Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internal Audit in New Era & Role of Cost Accountants

Published byRocío Villalobos Modified over 5 years ago

Similar presentations

Presentation on theme: "Internal Audit in New Era & Role of Cost Accountants"— Presentation transcript:

1 Internal Audit in New Era & Role of Cost Accountants
WIRC – Institute of cost accountants of india FRIDAY, 22ND FEBRUARY, 2019 Nilesh Likhite

2 Internal Audit definitions..
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. – IIA IIA’s International professional practices framework Internal Audit is defined as follows: Internal audit provides independent assurance on the effectiveness of internal controls and risk management processes to enhance governance and achieve organisational objectives. - ICAI Internal audit framework by ICAI Internal auditing is a continuous process of appraisal of an organisation's operations and evaluation and monitoring of risk management, reporting, and control practices. It is an independent and objective oriented assurance and consulting activity designed to add value and improve an organization's operations.- Guidance Note by Institute of Cost Accountants

3 Why the paradigm shift in IA

4 What has changed.. regulations
Companies Act, 2013 has mandated the internal audit requirements for certain companies falling within the ambit (Section 138) Audit Committee’s role has been specified and widened through provisions of Companies Act and SEBI Regulations Directors’ Responsibility Statement requires to mention about adequacy of Internal controls Statutory auditors are required to report on IFCR Role of Internal auditors have widened, expectations have increased and higher reliance is achieved only through higher responsibilities

5 IA Governance – more regulated
International Professional Practices Framework (IPPF) guide Principles, definition, code of ethics & standards (M) Implementation & Supplemental Guidance (R) Standards on Internal Audit Industry specific internal audit guides Generic internal audit guides Guidance Note Issued by ICWA , 2009

6 What has changed.. Scope Scope of internal audit has widened from mere review of financial records to indepth review of process in each of the functions The indepth review starts from initiation of transactions till its reporting / reflection in financial statements Like ERP touches all the aspects of an Organisation, Modern Internal Audit covers all the business processes

7 What has changed.. stakeholders
Chief overseeing authority responsible to ensure controls within the organisation Audit committee Value addition Assurance Top Management Immediate action on process gaps Improvement in controls Operational management Charting the audit plan and extent of reliance Determination of risk areas Statutory Auditors Internal audit reports could be asked at times Regulatory authorities

8 Independence & Objectivity
The ability of the Internal Audit Function to remain isolated from the operations No interference on scope restrictions and availability of information Achieved through dual reporting organization structure Disclosure to Audit Committee The ability of the Internal Audit to perform in non-compromise mode Not to subordinate the judgment on audit matters to others Maintain an unbiased view at all times Avoid conflict of interest Disclosure to Audit Committee

9 What has changed.. Governance
Audit committee charter outlines the purpose, authority and responsibilities of audit committee members Covers the responsibilities defined under Regulations Defines its governance Internal audit charter defines the roles, responsibilities and authority of Internal Audit Department / Function Chief Internal Auditor FUNCTIONALLY reports to Chairman of Audit Committee and Administratively to MD/CEO. Lot of emphasis is given to have independence and objectivity

10 What has changed.. Positioning
Sitting outside the risk management processes of the first two lines of defense, its main roles are to ensure that the first two lines are operating effectively and advise how they could be improved. Tasked by, and reporting to the board / audit committee, it provides an evaluation, through a risk-based approach, on the effectiveness of governance, risk management, and internal control to the organisation’s governing body and senior management. Operational management Controlling & monitoring Assessment of adequacy of both

11 What has changed.. Approach & Methodology
Identify Understanding the key business risk External and internal factors affecting business Analyse Likelihood or probability of occurrence Impact analysis Prioritize Classification of risks Measurement on rating scale basis Paradigm shift from full audit to risk based audit.. Emphasis on audit in depth of key risk areas

12 Risk based IA - Methodology
Audit Universe Listing down every function, location, business unit Identify and document “out of scope” Revisit the audit universe Annual Audit plan Develop an annual IA plan based on audit universe and risk assessment Inputs from key stakeholders and final approval Execution Risk assessment for each audit project Assessment of existing controls and “what can go wrong” or Hypothesis building Testing the hypothesis of selected samples Reporting Communication of audit results Follow up Follow up on implementation of audit recommendations Follow up audits

13 Development of RBIA Plan
Risk Identification Risk Validation Risk Prioritization Develop IA plan Development of RBIA Plan Analysis of data, trends Organizational and process changes Results of past audits Business risk Analysis Regulatory and industry changes Interview the process owners Key emphasis on out come of preliminary risk identification Understanding the control environment affecting risks Risk classification using methodologies such as matrix, ratings, etc Alignment of IA risk areas with Business Listing the audit areas as per risk prioritization IA plan listing the functions / locations as per risk matrix Validation with Stake holders Approval from the Audit Committee Develop timelines

14 Internal Audit Execution
Pre-audit Risk Assessment Risk Validation Field work Internal Audit Execution Desktop review of the data Perform process walkthroughs Review of past audit results Review of important documents Risk Interviews Identify process gaps, opportunity of management overrides, personal discretions Perform “what can go wrong” analysis Map the existing controls around the risk areas Identify residual risks Select the representative samples Validation of controls on select transactions Identify gaps Identify the root cause Identify the risks Frame audit recommendations

15 Data analytics (DA) – Key tool of the auditors
A definition: The process of inspecting, cleansing, transforming and modeling data with the objective of highlighting meaningful information, suggesting conclusions and supporting decision-making. MORE! Problem Solving process; Extracts insights; Historical, real-time or predictive Data Analytics (DA) can be: Risk Focused - i.e., controls effectiveness, fraud, waste, policy/regulatory non-compliance or Performance Focused – i.e., increased sales, decreased costs, improved profitability etc.

16 DA tools

17 Challenges limits DA Deployment
Limited Resources (financial & human) to execute on a sustained basis. Appetite for investment in time and training needed to develop an effective DA process. Someone needs to create, run and maintain the queries Proficiency using analytic software Proficiency in performing analysis

18 Closing meeting Draft Report Final Report Reporting
More the discussions, better is the outcome Formal closing meeting with draft observations and responses Senior level involvement Incorporate the inputs from closing meeting Release the draft report for validation of operational management Confirmation in writing Final report after confirmation of draft by the management Due care about presentation, correctness, aesthetics, etc

19 Detailed observations
More on Reporting.. The contents depends on the final recipients Scope and scope restrictions are must Know the recipients Key findings or executive summary of important observations Writing Executive Summary is an art Key findings To be backed up with references, data, etc Change the HAT and wear the Reader’s HAT. Too detailed or too short? Both will defeat the purpose Detailed observations

20 Detailed observation – How to make it meaningful
Observation with reference to “How” (Policies, processes, legal requirements, best practices) Details on the gaps with respect to “How” Support with data Quantify Identify the root cause of deviation Identify the impact of the deviation – Risks Provide recommendations – meaningful, implementable, etc Obtain management comments Criteria What should exist Expected behavior Condition Actual situation as observed from data Financial impact Cause Why the deviation occurred Risk What is the impact of actual situation on business Recommendation Recommendations to flow to correct the Cause Recommendation by IIA

21 Management response - SMART
Specific, No Stories Measurable Achievable Responsible Person Timelines to implement

22 Make report more effective..
Rating assigned to each observation – brings emphasis Rating assigned to the Internal Audit report – Brings overall conclusion of auditor on effectiveness of the Function audited

23 Higher level Reporting – ExCo/AC
Understand the requirements.. Careful selection of audit observations Alignment with auditee Details in backups … handy for reference Management actions with most updated status – can be different than report Prior circulation and opportunity for providing feedback Alignment of presentation with allotted time Present message & not read out the slide… practice, practice and practice…

24 COSO ERM Framework & IA Senior leadership and Directors for organizations of all sizes, and from across the world are talking about ERM and how to make it work for them. This new-found interest in abandoning traditional risk management and embracing an enterprise-wide risk management approach has naturally led to several questions regarding who are supposed to be the architects, implementers, managers and overseers of the entire process. Internal audit’s use of a risk-based approach easily lends itself to an interest in the ERM process, but there is considerable debate as to the role of the internal audit function in ERM

25 IA role in COSO ERM Framework
Changing stakeholder expectations and a new view of risk management are prompting an important shift in the role of internal audit in many organizations. What’s more, as regulatory compliance responsibilities have expanded and regulators and various rating agencies, among others, have adopted evaluation criteria including Enterprise Risk Management (ERM), In this environment, many leaders have recognised the need for internal audit to play a larger role – one that expands on its historic focus on value presentation (a control focus) to value creation (a performance focus). Internal audit’s existing organisation-wide perspective and mandate – and its access to all areas of the business, personnel and resources uniquely position it to expand its role.

26 Other key fields for IA profession
Consulting activity in process designs, special reviews, cost reduction studies, etc Audit of IT General Controls IT Security audits (with subject knowledge) Consulting activity in control designing in major implementations IA teams assigned with responsibilities of whistleblower management and corporate investigations

27 Cost Accountants & Internal Audit
Companies Act 2013 Section 138 provides that the Companies are required to appoint a person as an internal auditor who needs to be a professional. The said person can be chartered accountant or a cost accountant, or such other professional as may be decided by the Board

28 CMA as a internal auditor
Basically, CMA can do entire Internal Audit A CMA having thorough knowledge of each and every aspect of Product cost and Service cost can certainly play a vital role in adding value : Validation of costs – procurement of materials and services By identifying and reporting non value adding activities Validation of product pricing strategies and components of cost Validation of sales mix w.r.t margin analysis By identifying the areas where tax benefit can BE availed etc.

29 Future of internal audit
Research on how to perform internal audit in AI, RPO and Blockchain environment How these technologies can be deployed in IA and its impact -

30 Key challenges in managing this future..
The audit universe may undergo a change Organisations are impacted by emerging risks, technologies, innovation and disruption Completely new set of business risks System based controls evaluation Emphasis on cyber security Audit skill sets will be more IT based Accountants with high end IT knowledge IT specialists to review high end IT systems controls Deployment of DA tools with RPA capabilities – Shift to continuous auditing

31 Internal Audit 3.0 – concept presented by Deloitte
Internal audit 1.0 – Establishment of IIA – Birth of modern internal auditing Internal Audit 2.0 – Establishment of Sarbans Oxley, COSO Framework, IT Audits, Use of technology in IA Internal Audit 3.0 – Assurance, Advising and Anticipating As the saying goes, “There are those who make things happen, those who watch things happen, and those who ask, ‘What happened?’”

32 Disclaimer Views expressed here in this presentation are my personal views and do not represent any organisation

Download ppt "Internal Audit in New Era & Role of Cost Accountants"

Similar presentations

Organizational Governance

Organizational Governance
. . . a step-by-step guide to world-class internal auditing

. . . a step-by-step guide to world-class internal auditing
PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.

PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.
Auditing, Assurance and Governance in Local Government

Auditing, Assurance and Governance in Local Government
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
Internal Audit Awareness

Internal Audit Awareness
Introduction to Enterprise Risk Management (ERM)

Introduction to Enterprise Risk Management (ERM)
Institute of Municipal Finance Officers & Related Professions

Institute of Municipal Finance Officers & Related Professions
IS Audit Function Knowledge

IS Audit Function Knowledge
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
Office of Inspector General (OIG) Internal Audit

Office of Inspector General (OIG) Internal Audit
Purpose of the Standards

Purpose of the Standards
ISA 220 – Quality Control for Audits of Historical Financial Information

ISA 220 – Quality Control for Audits of Historical Financial Information
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Internal auditing for credit unions Nuala Comerford, Chair IIA Irish Region Committee Pamela McDonald Council Member IIA Credit Union Summer School Thursday,

Internal auditing for credit unions Nuala Comerford, Chair IIA Irish Region Committee Pamela McDonald Council Member IIA Credit Union Summer School Thursday,
ACADEMIC PERFORMANCE AUDIT

ACADEMIC PERFORMANCE AUDIT
Central Piedmont Community College Internal Audit.

Central Piedmont Community College Internal Audit.
D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit.

D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit.
Internal Audit within the Financial Services Authority

Internal Audit within the Financial Services Authority
Section Topics Establish a framework for assessing risk

Section Topics Establish a framework for assessing risk

Similar presentations

Ads by Google