SA-610: Using the Work of Internal Auditors

## SA-610: Using the Work of Internal Auditors

### Meaning of Internal Audit

Internal audit covers three areas:

---

### Scope of SA-610

SA-610 deals with the External Auditor's (EA) responsibilities when:

• Using work of the Internal Audit (IA) function; and
• Using IA to provide Direct Assistance (DA) under the supervision, direction, and review of the EA.

---

### Sole Responsibility of the External Auditor

• The EA has sole responsibility for the audit opinion expressed.
• That responsibility is not reduced by using the IA function's work or by using IA as Direct Assistance.

---

### Ways the EA Can Use the Work of IA

1. To obtain information relevant to the EA's Risk Assessment Procedures (assessment of RMM).

2. To use the IA function's work during the period as a partial substitute for audit evidence gathered directly.

3. To use IA work to perform procedures under the Direct Supervision, Direction, and Review of the EA (Direct Assistance).

---

### Evaluating Whether to Use IA's Work

#### Can Use IA Work When:

1. Organization's policies support the objectivity of the IA function.

2. The IA function has an adequate level of competence.

3. The IA function applies a systematic and disciplined approach (including quality control).

#### Cannot Use IA Work When:

1. Organizational policies do not support objectivity of IA.

2. The IA function lacks competence.

3. The IA function does not apply a systematic and disciplined approach.

---

### Areas Where IA Work Can Be Used

1. Testing effectiveness of controls.

2. Observation of inventory counts.

3. Tracing transactions through information systems.

4. Testing compliance with laws.

5. Substantive procedures (where limited judgement is used).

6. Review of financial information of non-significant components.

---

### Areas Where EA Should Perform Directly (Less IA Work)

1. More judgement is involved in planning/performing audit procedures or evaluating audit evidence.

2. Higher risk of material misstatement (RMM) — leading toward a significant risk.

3. Organizational policies do not support objectivity.

4. Lower level of competence of the IA function.

---

### If EA Plans to Use IA Function

1. Discussion and coordination with IA function.

2. EA shall read the IA's report to understand the nature and extent of procedures performed.

3. EA shall perform sufficient audit procedures to determine the adequacy of the IA function's work.

Discussion topics:

• Timing and nature of work.
• Extent of audit coverage.
• Materiality (for FS as a whole; performance materiality).
• Methods of sample selection.
• Documentation and review of work performed.

Effective Coordination:

• Discussions at appropriate intervals.
• EA shall inform IA about significant matters.
• EA shall have access to relevant reports of the IA function.

---

### Three Key Evaluation Factors for IA Work

> Important: Objectivity and competence are viewed as a continuum. Strong objectivity does not compensate for lack of competence, and vice versa.

---

### Direct Assistance from IA

#### EA Shall NOT Use IA as Direct Assistance When:

1. Significant threats to the objectivity of the Internal Auditor.

2. Internal Auditor lacks required competence.

#### EA Shall NOT Use IA for the Following Procedures:

1. Procedures involving significant judgement in the audit.

2. Procedures related to higher RMM.

3. Procedures related to work reported to management by the IA function.

4. Procedures related to decisions formed by EA as per SAs.

#### Prior to Direct Assistance, EA Shall Obtain:

1. Written agreement from an authorized representative of the entity:

• Internal Auditor will follow EA's instructions.
• Entity will not intervene in the work performed for EA.

2. Written agreement from the Internal Auditor:

• They will keep matters confidential.
• EA will inform Internal Auditor about threats to objectivity.

---

### Internal Financial Controls vs. Internal Control over Financial Reporting