Final Audit Standards on Using the Work of Internal Auditors
In September 2013, BKD published an in-depth article on the proposed standard, Using the Work of Internal Auditors. In February 2014, the Financial Accounting Standards Board (FASB) issued the proposed guidance in final form as Statement of Auditing Standard (SAS) 128. SAS No. 128 supersedes SAS No. 65, The Auditor’s Consideration of the Internal Audit Function in an Audit of Financial Statements. It substantially modifies AU-C Section 315, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, and other auditing standards. SAS No. 128 represents the last of the Auditing Standard Board’s project to rewrite its auditing technical literature in a clarified format, i.e., the clarity project.
SAS No. 128 is effective for audits of financial statements for periods ending on or after December 15, 2014. SAS No. 128 does not require the auditor to use the work of the internal audit function, nor does it apply to audits of financial statements of reporting entities that do not have an internal audit function, or in either of the following situations:
- The internal audit function’s responsibilities and activities are not relevant to the audit
- The external auditor does not expect to use the internal audit function in obtaining audit evidence, based on the external auditor’s preliminary understanding of the internal audit function under AU-C Section 315; the external auditor will need to understand the internal audit function as part of its understanding of the entity’s internal control, including the internal audit function’s competence and objectivity
Using the work of the internal audit function includes:
- Using the work of the internal audit function in obtaining audit evidence
- Using internal auditors to provide direct assistance under the direction, supervision and review of the external auditor
SAS 128 applies if the external auditor plans to rely upon or use the work of the internal audit function in planning and performing the audit.
As discussed in detail in BKD’s September paper, the guidance requires the external auditor’s evaluation of the internal audit function’s use of a systematic and disciplined approach, including quality control. External audit evaluates the internal audit work against this criterion to provide assurance that the internal audit function’s approach includes planning, performing, supervising, reviewing and documenting its activities—similar to the external auditor’s requirements. This also helps ensure the external auditors are only using the work of the internal audit function—rather than some other monitoring control activities performed within the reporting entity.
As a practical note, auditors considering use of internal audit to provide direct assistance will want to understand the guidance sooner rather than later. AU-C Section 610 requires the external auditor—prior to using internal auditors—to provide direct assistance, obtain a written acknowledgment from management or those charged with governance that the external auditor’s instructions were followed and verification that the reporting entity will not intervene in the internal auditor's work. For 2014 calendar year-end audits, external auditors should begin evaluating whether the internal audit function might be used and hold discussions with company management and those charged with governance.
For more information, contact your local BKD advisor.