This Auditing Standard deals with the external auditor’s responsibilities if using the work of internal auditors. This includes using the work of the internal audit function in obtaining audit evidence.
The use of internal auditors to provide direct assistance is prohibited in an audit or review conducted in accordance with the Australian Auditing Standards.[*] For a group audit, this prohibition extends to the use of internal auditors to provide direct assistance in an audit or review of a component, including an overseas component, conducted in accordance with the Australian Auditing Standards.[#]
If the entity has an internal audit function, the requirements in this Auditing Standard relating to using the work of that function do not apply if:
- The responsibilities and activities of the function are not relevant to the audit; or
- Based on the auditor’s preliminary understanding of the function obtained as a result of procedures performed under ASA 315, the external auditor does not expect to use the work of the function in obtaining audit evidence.
Nothing in this Auditing Standard requires the external auditor to use the work of the internal audit function to modify the nature or timing, or reduce the extent, of audit procedures to be performed directly by the external auditor; it remains a decision of the external auditor in establishing the overall audit strategy.
Relationship between ASA 315 and ASA 610
Many entities establish internal audit functions as part of their internal control and governance structures. The objectives and scope of an internal audit function, the nature of its responsibilities and its organisational status, including the function’s authority and accountability, vary widely and depend on the size and structure of the entity and the requirements of management and, where applicable, those charged with governance.
ASA 315 addresses how the knowledge and experience of the internal audit function can inform the external auditor’s understanding of the entity and its environment, the applicable financial reporting framework and the entity's system of internal control, and identification and assessment of risks of material misstatement. ASA 315 also explains how effective communication between the internal and external auditors also creates an environment in which the external auditor can be informed of significant matters that may affect the external auditor’s work.
Depending on whether the internal audit function’s organisational status and relevant policies and procedures adequately support the objectivity of the internal auditors, the level of competency of the internal audit function, and whether the function applies a systematic and disciplined approach, the external auditor may also be able to use the work of the internal audit function in a constructive and complementary manner. This Auditing Standard addresses the external auditor’s responsibilities when, based on the external auditor’s preliminary understanding of the internal audit function obtained as a result of procedures performed under ASA 315, the external auditor expects to use the work of the internal audit function as part of the audit evidence obtained. Such use of that work modifies the nature or timing, or reduces the extent, of audit procedures to be performed directly by the external auditor.
There may be individuals in an entity that perform procedures similar to those performed by an internal audit function. However, unless performed by an objective and competent function that applies a systematic and disciplined approach, including quality control, such procedures would be considered internal controls and obtaining evidence regarding the effectiveness of such controls would be part of the auditor’s responses to assessed risks in accordance with ASA 330.
The external auditor has sole responsibility for the audit opinion expressed, and that responsibility is not reduced by the external auditor’s use of the work of the internal audit function on the engagement. Although they may perform audit procedures similar to those performed by the external auditor, neither the internal audit function nor the internal auditors are independent of the entity as is required of the external auditor in an audit of a financial report in accordance with ASA 200. This Auditing Standard, therefore, defines the conditions that are necessary for the external auditor to be able to use the work of internal auditors. It also defines the necessary work effort to obtain sufficient appropriate evidence that the work of the internal audit function is adequate for the purposes of the audit. The requirements are designed to provide a framework for the external auditor’s judgements regarding the use of the work of internal auditors to prevent over or undue use of such work.
International Standard on Auditing ISA 610 Using the Work of Internal Auditors, paragraph 5 makes it clear that the requirements and application and other explanatory material in that standard relating to direct assistance do not apply in jurisdictions where direct assistance is prohibited, or restricted to some extent, by law or regulation. ASA 610 prohibits direct assistance and, accordingly, does not include other requirements and application and other explanatory material on direct assistance, and replaces them with the words “[Deleted by the AUASB. Refer Aus 1.2]”.
See ASA 600 Special Considerations—Audits of a Group Financial Report (Including the Work of Component Auditors) (as amended).