audit methodology
TRANSCRIPT
1
Audit Methodology at Mehrotra and Mehrotra
Chartered Accountants
Riskpro, India (Mehrotra and Mehrotra
Chartered Accountants)
2
Make Decisions……
Take Risks…….......
Your partner in
risk management
|governance |compliance
|audit
Experience Success!
3
Contents
About Riskpro, India
About Mehrotra and Mehrotra
(see attached detailed profile of Mehrotra and Mehrotra)
Our Philosophy
Quality Assured
Clear and Continuous Communication
Annexure I - Our Audit Methodology
Annexure II – Legal Compliance
Contact details
4
6
7
8
9
10
18
23
4
About Riskpro, India
Riskpro is India’s first national practice dedicated to risk management services and
training, corporate governance, and global regulatory compliances
Risk can be defined as a prospect of loss or reduced gain that can adversely affect the
achievement of an organisation’s objectives
When greed overtakes need, it spells trouble. Manifested as ‘bankruptcy’ in much of the
developed world and ‘corruption’ closer to home, greed has clearly disrupted some major
industrialised economies and enhanced the risks of doing business
In today’s world, risks are not few. The reason companies so often fail to systematically
manage their key risks is rooted in the way they define the risks they face. Risks are
manageable and the answer to untapped business opportunities that lie dormant waiting
for risk factors to turn favourable
Riskpro was founded in 2009 with offices in Mumbai, Delhi, and Bangalore and it has
already added eight member firms in Ahmedabad, Agra, Chennai, Gurgaon, Hyderabad,
Jaipur, Ludhiana, and Pune. All our offices and member firms are well equipped and
staffed with qualified professionals viz. CA, CWA, CS, CPA, CISA, CFA, and MBA
Riskpro’s founders are qualified risk management specialists with extensive work
experience in Europe and USA in several industries and financial institutions
5
About Riskpro India (cont…)
RISKPRO SERVICES
Our four major practice specialisations /service lines are:
• Risk: Enterprise Risk Management (services and training & recruitment)
• Governance: Corporate Governance and Transparency
• Compliance: Global and Indian Regulatory Compliances
• Training: in all of the above service lines; and Recruitment
The Risk Practice deals with all classes of risks and processes viz. governance, strategic,
systemic /infrastructure, compliance, reporting, and financial reporting. Processes require
that key risks are properly identified, measured, monitored, controlled, and reported.
Processes may also require tools like risk based internal audit, information security testing,
and fraud investigations, to be employed
The Governance Practice deals with corporate oversight and risk governance issues within an
organization including business continuity planning, compliance with SEBI guidelines by
listed companies, regulations relating to independent directors, investor expectation and
protection, Clause-49 on corporate governance, etc
The Compliance Practice covers a wide range of regulatory and environmental compliances
including Sox, IFRS, Solvency II, Basel II /III, Corporate Laws & Direct Tax Code etc
The Training Practice comprises of a variety of structured and /or industry specific training
programs and modules designed and conducted by Riskpro experts and trainers at onsite
(client or other offices) and offsite (Riskpro Training Centre) training facilities
6
About Mehrotra and Mehrotra, Chartered Accountants
Mehrotra & Mehrotra is a firm of Chartered Accountants based at New Delhi.
It is also having offices at Mumbai and Kanpur. The firm was established in
the year 1962 by Mr. M.P. Mehrotra, now a very senior member of the
Institute of Chartered Accountants of India. It is managed and headed by
proficient and veteran chartered accountants. Our team of professionals
including Chartered Accountants, Certified Internal Auditors, Lawyers,
Solicitors, Engineers and MBA's are engaged in developing and refining
new processes and methodologies to offer excellent quality services to our
esteemed clients.
The firm in its existence of over 48 years has provided a wide gamut of
services like Accounting Services, Auditing Services, Taxation Services to
the clients both within and outside India. We provide complete range for
any kind of financial accounting services, business process outsourcing,
direct and indirect tax consultancy etc., in India. We offer the most
authentic professional services like income tax, service tax, value added tax
etc., which can easily accelerate for the clients. Mehrotra & Mehrotra is
professionally managed organization, which is wholeheartedly engaged in
providing most reliable services.
7
Our Philosophy
● We will understand your business needs completely and deliver a
service that adds value
● We dedicate the best resouces with relevant sector experience, and
provide a state-of-the art quality service at an affordable fee
● We are always accessible and our approach to work is:
supportive and collaborative, flexible and responsive, open and
honest communication. We hold hands, not shake hands
● We provide constructive suggestions on improving business
processes and cost controls
● We adhere to timelines and deadlines
● We keep you informed about significant changes in regulatory,
compliance, and accounting matters on an ongoing basis
8
Quality Assured
We place great emphasis on quality control and quality management.
Our quality process Our Quality Process is designed to provide a quality culture, to analyze the processes used to hire, train and retain staff, to develop and deliver services to our clients
and to administer our own business.
Skills and competence Personnel in the firm adhere to the standards of independence, integrity, objectivity and confidentiality. The firm is staffed by personnel who have attained, and who maintain, the skills and competence required to enable them to fulfil their responsibilities. To assist in maintaining these skills the firm has procedures for: training of staff at all levels, through both formal
courses and on-the-job experience; continuing professional education; assigning work to personnel who have the degree
of technical training and proficiency required in the circumstances; and
evaluating the performance of staff and counseling staff as to their progress and career opportunities.
`
CONTINUOUS IMPROVEMENT
Leaders
hip and
Quality
Culture
Informatio
n
Analysis
and
Planning
Human
Resourc
e
Processe
s External
Service
Processe
s Business
Processe
s
Service
Deliver
y
Measure
Client
Satisfacti
on and
Business
Results
Direction and supervision The firm provides for appropriate direction and supervision at all levels, together with appropriate consultation procedures, to give reasonable assurance that the work performed meets the highest standards. We:
employ and retain only those persons with the intelligence, education, character and diligence necessary to assume professional responsibility;
assign engagement responsibility to only those persons sufficiently trained and supervised to discharge those responsibilities;
not accept or continue a client relationship in circumstances incompatible with the firm’s integrity;
adopt promptly policies necessary to realise the objective of professional standards and applicable regulatory requirements;
maintain policies to ensure that the firm and its professionals are free of conflicts of interest and that professional excellence is achieved;
not tolerate any act that can damage the firm’s credibility.
Confidentiality We are well aware of the importance that you place on confidentiality requirements and we have a proven record of maintaining a strict code of confidentiality. Our firm policy requires that affairs of clients be confidentially kept at all times.
9
Clear and Continuous Communication
At Riskpro India, open and honest communication is a Core Value. Our experience
leaves us in no doubt that a successful relationship is based on trust and candid,
proactive communication.
Regular and open two-way communication is fundamental to all aspects of our service
to you. As an initial priority, we will agree with you an annual Communication Plan for
all our key meetings. This will help ensure there are formal and informal opportunities
for all key stakeholders to be kept informed of the issues that matter, and that there will
be “no surprises”.
Key objectives Meeting/stakeholders
Present annual audit plan
Report key findings
Updated assessments of key risks, including emerging risks
Discuss new regulatory and corporate governance requirements
Bi-annual meetings (or as requested) with the
Board / Audit Committee
Discuss strategy
Discuss operational matters and performance
Raise and consider emerging issues
Quarterly meetings with the Chief Executive
Officer
Discuss operational matters and financial performance
Discuss implications of changes to the reporting and internal control framework
Regular meetings with Head of Financial
Control
Discuss operational and business matters Meetings with operational management
10
ANNEXURE I - Our Audit Methodology
11
Our Audit Methodology
Our audit methodology is risk-based and systematic which focuses on the organizational
objectives and any impediment to achieving those objectives. We recognise fully the need to
provide assurance on your business operations. Equally, we recognise the importance of
managing compliance issues, particularly in today’s evolving regulatory environment.
The key benefits of our audit approach are:
●Risk-based, & systematic approach;
●Focus on areas considered as potentially & most likely to
lead to material errors in financial statements;
●Our audit control procedures are based on project planning
techniques, including the use of automated processes and
document templates, and the agreement of objectives,
timetables, responsibilities and careful resource planning;
●The focus of our reports are to generate constructive and
value added advice; and
●Identifies performance improvement and cost reduction
opportunities.
Audit Strategy / Planning
Risk Assessment
Understanding of Business
Fieldwork
Dealing with critical issues
Reporting
12
Our Audit Methodology - Risk Based Internal Audit How we Do
Transaction
Audit
Control
Reviews
Process
Reviews
Risk
Assessment
Fraud
Mitigation
Enterprise Risk
Assessment
Increasing Enterprise Risk Focus
Need
of
Org
an
izati
on
s
Internal Auditing helps an organization
accomplish its objectives by bringing a
systematic, disciplined approach to evaluate
and improve the effectiveness of risk
management, control and governance
processes. Source: The Institute of Internal Auditors 1999 (IIA)
Benefits of Risk based Audit
• Traditional audit view value added
techniques
•Risk profile of Businesses
•Internal Controls & Ops Risk reviews
•Cost reductions recommendations
•Review of Fraud Risk Controls
13
Our Audit Methodology (cont..)
UNDERSTANDING THE BUSINESS
Our top-down risk-based approach ensures that the audit focus is on the issues that
are of greatest importance to you and that we are in the most appropriate position to
respond to them. Our audit starts with a detailed understanding of your industry and
business.
Our approach is based on a top-down examination of the key drivers of your business.
The output is a balanced picture of how the company interacts with customers and
external industry forces. We consider the audit implications of this analysis and use it
to identify significant audit risks.
We use industry specific business models to gain information on:
• industry background including major players, regulatory changes and trends,
• risks and drivers,
• geographic issues,
• descriptions of business processes,
• benchmarks and best practice and
• audit risks.
14
Our Audit Methodology (cont..)
RISK ASSESSMENT
In order to run your business, you develop processes to manage the factors that drive
performance and help control internal and external risks that could prevent you from meeting
your objectives. We focus on those processes where significant risks have been identified and
discuss with management its perception of how these risks are controlled. This phase of our
work enables us to obtain information on the processes supporting the achievement of the
company’s goals.
AUDIT STRATEGY AND PLANNING
Based on the understanding of business and risk assessment we devise the audit strategy. We
then develop detailed audit programs to test the transactions, processes and balances.
AUDIT FIELD WORK
The audit test work flows from strategic planning and risk assessment. The key element is to
review and test the high level controls embedded in your processes, as significant weaknesses
in your key processes could cost, both in terms of financial impact and reputational damage. We
also carry out necessary substantive audit procedures.
DEALING WITH CRITICAL ISSUES AND REPORTING
We identify and discuss all critical issues with management. We then determine whether the
Company’s financial statements and related disclosures meet our expectations.
We provide the audit report, management letter and any other deliverables and formally present
these to the Audit Committee / Board.
15
Our Audit Methodology (cont..)
IT AUDIT PROCESSES AND METHODOLOGY
We see IT as an enabler of the operational and financial processes and we
incorporate IT audit professionals into our audit to facilitate the identification and
testing of IT controls.
We use our focused IT audit methodologies and tools as part of our core audit
process to evaluate and test whether the Company’s information systems are
configured for data integrity, are secure and are effectively managing the business
needs. We work with key business and IT management to identify aspects of IT
that pose the highest risk to the Company. We then conduct a systematic, detailed
review of those areas in which we:
• identify appropriate IT control objectives that map to key business
processes;
• identify relevant IT policies and procedures and/or industry IT standards;
and
• evaluate the design of controls and test whether they are in place and
operating effectively.
16
Our Audit Methodology (cont..)
We use the following types of IT methodologies:
Continuity management
System capacity and availability
Back up and recovery
Data storage
Project risk assessment
Quality Assurance
Project management methodology
Programme management
processes
Process Documentation
Control Risk Analysis
Control Design & Implementation
Network penetration testing
Information security assessment
Enterprise security architecture and
integration
Ongoing monitoring
IT AUDIT METHODOLOGIES
17
Our Audit Methodology (cont..)
INTELLIGENT USE OF TECHNOLOGY
Technology is only one component of an integrated approach that combines
methodology, knowledge and technology into our tailored service to you.
We deliver our external audit services using a fully automated audit software. This
software is designed specifically to integrate knowledge management into the audit
process. Technology can never be a substitute for face-to-face communications and
we continue to rely on meetings with management to identify, resolve and
communicate issues.
Knowledge
MethodologyTechnology
Knowledge
MethodologyTechnology
18
ANNEXURE II - Legal Compliance
19
Legal compliance
Stage 1 – CAC
Preparation of Compliance Audit Checklist (CAC) covering all relevant laws
applicable to the target unit.
Stage 2 - Visit to location
Verification of relevant records and documents available.
Compilation of draft report based upon findings and observations of the audit
team
Review meeting with the unit head / work directors to discussion on the
finding of audit.
Stage 3 – Report
Submission of detailed Non Compliance (NC) report to the company (Board
of Directors or Compliance Head)
Follow up with the unit to verify action taken
20
Legal compliance (Acts covered - HR)
Factories Act, 1948 Shop & Establishment Act (state acts)
Payment of Wages Act, 1936 Maternity Benefits Act, 1961
Minimum Wages Act, 1948 Gratuity Act, 1972
Equal Remuneration Act, 1976 ESI Act, 1948
Payment of Bonus Act, 1965 Apprentices Act, 1961
Provident Fund & Misc Provisions Act,
1952
Employment Exchanges (Compulsory
Notification of Vacancies Act), 1959
Contract Labour (Regulation & Abolition) act, 1970
Trade Unions Act, 1926
Workmen Compensation Act, 1923 Private Security Agencies Regulation
Act, 2005
Prevention of Sexual Harassment
(Guidelines) Industrial Disputes Act, 1947
Labour Welfare Act (state acts)
21
Legal compliance (Acts covered - Engg.)
Electricity Act, 2003 Environment Protection Act, 1986
Petroleum Act, 1934 Water (Prevention and Control of
Pollution) Act, 1981
Explosives Act, 1884 Air (Prevention and Control of
Pollution) Act, 1981
Boilers Act, 1923 Water Cess Rules, 1977
Legal Meteorology Act, 2011 Hazardous Waste Handling &
Management Rules, 1989
Essential Commodity Act, 1945
22
Legal compliance (Acts covered – Tax & Misc)
Micro, Small & Medium
Enterprises Devel. Act, 2006 Central Excise Act, 1944
Central Sales Tax Act, 1956 State VAT Acts
Customs Act, 1962 (export and import
documentation) Service Tax Act, 1955
Income Tax Act (payment of Tax, TDS) Foreign Exchange Management Act
Negotiable Instruments Act, 1881 Industries (Development & Regulation)
Act, 1951
Information Technology Act, 2000 Motor Vehicles Act, 1988
Competition Act, 2002
23
Contacts and Office Locations
THANKS
Corporate Mumbai Delhi Bangalore
Riskpro India
Ventures (P) Limited
www.riskpro.in
C 561, Defence colony
New Delhi 110024
Manoj Jain Director
M- 98337 67114
Shriram Gokte Principal - Information Risk
M- 98209 94063
Rahul Bhan Director
M- 99680 05042
Hemant Seigell VP – Risk Management
M- 99536-97905
Casper Abraham Director
M- 98450 61870
Ahmedabad Pune Agra Gurgaon
Maulik Manakiwala Associate Firm
M - 91 9825640046
Gourav Ladha Sap Risk Advisory
M- 97129 52955
M.L. Jain Principal – Strategy Risk
M- 9822011987
Alok Kumar Agarwal Associate Firm
M- 99971 65253
Nilesh Bhatia Head – Human Capital
Consulting
M- 98182 93434