internal audit.ppt
TRANSCRIPT
-
8/10/2019 internal Audit.ppt
1/56
Auditing StandardsPracticalAspects
Dr. Amit Bagga ,FCA, CMA, Phd.
-
8/10/2019 internal Audit.ppt
2/56
Effective Compliance with Standards
-
8/10/2019 internal Audit.ppt
3/56
-
8/10/2019 internal Audit.ppt
4/56
Definition
Internal auditing is an independent, objective
assurance and consulting activity designed to add
value and improve an organization's operations. It
helps an organisation accomplish its objectives by
bringing a systematic, disciplined approach to evaluate
and improve the effectiveness of risk management,
control, and governance processes.
The Institute of Internal Auditors
3
-
8/10/2019 internal Audit.ppt
5/56
Effective Auditing Standards - Essentials
Amenable toenforcement
Flexibility forapplication
Universalacceptance
Easy tounderstand
Principlebased
AuditingStandards
-
8/10/2019 internal Audit.ppt
6/56
While AUDIT is anindependent examination
of financial statements forexpressing an opinion
thereon, whereasassurance is provided bysuch an examination and
report.
-
8/10/2019 internal Audit.ppt
7/56
Nature & PurposeAssist team in
planning& performing
Assist
supervision
& direction
Create
accountability
Record
matters ofcontinuing
significance
Assist
external
inspection
-
8/10/2019 internal Audit.ppt
8/56
Prepare documentationthat provides
Sufficient & Appropriate
record of basis ofauditors report
Evidence that audit wasplanned and performed
Objective
-
8/10/2019 internal Audit.ppt
9/56
Requirements
Assemblyof
Final Audit File
Documentation ofAudit Procedures
and Audit Evidence obtained
Timely Preparation of Audit Documentation
-
8/10/2019 internal Audit.ppt
10/56
The Role of the
Internal Audit Department
-
8/10/2019 internal Audit.ppt
11/56
Were Here to Help!
Identify Risks
Find Better Ways and Best Practices
Partner With You to Find Solutions
Prevent Problems
-
8/10/2019 internal Audit.ppt
12/56
We have a plan!
Audit plan developed with input from across
the organization
Risk factors:
Impact
Probability
Controls
-
8/10/2019 internal Audit.ppt
13/56
IACode of Ethics
Principles
Internal auditors are expected to apply & uphold the following principles:
IntegrityThe integrity of internal auditors establishes trust & so provides the
basis for reliance on their judgment
Objectivity
Internal auditors exhibit the highest professional objectivity in
gathering, evaluating & communicating information. Internalauditors make a balanced assessment of all relevant circumstances
& are not unduly influenced by their own interests or others in
forming judgments
Confidentiality
Internal auditors respect the value and ownership of information
they receive & do not disclose information without appropriate
authority unless there is a legal or professional obligation to do so
Competency Internal auditors apply knowledge, skills, & experience needed
12
-
8/10/2019 internal Audit.ppt
14/56
What is Internal Audit?
Internal Audit is a professional activity which helps organisations to achieve their
stated objectives by:
Analyzing key processes, procedures & operations
Identifying key controls in each such operation, procedure & process
Evaluating the adequacy of these controls
Testing complianceof sample transactions against these controls
Reporting results of the evaluation of controls and compliance testing oftransactions
Recommending stronger controlswherever necessary
Suggesting methods to improvecompliance with key controls
Follow up of action taken on recommendations made in previous reports
13
-
8/10/2019 internal Audit.ppt
15/56
What are Internal Controls?
Internal Controls are important checks instituted by management to have
reasonable assurance that:
Operationsare carried out in an efficient & effective manner
Transactionsare recorded accurately & completely
Assetsare properly recorded & safeguarded
Laws are compliedwith
Reliable reportsare generated
14
-
8/10/2019 internal Audit.ppt
16/56
Some examples of Internal Control
BudgetaryControl
Fixed AssetsRegister
Bank&Special Account Reconciliations
Reconciliationof Financial & Physical M & E Reports
15
-
8/10/2019 internal Audit.ppt
17/56
Internal Audit (IA) Mandate
What does it not do?
Perform management activities/ responsibilities (these include
establishing internal controls)
Compliance & Advisory roles
What does i t do?
Primary role in improving internal control, accuracy,reliability & integrity of information including financial &
operational reporting Monitoring & evaluation of effectiveness of risk management
processes
Role in corporate oversight, safeguarding of assets,economical & efficient use of resources, compliance with
laws & regulations, deterring fraud
16
-
8/10/2019 internal Audit.ppt
18/56
Internal Control Facts
FACTS:
17
Internal control starts with a strong set of policies and procedures
While internal auditors play a key role in the system of control, management has
responsibility for internal control
Internal control is integral to every aspect of business/operations
Internal control makes the right things happen the first time
Internal controls should be built into,not ontobusiness processes
-
8/10/2019 internal Audit.ppt
19/56
Internal Control Practices
How?
Internal control is a process. It's a means to an end, not an
end in itself
Internal control is effected by people as a team, not by
internal auditor. It's not merely policy manuals & forms,
but people at every level of an organization
Internal control can be expected to provide only reasonable
assurance, not absolute assurance, to an entity's
management and governing bodies/ committees
Uses systematic methodology for analysing businessprocesses, procedures & activities
The cost of IA should not exceed expected benefits to be
derived
18
-
8/10/2019 internal Audit.ppt
20/56
An internal control structure is simply a different way of viewing
operationsa perspective that focuses on doing the right things in theright way
MONITORING
INFORMATION ANDCOMMUNICATION
CONTROL ACTIVITIES
CONTROL ENVIRONMENT
CONTROL ACTIVITIES
RISK ASSESSMENT
INFORMATION &
COMMUNICATION
Internal Control Structure
In many cases, you perform controls and interact
with the control structure every day, perhaps
without even realising it
Monthly reviews of
performance reports
Supervisory activities
Reporting
Corporate
communications
(e-mail, meetings)
Purchasing limits
Approvals/ segregations
Security
Reconciliations
Proper operating &
accounting procedures
Based on
identification &analysis of risks to
achievement of
objectives
Corporate Policies
Tone at the top, ethics
Organisationalauthority
Skilled personnel
19
-
8/10/2019 internal Audit.ppt
21/56
Role in Risk Management
Focus on risk of occurrences that could prevent the project fromachieving its goals
There are many types of risk strategic, operational, financial
reporting, legal/regulatory, fraud, ineffective/inefficient use of
resources, technological, human capital, credibility, etc.
Focus on areas with high risk & high probability that controls are not in
place or are weak
Dontforget positive risksopportunities!
Add value by eliminating unnecessary controls, if
underlying risks are minimal/within projects risk appetite!
20
-
8/10/2019 internal Audit.ppt
22/56
Internal Audit is Intake Point for
Whistleblowersorganization policy requires Internal Audit to receive
reports of
Misconduct
Fraud
-
8/10/2019 internal Audit.ppt
23/56
Role in Internal Control
1. Compl iance audit :review of financial & operating controls &transactions for conformity with laws, regulations &
procedures, e.g.,
Access to IT system appropriate to users role
Segregation of duties in high risk areas
Balancing & reconciliation between systems
Systems back up & recovery
Physical safeguard & access restriction controls
Reconciliations, comparison budget of actual
2. Operational audit: review of various functions within project
to evaluate efficiency, effectiveness, & economy
22
-
8/10/2019 internal Audit.ppt
24/56
Nature of Internal Audit Activity
Establish scope & activities for audit to Management
Describe key risks facing the business activities within scope of audit
Identify control procedures used to ensure each key risk is properly controlled &monitored
Develop & execute risk based sampling & testing approach to determinewhether most important controls are operating as intended (NB: input from
Management requirede.g. 100% sampling of WA review)
Report issues/make recommendations/negotiate action plans withManagement to address issues
Follow up on reported findings periodically
23
-
8/10/2019 internal Audit.ppt
25/56
Contents of Audit Plan
Updatedannually
Risk based audit plan developed with input from project staff
including Management
Summary of key goals, risks & corresponding major audits, to illustrate alignment
Based on risk assessment & available resources
Appendix materials, such as planning approach, assumptions & brief descriptions
of all planned audits & related prioritization
Approved by management/ appropriate oversight Committee
24
-
8/10/2019 internal Audit.ppt
26/56
Contents of Audit Report
Observations
Narration/ description
Remedial action
Consequences/ fall out
Recommendation for improvement (prioritized between high and
normal)
Response (action plan)who, when and how
25
-
8/10/2019 internal Audit.ppt
27/56
IAs Proactive Role
IdentifyRisks
Find Better Ways and Best Practices
Partner With Management to Find Solutions
PreventProblems
Provide training
Respond to policy & technical accounting questions
Offersuggestions for improvement
Advisory role
26
-
8/10/2019 internal Audit.ppt
28/56
Preventive Measures
Make sure your controls are working
Review and reconcile
Check the work of your subordinates Dont give in to the temptation to skip
controls because you are busy!
-
8/10/2019 internal Audit.ppt
29/56
What is included in the audit
report?
What was found
Why it happened What is required
What effect it has
Recommendation for improvement
Responsewho, when and how
-
8/10/2019 internal Audit.ppt
30/56
What happens after the audit?
Follow-up Review corrective action
Report to Audit Committee
-
8/10/2019 internal Audit.ppt
31/56
We are here to help
We provide training
Respond to policy and
technical accountingquestions
Offer suggestions for
improvement
Advisory role
-
8/10/2019 internal Audit.ppt
32/56
How To Conduct Internal Audit
-
8/10/2019 internal Audit.ppt
33/56
Internal Audit or Inspection?
Many companies have GMP inspections or
regularly scheduled inspections of
Prerequisite programs.
These differ from audits because:
They are typically based on a standard checklist that
designed to look at each point individually and
determine if a requirement is being followed
Internal audits look at the system and include the
interaction of processes
-
8/10/2019 internal Audit.ppt
34/56
RISK
-
8/10/2019 internal Audit.ppt
35/56
RISK
MANAGEMENT
12/21/2014 34
Sectio n 138(1)
Prescribed class of companies shall conduct the internal
audit of the functions and activities of the company.
As per Draft Rules: Every listed company, every public
company with paid up share capital > Rs 50 cr, or turnover of
200cr or any outstanding loans or borrowings from banks or
public financial institutions > Rs. 100 cr or which has
accepted deposits of > Rs. 25 cr at any point of time during
the last financial year)
RISK
-
8/10/2019 internal Audit.ppt
36/56
RISK
MANAGEMENT
Evaluation of internal financial controls andrisk management systems
The Boards report to contain a statement
indicating development and implementation ofrisk management policy. Sectio n 134 (3)(n)
Board Report to contain statement indicating themanner in which formal annual evaluation hasbeen made by the Board of its own performanceand that of its committees and individual
directors. Sectio n 134 (3)(p)(As per Draft Rules: This is applicable for everylisted company and public company having paidup share capital of Rs. 25cr or more, calculatedas at the end of the preceding FY)
12/21/2014 35
-
8/10/2019 internal Audit.ppt
37/56
-
8/10/2019 internal Audit.ppt
38/56
-
8/10/2019 internal Audit.ppt
39/56
-
8/10/2019 internal Audit.ppt
40/56
-
8/10/2019 internal Audit.ppt
41/56
Meeting of Audit Committee:
Audit Committee should meet at least four times in a year.
Maximum Gap between 2 Meetings is 4 Months.
Minimum2Directormustbe present.
http://i0.wp.com/taxguru.in/wp-content/uploads/2014/07/123456.jpg -
8/10/2019 internal Audit.ppt
42/56
http://i1.wp.com/taxguru.in/wp-content/uploads/2014/07/123457.jpg -
8/10/2019 internal Audit.ppt
43/56
http://i2.wp.com/taxguru.in/wp-content/uploads/2014/07/123458.jpg -
8/10/2019 internal Audit.ppt
44/56
EXPANDED ROLE OF AUDIT COMMITTEE
-
8/10/2019 internal Audit.ppt
45/56
-
8/10/2019 internal Audit.ppt
46/56
-
8/10/2019 internal Audit.ppt
47/56
-
8/10/2019 internal Audit.ppt
48/56
-
8/10/2019 internal Audit.ppt
49/56
-
8/10/2019 internal Audit.ppt
50/56
Di R ibili S
-
8/10/2019 internal Audit.ppt
51/56
Directors Responsibility StatementSection 135 (5)
Directors Responsibility Statement referred to in clause (c) of sub-section (3) shall state that
..(b) the directors had selected such accounting policies and applied them consistently and
made judgments and estimates that are reasonable and prudent so as to give a true and fair
view ;
(c) the directors had taken proper and sufficient care for the maintenance of adequate
accounting records in accordance with the provisions of this Act for safeguarding the assets of
the company and for preventing and detecting fraud and other irregularities;..
(e) the directors, in the case of a listed company, had laid down internal financial controls to be
followed by the company and that such internal financial controls are adequate and were
operating effectively.
Explanation.For the purposes of this clause, the term internal financial controls means the
policies and procedures adopted by the company for ensuring the orderly and efficientconduct of its business, including adherence to companys policies, the safeguarding of its
assets, the prevention and detection of frauds and errors, the accuracy and completeness of
the accounting records, and the timely preparation of reliable financial information;
(f) the directors had devised proper systems to ensure compliance with the provisions of all
applicable laws and that such systems were adequate and operating effectively.
50
-
8/10/2019 internal Audit.ppt
52/56
-
8/10/2019 internal Audit.ppt
53/56
-
8/10/2019 internal Audit.ppt
54/56
-
8/10/2019 internal Audit.ppt
55/56
-
8/10/2019 internal Audit.ppt
56/56