A general assessment that corporate tone at the top may be unhealthy. . An inability to provide assurance on the effectiveness of internal controls or risk management. An assertion that internal audit's resources may not be adequate, or that management- directed reductions to internal audit resources have gone too deep. An allegation by the CAL of management interference with the work of internal audit. A discussion of the risks that internal audit will not address during the coming year because of resource constraints or limited expertise. An inventory of emerging risks that should be on the audit committee's radar. It is rare that the chairman or full audit committee explicitly precludes the CAE from discussing those topics. Instead, an audit committee's limited appetite for such feedback is more often masked. For example, if the audit committee never asks the CAE about any resource or scope limitations, it makes it much more difficult for the subjects to come up. An audit committee can also limit the potential for bad news by limiting or concurring with limitations on internal audit's scope. For example, if the scope of internal audit's coverage is limited to assessing the effectiveness of financial controls, the audit committee will likely hear very little about operational, technology, or compliance risks unless the assessment is coming from management. A CAE once shared with me that, when he tried to share his perspectives on nonfinancial-related risks, the audit committee gently reminded him that nonfinancial risks were outside internal audit's scope. My objective is not to impugn audit committees or their beleaguered members. The vast majority are very vigilant in executing their roles. But I believe any reluctance by audit committees to hear/solicit everything internal audit needs to say presents the profession with a call to action. We must do a better job of articulating the roles we can play in enhancing risk management and internal controls in our organizations. We should encourage audit committees to ask the tough questions. When they don't, we should volunteer the answers anyway. After all, audit committees don't serve the interest of shareholders if they seek to see no evil or hear no evil. While it is unlikely that any of us will ever have to threaten to call a meeting of the audit committee on our own, we should never shirk from our responsibilities to keep the audit committee fully and promptly informed, particularly about those things they might not want to hear. (Source: https://iaonline.thenia.org/blogs/chambers/2020/Pages/When-Audit-Committees- Want-to-Hear-No-Evil-From-Internal-Audit. aspx) REQUIRED: (a) The chief executive officer (CEO) of Institute of Internal Auditors (IIA), highlighted regarding the experiences of chief audit executives (CAEs) in sharing their findings with the audit committee. Outline the major points of your views on effective internal audit, the question of auditor independence, the nature of the work they carry out and their reporting responsibilities. (5 Marks) 4(b) The external auditor's key interest in using the work of an internal auditor is for the study and evaluation of client's internal control as part of the financial audit. Discuss THREE (3) factors should be considered by an external auditor when deciding to what extent he or she may rely on the work of the internal auditor. (8 Marks) (c) Describe FOUR (4) ways on how the internal auditor can assist the external auditor in his or her work. (2 Marks) END OF QUESTIONS 5QUESIION 3 [15 W] 1lillifhen Audit Committees Want to "Hear No Evil" From Internal Audit By Rich and Chmnbsrs Ihave long been fascinated by the dynamics between internal audit and the audit committees to whom it reports. Let me say right up bout that lbelieve the vast majority of audit committees are diligent in their oversight. However, as I first shared in a blog in 2ft] 5, there are too many instances where audit conunittees are populated with members who aren't as conscientious as they should be in their oversight roles. In Extraordinary Circumstances, Cynthia Cooper's riveting account of internal audit's role in unraveling the nancial reporting fraud at Worldfiom, she recounts the challenges she had in seeming an audience with the company's audit cornrttittee so that she could share the internal audit results. After prolonged footdragging by the audit committee clmirman, her patience nally wore out. In a line worthy of a Clint Eastwood lm. she sent word to the chairman that. \"if he doesn't call a meeting today, I'm going to get on the phone and call one myself." As I have posed on occasion, lwondcr how many of us would have such courage; how many of us would ever need to go to such lengths? Once the chairman relented and called the meeting, the source of his reluctance became clearer. Speaking to Cooper by phone later that day, the chairman chided her, "Do you have any idea what I am about to do? I'm about to blow up this company." There are few (if any] instances in which an internal audit has disclosed information as consequential as that in the WorldCom case. Yet it is surely not the only time that an audit committee or its chair have elected to stick their heads firmly in the sand, rather than hear damaging or uncomfortable information from internal audit. AS the llA's CEO, 1 have often heard chief audit executives {CAEs} lament about the challenges of executing their roles. Based on my own experiences, I am rarely surprised when they cite examples of management's reluctance to hear bad news, whether about its own operations or about the actions of colleagues or subordinates. The vast majority of executives are indeed willing to hear the truth, but there still are far too many CEOs and chief financial ofcers included who would rather not hear the bad news from interrtal audit. [in rare occasions, they might prohibit internal audit from appropriate disclosure of results, or they might retaliate against CAEs who do. The \"safety net\" for those CAEs who work for nefarious executives should be the audit committee. After all, the board of directors and its audit committee have a dueiary responsibility to look out for the shareholders right? 1|What surprises me more than the tales of obstructionist executives are the experiences of CAEs whose audit committees are reluctant to hear everything internal audit might have to share. Sometimes, the reluctance is guided by their desire to avoid bad news as may have been the case at WorldCorn. IEither times, it's because their plate is overowing arid hearing even one more risk or control failure is just not desirable. Regardless of the motive, a disinterested or, worse yet, antagonistic audit committee is the last thing a GAE needs. As I shared in a blog several years ago, based on the rsthand experiences of Units, there are several examples of information or internal audit results thatsometimes make audit committees uncomfortable. These inciude: - Allegations of misconduct or inappropriate behavior on the part of the CEO or another executive