A Auditoria Interna como ferramenta de melhoria dos controles internos de uma organização: Estudo de caso em uma empresa do segmento industrial do Rio de Janeiro / The internal audit as improvement tool of an organization internal controls: case study in a industrial segment company in Rio de Janeiro

Carlos Renato Fontes Trisciuzzi

09 February 2009

A alteração no sistema de controles internos da empresa estudada teve como marco principal a mudança do foco no trabalho da auditoria interna, que começou a desempenhar suas atividades de forma estruturada e seguindo uma metodologia específica; além, de perseguir um objetivo estratégico da organização. A auditoria interna, antes do processo de certificação do sistema de controles internos exigido pela seção 404 da SOX, era apenas um instrumento de detecção de erros e compliance fiscal, que baseava seus trabalhos somente em fatos passados, com a constatação de deficiências de controles. Todavia, sem assessorar a alta a administração da empresa na resolução das deficiências, objetivando a implementação das melhorias dos controles internos. Com a necessidade de certificação da eficácia dos controles internos, a partir do ano de 2005, o foco dos trabalhos de auditoria interna foi direcionado para lograr melhorias nos métodos de controle, gestão de riscos, prevenção de fraudes e erros, nos processos operacionais, contábeis e financeiros da organização. O objetivo dessa pesquisa foi, por meio de estudo de caso único, mensurar os principais procedimentos realizados para a implantação do sistema de controles internos da empresa estudada, incluindo a metodologia adotada, o modelo escolhido, o processo de controle estabelecido, a identificação e avaliação dos principais riscos e controles, bem como a forma de seleção, avaliação e teste dos controles internos existentes. Buscou-se coletar dados preconizados pela literatura de autores renomados e analisar as diversas bibliografias, com o objetivo de comparar com a pesquisa que foi realizada nos documentos fornecidos pela empresa analisada. Este estudo levantou pontos importantes sobre o processo de gestão da empresa e da forma como se utilizou da auditoria interna como ferramenta para a melhoria de seus controles internos. Destacam-se a geração de valor empresarial que um bom ambiente de controle interno traz e os motivos que levam uma organização a implementar uma área de auditoria interna, com especial atenção ao foco de assessoramento e consultoria, alinhado as práticas internacionais de auditoria interna. Entretanto, apesar de observar melhorias na atuação da auditoria interna da organização, constata-se a necessidade de alinhamento de algumas práticas internacionais, ainda não implementadas. Descobriu-se, também, que a auditoria interna, com o devido emporwerment da alta administração, e utilizando-se das técnicas atuais e internacionais, aumentam a confiabilidade do sistema de controles internos e com isso geram valor às suas organizações. Nesta pesquisa pôde-se constatar a utilização da auditoria interna como ferramenta de gestão de recursos organizacionais, ocasionando melhorias no sistema de controles internos da empresa, e ficando constatada, por meio de auditoria executada por firma independente, a irrefutável melhoria dos controles internos da organização estudada. / The change in the internal control system in the company studied has initiated with the modification of the audit scope from the internal audit department, which started to perform their activities in a more structured way and following a specific methodology, in addition, to pursue strategic objectives of the organization. Before the certification of the internal controls system required by Section 404 of SOX, the internal audit was viewed as a tool to detect mistakes and to attend tax compliance, based only on past events and pointing out the deficiencies in the controls, but without advising the senior management and board of directors on what to do to improve the internal control environment. The need for certification of the effectiveness of internal control in 2005 changed the focus of the internal audit works, which was now directed to achieve improvement in the methods of control, risk management, prevention of fraud and mistakes in the operation, accounting and financial process of the rganization. The aim of this study was, through a study of a case, to measure the main procedures performed for the deployment of the internal control system of the company object of this study, including the methodology, the model chosen, the process of control established, the identification and assessment of key risks and controls, and how to select, evaluate and test internal controls. We tried to collect data from renowned author of specific literature and analyze the various bibliographies, in order to compare with the research that was carried out in the documents provided by the studied company. This study raised important points about the management process in the company and how internal audit is used as a tool for the improvement of their internal controls. It is to add value for the business that companies seek for a good internal control environment and that provides the reason to lead an organization to implement an internal audit department, with particular attention to the outbreak of advice and consultancy, international practices aligned internal audit. However, we observed several improvements in the performance of internal audit department in the organization there is still a need to align with some international practices, which it will be implemented. It was also found that the internal audit department with proper empowerment from senior management, and using the current and international techniques, increased the reliability of the internal controls system and thereby add value to their organization. In this research it was noted the use of the internal audit department as a management tool for better use of resources, for improvement in the internal controls system, and the irrefutable improvement in the internal control environment of the organization studied, which could be noted by the external audit performed by an independent firm.

Controle Interno

Auditoria Interna

Estudo de Caso.

Internal Audit

Internal Control

Case Study.

CIENCIAS CONTABEIS

Externí a interní audit / External and internal audit

Benešová, Barbora

January 2011

The thesis attends to the issue of audit and is divided into two parts. The theoretical part deals with the definition of external (statutory) audit and internal audit and is divided to the chapters of the history, legislation, definition and role. Thereinafter describes a person of auditor, his activities, principles, methods and procedures which auditor uses. The end of the first part is about forensic audits and frauds. The application section includes at first comparison of professions and specifies the same as well as different features. The second part focuses on the relation and cooperation of external and internal auditor.

Vztah externího a interního auditu v bankovnictví / The relationship between external and internal audit in banking

Havlová, Lenka

January 2011

The aim of this thesis is to describe the theory of external and internal audit and to familiarize with a practical prespective on cooperation between external and internal auditors in banks. Specifically, the cooperation between external and internal auditors was consulted with one of the biggest banks in the Czech Republic. The thesis is divided into theoretical anc practical part. The theoretical part deals with definitions and bacis principles of external and internal audit. Moreover, auditing standards and code of ethics are presented. The practical part is based on the information about professional experience of auditors and is focused on cooperation between external and internal auditors in banks.

Svensk Kod för bolagsstyrning : Intern kontroll avseende bolagens finansiella rapportering

Sundberg, Johan

January 2007

<p>The Swedish Code for Corporate Governance was introduced on July 1, 2005. All companies then listed at OM Stockholmsbörsen A-list and those on the O-list with a market value of more than three billion SKr must implement the rules in the Code. The Code includes rules for corporate governance as a complement to the legislation. The Code is based on the principle comply or explain. This means that the companies are aloud to diverge from the rules if they explain why. The reason for this principle is that it enables a much higher level of ambition in the Code than if it would be legislated.</p><p>The Swedish Code for Corporate Governance has introduced much tougher rules on internal control than the existing legislation demands. The Code demands a good internal control without defining what it means. The idea is that the companies themselves are responsible for developing a standard for good internal control. It also includes that the board should sign an annual report about the companies internal control and establish a special internal audit function for evaluating the internal control system.</p><p>The main purpose with this paper is to study the implementation of the Code in Swedish companies concerning the rules on internal control of the financial reporting.</p><p>The paper is limited to the companies listed at OM Stockholmsbörsen former A-list which apply with the Code. Five companies are being interviewed on their work with internal control. All companies at the former A-list are included in the study of the existence of an internal audit function.</p><p>The paper is based on both secondary and primary data, mainly focused on the latter. The secondary data is collected from literature, journals, internet and annual reports from the companies included in the study. Primary data has been collected via e-mail and telephone contacts. One of the interviews was done via telephone and the others through meetings at the companies head offices.</p><p>The study shows that exactly half of the companies have an internal audit function and the existence of the function is strongly related to the ownership structure. Only companies with a wide spread in ownership and nationalized companies has the function.</p><p>There is a great uncertainty about what good internal control means. A suitable solution to apply with the rules in the Code is therefore to use COSO’s definition and recommendations on internal control. The framework also includes guidelines on how to evaluate and improve internal control.</p>

Internal control

internal audit function

SOX

COSO

Principal-Agent theory

Business studies

Företagsekonomi

Internrevisionens roll - ett svenskt perspektiv / The role of internal audit - A Swedish perspective

Karlsson, Andréas, Eklund, Anneli, Lax, Catarina

January 2005

The problem area was identified due to the fact that research within internal audit is fragmented and insufficient, simultaneously to internal audit becoming more common in the public debate. Crises and scandals in companies such as Enron in the US and Skandia in Sweden have resulted in new regulations regarding how companies should be governed. These regulations have been established in Sarbanes Oxley Act (SOX) in the US, and in Sweden the Swedish code for corporate governance will be implemented in 2005. The regulations imply that companies must provide sound internal control and to accomplish that, companies should have an auditing and consulting internal audit function. The Swedish code for corporate governance denotes that companies can decide to comply or explain why the code is not complied. SOX on the other hand require that the regulation is being followed. The raised question is how internal audit is performed. International research has thrown light upon this question but few studies have been made in a Swedish perspective. The purpose with this thesis is to describe the role of internal audit in Swedish companies, to examine if the role is perceived as a watchdog or as a consultant, and to analyze to what extent present regulations affect internal audit. The choice of method in the thesis has taken the form of a profound qualitative research in three companies accompanied by a quantitative research to examine if the results from the qualitative study could be confirmed. The qualitative research consisted of interviews with three companies, which all have an established internal audit function. The interviews were followed by a questionnaire presented to all companies listed on the Swedish stock exchange most traded A-list. The results show that of the companies listed on the Swedish stock exchange most traded A-list only 32 percent have an internal audit function. This can be perceived as low when previous studies in the area have shown that internationally it is a common function. In the companies where there is an internal audit function, the role has mainly transformed back to a watchdog perspective from previously been heading towards a consulting role. This shift in the role of internal audit mostly derives from the exceeded regulations within corporate governance. / Det identifierade problemområdet tar sin början i att forskning inom internrevision är fragmenterad och ofullständig samtidigt som internrevision har blivit allt vanligare i den allmänna debatten. Kriser och skandaler i företag som till exempel Enron i USA och Skandia i Sverige har lett till nya regleringar hur företag ska styras och förvaltas. Dessa regleringar har tillkommit i form av Sarbanes Oxley Act (SOX) i USA och i Sverige kommer Svensk kod för bolagsstyrning att implementeras under 2005. Regleringarna säger bland annat att företaget måste tillgodose en god intern kontroll och att företagen för att uppnå detta, bör ha en granskande och konsulterande internrevisionsfunktion. Den svenska koden anger dock att företaget kan välja att i stället förklara varför koden inte efterföljs, detta till skillnad från SOX som kräver att regelverket följs. Frågan väcks hur internrevisionen i företag ser ut. Viss internationell forskning har belyst denna fråga, men studier i ett svenskt perspektiv lyser med sin frånvaro. Syftet med uppsatsen är att beskriva internrevisionens roll i svenska företag, att undersöka om rollen upplevs som övervägande granskande eller konsulterande, samt att analysera i vilken utsträckning aktuella regelverk påverkar internrevisionen. Metodvalet i uppsatsen har tagit sig uttryck i en djupgående kvalitativ undersökning av tre företag, åtföljt av en kvantitativ undersökning för att undersöka om resultaten från den kvalitativa studien bekräftas. Den kvalitativa undersökningen består av intervjuer med tre företag som alla har en väl etablerad internrevisionsfunktion. Efter dessa intervjuer formulerades ett antal frågor som sammanställdes i en enkät. Dessa frågor ställdes till företag på Stockholmsbörsens A-lista, mest omsatta. Resultaten som framkom, visar att av företagen på Stockholmsbörsens A-lista, mest omsatta, är det enbart 32 procent som har en internrevisionsfunktion vilket kan anses som lågt då tidigare studier inom området pekar på att det internationellt är en vanlig funktion hos företagen. Där det finns en internrevisionsfunktion har dess roll till övervägande del gått tillbaka till att bli alltmer granskande, från att tidigare ha varit på väg mot en konsulterande roll. Detta skift i internrevisionens roll har framförallt sin grund i den ökade regleringen inom corporate governance.

Internal audit

Internal control

Corporate governance

Internrevision

Intern kontroll

Corporate governance

Business studies

Företagsekonomi

Svensk Kod för bolagsstyrning : Intern kontroll avseende bolagens finansiella rapportering

Sundberg, Johan

January 2007

The Swedish Code for Corporate Governance was introduced on July 1, 2005. All companies then listed at OM Stockholmsbörsen A-list and those on the O-list with a market value of more than three billion SKr must implement the rules in the Code. The Code includes rules for corporate governance as a complement to the legislation. The Code is based on the principle comply or explain. This means that the companies are aloud to diverge from the rules if they explain why. The reason for this principle is that it enables a much higher level of ambition in the Code than if it would be legislated. The Swedish Code for Corporate Governance has introduced much tougher rules on internal control than the existing legislation demands. The Code demands a good internal control without defining what it means. The idea is that the companies themselves are responsible for developing a standard for good internal control. It also includes that the board should sign an annual report about the companies internal control and establish a special internal audit function for evaluating the internal control system. The main purpose with this paper is to study the implementation of the Code in Swedish companies concerning the rules on internal control of the financial reporting. The paper is limited to the companies listed at OM Stockholmsbörsen former A-list which apply with the Code. Five companies are being interviewed on their work with internal control. All companies at the former A-list are included in the study of the existence of an internal audit function. The paper is based on both secondary and primary data, mainly focused on the latter. The secondary data is collected from literature, journals, internet and annual reports from the companies included in the study. Primary data has been collected via e-mail and telephone contacts. One of the interviews was done via telephone and the others through meetings at the companies head offices. The study shows that exactly half of the companies have an internal audit function and the existence of the function is strongly related to the ownership structure. Only companies with a wide spread in ownership and nationalized companies has the function. There is a great uncertainty about what good internal control means. A suitable solution to apply with the rules in the Code is therefore to use COSO’s definition and recommendations on internal control. The framework also includes guidelines on how to evaluate and improve internal control.

Internal control

internal audit function

SOX

COSO

Principal-Agent theory

Business studies

Företagsekonomi

Internal audit : How the internal audit has been affected by the Code

Morén, Anna, Sunebrand, Linda

January 2006

The Swedish code of corporate governance (the Code) was introduced 1 July 2005 aiming to raise the quality of corporate governance. This thesis investigates how the Code has affected internal audit. The purpose of this study is dual and aims to 1). Describe the internal audit, in companies on the A-list and O-list, and how it has and is believed to be affected by the Code. 2). Explain why the internal audit function varies between companies. The first purpose has been carried out by using an inductive approach. The data has been gathered through qualitative interviews with companies, on the A and O-list, audit firms and the Institute of Internal Auditors. In order to fulfil the second purpose a deductive approach has been used. Quantitative data has been gathered from annual reports as well as homepages. The material has together with agency theory been used in order to analyse why the internal audit differs between firms. The result of the qualitative interviews shows that the perceptions of internal audit differ. This can to a certain extent be explained by that there today are no accepted standards for internal audit. Neither does the Code explain what an internal audit function should involve. Overall, all respondents agree that the Code is nothing new nor revolu-tionary since the majority of the companies regard the regulations to be a matter of course. However, the demand of documentation and information has increased. The respondents also states that the acceptance and importance of internal audit has been raised further. All respondents believe that the role of internal audit will develop further. It is expected to become more consultative wherefore the internal auditor’s competence must be improved. Furthermore, the opinion is that COSO will be the framework that companies will apply. The differences in internal audit practice have in this thesis also been analysed and explained by applying the agency model. The analysis has resulted in two proposals: Proposal 1: The ownership structure affects the agency relationship which in turn leads to differences in the internal audit. Proposal 2: Companies operating in complex business environments are more likely to have an internal audit function than entities in less complex businesses. Therefore, the existence of internal audit varies across business sectors.

Internal audit

Agency theory

The Swedsih code of corporate governance

Business and economics

Ekonomi

Bästa praxis för integrerade internrevisioner : En handbok för integrerade internrevisioner

Karlsson, Stina

January 2013

In order for a business management to be able to make informed decisions for their companies need enterprise management system regularly checked by internal audits. The aim of purpose with this work was to develop a working manual for integrated internal audits. This was done through a litterature study and interviews with auditors. An in-depth interview was conducted with an experienced auditor to get more understanding and depth of the internal audits process, and how the manual could be designed. Discussions were held with the person responsible for environment, health and safety at Swedspan Hultsfred to adjust the manual to the company’s internal management system. The manual contains of eight parts starting with an introduction followed by deviding of the company, a three-year plan, a list of demands, questions-template, tips on how questions should be asked and ending with an evaluation. The manual has been tested and confirmed in practice by the author. The conclusions drawn in the report is that companies integrate their internal audits, which requires the auditor to have experience to succeed in performing internal audits. By using the manual, it is intended that the auditor should learn more on internal audits during the work. Top tips for implementing an integrated internal audit include: To make a schedule, ask good questions and to evaluate the work. / För att en företagsledning ska kunna ta välgrundade beslut för sitt företag behöver företagets ledningssystem regelbundet kontrolleras med hjälp av internrevisioner. Syftet med arbetet var att få fram en fungerande handbok för integrerade internrevisioner. Detta gjordes genom en litteraturstudie samt intervjuer av revisorer. En längre intervju genomfördes med en erfaren revisor för att få mer förståelse och djup för hur internrevisioner genomförs samt hur handboken kunde läggas upp. En diskussion fördes med den ansvariga personen för miljö, hälsa och säkerhet på Swedspan i Hultsfred för att få fram hur ett företag vill att handboken ska se ut. Manualen innehåller åtta delar som börjar med en introduktion följt av uppdelning av bolaget, en treårsplan, en lista med krav, frågemall, tips om hur frågor bör ställas och slutar med en utvärdering. Slutsatser som dras i rapporten är att företag integrerar sina interna revisioner, och att revisorn då behöver ha erfarenhet för att lyckas med att genomföra internrevisionerna. Genom att använda handboken så är det meningen att revisorn ska lära sig mer om internrevisioner under arbetets gång. De bästa tipsen för genomförandet av en integrerad internrevision är bl.a. att göra en tidsplan, ställa bra frågor och att utvärdera arbetet.

audit

manual

internal audit

integrated audit

revision

handbok

internrevision

integrerad revision

The Role of Internal Audit Independence on Performance in Public Family Business

Tseng, Hsiu-ling

18 July 2012

Family-owned enterprise is a typical governance structure around the world. In addressing the governance issues in family business, the founding family usually utilizes the direct or indirect ownership structure and also the management design to mitigate the typical agency-principal problem among founding family and the professional managers in family businesses. However, scholars indicate that the majority shareholders, such as the founding family in a family business, will induce the principal-principal agency concern, and also have the possibility to exploit the minority shareholder¡¦s interests in publicly traded family businesses. Thus, the corporate governance today will not only focus on mitigating the typical agency-principal problem, but also the principal-principal agency problem in family businesses. This study tries to examine the role of the internal audit¡¦s independence in addressing the performance issues in publicly traded family businesses in Taiwan. From the agency theory viewpoint, this study try to utilize the questionnaires method to estimate the degree of the internal audit¡¦s independence, and future examine its performance impact in family businesses in Taiwan. This study suggests that the internal audit power, and the internal audit independent execution, can be two kinds of independence indexes in estimating the degree of internal audit¡¦s independence. The results indicate that the internal audit¡¦s independence will generate direct and moderated impact on publicly trade family business¡¦s performance in Taiwan. Specifically, the more independent board of directors a family business has, the better performance that this focal firm behaves. Moreover, the internal audit¡¦s independence will generate positively direct impact on firm performance in a family business. Additionally, the degree of internal audit¡¦s independent execution will moderate the positive impact from independent board of directors and family leadership on firm performance in publicly trade family businesses in Taiwan. This study provides referable values in estimating the internal audit¡¦s independence in publicly trade businesses. And it also provides theoretical and practical implications in addressing governance issues in family businesses in Asia.

agency theory

Internal audit

family business

principal-principal agency problem

independence

Internal audit : How the internal audit has been affected by the Code

Morén, Anna, Sunebrand, Linda

January 2006

<p>The Swedish code of corporate governance (the Code) was introduced 1 July 2005 aiming to raise the quality of corporate governance. This thesis investigates how the Code has affected internal audit. The purpose of this study is dual and aims to 1). Describe the internal audit, in companies on the A-list and O-list, and how it has and is believed to be affected by the Code. 2). Explain why the internal audit function varies between companies.</p><p>The first purpose has been carried out by using an inductive approach. The data has been gathered through qualitative interviews with companies, on the A and O-list, audit firms and the Institute of Internal Auditors. In order to fulfil the second purpose a deductive approach has been used. Quantitative data has been gathered from annual reports as well as homepages. The material has together with agency theory been used in order to analyse why the internal audit differs between firms.</p><p>The result of the qualitative interviews shows that the perceptions of internal audit differ. This can to a certain extent be explained by that there today are no accepted standards for internal audit. Neither does the Code explain what an internal audit function should involve. Overall, all respondents agree that the Code is nothing new nor revolu-tionary since the majority of the companies regard the regulations to be a matter of course. However, the demand of documentation and information has increased. The respondents also states that the acceptance and importance of internal audit has been raised further. All respondents believe that the role of internal audit will develop further. It is expected to become more consultative wherefore the internal auditor’s competence must be improved. Furthermore, the opinion is that COSO will be the framework that companies will apply.</p><p>The differences in internal audit practice have in this thesis also been analysed and explained by applying the agency model. The analysis has resulted in two proposals:</p><p>Proposal 1: The ownership structure affects the agency relationship which in turn leads to differences in the internal audit.</p><p>Proposal 2: Companies operating in complex business environments are more likely to have an internal audit function than entities in less complex businesses. Therefore, the existence of internal audit varies across business sectors.</p>

Internal audit

Agency theory

The Swedsih code of corporate governance

Business and economics

Ekonomi