INTERNAL AUDITING for Institute of Chartered Accountants of India Bhilai Saturday, 19 th January 2008 by SUDHIR VARMA FCA; CIA(USA) B-57, New Rajinder Nagar, New Delhi –
AUDITING Mautz definition : “Concerned with the verification of accounting data, with determining the accuracy and reliability of accounting statements and reports”. The emphasis is on verification of accounting data with a view to report on the reliability of accounting statements.
AUDITING Schlosser’s definition “Systematic examination of financial statements, records and related operations to determine adherence to generally accepted accounting principles, management policies or stated requirements”.
AUDITING Collins dictionary : “An audit is an official examination of an organizations accounts by an accounting firm”.
INTERNAL AUDITING IIA definition : “Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes”.
INTERNAL AUDITING IIA definition : “Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes”.
Attributes in an Internal auditor : - Independent - Objective - Consultant- Add Value - Improve- Systematic - Disciplined- Evaluate - Effective INTERNAL AUDITOR
Attributes in an Internal auditor : He should - have diverse knowledge - be innovative - be a good and creative thinker
INTERNAL AUDITOR He should be able to - access risks, controls, quality, economy & efficiency - assure effectiveness and adequacy of controls - communicate effectively with clarity and accuracy
INTERNAL AUDITOR He should - examine global issues - be up to date on emerging technologies and evaluate them. - analyze opportunities
INTERNAL AUDITOR Can be - control expert - efficiency specialists - facilitator / problem solver - trainer
INTERNAL AUDITOR – Positioning Audit Committee Board of Directors Chairman CEO / MD Finance Director Internal Auditor
International - CODE OF CONDUCT Applicable to - all members - all Internal Auditors - individuals & organizations
International - CODE OF CONDUCT Integrity : All Internal Auditors shall perform their work with - honesty - diligence - responsibility - within laws of the land - contribute and respect legitimate & ethical objectives of the organization.
International - CODE OF CONDUCT Objectivity : All Internal Auditors will - will not develop relationships that effect objectivity. - will not accept gifts that can effect professional judgement. - will not participate in any activity that can effect objectivity. - be unbiased - be transparent and present all material facts.
International - CODE OF CONDUCT Confidentiality : All Internal Auditors shall - protect all company information - not use information for personal gains. - be prudent in use of information - not use information to the detriment of legitimate & ethical objectives of the organization.
International - CODE OF CONDUCT Competency : All Internal Auditors shall ensure that - they have necessary knowledge - they have necessary skills - they have adequate experience to undertake their assignment - they continually improve their proficiency - they perform in accordance with International Standards
INTERNATIONAL STANDARDS The standards are intended to represent the practice of internal auditing as it should be They are meant to serve the entire profession of internal auditing including the auditees. They are mandatory for all members but are applicable to all individuals and organizations in the internal audit profession.
INTERNATIONAL STANDARDS Attribute Standards they address the qualities of individuals and organizations that perform internal audit services. Performance Standards they provide quality standards and nature of internal audit services. Implementation Standards provide guidance applicable in specific types of engagements. They could be industry specific, regional or specialty types. Practice Advisories They help to interpret the standards or apply them in specific internal audit environments.
ATTRIBUTE STANDARDS 1000 Purpose, Authority and Responsibility The purpose authority and responsibility of the internal audit activity should be formally defined in a charter and approved by the board. The nature of assurance or consulting service should also be defined.
ATTRIBUTE STANDARDS Independence & Objectivity Internal audit - should report to a level that gives them independence - should be free from interference. - should be impartial, unbiased & without conflict of interest.
ATTRIBUTE STANDARDS Proficiency & due professional care Internal auditors - should possess adequate knowledge, skills, competencies and experience. - Can outsource areas where lacking - should have knowledge of key information technology risks and controls. - should exercise due professional care - should enhance knowledge, skills and other competencies.
ATTRIBUTE STANDARDS 1300.Quality Assurance and Improvement Program - Should adopt a process to monitor and assess the overall effectiveness of the quality program - should have ongoing internal reviews and assessments - should also have external reviews and assessments. - the results of such reviews should be communicated to the board. - Disclosure of non compliance - Use of “conducted in accordance with International standards”.
PERFORMANE STANDARDS 2000.Managing the Internal Audit Activity - Planning - Communication and Approval - Resource Management - Policies and Procedures - Co-ordination - Reporting
PERFORMANE STANDARDS 2100.Nature of Work - Risk management – identify and evaluate significant exposures to risk and their management systems - Controls – assist in maintaining adequate and effective controls. - Governance – assess and recommend governance process to accomplish organizational objectives.
PERFORMANE STANDARDS 2200.Engagement Planning - Consider objectives & significant risks - Written understanding with outsourced resources - Establish engagement objectives and scope - Determine and organize appropriate resources - Develop a work program
PERFORMANE STANDARDS ` 2300.Performing the Engagement - Identify sufficient, reliable and relevant information. - Evaluate and analyze information - Record conclusions - Obtain permissions before sharing information outside the internal audit - Develop policies for retention and storage of information - Ensure proper supervision.
PERFORMANE STANDARDS 2400.Communicating Results - Communications should specify objectives and scope of engagement - Communicate engagement results giving conclusions, recommendations and action plans. - Acknowledge satisfactory performance - Communications should be accurate, objective, clear, concise, constructive, complete and timely. - Communicate non compliance with standards - Communicate only to appropriate parties on agreed distribution.
PERFORMANE STANDARDS 2500.Monitoring Progress - Establish and maintain a system to monitor the disposition of results communicated Acceptance of Risks - Obtain a resolution for unresolved acceptance of risks by management
INTERNATIONAL STANDARDS Professional Issues Committee Setting of standards is an ongoing process with extensive worldwide consultations and discussions. Ongoing reviews Suggestions and recommendations
ICAI STANDARDS Auditing & Assurance Standards AAS – 1 Basic principles Governing an Audit (April1,1985) AAS – 2 Objective and Scope of the Audit of Financial statements (April 1, 1985) AAS – 3 Documentation. (July 1, 1985) (Revised) Error in an Audit of Financial statements (April 1, 2003) AAS – 5 Audit Evidence (January 1, 1989) AAS – 6 Risk Assessments and Internal Control (April 1, (Revised) 2002)
ICAI STANDARDS AAS – 8 Audit Planning (April 1, 1989) AAS – 9 Using the Work of an Expert (April 1, 1991) AAS – 10 Using the Work of Another Auditor (April 1, 2002) (Revised) AAS – 14 Analytical Procedures (April 1, 1998) AAS – 15 Audit Sampling (April 1, 1999) AAS – 17 Quality Control for Audit Work (April 1, 1999) AAS – 20 Knowledge of Business (April 1, 2000) AAS – 21 Consideration of Laws and Regulations in an Audit of Financial Statements (July 1, 2001)
ICAI STANDARDS AAS – 25 Comparatives (April, 2003) AAS – 26 Terms of Audit Engagements (April 1, 2003) AAS – 27 Communications of Audit Matters with Those Charged with Governance (April 1, 2003) AAS – 29 Auditing in a Computer Information Systems Environment (April 1, 2003) AAS – 30 External Confirmations (April 1, 2003) AAS – 34 Audit Evidence – Additional Considerations for Specific Items (April 1, 2005)
Thank You