audit life cycle management
Post on 06-Dec-2021
2 Views
Preview:
TRANSCRIPT
Audit Life Cycle Management
Presented by: Vinod Rao (Chief of Internal Audit & Assurance, Indus Towers Limited)
About the Presenter
2
• Vinod has around 18 years of deep and rich experience in Internal Audit. He has worked for clients across industries, in projects involving risk assessment, SOX, audit planning, executing, and reporting & presentations to Chief Internal Auditors/Audit Committees.
• Most recently, he was with BP Lubricants as General Manager at Global Level supporting the Internal Control team. He was also one of the designated Fraud and Misconduct Responsible persons in the company.
• Previously, Vinod was the Head – Internal Audit at Castrol India reporting to the Chair of the Audit Committee and to the Managing Director, India. Vinod spent close to 5 years in BP and Castrol together.
• Earlier, he spent 6 years at KPMG in Bahrain, and 2 years at KPMG in India. During his stay at Bahrain, he worked on various statutory audits based on IAS/IFRS across manufacturing, retail and financial services. He was also the training champion for International Financial Reporting Standards and KPMG Audit Methodology (KAM) in the last two years of his stint for Bahrain and Doha offices.
• In India, Vinod set up the Internal Audit Practice of KPMG at Pune.
• Vinod’s professional certifications include ACA, ICWA, CISA and CPA.
Internal Audit & Assurance @ Indus
3
Performed in a “Co-Sourced” Environment
Indus
• Corporate : Team size of 5 • Region: Regional Internal Audit
SPOC in each of the region • Overall responsibility: CoIA&A
Audit Partners
• Price water House Coopers • KPMG • Ernst and Young LLP • Mazars • TR Chadha & Co
Planning: Approach
Previous FY Risk Assessment
Audit Plan
Interviews with: - Management
- Statutory Auditors - Internal Auditors
Risk assessment for previous FY taken as the basis for
current year’s risk assessment.
Interview selective management personnel to gain their
assessment of processes and sub-processes to ensure
coverage of significant balances/accounts
Analyze the results to arrive at changes in the previous
years’ risk assessment at function and processes level
Finalize audit areas to be covered along with their
locations, and time duration for subsequent FY
Results Analysis
Financial statement – sub process mapping
Learnings from previous years’ audits and factored in for
any potential changes required in audit coverage for
subsequent financial year
Key learning from previous financial year
Alignment with key Financial Controls in
previous financial year
Alignment of audit plan with the key financial controls
identified during the previous year
5
Planning: Outcome
Comprehensive plan for FY covering processes/sub-processes, locations,
timelines
6
Process/Sub Process Circle/Corporate Audits to be conducted on
Q1 Q2 Q3 Q4
Finance
Fixed Asset Corporate
Revenue Corporate/Circle
Audit Deliveries
Circle 120
Corporate 10
Total 130
Spread across 13 functions
Scrap review and Special Projects
Fieldwork: Scope
Detailed coverage and risk perceived for ease of
reference to all
8
Scope document assess the comprehensive touch
points like KFC, IT applications
Fieldwork: RCM
Area Objective Category
Objective Title Risk
Description Test Title
Test Description Type Risk
Severity
High
Medium
Low
Control Objective Description of test and guidance how to perform the test
Function/Sub process to be
reviewed
Manual/Automated
9
Consider an RCM with - 12 High, 30 Medium, 8 Low
inherent risks
Scoring: Pre - ATR
10
Indus Towers Limited
Audit Scorecard
Function: SCM
Audit: Purchase
Overall
No. of inherent
risk as per RCM
(@corporate)
Weightage Score
Actual
observations as
per Report
Weightage
Non-
Compliance
Score
Compliance
Score
(A) (B) C=(A*B) (D) (E) F = (E*D) G=C-F
H 12 10 120 2 10 20 100
M 30 5 150 7 5 35 115
L 8 2 16 3 2 6 10
Total 50 286 12 61 225
Gross Scorecard H=G/C 79%
Weightage
(in %)
Actual
Repeat
Observation
Deduction
for Repeat
Observation
(I) (J) K=(I*J)
3 2 (6)
2 1 (2)
(8)
71%
Type pf Risk
H
M
Net Scorecard L= (H-K)
Total Deduction (K)
Deduction for Repeat observations: High/Medium Risk
No of inherent risk mentioned in RCM
No of actual observations in report
Scoring: Post - ATR
11
Ratings Initial Audit Observations ‘Open’ observations
Post – ATR – Q1
Post – ATR – Q2
Post – ATR – Q3
Post – ATR – Q4
High 2 1 - - -
Medium 7 3 2 1 -
Low 3 Low points are not tracked for Post -ATR
Closure of observations through ‘ATR’
ensures a higher Post – ATR score
Initial Score of 71% can
increase to 90% if all the
audit observations
get closed
Reporting: IA Report
13
Internal Audit Report issued TO: All stakeholders – Management Committee, Corporate Functional Heads Copied to: Auditees
Reporting: Pentana Upload
15
Post issuance of Internal Audit Report (IAR) , the report is uploaded in Pentana for action tracking
Reporting to Audit Committee
16
Audit completion status and risk categorization Audit Completion
status Report rating
Risk category of observations
Gross audit score
Deductions for repeat
observation
Net audit score
High Medium Low
Q2 2013-14 Audits
Capital Expenditure (CAPEX) Good - 1 1 86% (0%) 86%
Procurement Operations(Ker) Satisfactory - 2 2 80% (0%) 80%
Q3 2013-14 Audits
Rent (Corp) Good - 1 3 90% (2%) 88%
Balance Sheet Review (Corp) Good - 1 2 83% (2%) 81%
Audits completed, final report issued
.Audit Report Branding and scorecard
Good Satisfactory Requires Improvement Unsatisfactory
>80% 71%-80% 60%-70% <60%
Reporting to Audit Committee
17
Action Taken Report summary (ATR): As at 30 November
2013
Observation
Risk Category
Open
observations
last quarter(A)
Observations for
audits completed
in Q2 (B)
Total
Observations
C=(A+B)
Observations
implemented / closed
during the quarter (D)
Observations Open
as at 30 November
2013
(C-D)
High
Medium
Total
Audits
Total High risk
observations (including
Q2)
Open high observations and ageing as at 30 November 2013
Details as per Sl. number on pages 33-39
Not Due
0-3 m 3-6m 6-12m > 12m Total
Revenue
Fixed Assets
Supply Chain
Subtotal (2012-13)
Information Technology
Full Circle Review
Human Resource
Subtotal (2013-14)
Grand Total
Medium risk observations open Open Medium observations and ageing as at 30 November 2013
Not Due 0-3 m 3-6m 6-12m >12m Total
Reporting to Audit Committee
18
Ops Finance HR Legal A
ud
it S
core
No
of
aud
its
76
80
74 76
78
76
78
75
Gross Score
Net Score
Action Taken Report
20
All actions are tracked for closure through Pentana system at entity and individual observation level
Action Taken Report
21
‘Real’ time dashboards aid in monitoring the action owner response through Pentana
top related