INTERNAL AUDIT
Definition
Preface to the Standards on Internal Audit issued by ICAI defines "Internal Audit" as follows:
An independent management function, which involves a continuous and critical appraisal of the functioning of an entity with a view to suggest improvements thereto and add value to and strengthen the overall governance mechanism of the entity, including the entity's strategic risk management and internal control system- or in simple terms - It was, and is, a way of ensuring businesses and public sector organizations use resources efficiently and apply process consistently
Internal auditors assist management with this task by providing a focus on risk management and the implementation of more stringent internal controls to manage prospective risks and vulnerabilities. Internal Control - As per Explanation to clause [e] of sub-section (5) of section 134 - Financial statement, Board's report, etc. of Companies Act, 2013 - Internal financial controls means the policies and procedures adopted by the company for ensuring the orderly and efficient conduct of its business, including adherence to company's policies, the safeguarding of its assets, the prevention and detection of frauds and errors, the accuracy and completeness of the accounting records, and the timely preparation of reliable financial information; As of today, internal audit undeniably is the backbone of a sound corporate governance system.
Need for Internal Audit
1. Increased size and complexity of businesses
2. Enhanced compliance requirements
3. Focus on risk management - understand risk exposure and internal controls to manage such risks
4. Intensive use of information technology
5. Need to create greater transparency, establish sound corporate governance
Characteristics of Internal Audit
1. Internal auditor should be independent which permits them to render impartial and unbiased judgment essential to the proper conduct of audits
2. Internal audit is a management function
3. It contributes in accomplishment of objectives and goals of the organization through ethical and effective governance
4. Internal audit function constitutes a separate component of internal control with the objective of determining whether other internal controls are well designed and properly operated
5. Focus is towards improving the internal control structure and promoting better corporate governance
6. Risk management and internal control are two sides of the same coin. Risk management focuses on the identification of threats and opportunities, and controls are designed to effectively counter threats and take advantage of opportunities
Functions of Internal Auditor
1. Review operations, policies, and procedures and assist management in establishing better policies and procedures
2. Provide assurance on risks that they are being managed within the acceptable limits as laid down by the Board of Directors
3. Examine the continued effectiveness of the internal control system through evaluation and make recommendations, if any, for improving that effectiveness
4. Help the management to fulfill its responsibilities relating to prevention and detection of fraud to the extent practicable Statutory Mandates â
Clause 49 of the Listing Agreement - Securities and Exchange Board of India (SEBI) introduced specific mandatory and recommendatory corporate governance provisions in Clause 49 of the Listing Agreement applicable to listed entities according to which audit committee is required to review -
1. whether the internal audit function is being made functional,
2. Internal audit reports relating to weaknesses found in internal controls, 3. findings of any internal investigation by internal auditors into matters where there is a suspected fraud or irregularity, or a failure of internal control systems of a significant impact and
3. that the CEO and the CFO have certified to the Board of Directors that they accept responsibility for the effectiveness of internal controls, and that they have disclosed to the auditors and the audit committee deficiencies in the operation of the internal controls, if any, and steps have been taken for their rectification.
Section 138 Internal Audit, of Chapter IX - ACCOUNTS OF COMPANIES, Companies Act, 2013 r/w Rule 13 of Companies (Accounts) Rules, 2014
Following class of companies shall be required to appoint an internal auditor or a firm of internal auditors, who shall either be a chartered accountant or a cost accountant, or such other professional as may be decided by the Board to conduct internal audit of the functions and activities of the company-
1. Every listed company;
2. Every unlisted public company having-
(i) paid up share capital of fifty crore rupees or more during the preceding financial year; or
(ii) turnover of two hundred crore rupees or more during the preceding financial year; or
(iii) outstanding loans or borrowings from banks or public financial institutions exceeding one hundred crore rupees or more at any point of time during the preceding financial year; or
(iv) outstanding deposits of twenty five crore rupees or more at any point of time during the preceding financial year; and
3. Every private company having-
(i) turnover of two hundred crore rupees or more during the preceding financial year; or
(ii) outstanding loans or borrowings from banks or public financial institutions exceeding one hundred crore rupees or more at any point of time during the preceding financial year:
Provided that an existing company covered under any of the above criteria shall comply with the requirements of section 138 and this rule within six months of commencement of such section.
IRDA (Investment) (Fourth Amendment) Regulations, 2008 has introduced requirements of quarterly internal audit for insurers.
Requirements of Sections 302 and 404 of the Sarbanes Oxley Act of 2002, for companies seeking listing in US stock exchanges, NASDAQ, NYSE, etc. Resources for an effective Internal Audit - Standards on Internal Audit (eighteen Standards) - developed by Committee on Internal Audit (CIA) - which aim to codify the best practices in the area of internal audit and also serve to provide a benchmark of the performance of the internal audit services
- Clarifications on issues arising from SIAs
- Generic and Industry Specific Publications
- Technical Guides
- Compendium of Industry Specific Internal Audit Guides
- Generic Guidelines on Internal Audit
- Knowledge Booklets by ICAI Miscellaneous
- Spencer Pickett , a noted author in the field of internal audit - The Essential Handbook of Internal Auditing, 2005 Edition
- Internal audit, as we understand it today, began around the time of the Second World War
To give this assurance, the internal auditor conducts:
1. A process audit on risk management processes at all levels of the organization, viz., corporate, divisional, business unit, business process level, etc., put in place by line management so as to assess the adequacy of their design and compliance.
2. A transactional audit on the significant risks so as to assess whether the risk is within acceptable limits. • The COSO (Committee of Sponsoring Organizations of the Treadway Commission) framework defines internal control as a process, effected by an entity's board of directors, management and other personnel, designed to provide "reasonable assurance" regarding the achievement of objectives in the following categories:
a. Effectiveness and efficiency of operations,
b. Reliability of financial reporting,
c. Compliance with applicable laws and regulations,
d. Safeguarding of Assets
Committee of Sponsoring Organizations of the Treadway Commission (COSO) - is a joint initiative of the five private sector organizations - Institute of Management Accountants (IMA), the American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), the Institute of Internal Auditors (IIA), and Financial Executives International (FEI) and is dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management, internal control and fraud deterrence. "Internal Control" Integrated Framework (2013 Framework) in May 2013 is the latest framework issued by COSCO
CAclubindia
