Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing systematic , disciplined approach to evaluate and improve the effectiveness of risk management , control and corporate governance.
The scope of internal auditing is broad and may involve the efficiency of operations, IT controls, the reliability of financial reporting, deterring and detecting fraud, and compliance with laws and regulations. Internal Auditors may also conduct compliance and operational audits, offering solutions for weaknesses in internal controls and verifying that all laws and regulations are upheld.
Internal Auditors' roles include monitoring, assessing, and analyzing organizational risk and controls; and reviewing and confirming information and compliance with policies, procedures, and laws. Working in partnership with management, internal auditors provide the board, the audit committee, and executive management assurance that risks are mitigated and that the organization's corporate governance is strong and effective. And, when there is room for improvement, internal auditors make recommendations for enhancing processes, policies, and procedures."
Internal Audit Strategy
A detailed strategy enables internal audit to align its objectives to the organization.
The internal audit strategy should have a three-to five-year time horizon and have a road map based on the organization’s overall strategy, stakeholder expectations, regulatory requirements and the role of the other risk functions.
Leading internal audit functions follow four steps to create a well-aligned strategy:
Develop or refine internal audit’s strategic vision. Know the function’s roles and responsibilities, the needs of its key stakeholders, its mandate and what it should accomplish over a long-term period.
Identify and prioritize key strategic initiatives. Based on the mandate and strategic vision, align initiatives to key business risks and key operational and financial priorities. Make sure processes, methodologies and tools are up to date, internal audit has the industry and functional insights it needs, and staffing models are flexible enough to anticipate change and address emerging risks/issues.
Design the appropriate key performance indicators (KPIs). Determine how internal audit measures its success against the prioritized initiatives, how it aligns with stakeholder expectations, and how to track productivity and value-driven measures.
Develop an operating strategy. Detail activities that enable internal audit to achieve its strategic initiatives. Determine key milestones and how the function is communicating its progress to key stakeholders. Also, put steps in place that enable internal audit to adapt to changing priorities so it can maximize its relevance to the business.
With these factors in mind, there are a number of key advantages associated with internal audit.
1. The internal audit function, as an independent operation, is carried out objectively. This independence enables internal auditors to render an impartial and unbiased judgment essential to the proper conduct of business.
2. As a management function, internal audits are designed to serve management’s needs via constructive recommendations in areas such as resource utilization and regulatory compliance.
3. Risk management through internal audit enables management to effectively mitigate risk and other associated uncertainties, thereby enhancing an organization’s capacity to build value
There are two key clauses organizations should be mindful of when approaching internal audit.
Clause 49 of the Listing Agreement
Keeping the importance of the internal audit function in mind, the Securities and Exchange Board of India (SEBI) introduced specific mandatory and recommendatory corporate governance provisions in Clause 49 of the Listing Agreement applicable to listed entities.
As per Clause 49, an audit committee is required to review the following:
1. Whether in the entity, the internal audit function is being made functional in proper order by reviewing the structure of the internal audit department, personnel recruited and seniority of the official who shall be heading the department, frequency of audits and terms of remuneration of the chief internal auditor.
2. Internal audit reports relating to weaknesses found in internal controls.
3. The findings of any internal investigation by internal auditors into matters where there is a suspected fraud or irregularity, or a failure of internal control systems of a significant impact.
4. The CEO and the CFO are required to certify to the Board of Directors that they accept responsibility for the effectiveness of internal controls, and that they have disclosed to the auditors and the audit committee deficiencies in the operation of the internal controls, if any, and steps have been taken for their rectification.
The above clauses and others are part of the Listing Agreement, with which every entity listed on Indian stock exchanges must comply.
Section 177 of the Companies Act 2013 (Previously Section 292A of the Companies Act, 1956)
Section 177 of the Companies Act, 2013 requires the following to constitute an audit committee and require the internal auditor to attend and participate in the meetings of such audit committees:
1. Every listed company
2. Unlisted public companies with paid up capital not less than INR 10 crores
3. All private limited companies with paid up share capital not less than INR 20 crores or more
4. All companies with paid up share capital of below the threshold limit mentioned in (2) and (3) above, but with public borrowings from financial institutions, banks or public deposits of rupees INR 50 crores or more
It can additionally be concluded from the above that management as well as the audit committee needs extensive support from the internal audit department to provide a primary assurance about controls and compliances before giving the required reports/ certificates or to appropriately review the aspects necessary to make informed decisions.