Become GST Expert

Share on Facebook

Share on Twitter

Share on LinkedIn

Share on Email

Share More

The Internal Audit Standard Board of the ICAI has, with other pronouncements, issued five Standards on Internal Audit (SIAs) in November 2018. The SIAs are a set of minimum requirements that apply to all members of the ICAI while performing internal audit of any entity or body corporate. However these are not mandatory to be undertaken by other professional bodies such as Cost Management Accountants and Company Secretaries.

Need for Standards on Internal Audit

The Standards on Internal Audit (SIAs) establish uniform evaluation criteria, methods, processes and practices. The Standards are pronouncements which form the basis for conducting all internal audit activity. These pronouncements are designed to help the internal auditor to discharge his responsibilities.

The following internal audit related pronouncements have been issued:

  • Preface to the Framework and Standards on Internal Audit
  • Framework Governing Internal Audits
  • Basic Principles of Internal Audit
  • Standard on Internal Audit (SIA) 210, Managing the Internal Audit Function
  • Standard on Internal Audit (SIA) 220, Conducting Overall Internal Audit Planning
  • Standard on Internal Audit (SIA) 310, Planning the Internal Audit Assignment
  • Standard on Internal Audit (SIA) 320, Internal Audit Evidence
  • Standard on Internal Audit (SIA) 330, Internal Audit Documentation

As per Framework Governing Internal Audits issued by ICAI, Internal Audit is defined as follows:

'Internal Audit provides independent assurance on the effectiveness of internal controls and risk management processes to enhance governance and achieve organisational objectives'

Key terms used above


Internal Controls

Risk Assessment


Organisational Objectives

Basic Principles of Internal Audit- Standard on Internal Audit (SIA) 2, Basic Principles Governing Internal Audit was, originally, issued by the Board in August, 2007 which was recommendatory in nature. The revised Basic Principles of Internal Audit is being issued as overarching document for all the Standards on Internal Audit, and shall become mandatory from such date as notified by the Council.


The Basic Principles of Internal Audit are a set of core principles fundamental to the function and activity of internal audit. The Basic Principles are critical to achieve the desired objectives as set out in the Definition of the Internal Audit, and therefore, apply to all internal audits.


All internal audits shall be performed based on these basic principles, and departures from these principles shall be appropriately disclosed in internal audit report or other similar communication.

The principles can be summarised as follows:


The Internal Auditor shall be free from any undue influences which force him to deviate from the truth. This independence shall be not only in mind, but also in appearance.

Integrity and Objectivity

The Internal Auditor shall be honest, truthful and be a person of high integrity.  He shall avoid all conflicts of interest and not seek to derive any undue personal benefit or advantage from his position.

Due Professional Care

'Due professional care' signifies that the Internal Auditor exercises reasonable care in carrying out the work to ensure the achievement of planned objectives.


He shall not disclose any such information to a party outside the internal audit function and any disclosure shall be on a 'need to know basis'. Under no circumstance any confidential information shall be shared with third parties outside the company, without the specific approval of the Management or Client or unless there is a legal or a professional responsibility to do so (e.g., to share information with Statutory Auditors)

Skills and Competence

The Internal Auditor shall have sound knowledge, strong interpersonal skills, practical experience and professional expertise in certain areas and other competence required to conduct a quality audit. In addition to the basic technical skills, the Internal Auditor shall have the softer skills (such as interpersonal and communication skills) required to engage with a multitude of stakeholders

Risk Based Audit

The Internal Auditor shall identify the important audit areas through a risk assessment exercise and tailor the audit activities such that the detailed audit procedures are prioritised and conducted over high risk areas and issues, while less time is devoted to low risk areas through curtailed audit procedures

Systems and Process Focus

It requires a root cause analysis to be conducted on deviations to identify opportunities for system improvement or automation, to strengthen the process and prevent a repetition of such errors.

Participation in Decision Making

The Internal Auditor shall avoid passing any judgement or render an opinion on past management decisions. As part of his advisory role, the Internal Auditor shall avoid participation in operational decision making which may be subject of a subsequent audit

Sensitive to Multiple Stakeholder Interests

The Internal Auditor shall evaluate the implications of his observations and recommendations on multiple stakeholders, especially where diverse interests may be conflicting in nature

Quality and Continuous Improvement

The Internal Auditor shall ensure that a self-assessment mechanism is in place to monitor his own performance and also that of his subordinates and external experts on whom he is relying to complete some part of the audit work.


The Chief Internal Auditor of the company has to perform a number of activities which includes the following-

  1. Planning-Define the overall plan, scope and methodology of the Internal Audit Function on a periodic basis.
  2. Monitoring-Oversee and monitor various audit assignments, their proper planning, execution, reporting of findings and subsequent closure of reported observations
  3. Performance-Plan, acquire, engage and review the performance, training and development of professional staff, talent and other resources to achieve its objectives.
  4. External Experts-Identify, source, engage and manage external experts and technical solutions, if required.
  5. Communication-Communicate and engage with all key stakeholders regarding progress and achievement of objectives
  6. Improvement Programme-Develop and maintain a quality evaluation and improvement program.


The overall Internal Audit Planning process is done in 2 phases depicted as follows-

SIA 220 deals with the connotations of the Overall Planning of the Internal Audit function for the whole entity. As per Rule 13(2) of the Companies Act 2013, it is mandatory for the Audit Committee of the Board to formulate overall Internal Audit Plan.

As per Sec 13(2) of the Companies Act 2013,

'The Audit Committee of the company or the Board shall, in consultation with the Internal Auditor, formulate the scope, functioning, periodicity, and methodology for conducting the internal audit.'

Conducting the Overall Internal Audit Planning involves the following key elements-

  • undertaken prior to the beginning of the plan period
  • comprehensive
  • directional in nature and considers all the Auditable Units
  • prepared by the Chief Internal Auditor


The Planning Process

Knowledge of the Business and its Environment

Discussion with Management and Stakeholders

Audit Universe and Scope of Coverage

Risk Assessment

Technology Deployment

Resource Allocation



As mentioned above, the planning is done in two phases, this standard deals with the requirement of the audit plans to be made periodically.

Conducting the Internal Audit Assignment involves the following key elements-

  • sub-set of the Overall Internal Audit Plan
  • undertaken prior to the beginning of a particular assignment during the plan period
  • covers the manner in which a particular audit assignment will be conducted
  • prepared by the Internal Auditor responsible for the assignment


Alignment with the objectives of the Overall Internal Audit

Scope, coverage and methodology of the audit procedures will form a sound basis for providing reasonable assurance.

Allocate adequate time and resources

Assign appropriate skills to complex areas and issues.

Efficient and effective manner in conducting audit procedures

In line with the various pronouncements of ICAI



As per the definition given in the standard, Internal Audit Evidence refers to all the information used by the Internal Auditor in arriving at the conclusion on which the auditor's opinion is based.


The Internal Audit evidence includes the following-

  • information collected from underlying entity records and processes
  • information from the performance of various audit activities and testing procedures


To allow the Internal Auditor to form an opinion on the outcome of the audit procedures completed.


Nature of Evidence

either from the underlying company's books, records, systems and processes or through the performance of audit activities and testing procedures

Reliability and Consistency of Evidence

Evaluate how the audit procedures need to be modified or expanded to resolve the doubt or conflict.

Evidence Collection and Recording Process

Meet certain basic standards of quality to achieve internal audit objectives


Written policy and process on audit evidence

Details of the evidence collected, relevance to the audit findings and opinion being formed, cross referenced to the Internal Audit Program, where appropriate



Internal Audit Documentation refers to the written record (electronic or otherwise) of the internal audit procedures performed, the relevant audit evidence obtained and conclusions reached by the Internal Auditor on the basis of such procedures and evidence


This Standard applies to all internal audit assignments. The nature and content of documentation is covered in a separate implementation guide on the subject.


  • validate the audit findings
  • support the basis on which audit observations are made
  • conclusions reached from those findings
  • aid in the supervision and review of the internal audit work
  • establish that work performed is in conformance with the applicable pronouncements of the Institute of Chartered Accountants of India.


Nature of Documentation

includes written records (electronic or otherwise) of various audit activities and procedures conducted, including evidence gathered, information collected, notes taken and meetings held.

Content and sufficiency of Documentation

all significant matters which require exercise of judgment, together with the Internal Auditor's conclusion

Documentation Process

Collated and arranged logically in files as audit work papers and retained to support the performance of the internal audits as per a written process

Timely Completion of Documentation

compiled into internal audit files soon after the completion of all audit procedures, while pending matters may be closed during the draft stage of audit reporting

Confirmation of Compliance

Written documentation policy
process on audit work papers
Work paper files for each audit assignment

Note- Preface to the Standards on Internal Audit was, originally, issued in November, 2004, revised in July, 2007, and was recommendatory in nature. The revised Preface to the Framework and Standards on Internal Audit shall become mandatory from such date as notified by the Council.

The Preface to the Framework and Standards on Internal Audit are applicable for all internal audits beginning on or after a date to be notified by the Council of the Institute. In case of SIAs issued by the ICAI for which a Guidance Note is already in existence, the Guidance Note will stand withdrawn from the date on which the Standard comes into effect.

Standards will come in force from the date to be notified by ICAI
(with inputs from Standards of Internal Audit issued by ICAI)

The author can also be reached at


Published by

CA Rubneet Anand
(Deputy Manager Internal Audit and Indirect Taxation)
Category Audit   Report

1 Likes   4 Shares   5244 Views


Related Articles


Popular Articles

GST Course
caclubindia books caclubindia books

CCI Articles

submit article