Launch offer — 25% off with code LAUNCH-25 See plans →
Try now → N
📚 Learn/ / Audit Chapter 4
Microlesson · 5-min read

Restrictions and Preconditions for Using IAF Direct Assistance

## Using Internal Audit Function (IAF) for Direct Assistance

### When the External Auditor (EA) SHALL NOT Use IAF

The EA must refuse to use IAF for direct assistance in two absolute situations:

1. Significant threat to objectivity — the IAF's independence is compromised.

2. Lacks sufficient competence — IAF personnel do not have the skill to perform the required work.

### Procedures Where IAF Cannot Be Used (Even If Objective & Competent)

Even when the above bars are not triggered, the EA shall not use IAF to perform procedures that:

ProhibitionReason
Involve making significant judgementsCore audit judgement must remain with EA
Relate to assessed ROMM involving more than limited judgementHigh-stakes areas need EA's own work
Relate to work already reported / to be reported by IAF to TCWG or ManagementAvoids self-review threat
Relate to decisions the EA makes under this SA regarding IAF itselfConflict of interest

### Preconditions Before Using IAF for Direct Assistance

Before deploying IAF, the EA must obtain two written agreements:

Agreement (a) — From Authorised Representative of the Entity:

  • IAF will be allowed to follow the EA's instructions.
  • The entity will not intervene in the work assigned to IAF.

Agreement (b) — From IAF Itself:

  • IAF agrees to maintain confidentiality of audit findings.
  • IAF will inform the EA of any threat to its independence that arises during the engagement.

Worked example

### Example 1

Example 1 — Applying the objectivity bar: The IAF head also reports directly to the CFO who is under audit scrutiny. EA identifies a significant self-interest threat. → EA shall NOT use IAF for direct assistance; the objectivity bar is triggered.

### Example 2

Example 2 — Significant judgement prohibition: The audit area involves estimating the recoverability of trade receivables (high ROMM, judgement-intensive). → Even if IAF is competent and objective, EA cannot assign this procedure to IAF.

### Example 3

Example 3 — Self-review threat: IAF previously reviewed the inventory count process and reported findings to TCWG. EA wants to use IAF for substantive testing of inventory. → Prohibited, as IAF will be reviewing its own prior reported work.

### Example 4

Example 4 — Correct use with safeguards: EA uses IAF to perform routine cash-count procedures (low judgement, not previously reported). EA first obtains written agreement from the CFO (authorised representative) that the entity will not redirect IAF staff, and a separate written agreement from the IAF chief that confidentiality will be maintained and threats to independence disclosed. → Permissible.

⚠️ Common exam mistakes

  • Confusing the two types of prohibition: the absolute bars (objectivity/competence) apply before any use; the procedure-level bars apply even when IAF clears the absolute bars.
  • Forgetting that BOTH written agreements are required — one from the entity's authorised representative AND one from IAF itself; obtaining only one is insufficient.
  • Assuming IAF can perform any procedure as long as the entity gives permission; the EA's professional judgement on significant-judgement procedures overrides entity consent.
  • Missing the self-review trigger: if IAF has reported or will report on a matter to TCWG/Management, the EA cannot also use IAF to audit that same matter.
Reference: SA 610 — Direct Assistance Provisions — SA 610 — Using the Work of Internal Auditors (ICAI)
← Previous
Related Party Relationships —
Next →
SA 500 / SA 530 – Selecting It
Now that you've read this — what's next?
Move from understanding → mastery in 3 clicks. Each option below picks up from this lesson's topic.
🔥 Drill 5 Qs on this → ✍️ Adaptive practice →
Start 15-min diagnostic