• Internal Audit in corporate framework
• Principles of Internal Audit
• ICAI’s Standards on internal audit
• Internal Audit process
Introduction: Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
Scope: The scope of internal auditing within an organization involves topics such as an organization's governance, risk management and management controls. Internal auditing may also involve conducting proactive fraud audits to identify potentially fraudulent acts; participating in fraud investigations under the direction of fraud investigation professionals, and conducting post investigation fraud audits to identify control breakdowns and establish financial loss.
Internal Audit in corporate framework:
As per Companies (Auditor’s Report) Order, 2003, by the Government of India in terms of sub-section (4A) of section 227 of the Companies Act, 1956, it is mandatory for all Companies to appoint internal auditor, if CARO 2003 is applicable.
All Companies & Trust (Listed or Unlisted) Companies where CARO, 2003 is applicable Paid up capital and reserves > INR 50 Lakh at the commencement of financial year Average Annual Turnover exceeding INR 5 Cr for a period of three consecutive financial years, immediately preceding the financial concerned.
Approaches of Corporate Governance and Role of Internal Audit:
The new approaches of the Corporate governance totally confirmed the board's responsibility for ensuring the effectiveness of their organisation's internal control framework.
The key role of internal audit is to assist the board and/or its audit committee in discharging its governance responsibilities by delivering:
- A review of the organisation's control culture, especially the "tone at the top”
- An objective evaluation of the existing risk and internal control framework.
- Systematic analysis of business processes and associated controls.
- Recommendations for more effective and efficient use of resources.
- Assessments of the accomplishment of corporate goals and objectives.
- Feedback on adherence to the organization’s values and code of conduct/code of ethics.
Audit committees are vital to investors and internal auditors.
For the investor, they have to provide Confidence in corporate governance.
For the internal auditor, they have to assure his independence.
Principles of establishing Internal Audit in Corporate framework:
The internal audit department should have an independent status in the organisation.
Internal auditor must have sufficiently high status in the organisation as he may be required to report directly to the BOD.
The objectives of the Internal Audit function should be made very clear and unambiguous and objective must be properly communicated to the all levels of the organisation.
iii. Definition of Duties:
The Internal Audit Department’s duty is to review operations as part of the internal control system. It should not be involved in performance of executive actions.
iv. Internal Audit department:
The size and qualification of staff of the internal audit department should be made commensurate with the size of the business.
The cost of internal audit department should not exceed he benefits derived from it.
The programme of internal audit should be time bound. There should be provision for periodic reporting on various operational and other aspects.
vi. Follow up & Review:
There should be sufficient scope for the follow up action on the various point raised in internal audit report.
Top management should take active part in ensuring compliance with action points raised in the report.
ICAI’s Standards on Internal Audit (SIA):
The Board of ICAI is working relentlessly to bring out high quality technical literature in the form of Standards on Internal Audit and Technical Guides/ Studies/ Manuals, which constitute an important tool in helping the internal auditors to provide effective and efficient internal audit services to the clients and/ or employers.
The following are the standards:
SIA 1: Planning an Internal Audit
Deals in developing an overall plan for the expected scope and conduct of audit and developing an audit programme showing the nature, timing and extent of audit procedures
SIA 2: Basic principles governing internal audit
Internal auditor should adhere to the basic principles governing an internal audit such as integrity, objectivity and independence, confidentiality etc.
SIA 3: Internal Audit Documentation
Internal audit documentation should be designed to meet the requirements of each audit.
SIA 4: Reporting
To review and assess the analysis drawn from internal audit evidence obtained as the basis for his conclusion on the efficiency and effectiveness of systems, processes and controls including items of financial statements.
SIA 5: Sampling
Design and select an audit sample, perform audit procedures thereon, and evaluate sample results so as to provide sufficient appropriate audit evidence to meet the objectives of internal audit engagement unless otherwise specified by the client
SIA 6: Analytical procedures
To apply analytical procedures as the risk assessment procedures at the planning and overall review stages of internal audit.
SIA 7: Quality assurance in internal audit
A system for assuring quality in internal audit should provide reasonable assurance that the internal auditors comply with professional Standards, regulatory and legal requirements, so that the reports issued by them are appropriate in the circumstance
SIA 8: Terms of internal audit engagement
Internal auditor and the auditee should agree on the terms of engagement before commencement. Terms should be approved by the Board of Directors or a relevant Committee thereof
SIA 9: Communication with management
Internal auditor while performing audit should communicate clearly the responsibilities of internal auditor and an overview of the planned scope and timing of audit with the management
SIA 10: Internal audit evidence
To obtain sufficient appropriate evidence to enable him to draw reasonable conclusions therefrom on which to base his opinion or findings.
SIA 11: Consideration of fraud in an internal audit
An internal auditor should have reasonable knowledge of factors that might increase the risk of opportunities for frauds in an entity and exercise reasonable care while carrying out internal audit.
SIA 12: Internal control evaluation
The system of internal control must be under continuous supervision by management to determine that it is functioning as prescribed and is modified, as appropriate, for changes in environment.
SIA 13: Enterprise risk management
ERM is a structured, consistent and continuous process of measuring or assessing risk and developing strategies to manage risk within the risk appetite.
SIA 14: Internal Audit in an Information Technology Environment
The overall objective and scope of an internal audit does not change in an IT environment. However, the use of a computer changes the processing, storage, retrieval and communication of financial information and the interplay of processes, systems and control procedures.
SIA 15: Knowledge of the Entity and its Environment
To obtain knowledge of the economy, entity’s business and its operating environment, sufficient to enable him to review the key risks and entity–wide processes systems, procedures and controls.
SIA 16: Using the Work of an Expert
To obtain technical advice and assistance from competent experts if the internal audit team does not possess necessary knowledge, skills, expertise or experience needed to perform all or part of the internal audit engagement
SIA 17: Consideration of Laws and Regulations in an Internal Audit
It is the primary responsibility of management, with the oversight of those charged with governance, to ensure that the entity’s operations are conducted in accordance with the provisions of laws and regulations, including compliance with the provisions of laws and regulations that determine the reported amounts and disclosures in an entity’s financial statements.
The Internal Audit process:
There is no exact internal audit process framed by ICAI, But
Most audits follow a fairly well-established pattern that consists of:
i. Stage one: Planning
Internal Audit planning is based on an annual cycle that runs in line with each academic year. Each Internal Audit will cover all key activities of the institution at least once and some areas that are considered to be high risk or high priority are often covered more than once.
At this point it will be necessary to identify staff that can assist the Internal Auditors in their work and any information to which they are likely to need access.
The information gained from the initial planning meeting is used in conjunction with other relevant information about the unit in order to obtain a general overview of operations.
All of this information is then used to make a preliminary assessment of the risks and controls for the unit. The internal auditors use this preparatory work to produce an Audit Programme.
ii.Stage two: Fieldwork
The auditors’ fieldwork concentrates on determining how well a unit is managing the risks identified at the planning stage and what controls are operating to help them do this. This can take a variety of forms that includes interviews and detailed testing / analysis of documents or transactions.
However, prior to this the auditors will usually have arranged to discuss any key issues with the nominated audit contact before completion of the fieldwork. Usually these communications are oral. However, sometimes, they are written in order to ensure full understanding – i.e. the draft audit report should hold no surprises.
iii. Stage three: Reporting
When the fieldwork is finished, the auditors draft a report. A feedback meeting may be held with the unit to discuss the audit findings, conclusions, and recommendations Included in the draft is an action plan that identifies the recommendations made in the report. This involves explaining how the recommendations will be implemented, by whom and within what time scale.
Finally, the Internal Auditors may ask for comments on their performance through a short questionnaire.
This feedback can result in changes to the auditors’ procedures, and summaries of the results of these questionnaires are reported periodically to the Audit Committee.
iv. Stage four: Follow-up
Obviously, the most critical aspect of “follow up” after an audit is the implementation and delivery of any remedial actions and improvement work identified within the audit report. Due consideration should be given to the priority level attached to the recommendations in the audit report and the time scales for action to which the University is committed.
Benefits of internal Audit:
a. Proper accounting system:
Accounting system is a chain of activities in any entity by which transactions are processed for maintaining financial record. Internal audit helps in introduction if proper accounting system.
b. Progressive Review:
The internal audit is beneficial to review progress of business concern. The auditor can point out the weak areas of management. The goals of business can be achieved if there is proper internal control.
c. Assets Protection:
The assets protection is possible through internal audit. The management can use the assets for the benefit of business only. The embezzlement of cash, misappropriation of stock and misuse of other assets is not possible as the internal auditor keeps close watch over assets.
d. Helps External Auditing:
The work performed by internal auditor can help external auditor in carrying out the audit. The audit procedure of internal and external audit is almost the same. The auditor can go through the internal audit report at the time of starting audit work.
e. Fixing Responsibility:
The internal audit is used to fix the responsibility of people having poor performance. The management establishes the performance standards. The internal auditor can evaluate the result of all persons. The people can be held responsible for below standard work.
Internal audit is of help to investigate in to the business matters. In case of doubt, internal auditor can be asked to examine the facts and figures to confirm or clear any doubt.