Types of Internal Audit We all are quiet familiar with Internal Audits. Let me now brief you about the different types of internal audits. Information Systems Audit: Information Systems Audit is conducted to ensure proper functioning of the information system throughout the life of the business.
There are three kinds of IS audits that may be performed:
1. General Control Review: General control review involves the review of the controls which govern the development, operation, maintenance and security of application systems in a particular environment.
2. Application Controls Review: A review of controls for specific application systems. This would involve an examination of the controls over the input, processing and output of the systems data.
3. Systems Development review: A review of the development of a new application system. This involves an evaluation of the development process as well as the product. Risk Based Internal Audit: Risk based Internal Audit is an internal methodology which is primarily focused on the inherent risk involved in the activities or system. It is the risk management framework of the management and seeks at every stage to reinforce the responsibility of management and BOD for managing risk.
The implementation and ongoing operation of RBIA has three stages:
Stage 1: Assessing risk maturity- This involves obtaining an overview of the extent to which the board and management determine and monitor risks.
Stage 2: Periodic Audit planning- Identifying the assurance and consulting assignments for a specific period by identifying and prioritizing all those areas on which the board requires objective assurance.
Stage 3: Individual audit assignments- Carrying out individual risk based assignments to provide assurance on part of the risk management framework, including on the mitigation of individual or group of risks.
Operational Audit: Operational Audit is to ensure effective and efficient conduct of operations of a company. It's a future oriented, systematic and independent evaluation of organizational activities. Financial data may be used, but the primary sources are the operational policies and achievements related to organizational objectives. Internal controls and efficiencies may be evaluated during this type of review.
Compliance Audit: Compliance audit is a comprehensive review of an organizations adherence to regulatory guidelines. Independent accounting, security or IT consultants evaluate the strength and thoroughness of compliance preparations. Auditors review security policies, user access controls and risk management procedures over the course of a compliance audit. The preciseness of compliance audit vary depending upon whether an organization is a public or private company, what kind of data it handles and if it transmits or stores sensitive financial data.
Environmental Audit: There are three main types of environmental audits which are environmental compliance audits, environmental management audits to verify whether an organization meets its stated objectives and functional environmental audits such as for water and electricity. Environmental compliance audits are useful tools to evaluate an organizations environmental performance and environmental management practices against legal and other requirements.
Performance Audit: Performance audit refers to an independent examination of a program, function, operation or the management systems and procedures of an entity to assess whether the entity is achieving economy, efficiency and effectiveness in the employment of available resources. The examination is objective and systematic, generally using structured and professionally adopted methodologies. The scope of performance audits may include the detection of fraud, waste and abuse.
Special Audit: Special assignment audits are aimed at specific areas and aspects of the company operations which do not require comprehensive inspection of the entire system of accounting. It's a type of internal audit and is conducted only at the initiative of the organizations management and shareholders. The main purpose of this type of audit is the timely detection of errors and irregularities in the accounting and reporting as well as identifying additional possibilities for improving the efficiency of the business process.
I hope the above information was helpful.
For any queries, please contact camathewjacob@gmail.com.
CAclubindia
