internal audit.ppt

8/10/2019 internal Audit.ppt

1/56

Auditing StandardsPracticalAspects

Dr. Amit Bagga ,FCA, CMA, Phd.


2/56

Effective Compliance with Standards


3/56


4/56

Definition

Internal auditing is an independent, objective

assurance and consulting activity designed to add

value and improve an organization's operations. It

helps an organisation accomplish its objectives by

bringing a systematic, disciplined approach to evaluate

and improve the effectiveness of risk management,

control, and governance processes.

The Institute of Internal Auditors

3


5/56

Effective Auditing Standards - Essentials

Amenable toenforcement

Flexibility forapplication

Universalacceptance

Easy tounderstand

Principlebased

AuditingStandards


6/56

While AUDIT is anindependent examination

of financial statements forexpressing an opinion

thereon, whereasassurance is provided bysuch an examination and

report.


7/56

Nature & PurposeAssist team in

planning& performing

Assist

supervision

& direction

Create

accountability

Record

matters ofcontinuing

significance

Assist

external

inspection


8/56

Prepare documentationthat provides

Sufficient & Appropriate

record of basis ofauditors report

Evidence that audit wasplanned and performed

Objective


9/56

Requirements

Assemblyof

Final Audit File

Documentation ofAudit Procedures

and Audit Evidence obtained

Timely Preparation of Audit Documentation


10/56

The Role of the

Internal Audit Department


11/56

Were Here to Help!

Identify Risks

Find Better Ways and Best Practices

Partner With You to Find Solutions

Prevent Problems


12/56

We have a plan!

Audit plan developed with input from across

the organization

Risk factors:

Impact

Probability

Controls


13/56

IACode of Ethics

Principles

Internal auditors are expected to apply & uphold the following principles:

IntegrityThe integrity of internal auditors establishes trust & so provides the

basis for reliance on their judgment

Objectivity

Internal auditors exhibit the highest professional objectivity in

gathering, evaluating & communicating information. Internalauditors make a balanced assessment of all relevant circumstances

& are not unduly influenced by their own interests or others in

forming judgments

Confidentiality

Internal auditors respect the value and ownership of information

they receive & do not disclose information without appropriate

authority unless there is a legal or professional obligation to do so

Competency Internal auditors apply knowledge, skills, & experience needed

12


14/56

What is Internal Audit?

Internal Audit is a professional activity which helps organisations to achieve their

stated objectives by:

Analyzing key processes, procedures & operations

Identifying key controls in each such operation, procedure & process

Evaluating the adequacy of these controls

Testing complianceof sample transactions against these controls

Reporting results of the evaluation of controls and compliance testing oftransactions

Recommending stronger controlswherever necessary

Suggesting methods to improvecompliance with key controls

Follow up of action taken on recommendations made in previous reports

13


15/56

What are Internal Controls?

Internal Controls are important checks instituted by management to have

reasonable assurance that:

Operationsare carried out in an efficient & effective manner

Transactionsare recorded accurately & completely

Assetsare properly recorded & safeguarded

Laws are compliedwith

Reliable reportsare generated

14


16/56

Some examples of Internal Control

BudgetaryControl

Fixed AssetsRegister

Bank&Special Account Reconciliations

Reconciliationof Financial & Physical M & E Reports

15


17/56

Internal Audit (IA) Mandate

What does it not do?

Perform management activities/ responsibilities (these include

establishing internal controls)

Compliance & Advisory roles

What does i t do?

Primary role in improving internal control, accuracy,reliability & integrity of information including financial &

operational reporting Monitoring & evaluation of effectiveness of risk management

processes

Role in corporate oversight, safeguarding of assets,economical & efficient use of resources, compliance with

laws & regulations, deterring fraud

16


18/56

Internal Control Facts

FACTS:

17

Internal control starts with a strong set of policies and procedures

While internal auditors play a key role in the system of control, management has

responsibility for internal control

Internal control is integral to every aspect of business/operations

Internal control makes the right things happen the first time

Internal controls should be built into,not ontobusiness processes


19/56

Internal Control Practices

How?

Internal control is a process. It's a means to an end, not an

end in itself

Internal control is effected by people as a team, not by

internal auditor. It's not merely policy manuals & forms,

but people at every level of an organization

Internal control can be expected to provide only reasonable

assurance, not absolute assurance, to an entity's

management and governing bodies/ committees

Uses systematic methodology for analysing businessprocesses, procedures & activities

The cost of IA should not exceed expected benefits to be

derived

18


20/56

An internal control structure is simply a different way of viewing

operationsa perspective that focuses on doing the right things in theright way

MONITORING

INFORMATION ANDCOMMUNICATION

CONTROL ACTIVITIES

CONTROL ENVIRONMENT

CONTROL ACTIVITIES

RISK ASSESSMENT

INFORMATION &

COMMUNICATION

Internal Control Structure

In many cases, you perform controls and interact

with the control structure every day, perhaps

without even realising it

Monthly reviews of

performance reports

Supervisory activities

Reporting

Corporate

communications

(e-mail, meetings)

Purchasing limits

Approvals/ segregations

Security

Reconciliations

Proper operating &

accounting procedures

Based on

identification &analysis of risks to

achievement of

objectives

Corporate Policies

Tone at the top, ethics

Organisationalauthority

Skilled personnel

19


21/56

Role in Risk Management

Focus on risk of occurrences that could prevent the project fromachieving its goals

There are many types of risk strategic, operational, financial

reporting, legal/regulatory, fraud, ineffective/inefficient use of

resources, technological, human capital, credibility, etc.

Focus on areas with high risk & high probability that controls are not in

place or are weak

Dontforget positive risksopportunities!

Add value by eliminating unnecessary controls, if

underlying risks are minimal/within projects risk appetite!

20


22/56

Internal Audit is Intake Point for

Whistleblowersorganization policy requires Internal Audit to receive

reports of

Misconduct

Fraud


23/56

Role in Internal Control

1. Compl iance audit :review of financial & operating controls &transactions for conformity with laws, regulations &

procedures, e.g.,

Access to IT system appropriate to users role

Segregation of duties in high risk areas

Balancing & reconciliation between systems

Systems back up & recovery

Physical safeguard & access restriction controls

Reconciliations, comparison budget of actual

2. Operational audit: review of various functions within project

to evaluate efficiency, effectiveness, & economy

22


24/56

Nature of Internal Audit Activity

Establish scope & activities for audit to Management

Describe key risks facing the business activities within scope of audit

Identify control procedures used to ensure each key risk is properly controlled &monitored

Develop & execute risk based sampling & testing approach to determinewhether most important controls are operating as intended (NB: input from

Management requirede.g. 100% sampling of WA review)

Report issues/make recommendations/negotiate action plans withManagement to address issues

Follow up on reported findings periodically

23


25/56

Contents of Audit Plan

Updatedannually

Risk based audit plan developed with input from project staff

including Management

Summary of key goals, risks & corresponding major audits, to illustrate alignment

Based on risk assessment & available resources

Appendix materials, such as planning approach, assumptions & brief descriptions

of all planned audits & related prioritization

Approved by management/ appropriate oversight Committee

24


26/56

Contents of Audit Report

Observations

Narration/ description

Remedial action

Consequences/ fall out

Recommendation for improvement (prioritized between high and

normal)

Response (action plan)who, when and how

25


27/56

IAs Proactive Role

IdentifyRisks

Find Better Ways and Best Practices

Partner With Management to Find Solutions

PreventProblems

Provide training

Respond to policy & technical accounting questions

Offersuggestions for improvement

Advisory role

26


28/56

Preventive Measures

Make sure your controls are working

Review and reconcile

Check the work of your subordinates Dont give in to the temptation to skip

controls because you are busy!


29/56

What is included in the audit

report?

What was found

Why it happened What is required

What effect it has

Recommendation for improvement

Responsewho, when and how


30/56

What happens after the audit?

Follow-up Review corrective action

Report to Audit Committee


31/56

We are here to help

We provide training

Respond to policy and

technical accountingquestions

Offer suggestions for

improvement

Advisory role


32/56

How To Conduct Internal Audit


33/56

Internal Audit or Inspection?

Many companies have GMP inspections or

regularly scheduled inspections of

Prerequisite programs.

These differ from audits because:

They are typically based on a standard checklist that

designed to look at each point individually and

determine if a requirement is being followed

Internal audits look at the system and include the

interaction of processes


34/56

RISK


35/56

RISK

MANAGEMENT

12/21/2014 34

Sectio n 138(1)

Prescribed class of companies shall conduct the internal

audit of the functions and activities of the company.

As per Draft Rules: Every listed company, every public

company with paid up share capital > Rs 50 cr, or turnover of

200cr or any outstanding loans or borrowings from banks or

public financial institutions > Rs. 100 cr or which has

accepted deposits of > Rs. 25 cr at any point of time during

the last financial year)

RISK


36/56

RISK

MANAGEMENT

Evaluation of internal financial controls andrisk management systems

The Boards report to contain a statement

indicating development and implementation ofrisk management policy. Sectio n 134 (3)(n)

Board Report to contain statement indicating themanner in which formal annual evaluation hasbeen made by the Board of its own performanceand that of its committees and individual

directors. Sectio n 134 (3)(p)(As per Draft Rules: This is applicable for everylisted company and public company having paidup share capital of Rs. 25cr or more, calculatedas at the end of the preceding FY)

12/21/2014 35


37/56


38/56


39/56


40/56


41/56

Meeting of Audit Committee:

Audit Committee should meet at least four times in a year.

Maximum Gap between 2 Meetings is 4 Months.

Minimum2Directormustbe present.
http://i0.wp.com/taxguru.in/wp-content/uploads/2014/07/123456.jpg


42/56


43/56


44/56

EXPANDED ROLE OF AUDIT COMMITTEE


45/56


46/56


47/56


48/56


49/56


50/56

Di R ibili S


51/56

Directors Responsibility StatementSection 135 (5)

Directors Responsibility Statement referred to in clause (c) of sub-section (3) shall state that

..(b) the directors had selected such accounting policies and applied them consistently and

made judgments and estimates that are reasonable and prudent so as to give a true and fair

view ;

(c) the directors had taken proper and sufficient care for the maintenance of adequate

accounting records in accordance with the provisions of this Act for safeguarding the assets of

the company and for preventing and detecting fraud and other irregularities;..

(e) the directors, in the case of a listed company, had laid down internal financial controls to be

followed by the company and that such internal financial controls are adequate and were

operating effectively.

Explanation.For the purposes of this clause, the term internal financial controls means the

policies and procedures adopted by the company for ensuring the orderly and efficientconduct of its business, including adherence to companys policies, the safeguarding of its

assets, the prevention and detection of frauds and errors, the accuracy and completeness of

the accounting records, and the timely preparation of reliable financial information;

(f) the directors had devised proper systems to ensure compliance with the provisions of all

applicable laws and that such systems were adequate and operating effectively.

50


52/56


53/56


54/56


55/56


56/56

internal audit.ppt

Documents