Audit and Review

External Audit / Internal Audit / Review / Other Independent Audits SSR® will not be providing the services of External Audit, but this function is described briefly below to differentiate it from the Internal Audit, Review and Other Independent Audit services related to Fraud Risk Management that SSR® does provide. The external auditor’s objectives, scope, function and responsibilities are generally laid down in legislation, regulations and guidance, and various codes of audit practice and international standards on auditing developed for each sector. Generally the role is to provide an independent ‘true and fair view’ or ‘present fairly’ opinion on the financial statements, although some external auditors have statutory duties to carry out a wider role. In terms of International Standard on Auditing 240 (Revised) the auditor has responsibilities for detecting material mis-statement in the financial statements due to fraud. The interest of the external auditor is usually confined to those internal controls necessary to provide their opinion on the financial statements. In doing this they do review the statement on corporate governance / internal control, but without considering whether these statements cover all risks and controls, or providing an opinion on the effectiveness of the organisation’s corporate governance, risk and control procedures. Where there is an effective internal audit function, the external auditor generally will be able to rely on their work, both for work necessary to give the audit opinion on the financial statements and to gain assurances on internal controls in general. The appointment of the external auditors should be approved by the non-executive directors to ensure the auditor’s independence from the management of the organisation as well as their remuneration. Also any other services they provide to the organisation, whether internal audit or consultancy, should not cause a conflict of interest or compromise their independence. The non–executive directors should approve the appointment and remuneration of this work as well and review the results. The role of internal audit is to deliver an opinion to the accounting officer or chief executive on the whole of the organisation’s corporate governance, risk management and internal control. In relation to fraud this will include the examination of the adequacy of arrangements for managing the risk of fraud and ensuring the organisation actively promotes an anti-fraud culture. Internal audit will therefore assist in the deterrence of fraud by examining and evaluating the effectiveness of control commensurate with the extent of the potential exposure / risk in the various segments of the organisation’s operations and ensure that, as a business, risk management has reviewed it’s risk exposures and identified the possibility of fraud as a business risk. Management has the responsibility for conducting fraud investigations but internal audit may be asked to assist, and in some organisations may have had responsibility for conducting investigations delegated to them. Fraud investigation is an area that requires specialist knowledge and where internal audit has this responsibility they need to develop and maintain appropriate levels of expertise. SSR® Executive Partners can assist both management and internal audit to develop and maintain effective policies, controls and procedures and fraud response plans to minimise the fraud risk and conduct actual investigations where a fraud or irregularity is alleged to have occurred. The conduct of reviews and other independent audits and the specific objectives, scope, function and responsibilities of the review agencies will be laid down in legislation, regulations and guidance (eg Physical and IT Security, Intellectual Property, Money Laundering, etc) or will need to be agreed by the organisation. Where management requires an independent audit or review of non-financial internal controls, it will need to specify clearly the objectives and scope of these audits and reviews. Non-executive directors should approve these arrangements and the remuneration, as well as reviewing the results of the work, as they would where they had instigated the work. SSR® Executive Partners can undertake these reviews and other independent audits for management or the non-executive directors to assist the organisation apply sound principles of risk management, governance and control to the various fraud, theft and criminal risks an organisation may be exposed to. The aim always being to control the identified risks to acceptable levels and detect actual fraud, theft and other irregular or criminal activities should they occur.