Fundamentals of internal auditing – Volker H. Pemüller / Joachim Kriegel – Book review

by one Risk Managementsystem, compliance management system, internal control system, internal audit is also one of the main components of corporate governance out of business. The fact that the oversight function of management is delegated to internal audit is now a widespread approach in practice.

“A professionally performed and effective internal audit (IR) is an indispensable tool for keeping a company on track,” the authors say. Recent fraud scandals, from FTX to Wirecard, confirm this statement. The book is divided into 12 chapters. Chapter 1 provides a foundation for all subsequent chapters with the Reasons for Establishing Internal Audit. The subsequent second chapter deals with the objectives and missions as well as the rights and obligations of the IR. The third chapter, Purpose, deals with ethical principles in the internal auditing profession.

“Internal audit provides independent and objective audit and consulting services aimed at adding value and improving business operations. It supports the organization in achieving its objectives by using a systematic and purposeful approach to improve the effectiveness of risk management, controls, management, and control processes and helps to improve them (Internal Audit eV) summarizes Chapter Four. Chapter Five describes National, European, American and international regulations and initiatives for internal auditing.

Development trends and potential future prospects are discussed in Chapter Six. Chapter Seven presents the internal audit strategy and organization. The relevant IIA and DIIR standards are summarized in an appendix.

Risk-oriented audit planning is a recognized standard in audit work. The goal here is to use the scarce resources of internal audit in such a way that the most critical areas are examined. Chapter 8 deals with approaches to risk-oriented audit planning. Related IIA and DIIR standards are also summarized here. Unfortunately, the chapter does not deal with quantitative methods for effective risk management. Instead, the risk matrix is ​​presented on page 224 which provides an effective matrix Risk Management oppose. Scenarios that threaten the existence of the company and that exceed the risk coverage potential of the company can be collected helps It cannot be identified by a “simple” risk matrix. Here there will be a stronger reference to DIIR Review Standard No. 2 (Review of Risk Management System by Internal Audit). The new version (2.1) distinguishes for the first time between checking organization and processes on the one hand and methods (eg Estimate the amount of risk risk pooling). In addition, as a result of the implications of Section 93 AktG, it is required to be Risk Management To be included with risk analyzes in preparing Entrepreneurial Decisions in order to be able to document “appropriate information” in decision forms.

Audit object (RO) planning and potential on-site audit work are introduced in Chapter 9. Chapter 10 contains professional reporting requirements, presentation techniques, audit psychology, and exam score monitoring. Here, too, the core IIA and DIIR standards are summarized in an appendix. Chapter 11 deals with quality management in information technology. The book concludes with an external vision (national and global) in Chapter Twelve. For risk managers, Chapter 12.1.5 “Cooperation with management Risk Managementto be useful.

conclusion: With a 470-page seminal work, the author duo provide a powerful and structured introduction to the world of internal auditing. In the updated 3rd Edition, legal changes and updates in standards (eg FISG, Supply Chain Due Diligence Act, EU classification, IT G–CommitmentCOSO ICS, COSO ERM, GeschGehG, EU-RL for whistleblower protection, etc.).