended that:
• two additional staff with audit experience be employed to augment the staff strength of
three
• staff should be motivated through strategies such as effective feedback systems, self-
fulfillment, self-esteem, creativity and participation in goal setting; and
• there should be effective staff training and development programmes
Potential benefits of the internal audit department and commitments needed from executive
management and other staff to ensure success should be stated. The research revealed that
there was no mechanism in place geared towards reviewing the department as a whole. As
cost is involved in setting up and running an internal audit department, it is important that the
department should be evaluated for its efficiency, effectiveness and economy.
Criteria that could be used in this evaluation include: cost/benefit analysis, the audit director’s
report, recommendations of the audit committee, and top management’s evaluations feedback
from customers, adhering to plans, developing and training, individual targets and objectives,
staffing and skills.
The benchmarking approach adopted for this research has been useful in establishing and
identifying problem areas in the audit function. This is strategically important, as over the last
few years many of the traditional processes and functions of the organization have changed or
have been re-engineered. If internal auditing is to remain a key weapon in the defence of the
company, then this process too needs re-engineering. The re-engineering should focus on the
critical elements which this research has shown.
Internal Auditors are encourage to report that their activities are “conducted in accordance
with the standards for the Professional Practice of Internal Auditing” . However, internal
auditors may use the statement only if assessments of the quality improvement program
demonstrate that the internal audit activity is in compliance with the standards. The
researcher therefore recommends the use of “conducted in accordance with the standards” in
their reports since there was no evidence of the use of such statements in their reports even
though the study showed that the internal audit activity is in compliance with the standards.
Page 47
The COSO report reinforces the value and importance of management and internal auditors
being more involved in understanding internal control and establishing an adequate and
effective internal control systemThe COSO report represents a milestone in the evolution of
internal control. In light of provisions of the COSO report, management and internal auditors
should take advantage of this unique opportunity and attempt to improve their organizations’
internal control systems as well as financial reporting and corporate governance systems
6.5 Conclusion
The study can conclude on the following issues discussed as follows:
Page 48
REFERENCE
Barrett, M.J. (1986), “Measuring internal auditing performance”, Internal Auditing, Vol.
2,pp. 30-5.
Bethea, P.Jr (1992) A Descriptive Exploratory Examination of the Role and responsibilities
of Internal Auditors, UMI Microform, Ann Arbor, MI
Blue Ribbon Committee (BRC) (1999), Report and Recommendations of the Blue Ribbon
Committee on Improving the Effectiveness of Corporate Audit Committees, New York Stock
Exchange, New York, NY.
Beasley, M.S. (1996), "An empirical analysis of the relation between the board of director
composition and financial statement fraud", The Accounting Review, No.October, pp.443-66.
Bon-Road, G (2000), Internal Auditors and a value added approach: ‘the new business
regime’ Managerial Auditing Journal Vol 15 No 4,pp 182-6
Burnaby and Hass(2009) “A summary of the global Common Body of Knowledge 2006
(CBOK) study in internal auditing” Managerial Auditing Journal, Vol.24 pp.813-834
Burnaby et al. (2009) “Usage of Internal Auditing Standards by companies in the United
States and select European countries” Managerial Auditing Journal, Vol.24 pp.835-860
Chambers, A, D., Selim, G.M., Vinten. G (1994), Internal Auditing, Pitman Publishing,
London.
Page 49
Cai, C. (1994), The Research on the Structure of Auditing Theory, Southwestern University
of Finance and Economics Publishing House, Chengdu, China,
Cai C.(1997) “On the functions and objectives of internal audit and their underlying
conditions” Managerial Auditing Journal, Vol.12 pp.247-250
Caplan, D.H., Kirschenheiter, M. (2000), "Outsourcing and audit risk for internal audit
services", Contemporary Accounting Research, Vol. 17 No.3, pp.387-428.
Carey, P., Craswell, A., Simnett, R. (2000), "The association between the external audit fee
and external auditors' reliance on the work of internal audit", paper presented at AAANZ
Conference, Hamilton Island, July,
Carhill, K.M., Kincaid, J.K. (1989), "Applying the standards in governmental internal
auditing", The Internal Auditor, Vol. 46 No.5, pp.50-5.
CIFPA (1979), Role and objectives statement, The Chartered Institute of Public Finance
Clark, M., Gibbs, T.E. and Schroeder, R.B. (1980), “Evaluating internal audit departments
under SAS No. 9”, The Women CPA, 8-11 and 22.
Clarkson, M.B.E. (1995). A stakeholder framework for analyzing and evaluating corporate
social performance.Academy of management Review, 20(1), 92-117
Colbert,J.L. (2002) “On Corporate governance: communications from internal and external
auditors” Managerial Auditing Journal, Vol.17 pp. 147 – 152
Cooper, B.J. and Craig, J. (1983), A Profile of Internal Audit in Australia, Royal Melbourne
Institute of Technology, Melbourne.
Committee of Sponsoring Organizations of the Treadway Commission (COSO), Internal
Control-integrated Framework, Volumes 1-4, Coopers and Lybrand, September 1992.
Page 50
DeZoort, F.T., Hermanson, D.R., Houston, R.W. (2003a), "Audit committee member support
for proposed audit adjustments: a source credibility perspective", Auditing: A Journal of
Practice & Theory, No.September, .
DeZoort, F.T., Hermanson, D.R., Houston, R.W. (2003b), "Audit committee support for
auditors: the effects of materiality justification and accounting precision", Journal of
Accounting and Public Policy, Vol. 22 No.2, pp.175-99.
Elliot, R.K. and Willingham, J.J. (1980), Management Fraud: Detection and Prevention,
Petrocelli Books, Inc., New York, NY
Ernst & Young (1995), “Is your organization in a position to monitor internal control?” Ernst
& Young.
Farbo, J.L. (1985), A Comparison of the Perceived Effectiveness of the Internal Audit
Function Between Selected Private and Public Institutions in the Western United States, UMI
Microform, Ann Arbor, MI.
Geiger, M.A., Lowe, D.J., Pany, K.T. (2002), "Outsourced internal audit services and the
perception of auditor independence", The CPA Journal, Vol. 72 No.4, pp.20-4.
Glazer, A.S. and Jaenicke, H.R. (1980), A Framework for Evaluating an Internal Audit
Function, The Institute of Internal Auditors Research Foundation, Altamonte Springs, FL.
Goodwin, J. (2003), "The relationship between the audit committee and the internal audit
function:, International Journal of Auditing, Vol. 7 No.3, pp.263-78.
Goodwin, J., Yeo, T.Y. (2001), "Two factors affecting internal audit independence and
objectivity: evidence from Singapore", International Journal of Auditing, Vol. 5 pp.107-25.
Page 51
Goodwin, J., Seow, J.L. (2002), "The influence of corporate governance mechanisms on the
quality of financial reporting and auditing: perceptions of auditors and directors in
Singapore", Accounting and Finance, Vol. 42 No.3, pp.195-224.
Hass et al.(2006) “The Americas literature review on internal auditing” Managerial Auditing
Journal, Vol.21 pp.835-844
IFAC (1994), International Standards on Auditing, ISA 610: Considering the Work of
Internal Auditing, International Federation of Accountants, New York, NY
IIA-UK (1992), 1988 Standards and Guidelines for the Professional Practice of Internal
Auditing, IIA-UK, London.
Institute of Internal Auditors (IIA) (1998), Standards for the Professional Practice of Internal
Auditing, IIA Research Foundation, Altamonte Springs, FL,
Institute of Internal Auditors (IIA) (1999), Definition of Internal Auditing, The Institute of
Internal Auditors, Altamonte Springs, FL,
Institute of Internal Auditors (1999), "Turnbull recognises value of internal audit", press
release,
Institute of Internal Auditors (2000), The Standards for the Professional Practice of Internal
Auditing, The Institute of Internal Auditors Research Foundation, Altamonte Springs, FL
Institute of Internal Auditors (IIA) (2001), Standards for the Professional Practice of Internal
Auditing, The Institute of Internal Auditors, Altamonte Springs, FL, .
Institute of Internal Auditors (2001), The Professional Pratices Framework, The Institute of
Internal Auditors Research Foundation, Altamonte Springs, FL.
IIA (2006), International Standards for the Professional Practice of Internal Auditing, The
Institute of Internal Auditors, Altamonte Springs, FL.
Page 52
IIA (2006a), Organizational Governance: Guidance for Internal Auditors, The Institute of
Internal Auditors, Altamonte Springs, FL.
IIA (2007), The Professional Practices Framework, The Institute of Internal Auditors
Research Foundation, Altamonte Springs, FL.
Khalil, M.T. (2000). Management of Technology: the key to competitiveness and wealth
creation. Singapore. McGraw-hill
Lampe, J.C., Sutton, S.G. (1994), "Evaluating the work of internal audit: a comparison of
standards and empirical evidence", Accounting and Business Research, Vol. 24 No.96,
pp.335-48
Liu J., Woo H.S., Boakye-Bonsu, V.(1997), Developing internal auditing procedures in UK
organizations using a benchmarking approach, Managerial Auditing Journal, Vol.12 pp. 464 -
478
Marshall, C., & Rossman, G.B. (199). Designing qualitative research (3rd ed.) Thousand
Oaks, California:
SAGE publication Inc.
Marais et al (2009) “Usage of Internal Auditing Standards and internal auditing activities in
South Africa and all respondents” Managerial Auditing Journal, Vol.24 pp.883-898
Page 53
McClintock, C.C,. Brannon, D.,&Maynard-Moody, S. (1979). Applying the logic of sample
surveys to qualitative case studies: the cluster method. Administrative science Quarterly, 24,
612-629
Myers, P.M, Ziegenfuss, D.E. (2006) “Audit committee pre-Enron efforts to increase the
effectiveness of corporate governance” Corporate Governance, Vol.6 pp. 49 – 63
Peursem, K.V. (2004), “Internal auditors’ role and authority”, Managerial Auditing Journal,
Vol. 19 pp. 378-93
Price Waterhouse, (1993), Improving Audit Committee Performance: What Works Best,
Institute of Internal Auditors Research Foundation, Florida,
Public Oversight Board (POB) (1993), In the Public Interest, Public Oversight Board,
Stamford, CT,
Raghunandan, K., Read, W.J., Rama, D.V. (2001), "Audit committee composition, ‘gray
directors’ and interaction with internal auditing", Accounting Horizons, No.July, pp.105-18.
Reynolds, M.A. (2000), “Professionalism, ethical codes and the internal auditor: a moral
argument”, Journal of Business Ethics, Vol. 24 pp. 115-24.
Sawyer, L.B. and Vinten, G. (1996), The Manager and the Internal Auditor, Wiley, New
York, NY.
Sawyer, L.B. and Dittenhofer, M.A. (1996), Sawyer’s Internal Auditing: The Practice of
Modern Internal Auditing, The Institute of Internal Auditors, Altamonte Springs, FL.
Page 54
Sekaran,U. (2003). Research methods for Business: A skill building approach (4th ED). New
York:John Wiley & Sons, Inc.
Scarbrough, D.P., Rama, D.V., Raghunandan, K. (1998), "Audit committee composition and
interaction with internal auditing: Canadian evidence", Accounting Horizons, Vol. 12 No.1,
pp.51-62.
Traver, R.O. (1991), A Comparison of Perceived Importance of Factors that have an Impact
on Audit Effectiveness, UMI Microform, Ann Arbor, MI.
Turnbull (1999a), Internal Control: Guidance for Directors of Listed Companies Incorporated
in the United Kingdom – Consultation Draft, Institute of Chartered Accountants in England
and Wales, London, .
Turnbull (1999b), Internal Control: Guidance for Directors of Listed Companies Incorporated
in the United Kingdom, Institute of Chartered Accountants in England and Wales, London, .
Vanasco, R.R. (1994), “The IIA code of ethics: an international perspective”, Managerial
Auditing Journal, Vol. 9 pp. 12-22.
Ward, D.D. and Robertson, J.C. (1980), “Reliance on internal auditors”, Journal of
Accountancy,
Vol. 150, pp. 62-73
Williams, H.M. (1978), “The emerging responsibility of the internal auditor”, The Internal
Auditor, Vol. 18, pp. 45-52.
Yin,R.K. (2003), Case Study Research: Design and Methods, 3rd ed., London: Sage
Zabihollah, Rezaee(1995) “What the COSO report means for internal auditors” Managerial
Auditing Journal, Vol.10 pp.5-9
Page 55
APPENDIX 1
Blekinge Institute of Technology
Sweden
Page 56
3c Why? Please give reasons for your choice of answer to question 3b (why no, why yes)
…………………………………………………………………………………………
…………………………………………………………………………………………
…………………………………………………………………………………………
…………………………………………………………………………………………
…………………………………………………………………………………………
…………………………………………………………………………………………
…………………………………………………………………………………………
……………………
4. Can the internal audit department audit all activities and departments of the
organization?
Yes No
8.Are there any measures to protect internal auditors from victimization from management?
Yes No
9. As an internal Auditor, do you feel protected? Yes No
9a If yes, how do you assess your level of protection?
Some how protected protected very protected
Page 57
SECTION B-THE HOW ELEMENT-AUDIT SCOPE
1.As an internal auditor do you understand the processes and procedures of the departments
you audit?
Yes No
2. Do you have sufficient access to information, records, people in the company in
performing your audit
work? Yes No
Page 58
…………………………………………………………………………………………………
…………………………………………………………………………
Page 59
APPENDIX 2
Blekinge Institute of Technology
Sweden
SECTION B-WHAT TO DO
1. Are you aware of the internal audit charter? Yes No
2. Are you aware of the duties of the internal audit department? Yes . No
2a. If Yes, please mention them
................................................................................................................................................
................................................................................................................................................
................................................................................................................................................
................................................................................................................................................
................................................................................................................................................
..............................
3. Are you aware of the internal control mechanisms put in place by the internal audit
department?
Yes No
Page 60
………………………………………………………………………………………………
……………
4. Do you think the internal control measures will safeguard the assets of the company?
Yes No
4a. If no, please state areas of weakness
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
………………
5. Do you know the procedures for responding to reports from internal audit? Yes No
.
6 .Are recommendations from internal audit implemented? Yes No
6a. If yes, mention some recommendations implemented in your department/Branch
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
……………………………………………………………………………………….
4. Do you think the internal audit staff adopts professional and ethical standards all the times?
Yes No
5.Do you think the internal audit staff fosters constructive working relationship with
accountable management?
Yes No
6. How will you rate the performance of the internal audit department?
Page 61
Below average Average Above average Excellent
Page 62