Internal Audit as a decision making tool

Download Internal Audit as a decision making tool

Post on 14-Sep-2014



Economy & Finance

2 download

Embed Size (px)


This presentation takes one through the basic mistakes often made while performing the internal audit function and calls for introspection of the internal audit function on a timely basis. It also defines the manner in which an internal audit function is to be approached.


<ul><li><p>My topic today - notInternal Audit is a business decision making tool.</p><p>Trust NoneGujaratCA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>Statutory WarningAll the characters in this audit presentation are fictional. If they in any way relate to your professional lives, its only a matter of coincidence, and the presenter shall be in no way liable for any of his acts / verbal utterances during this brief presentation. CA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>To elaborate Lets read a story.M/s ABC is a growing concern in the construction sector which has very weak internal control systems at present, and so a need is felt for an external agency for better controls.CA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>A firm M/s CA is appointed as internal auditor after a lot of deliberations and negotiations.</p><p> Idiot CA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>Management is not in a position to give a proper scope for audit and ask CA to frame its scope on its own.CA starts the review of the existing scenarios by visiting the construction sites of the entity.In its audit plan it lays down various audit procedures so as to cover all the aspects.CA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>It ensures that the company staff is also verbally communicated about the audit procedures, since the audit procedures are not documented properly, they are not shared in black and white.</p><p>It deploys 3-4 articled assitants for carrying out the audits with immense focus on transactional audit</p><p>CA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>Verbal Communication Problems in an organisation</p><p>Telephone Call :- From: Managing Director To: General managersTomorrow morning there will be a total eclipse of the sun at nine oclock. This is something which we cannot see everyday. So let all employees line up outside, in their best clothes to watch it. To mark the occasion of this rare occurrence, I will personally explain the phenomenon to them. If it is raining we will not be able to see it very well and in that case the employees should assemble in the canteen. From: General managers To: Industry Managers By order of the Managing Director, we shall follow the disappearance of the sun in our best clothes, in the canteen at nine o clock tomorrow morning. The Managing Director will tell us whether it is going to rain. This is something which we cannot see happen everyday. From: Industry Managers To: Location heads If it is raining in the canteen tomorrow morning, which is something that we cannot see happen everyday, the Managing director in his best clothes, will disappear at nine o clock. From: Location heads To: Marketing Executives Tomorrow morning at nine o clock, the Managing Director will disappear without his clothes. Its a pity that we cant see this happen everyday? CA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>The CA then commences the audit and finds a lot of audit errors in all aspects be it accounts, stores management, HR, vehicle and admin controls.</p><p>For e.g. It find various instances where:-a. Purchase orders are not available for materials purchased directly at the siteb. No workorders are prepared for the sub-contractorsc. Stores issues the materials without receiving proper indent from the sited. Payment vouchers do not carry the authorised signatory approvalse. Lack of controls over fuel consumption at the site</p><p>CA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>Prepares a very big and exhaustive report (to the immense satisfaction of CA) and submits to the management and related staff by email.CA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>He keeps doing the same thing for the next one year, and finds that the management response to the queries is very poor and starts loosing interest in audit but pursues the audit due to monetary reasons. Level of PerfectionMost of the reporting to the client are prepared by the transactional audit staff and follow up for compliance is regularly done with the ground level staff in the organisation.</p><p>CA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>Management brings in Mr Z, a very senior professional with huge exp in the construction sector. Mr Z also brings in several new jobs at far off locations where he knows the local conditions - jee well.</p><p>CA is asked to frame the Role and Responsibility &amp; Remuneration structure on paper for Mr Z.</p><p>Mr Z brings in several organisational changes, gets some staff from his old organisation and is found to be very co-operative to the internal auditors and seems to be well on the way to take organisation to the next level.</p><p>Mr Z also brings in various process changes based on his past experience. CA is very impressed with him.CA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>With some bad jobs in the pocket the cash flows start getting adversely affected. </p><p>To make matters worse, huge investments are being made in Equipment purchase to cut down the rental cost.</p><p>Because of poor accounting systems the organisation is not able to maintain the project wise accounting and hence the losses are not traced to any particular project.</p><p>CA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>Two years go by and the management starts feeling the need to cut down overheads bcoz of business losses.</p><p>In the very same year, Mr Z who manages the biggest construction Site - "X" is found to have carried out a fraud to the tune of Rs. 50 Lacs. This is discovered by the promoter after he left the organisationCA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>Meeting is called and Immediate question to auditor is "Was he able to detect any major problem at Site X". Auditor asks mgmt to read the report already submitted remains speechless after that.Figuring out what went wrong in the audit procedures! Non shrinkCA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>He goes back and checks his internal audit report submitted for Site - "X" and finds out that their report contains a lot of documentation related issues for this business.</p><p>Upon reviewing the complete report he makes various observationsMost of the overtime payments carry only the signature of Mr Z.For Purchases from two local parties no qty check is carried by stores.Lot of delay observed in preparation of sub-contractor billing.Site shows a lot of sales bills which have not been accepted by the client</p><p>He is astonished to see the nature of lapses and concludes that there could have been a fraud. CA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>He presents the same report again to the management in a summarised format, to give a feeling that there was no lapse in audit procedures adopted for Site - "X".</p><p>Also points out the failure on the part of the management in taking the previous audit report in a casual manner. - InterpretationCA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>After few months, the management in a bid to cut down the overheads, significantly reduces the fees and scope of internal auditor.CA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>Auditor is very unhappy!CA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>How does the Auditor feel?Management should have given time to review the internal audit reports on regular basis. Top Management being non-financial guys, were never interested in following the company policies themselves, setting a very bad example for others. Management should give a regular feedback, if they wish to customize the format of internal audit report according to their needs.CA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>Management rarely called upon the internal auditors to discuss the internal audit reports on a periodic basis.Management needs to be more clear in giving the scope of work for internal audit.It is a pure failure on management compliance aspect and that the auditor has been unnecessarily made the scape goat.How does the Auditor feel? (cont)CA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>Lets now look what the other side feels ?If there is someone from the management side, do you have any points for the stand of fees reduction?CA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>MANAGEMENT's VIEW :-</p><p>When CA was appointed, the scope of work he had set, should not have been to carry out pure internal audit but to build stronger systems within the organization. Management is already aware of the various problems in the business.</p><p>Ensuring that the audit recommendations are implemented should also be in auditors scope.CA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>MANAGEMENT's VIEW (cont.):-Instead of always pointing out the documentation related issues, the auditor should have been the first to point out some possible wrong doing at Site - "X". Adopting a passive mode of emails to communicate the reports was not appropriate for this kind of organisation, as all employees were not equipped to handle the emails.The focus should have been more on the quality, rather than quantity in terms of reporting.Post-Mortem Approach does not quite fit the requirements.CA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>At this stage are we all left pondering about the value that we are adding to the clientAre we approached by the client when any major business decisions are to be taken?If No, then its very serious, as Internal Audit is considered as the Nose of the organisationCA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>Thief and Police</p><p>There are three categories in which we can divide the police :-</p><p>a. Those who are not able to catch the thiefb. Those who catch the thief after he has stolen somethingc. Those who catch when the idea of theft originates in the thief's mindCA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>When business fails, accountants performCA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>So we see after this GAP analysis that there are lot of lessons to be drawn from this storyBusiness Model of the client has to be absolutely clear to the auditor, if he wants to add some value to the client through his reports.Org HierarchyPerformance factorsRelevance of DocumentationPossibility of Cost overrunsStudy of Cultures across the organisationCA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>Auditor should have a good foresight and should be able to present the actual scenario in a very crisp and clear fashion.Report the present in summarised formatPredicting what can go wrong looking to present conditionsUnderstand the managements languagePower to stop payments (This gives some feeling of power to the auditor). Audit is lot more meaningful if its part of the process rather than a standalone activity.Lessons (cont..)CA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>CA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>Whatever may be client's opinion about the scope, the auditor needs to take a stand on the basis of his own understanding. Focus may be more on implementation of internal controls rather than documentation for a given client depending on actual situation.In the initial years, the role is more like management.Importance of audit points to be explained till the last mile.Ego creates a lot of practical issuesLessons (cont..)CA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>Lessons (cont..)Communication Strategy should also change depending on the nature of client.Flow from the topMedium may be different at different levels within the same organisationDelegation of responsibility within the organisationFollow up (Immense amount of Patience)</p><p> God, give me patience....</p><p>and make it quick! "CA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>Telecom Call CentreCA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>Voice level Modulation is of some importance in front of the management.</p><p>The auditor should also have the guts to say to the management, that because of management approach, he is not able to add any value to the organisation and he may better be disengaged from the assignment, to showcase the seriousness on his part.Do you think its practicable?Consciousness about reporting compliance.Lessons (cont..)CA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>Think long TermBaba Ramdev ModelCA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>The Audit Process ModelCA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>Audit Interaction with AuditeeCA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>After this brief story lets focus on the other side of the topic</p><p>- ZiaCA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>Internal Audit as a Business Decision Making Tool</p><p>Continuing the very same example ahead, lets see some of the areas where management was found to be weak in decision making and how CA could have played his part.CA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>Domain of Decision MakingStrategic PlanningOperationsCA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>Vision and MissionUnderstanding the Promoters thought process about the organisations futureWhether the overall controls within the organisation are in sync with the vision statementWhether the employee mindset is in syncUniformity of systems across the organisation</p><p>Parliament - PlanningCA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>Organisational HierarchyManagement is struck up in various areas:-Bifurcation of the organisation into various departmentsDeciding the designation and authority level posts in various deparmentsRole, Responsibility and Authority Structure for all the postsBuilt in mechanism to get the best out of the team</p><p>For e.g. At the construction site, the accountants at the site are not very clear whom do they have to report to. Senior JoineeCA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>Corporate GovernanceFrom Audit Perspective we divide all activities of the organisation into :- a. Compliance - Identify Gaps b. Process Orientation - Adherence to processes</p><p>TransperancyLegal Framework CA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>CA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>Enterprise Risk Management</p><p>Two most important ways that internal auditing provides value to the organization are in providing objective assurance</p><p>- that the major business risks are being managed appropriately and- providing assurance that the risk management and internal control framework is operating effectively.</p><p>CA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>Role auditors can play in risk management domain:-</p><p>Core Internal Audit Roles with regard to ERM:-Giving assurance on risk management process.Giving assurance that the risks are correctly evaluated.Evaluating risk management processLegitimate internal audit roles with safeguards:-Facilitating identification and evaluation of risksCoaching management in responding to risksCo-ordinating ERM activitiesConsolidated reporting on risksMaintaining and developing the ERM frameworkChampioning establishment of ERMDeveloping RM Strategy for board approvalRoles the internal auditor should not take:-Setting the risk appetiteImposing the risk management processManagement assurance on risksTaking decisions on risk responseImplementing risk response on managements behalfAccountability of risk managementEvaluating the reporting of key risksReviewing the management of key risksCA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>CA Sandesh Mundra</p><p>CA Sandesh Mundra</p></li><li><p>Is risk management really new?Yes and noUnderstanding risks is not new at all - most of us have an inherent understanding of risk ; e.g. health and safety risk assessments are well established; audit and others use itHowever, risk management in a corporate governance sense is new. It promotes ownership of the RM process at a high level</p></li><li><p>Value of Risk-Based Audit PlanningYields disciplined analytica...</p></li></ul>


View more >