No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights

Reducing External Audit Fees by Leveraging IA

by Justin Gwin
December 20, 2016
in Uncategorized
Improving audit through coordination

In our post-Sarbanes-Oxley world, a rigorous external audit is essential for maintaining public confidence in our economic system. However, the audit is often viewed as costly, both in terms of dollars and other corporate financial resources committed to its annual performance.

According to a recent Financial Executives International survey of more than 7,000 SEC registrants, external audit fees average over $1.5 million per company annually, with a median fee of around $415,000. Audit fees have been increasing more than 3 percent annually, and this trend doesn’t appear to be ending anytime soon.

Audit committees and executive management teams are increasingly focused on how best to rein in these costs while at the same time benefiting from a risk-based, intensive review of the financial results of the company by their external auditor. Among the greatest opportunities to reduce costs and concurrently improve audit quality is through the coordinated use of internal audit (IA).

For organizations with an established IA function, the audit committee (AC) should require that the external auditor plan and conduct the audit in close coordination with, and maximum reliance on, the work of IA. PCAOB Auditing Standard No.5 allows the external auditor, in certain circumstances, to rely upon the IA’s work and receive direct assistance from them. Under the watchful eye of the AC, coordinated external/internal audit activities may be able to achieve reduced external audit fees.

Internal audit can be most effectively leveraged when:

  1. The audit committee continuously monitors the activities of both the external audit and IA.
  2. The company has an enterprise-wide risk management (ERM) framework in place.
  3. Communication and planning between external auditors and internal auditors starts early in the audit process.
  4. The internal auditor is properly trained, independent and produces high-quality and responsive work.

1. The audit committee takes the lead

Overseeing the external audit relationship is a fundamental responsibility of the audit committee. However, many companies go about this duty with little or no consideration of their IA function, resulting in a wasted opportunity to potentially reduce external audit fees. The AC should discuss the external auditor’s position on leveraging IA’s work. The AC is instrumental in considering the amount of support internal audit will provide to the external auditors.

Audit committees also can act as useful intermediaries in managing expectations for each group as well as facilitating communication between them. Ultimately, it’s up to the AC to decide how much of internal audit’s time and resources should be devoted to the external audit process. The AC should discuss this separately with both the internal audit and external audit teams and then bring them together to try to identify specific internal audit areas of responsibility that may support external auditors in order to help avoid duplication of effort and maximize efficiency.

2. ERM underlies the process

Management, internal audit and external audit all start by understanding the business, its inherent risks and its mitigating policies, procedures and controls. The presence of a robust enterprisewide risk management program provides a framework for addressing risk and can be a springboard to the audit process. It’s the place where everybody can come together and begin the process of thinking about risk of financial misstatement. Any ERM findings, as well as other risk assessments analyzed internally, should be shared with the external auditors.

3. Coordinated planning starts early

The external and internal auditors should communicate early and often to help eliminate duplicate work, avoid eleventh-hour surprises, gain efficiencies and enhance audit quality. Both audit functions should agree on status meetings and tracking mechanisms to keep the audit on track and help prevent issues from unnecessarily growing or going to the audit committee. Before starting the work, internal audit should verify that the work that they will be generating is going to meet external audit’s needs.

Additional considerations:

  • Share plans and timelines.
  • Coordinate internal control documentation and procedures to reduce duplication of efforts.
  • Employ common work paper standards and templates.
  • Confirm that sample sizes, selection methodologies and testing guidelines align.
  • Communicate what work will be used and what won’t.
  • Determine how to efficiently share documentation.

4. IA are trained and objective and deliver high-quality work

The internal auditors must be independent, competent and objective. Independence and objectivity are required standards of the IA profession. However, these attributes may be questioned by external auditors depending upon IA functional reporting lines, evaluation and remuneration practices, and consulting projects performed. IA should have an external quality assessment, performed by a third party, which can help validate their conformance with the independence and objectivity standards.

Furthermore, the internal audit team should complete and maintain evidence of training and development programs, as well as strive to obtain appropriate certifications. Training should be provided for IA staff on the desired audit evidence required by the external auditor.

The bottom line

If done effectively, organizations can leverage internal audit activities to reduce external audit fees while concurrently improving audit quality, reducing audit fatigue and increasing efficiency of resources. Companies should consider the recommendations above when thinking about how to approach their next audit.


Tags: HIPAA
Previous Post

Attorney-Client Privilege in WA No Longer Applies When Employment Ends

Next Post

Diligent Launches New Tool for Board Evaluations and Analysis

Justin Gwin

Justin Gwin

justin-gwinJustin Gwin, CIA, CPA, CISA, CRMA, CRISC, is a risk advisory services manager at Kaufman Rossin where he provides internal controls consulting and internal audit for businesses in a variety of industries. Justin also serves as president of the Institute of Internal Auditors (IIA) Miami chapter. He can be reached at jgwin@kaufmanrossin.com.

Related Posts

people waiting in covid line

Did Covid Lead to a Lower HIPAA Fine?

by Rodney King
August 17, 2022

Eye-popping fines over violations of the right of access portion of the federal HIPAA healthcare law aren’t exactly common, and...

medical records hipaa

Survey: Majority Admit Missing Key Piece of HIPAA Compliance

by Corporate Compliance Insights
June 8, 2022

Organizations admit failing to prioritize annual security risk analysis, according to small survey

A masked professional holds up their covid-19 vaccination card.

‘My Employer Can’t Ask for Proof of Vaccination’ and Other Myths Regarding COVID-19 and HIPAA

by K Royal
September 7, 2021

When it comes to COVID-19 and HIPAA, many misunderstand the law’s scope and purview, especially in a professional setting. Privacy...

illustration of cybersecurity concept

VigiTrust Launches VigiOne Cybersecurity Compliance Platform for Managed Security Service Providers

by Corporate Compliance Insights
August 17, 2021

Easy-To-Use, Cost-Effective Solution Enables MSSPs to Keep Pace with Changing Regulations, Scale Effectively and Ensure Ongoing Compliance New York, NY...

Next Post
Pushing a button that says evaluation

Diligent Launches New Tool for Board Evaluations and Analysis

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment Sanctions SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT