Add to collection(s) Add to saved
  1. Business
  2. Finance

to Resource Material 2 - dehradun

advertisement 
Standards on Internal Audit Codifying the Best Practices
Venue
ICAI BRANCH
City
Dehradun
On
19th May 2012
Verendra Kalra
FCA,GRAD.CWA,DISA
Introduction
Standards on Internal Audit (SIAs)Issued by the Council of the Institute of Chartered
Accountants of India
Till date 17 SIAs issued
Codify best practices in areas of internal audit
Provide a benchmark of the performance of the internal
audit services
Standards on Internal Audits
CA Verendra Kalra
Preface to the Standards on Internal Audit
(Issued in January 2004)
Scope of the Standards on Internal Audit (SIAs)
Scope of the Guidance Notes on Internal Audit
Implications of the departures from SIAs
Procedure for issuing the SIAs and Guidance
Notes
Standards
Standards on
on Internal
Internal Audits
Audits
CA
CA Verendra
Verendra Kalra
Kalra
Scope of the Standards on Internal Audit
SIAs apply whenever internal audit is carried out
Describes internal audit as
A continuous and critical appraisal of functioning of
an entity with a view:
-to suggest improvements,
-to add value and strengthen the overall governance mechanism
-including the entity’s strategic risk management and internal
control system
Standards on Internal Audits
CA Verendra Kalra
Why Internal Audit?
Internal audit helps in:
Understanding and assessing the risks and evaluate the adequacies of the prevalent
internal controls.
Identifying areas for systems improvement and strengthening controls.
Ensuring optimum utilisation of the resources of the entity, for example, human
resources, physical resources etc.
Ensuring proper and timely identification of liabilities, including contingent liabilities
of the entity.
Ensuring compliance with internal and external guidelines and policies of the entity
as well as the applicable statutory and regulatory requirements.
Safeguarding the assets of the entity.
Reviewing and ensuring adequacy of information systems security and control.
Reviewing and ensuring adequacy, relevance, reliability and timeliness of
management information system.
Standards on Internal Audits
CA Verendra Kalra
Types of Internal audits -Few Examples
Internal audit requirements under Companies (Auditor’s Report) Order, 2003 (CARO,
2003)
Internal audit of Enterprise risk management process
Internal audit of corporate governance
Internal audit of transactions of Depository Participants
Internal audit in Banks
Internal audit of treasury operations
Internal audit of plastic money operations
Internal audit of Mutual funds
Internal audit of a Not -for- Profit Organisation
Risk based Internal Audit
Standards on Internal Audits
CA Verendra Kalra
Types of Internal audits -Few Examples
(Contd…)
Internal Audit of Intellectual property
Internal audit of stock and Inventories
Internal audit of adherence to competition Law
Internal Audit - Controls due Diligence Reviews
Internal Audit of ESOP Transactions
Internal Audit of NBFCs
Internal Audit of compliance with FEMA laws
Internal Audit of compliance with Labour Law
Internal Audit of Financial Instruments
Standards on Internal Audits
CA Verendra Kalra
Internal audit-some perspectives
Need not be mandated by law
Need not be an exclusive area for CA’s
Scope is very different as compared to statutory audit
The above factors impact the :
Approach and objective
Skills required
Standards on Internal Audits
CA Verendra Kalra
Framework for Standards on Internal Audit
(Issued in August 2008)
Objective is to promote the professionalism in the internal audit
activity.
Provide a frame of reference for the SIAs being issued.
Components of Frame work
The Code of Conduct
Establishes the essential principles of conduct and prescribes for the professionals in internal
audit activity.
The Competence Framework
Describes the key characteristics that are required of persons performing internal audit.
The Body of Standards
Standards specifies the basic principles and processes.
Mandatory minimum requirements
The Technical Guidance
Provide guidance to internal auditors in resolving professional issue arising while carrying
out internal audit.
Standards on Internal Audits
CA Verendra Kalra
SIA 1, Planning Internal Audit
(Issued in May 2006)
Gives an insight into the objectives of the planning
Provides knowledge about the factors affecting the planning process
Deals with scope of the planning and the planning process
Develop and document plan in consultation with those charged with governance,
including the Audit Committee
Internal audit plan should be based on :
the objectives of the activity
significant risks
risk management and internal control system
reflect the risk management strategy
Standards on Internal Audits
CA Verendra Kalra
SIA 1, Planning Internal Audit
Contd…..
 A plan once prepared should be continuously reviewed by the internal auditor to
identify any modifications required to bring the same in line with the changes, if
any, in the audit environment.
 The internal auditor should also assess the client expectations as to the assurance
level on different aspect of entity’s operations and controls.
 The internal auditor should also prepare a formal internal audit programme listing
the procedures essential for meeting the objective of the internal audit plan.
Standards on Internal Audits
CA Verendra Kalra
SIA 2, Basic Principles Governing Internal Audit
(Issued in August 2007)
Explains the principles which governs the internal auditor’s professional
responsibilities:
Integrity, objectivity and independence,
Confidentiality
Due professional care, skills and competence
Work performed by others
Documentation
Planning
Evidence
Internal Control and Risk Management
Reporting
Standards on Internal Audits
CA Verendra Kalra
SIA 2, Basic Principles Governing Internal Audit
(Contd…)
Elaborate principles to give guidance on auditing procedure and reporting practices
Compliance with basic principles
Require application of procedures and practices appropriate to particular
circumstances
Standards on Internal Audits
CA Verendra Kalra
SIA 3, Documentation
(Issued in August 2007)
Provide guidance on documentation requirements in internal audit
Describes form and content of documentation
Detention and retention of the documentation
Identification of the preparer and reviewer
Documentation may be on paper or on electronic or any other media
Documentation should record
internal audit charter,
internal audit plan,
nature, timing and extent of audit procedures performed, and
conclusions drawn from the evidence obtained
 Signed by the preparers and reviewers
Standards on Internal Audits
CA Verendra Kalra
SIA 4, Reporting
(Issued in August 2008)
Establish standards on the form and content of internal auditor’s report.
Describes basic elements of an internal auditor’s report
Deals with different stages of communication and discussion of the report
Describes the reporting responsibilities of the internal auditor
Standards on Internal Audits
CA Verendra Kalra
SIA 4, Reporting
(Contd…)
Basic elements of Internal Audit Report
Title;
Addressee;
Report Distribution List;
Period of coverage of the Report;
Opening or introductory paragraph;
Objectives paragraph;
Scope paragraph;
Executive Summary;
Observations, findings and recommendations made by the internal auditor;
Comments from the local management;
Action Taken Report (Follow up report) ;
Date of the report;
Place of signature; and
Internal auditor’s signature with Membership Number.
Standards on Internal Audits
CA Verendra Kalra
SIA 5, Sampling
(Issued in August 2008)
Provide guidance regarding the design and selection of an audit sample
Guide on the use of audit sampling in the internal audit engagement
Deals with evaluation of sample results
Guidance on use of sample in risk assessment procedures and tests of controls
performed by the internal auditor
Standards on Internal Audits
CA Verendra Kalra
SIA 5, Sampling
(Issued in August 2008)
Evaluation of sample results
The internal auditor should:
analyse the nature and cause of any errors detected in the sample;
project the errors found in the sample to the population;
reassess the sampling risk; and
consider their possible effect on the particular internal audit objective and on other
areas of the internal audit engagement
Standards on Internal Audits
CA Verendra Kalra
SIA 6, Analytical Procedures
(Issued in August 2008)
Provide guidance regarding the application of analytical procedures during internal
audit
Deals with the aspects such as:
the nature and purpose of analytical procedures,
analytical procedures as risk assessment procedures and planning the internal audit
Analytical procedures as substantive procedures
Analytical procedures in the overall review at the end of the internal audit
Extent of reliance on analytical procedures
Standards on Internal Audits
CA Verendra Kalra
SIA 6, Analytical Procedures
(Contd….)
Analytical Procedures as Risk Assessment Procedures and in Planning the Internal
Audit
to obtain an understanding of the business, the entity and its environment and in
identifying areas of potential risk
Analytical Procedures as Substantive Procedures
procedures to reduce detection risk relating to specific financial statement assertions
and assertions relating to process, systems and controls
Analytical Procedures in the Overall Review at the End of the Internal Audit
forming an overall conclusion as to whether the systems, processes and controls as a
whole are robust, operating effectively and are consistent with the internal auditor's
knowledge of the business
Standards on Internal Audits
CA Verendra Kalra
SIA 7, Quality Assurance in Internal Audit
(Issued in August 2008)
A system for assuring the quality in internal audit should provide reasonable assurance
that the internal auditors comply with professional standards, regulatory and legal
requirements so that the reports issued by them are appropriate in the circumstances.
provide the guidance to the person entrusted with the responsibility for the quality
of the internal audit whether in-house internal audit or a firm carrying out internal
audit.
This Standard also provide the extensive knowledge about the internal quality
reviews, external quality reviews and communicating the results thereof.
Standards on Internal Audits
CA Verendra Kalra
SIA 7, Quality Assurance in Internal Audit
(Contd…)
Objectives
Provide assurance that internal auditor comply with professional standards,
regulatory and legal requirements
Person within the entity should be entrusted with the responsibility for quality in
the internal audit
Include policies and procedures addressing each of following elements:
Leadership responsibilities for quality in internal audit
Ethical requirements
Acceptance and continuance of client relationship and specific engagement, as may
be applicable
Human resources
Engagement performance
Monitoring
Standards on Internal Audits
CA Verendra Kalra
SIA 8, Terms of Internal Audit Engagement
(Issued in August 2008)
Establish standards in respect of terms of engagement of the internal audit activity
whether carried out in house or by an external agency.
Clarity on terms of internal audit engagement is essential for inculcating
professionalism and avoiding misunderstanding as to any aspect of the engagement.
Elements of Terms of Engagement
Scope
Responsibility
Authority
Confidentiality
Limitations
Reporting
Compensation
Compliance with Standards
Standards on Internal Audits
CA Verendra Kalra
SIA 9, Communication with Management
(Issued in January 2009)
 Provides a framework for internal auditor’s communication with management and
identifies some specific matters to be communicated with management as
described in the terms of the engagement.
 Deals with the aspects such as:
 Matters to be communicated
 The communication process- Forms, Timing, Adequacy
 Documentation of Communication
Internal Auditor’s Responsibilities in Relation to the Terms of Engagement
Planned Scope and Timing of the Internal Audit
Significant Findings from the Internal Audit
Standards on Internal Audits
CA Verendra Kalra
SIA 9, Communication with Management
(Contd…)
Communication to management includes the following steps:
Discussion draft - should be submitted to the entity management for their review before the
exit meeting
Exit meeting- internal auditor should discuss with the management of the entity regarding the
findings, observations, recommendations, and text of the discussion draft.
Formal Draft- prepare a formal draft, taking into account any revision or modification resulting
from the exit meeting and other discussions.
Final report- The internal auditor should submit the final report to the appointing authority or
such members of management, as directed.
Standards on Internal Audits
CA Verendra Kalra
SIA 10, Internal Audit Evidence
(Issued in January 2009)
 Deals with the aspects such as:
 objective of the internal audit evidence,
 sufficiency and appropriateness of internal audit evidence,
 procedures for obtaining evidence
 Internal audit evidence should enable internal auditor to form an opinion on scope
of terms of engagement
Standards on Internal Audits
CA Verendra Kalra
SIA 10, Internal Audit Evidence
(Contd…)
Sufficient and Appropriate Internal Audit Evidence
Internal auditor’s judgement as to what is sufficient and appropriate internal audit
evidence is usually influenced by:
The materiality of the item.
The type of information available.
Degree of risk of misstatement which may be affected by factors such as :
-The nature of the item.
-The nature or size of the business carried on by the entity.
-Situation which may exert an unusual influence on management
Standards on Internal Audits
CA Verendra Kalra
SIA 11, Consideration of Fraud in an Internal Audit
(Issued in January 2009)
 Deals with the aspects such as:
 what is fraud ?
 concept of internal control system,
 elements of internal control system,
 responsibilities of the internal auditors,
 to whom the internal auditors will communicate about the presence of fraud,
 documentation of fraud risk factors when identified
Standards on Internal Audits
CA Verendra Kalra
SIA 11, Consideration of Fraud in an Internal Audit
(Issued in January 2009)
Responsibilities of the Internal Auditor
Internal auditor to help management fulfill the responsibilities relating to fraud detection and
prevention
Approach of internal auditor should include
Control Environment
Risk Assessment
Information System and Communication
Control Activities
Monitoring
Standards on Internal Audits
CA Verendra Kalra
SIA 12, Internal Control Evaluation
(Issued in February 2009)
 Deals with the aspects such as:
 Nature, Purpose and Types of Internal Controls
 Inherent Limitations of Internal Controls
 Role of Internal Auditor in Evaluating Internal Controls
 Monitoring Internal Audit findings
 Communication of Continuing Internal Control Weaknesses
Standards on Internal Audits
CA Verendra Kalra
SIA 12, Internal Control Evaluation
(Contd….)
Role of Internal Auditor
Examine continued effectiveness of internal control system through evaluation and
make recommendations, if any, for improving effectiveness.
 Focus towards improving internal control structure and promoting better corporate
governance.
 Make management aware, as soon as practical and at an appropriate level, of
material weaknesses in design or operation of internal control systems
Standards on Internal Audits
CA Verendra Kalra
SIA 13, Enterprise Risk Management
(Issued in February 2009)
 Describes Risk and Enterprise Risk Management
 Deals with the aspects such as:
 Process of ERM and Internal Audit
 Role of Internal Auditor in Relation to ERM
 Monitoring Internal Audit findings
 Internal Audit Plan and Risk Assessment
Standards on Internal Audits
CA Verendra Kalra
SIA 13, Enterprise Risk Management
(Contd….)
Role of Internal Auditor in Relation to ERM
 Provide assurance to management on effectiveness of risk management
 Review maturity of ERM structure by considering whether framework so
developed,:
Protects enterprise against surprises;
Stabilizes overall performance with less volatile earnings;
Operates within established risk appetite;
Protects ability of enterprise to attend to its core business
Creates system to proactively manage risks
Standards on Internal Audits
CA Verendra Kalra
SIA 14, Internal Audit in an Information Technology
Environment
(Issued in March 2009)
 Describes:
 Skills and competence to conduct internal audit in an IT environment
 Factors to be consider while planning such an internal audit
 Matters that may effect audit in an IT environment
 Risk Assessment
 Audit Procedures
 Review of IT Environment
 Outsourced Information Processing
 Documentation
Standards on Internal Audits
CA Verendra Kalra
SIA 14, Internal Audit in an Information Technology
Environment
(Contd…)
Review of Information Technology Environment
Overall objective and scope of an internal audit does not change in an IT
environment
Consider IT environment in designing audit procedures to review systems,
processes, controls and risk management framework
Apply professional judgment and skill in reviewing IT environment and assessing
interface of such IT infrastructure with other business processes
Standards on Internal Audits
CA Verendra Kalra
SIA 15, Knowledge of the Entity and Its Environment
(Issued in March 2009)
 Establish standards to provide guidance on:
 what constitutes knowledge of an entity’s business
 its importance to various phases of internal audit engagement
 techniques to be adopted by internal auditor in acquiring such knowledge about
entity and its environment
 guidelines regarding application, usage and documentation of such knowledge by
internal auditor
Standards on Internal Audits
CA Verendra Kalra
SIA 15, Knowledge of the Entity and Its Environment
(Contd…)
Using information appropriately assists internal auditor in :
Assessing risks and in identifying key focus areas
Planning and performing internal audit effectively and efficiently
Evaluating audit evidence
Providing better quality of service to client
Standards on Internal Audits
CA Verendra Kalra
SIA 16, Using the Work of an Expert
(Issued in March 2009)
 Provide guidance where the internal auditor uses the work performed by an expert
 Explains situations in which need for using work of an expert might arise
 Considering skills and competence and objectivity of the expert
 Lays down procedures for evaluating the work of an expert
Standards on Internal Audits
CA Verendra Kalra
SIA 16, Using the Work of an Expert
(Contd…)
Reference to an expert in Report
Should not, normally, refer to work of an expert in internal audit report
Reference may be useful in cases
Existence of material weaknesses or deficiencies in internal control system
Beneficial to the readers
Reference should outline assumptions, broad methodology and conclusions of
expert
Standards on Internal Audits
CA Verendra Kalra
SIA 17, Consideration of laws and regulations in an
Internal Audit
(Issued in 2010)
Objectives of internal auditor
 To obtain sufficient appropriate audit evidence regarding compliance with the
provisions of those laws and
regulations
having direct effect on the financial
statements
 identify instances of non compliance with other laws and regulations that may have
a significant impact on the functioning of the entity
 To respond appropriately to non-compliance or suspected non-compliance
with laws and regulations identified during the internal audit.
Standards on Internal Audits
CA Verendra Kalra
SIA 17, Consideration of laws and regulations in an
Internal Audit
(Contd….)
Responsibility of the Internal Auditor
 the identification of non-compliance with laws and regulations is also an inherent
part of his responsibilities.
 The responsibilities of an internal auditor related to compliance with laws and
regulations are much wider than the statutory audit function.
 Even in the absence of an explicit mention in the terms of the engagement, the
internal auditor has to verify compliance with laws and regulations within the overall
objectives of an internal audit . This is in view of the following:
paragraph 2 of the Standard on Internal Audit (SIA) 1,“Planning an Internal Audit”
paragraph 8 & 10 of the Standard on Internal Audit (SIA) 12,“Interenal control
Evaluation”
 paragraph 9 of the Standard on Internal Audit (SIA) 13,“Enterprise risk management”
Standards on Internal Audits
CA Verendra Kalra
SIA 17, Consideration of laws and regulations in an
Internal Audit
(Contd….)
Responsibility of the Internal Auditor (contd…)
 Compliances are divided into two part
a) Compliances that have a direct effect on the determination of material amounts and
disclosures in the financial statements such as tax and laws regulating the reporting
framework
Auditors responsibility: to obtain sufficient appropriate audit evidence, in accordance with
the Standard on Internal Audit (SIA) 10, “Internal Audit Evidence”, about compliance with
the provisions of those laws and regulations.
b) Other laws and regulations that do not have a direct effect on the determination of the
amounts and disclosures in the financial statements, but compliance with which may be
fundamental to the operating aspects of the business, to an entity’s ability to continue its
business, or to avoid material penalties
Auditors responsibility: is limited to undertaking specified audit procedures to help identify
non-compliance with those laws and regulations that may have a significant impact on the
functioning of the entity
Standards on Internal Audits
CA Verendra Kalra
SIA 17, Consideration of laws and regulations in an
Internal Audit
(Contd….)
Reporting Non compliances
 To those charged with governance
 the internal auditor shall communicate with those charged with governance (if all are not
part of management) matters involving non-compliance with laws and regulations that come to
the internal auditor’s attention during the course of the internal audit, other than when the
matters are clearly inconsequential.
 If, in the internal auditor’s judgment, the non-compliance is believed to be intentional and
material, the internal auditor shall communicate the matter to those charged with governance
as soon as practicable
Standards on Internal Audits
CA Verendra Kalra
SIA 17, Consideration of laws and regulations in an
Internal Audit
(Contd….)
Reporting Non compliances (Contd….)
 Reporting non compliance in Internal Audit report
 If the internal auditor concludes that the non-compliance has a significant impact
on the functioning of an entity and has not been adequately dealt with by the
management, the internal auditor shall report the same in accordance with SIA 4,
“Reporting”.
Standards on Internal Audits
CA Verendra Kalra
THANK YOU
Related documents
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
Audit Poster - BSG Colonoscopy Audit
Audit Poster - BSG Colonoscopy Audit
LGFMA Presentation - Internal Audit Program Model
LGFMA Presentation - Internal Audit Program Model
QUALITY ASSURANCE: Obstetrics Auditing, Records & Reports
QUALITY ASSURANCE: Obstetrics Auditing, Records & Reports
KnowingWhatToExpectW..
KnowingWhatToExpectW..
NDSA Standards: Self-assessment a
NDSA Standards: Self-assessment a
Electronic Data Processing * Audit Sistem Informasi
Electronic Data Processing * Audit Sistem Informasi
Internal control over Financial reporting : An IS control perspective
Internal control over Financial reporting : An IS control perspective
Download
advertisement