A good way to think about an integrated audit is that it encourages a holistic approach to the internal audit process. To fully incorporate this approach into an internal audit approach, auditors must be able to understand and assess the risks the organization faces at the strategic, operational and tactical levels.
They also need to know about corporate governance, risk management and control models. Internal audit functions should consider moving toward using this audit approach if they are not already doing so. In the past, the term “integrated audit” was used to describe performing a single audit to address both automated and manual controls and related risks at the same time.
These days, the term refers to audits of internal control that are integrated not just across the process and IT areas, but also across all three spheres of the COSO model: financial reporting, regulatory compliance and operational effectiveness and efficiency.
This brings to the forefront the importance of assembling and orchestrating teams with the right skills for these audits who will work in tandem.
Following the COSO frameworks can help a company perform this kind of audit. It is important to note that COSO does not demand the use of an integrated approach during auditing. However, if a company follows the COSO model in the audit planning and execution stages, it will likely conduct an integrated audit.
Auditing standard 5 (AS5) also encourages using an integrated approach in audit when external auditors are performing the audit of Internal Control Over Financial Reporting (ICFR) and the audit of the financial statements to accomplish the objectives of both audits simultaneously. In addition, AS5 supports this approach through encouraging external auditors to rely on the work of others, where appropriate, when issuing an opinion on ICFR. The PCAOB believes this will help make the Sarbanes-Oxley compliance process more efficient and effective.
Integrated audit approach facilitates audit independence.