INTERNAL AUDIT Smita Chaudhri Accountant General (C&RA) U.P. Audit types – common terminologies Three categories of audit : • CA audit • External / Statutory ( also known as audit by CAG/AG) • Internal audit. Audit types – common terminologies CA audit • For companies / corporations / nigams • Done by CA firms • Appointed by the management to check if the accounts present a true and fair view • For PSUs – appointed by CAG • If accounts have been prepared according to the accounting standards (AS) laid down by the ICAI. • Annual accounts are audited by these auditors. • Satyam case….. Audit types – common terminologies External Audit • obvious - it is by an agency external to the entity • For governments – it is by the SAI ( in India – CAG) • For international organizations – UN , WHO etc – by SAIs of member nations • For PSUs – CAG • It is independent therefore - impartial • Responsible to the legislature. • Functions under authority of Act. • Checks - whether expenditure made was economical , efficient , effective and as per rules and revenue collection optimized Audit types – common terminologies Internal audit • a diagnostic aid of top management • to enable pinpointing of problems , internal control weaknesses and to suggest system improvements • a part of the executive function enjoying its own degree of autonomy • accountable to the entity but should be independent of the activity it audits in order to achieve its objectives • hence world over – IA reports directly to the Board/Audit committee • is under administrative control of CEO of firms / companies/ corporations • in Government – should report directly to the Secy /Pr Secy of the department • in US – operates under an Act Similarities & Differences • All check accuracy of financial data. • EA & IA – focus on expenditure control and revenue optimization , adherence to policies • EA focus is to unearth frauds and errors , annual / periodical exercise • IA focus - on prevention of frauds and errors , continuous stocktaking exercise • CA audit focus – correctness / accuracy of financial statements • EA – independent , impartial. Governed by DPC Act • IA – part of the entity , but should be independent of the part it audits – hence report direct to CEO. Governed by rules of organization • CA Audit – appointed by management , responsible to code / standards set by ICAI / CAG/ GASAB Definition - IA As defined by the Institute of Internal Auditors IA is : • An Independent , objective assurance activity designed to add value & improve an organization’s operations. • It helps the organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve effectiveness of the management , control and governance processes. Role of Internal Audit • chief role – – to render effective financial advice through recurrent and sufficient sustained checks of the system of internal controls – to help ensure an orderly and efficient conduct of business including adherence to policies, prevention of frauds and errors and ensure completeness of financial records. – a tool of the management to ensure expenditure control and revenue optimization through system improvement Role of Internal Audit • management – responsible for establishing policies /processes to help organization achieve specific objectives. • IA – evaluates whether the policies are designed properly and whether they are operating effectively • identifies potential risk areas • risks can be – strategic, operational, financial, legal / regulatory Role of Internal Audit • role in corporate governance – as one of the 4 pillars ( BOD, management, EA, IA) • improving of internal control is with reference to: – effectiveness and efficiency of operations. – reliability of financial reporting – compliance to laws & regulations Is IA a new concept ? • for Government – comparatively new especially in our country – In UP – started in 2000, – WB was 1st state - in 1998 • for private sector – old concept , initially stated as informal tool of owner / management • after WW-II formal structure evolved, institute of Internal Auditors set up , standards developed • especially strong in banking / financial institutions Elements of IA • Organizational independence - from management – needed to enable unrestricted evaluation of activities and personnel • Independence refers to – – reporting line – who does IA ( IAO ) report to ? – status of IA- and the IAO - so as to actively fulfill responsibilities – attitude to IA – free from interference – esp w.r.t scope , performing of the audit & communicating results – right of communication – directly to BOD/ head of the organization If even one of these is compromised the IA loses its relevance Planning IA Prepare a plan Take management inputs while preparing plan so that it is clear that goals of IA & organization are on the same track Establish and communicate the scope of audit to management Develop understanding of the processes under review Identify key risks Identify control procedures developed to control each process Sample and test check to examine control processes through interview , examining documents Report which should have recommendations Follow up IA Reports Elements of internal audit reports: ( the 5 Cs) – Condition –what was the problem identified – Criteria – what standard or policy could not be met – Cause – why did the problem occur – Consequence – what are the possible outcomes/ risks associated with the problem – Corrective action - recommendation Internal Audit in Government • In the Private sector priorities are well defined – profit maximization • In Govt. – – policies & priorities based on public good , welfare schemes , etc. – limited scope / no incentives for efficiency – disincentive – for proactive protecting of public interest – wastage due to poor judgement in managing / allocating resources Internal Audit in Government • Audit reports highlighting these are generally felt as damaging to Govt in power and / or to bureaucrats in control position • Therefore IA in Govt presents unique opportunities and a challenge to advocates of good governance • The Challenge – – work through & with the system to achieve objectives , ensure public resources are effectively and efficiently used – change mindset, promote independence, expand scope and develop a skill set which helps decision making Internal Audit in Government Drawbacks while international standards ( like accounting standards ) are available • Governmental IA continues to focus on relatively minor issues viz; accuracy of accounts, pointing out irregularities and frauds , check if initial books of account are maintained • it is like compliance audit, is accorded low priority, • there are lack of resources and professional knowledge • no specific mandate is given by the executive Why IA in Govt ? • fiscal responsibility and accountability legislation – has changed scenario in Govt • coming of outcome budgeting – will lead to shift in emphasis from outlays to outcomes • disclosure statements will become a part of budget • more transparency - RTI act , 24* 7 media , increased communication NEED OF THE HOUR • accountability • responsiveness IA - an aid to achieve this Can IA aid effective governance ? IA – • is control of all controls – checks whether internal controls are working as they should • offers scope for mid course correction • preventive vigilance as it concurrent rather than post audit • to be taken as constructive input • encouraged to give +ve recommendation Can IA aid effective governance ? YES Why ?? a mandate of IA is to identify potential risk areas • risks can be – strategic, operational, financial, legal / regulatory • Govt manages huge resources – hence larger exposure to risks Can IA aid effective governance ? Risks in Govt • Financial – like frauds, embezzlements • Legal- not depositing EPF, non deduction of WCT, TDS • Strategic & Operational – biased beneficiary selection, inconsistencies in programme management with objectives – failures – to meet contractual obligations – project delays – time /cost overruns – Environmental damage – (recent Mumbai chlorine gas leak) – Threat assessment and response – 26/11 Risk assessment by IA • citizens lose if public services are inefficient / inadequate • if fail to meet public expectations – reputation of department / Govt. suffers Identification of risks and mitigation will help better service delivery , better project management, improved allocation of resources , minimize waste Can IA aid effective governance ? • • • • • in brief - IA can check whether Government policies as set out in rules & regulations – are understood and properly implemented whether codes of conduct for Government employees – followed or not whether levels of delegation of authority, responsibility and accountability and their demarcation / checks are clear presence or absence of - long and short term planning for setting up objectives cost benefit studies of major activities - whether the results are in conformity with the goals Can IA aid effective governance ? IA can check • the reliability and integrity of financial and operating information • the means utilized to safeguard and verify the existence of financial and physical assets. • proper accounting and operating procedures to ensure reliability of accounting data and efficiency of operations • review of operations – to reduce possibility of fraud / collusion conclusion world is dynamic , rapidly evolving with changes in technology , globalization , deregulation this causes – • rapid change in Govt. business • changed relationship between Govt & citizens • rising public expectations hence - need for robust monitoring mechanisms to deliver quality services to citizens effective IA – a major tool for ensuring delivery Thank you