6.1.2.1.1

Definition

Effective Date:

July 1, 1991

Internal auditing is an independent appraisal activity within an agency for the review of operations as a service to management. Internal auditing functions by measuring and evaluating the effectiveness of various types of controls (primarily accounting and financial) and may also properly be concerned with matters of an operating nature. An audit is a methodical examination of the utilization of resources. It concludes with a written report of its findings. An audit also tests the management's accounting system to determine the extent to which internal accounting controls are both available and being used.

6.1.2.1.2

Basic Requirements

Effective Date:

July 1, 1991

6.1.2.1.2.a

Agency heads or authorized designees are assigned the responsibility and authority for establishing and maintaining an internal audit program following the Standards for the Professional Practice of Internal Auditing. The decision to employ an internal audit program in an agency should be made after a risk assessment is completed and the priority of the need for an internal auditor is compared to the agency's programmatic needs.

6.1.2.1.2.b

Internal auditing is to provide for:

• Effective control devices to ensure that objectives and prescribed procedures are being followed at all levels of the organization.

• Isolation of problem areas and to provide a means for corrective action before operational efficiency is affected.

• Additional internal checks and controls for more effective management.

• Improved communication channels within the organization.

6.1.2.1.2.c

Internal auditing is to be a staff rather than an operating function. Internal audit functions are not to be performed by individuals responsible for associated line operating assignments. In the larger agencies, separate internal auditing staff positions are to be established.

6.1.2.1.2.d

The internal auditor is to:

• Conduct independent analysis and review of agency activities.

• Occupy a position in the organization not subject to those line officials whose activities will be reviewed.

• Report and submit the audit findings, recommendations, and analysis directly to the agency head, or chief executive officer.

6.1.2.1.2.e

Internal audits are to include both pre-audits and post-audits. A pre-audit refers to audit activities performed during the year, particularly if the audit is completed prior to

year-end. A post-audit is a complete examination of the year's activities. In either case, the audit is after the fact and not part of the actual accounting process.

6.1.2.1.2.f

Comprehensive internal audits as a post-audit function are to be accomplished. In addition, performance audits are to be performed whenever practicable and cost effective.

6.1.2.1.2.g

Internal audit findings are to be documented in a written report. In addition to the audit findings, the report may detail required and/or suggested recommendations as to:

• Improvements in internal accounting controls which would improve the economy, efficiency, and effectiveness of operations.

• Improvements necessary to assure the accuracy and reliability of reported information.

6.1.2.1.3

Internal Auditing vs. External Auditing

Effective Date:

July 1, 1991

Audits may be classified as internal or external depending upon whether they are performed by internal or external auditors. Internal auditors are employees in the specific audited governmental unit. External auditors are independent of the audited governmental unit. External auditors include:

• State Auditor.

• Government auditors who are members of a government other than the state of Washington.

• Independent public auditors who provide auditing services on a fee basis.

• Auditors of legislative organizations such as the Joint Legislative Audit and Review Committee.

6.1.2.1.3.b

External auditors must be independent both in fact and in appearance.

6.1.2.1.3.c

External audits do not alleviate the need for an internal audit function, or vice-versa. Internal and external audit functions are complementary. Agencies are not to rely solely on audits performed by outside agencies to measure the appropriateness and degree of internal controls. Audits by external agencies, such as the Joint Legislative Audit and Review Committee and the State Auditor, are not intended to replace an ongoing management review of operations and may in fact be limited by law to the scope of the examination they may perform. This limit on the scope may preclude a comprehensive review of an agency's internal control procedures. All agencies, even the small to medium sized agencies, are to make adequate provision for periodic, timely risk assessments and, if necessary, reviews of internal control procedures.