2. Internal auditing is an
independent, objective
assurance and consulting
activity designed to add value
and improve an organization's
operations. It helps an
organisation accomplish its
objectives by bringing a
systematic, disciplined
approach to evaluate and
improve the effectiveness of
risk management, control, and
governance processes.
3. WWWWhhhhaaaatttt iiiissss IIIInnnntttteeeerrrrnnnnaaaallll AAAAuuuuddddiiiitttt????
Internal Audit is a professional activity which helps organisations to achieve their
stated objectives by:
Analyzing key processes, procedures & operations
Identifying key controls in each such operation, procedure & process
Evaluating the adequacy of these controls
Testing compliance of sample transactions against these controls
Reporting results of the evaluation of controls and compliance testing of
transactions
Recommending stronger controls wherever necessary
Suggesting methods to improve compliance with key controls
Follow up of action taken on recommendations made in previous reports
4. WWhhyy IInntteerrnnaall AAuuddiitt??
Legal and Statutory Requirement
As per Companies Act 1956 :
Internal Audit system is compulsory if,
a. Paid-up capital and reserves exceeding Rs. 50 lakhs
as at the commencement of the FY. or
b. Having an average annual turnover exceeding
Rs.5.00 crores for a period of three consecutive FY’s
immediately preceding the FY concerned,
6. IIAA –– CCooddee ooff EEtthhiiccss
PPrriinncciipplleess
Internal auditors are expected to apply & uphold the following principles:
Integrity The integrity of internal auditors establishes trust & so provides the basis
for reliance on their judgment
Objectivity
Internal auditors exhibit the highest professional objectivity in
gathering, evaluating & communicating information. Internal auditors
make a balanced assessment of all relevant circumstances & are not
unduly influenced by their own interests or others in forming judgments
Confidentiality
Internal auditors respect the value and ownership of information they
receive & do not disclose information without appropriate authority
unless there is a legal or professional obligation to do so
Competency Internal auditors apply knowledge, skills, & experience needed
7. WWWWhhhhaaaatttt aaaarrrreeee IIIInnnntttteeeerrrrnnnnaaaallll CCCCoooonnnnttttrrrroooollllssss????
Internal Controls are important checks instituted by management to have
reasonable assurance that:
Operations are carried out in an efficient & effective manner
Transactions are recorded accurately & completely
Assets are properly recorded & safeguarded
Laws are complied with
Reliable reports are generated
8. IIIInnnntttteeeerrrrnnnnaaaallll CCCCoooonnnnttttrrrroooollll MMMMyyyytttthhhhssss aaaannnndddd FFFFaaaaccccttttssss
MYTHS: FACTS:
Internal control starts with a strong set
of policies and procedures
Internal control starts with a strong set
of policies and procedures
Internal control: That’s why we have
internal auditors!
While internal auditors play a key role
in the system of control, management
has responsibility for internal control
Internal control is a finance thing Internal control is integral to every
aspect of business/operations
Internal controls are essentially
negative, like a list of “thou-shalt-nots”
Internal control makes the right things
happen the first time
Internal controls take time away from
our core activities of implementing
development objectives
Internal controls should be built
“into,” not “onto” business processes
9. IIIInnnntttteeeerrrrnnnnaaaallll CCCCoooonnnnttttrrrroooollll PPPPrrrraaaaccccttttiiiicccceeeessss
How?
Internal control is a process. It's a means to an end, not an end
in itself
Internal control is effected by people as a team, not by
internal auditor. It's not merely policy manuals & forms, but
people at every level of an organization
Internal control can be expected to provide only reasonable
assurance, not absolute assurance, to an entity's management
and governing bodies/ committees
Uses systematic methodology for analysing business
processes, procedures & activities
The cost of IA should not exceed expected benefits to be
derived
10. IIIInnnntttteeeerrrrnnnnaaaallll CCCCoooonnnnttttrrrroooollll SSSSttttrrrruuuuccccttttuuuurrrreeee
An internal control structure is simply a different way of viewing operations – a
perspective that focuses on doing the right things in the right way
MONITORING
INFORMATION INFORMATION AND
&
COMMUNICATION
COMMUNICATION
CONTROL CONTROL ACTIVITIES
ACTIVITIES
RISK ASSESSMENT
CONTROL
ENVIRONMENT
• Monthly reviews of
performance reports
• Supervisory activities
In many cases, you perform controls and interact
with the control structure every day, perhaps
without even realising it
• Reporting
• Corporate
communications
(e-mail, meetings)
• Authorisation Matrix
• Approvals/ segregations
• Security
• Reconciliations
• Proper operating &
accounting procedures
• Based on identification
& analysis of risks to
achievement of
objectives
• Corporate Policies
• Tone at the top, ethics
• Organisational authority
• Skilled personnel
11. How are HHHooowww aaarrreee IIIInnnntttteeeerrrrnnnnaaaallll AAAAuuuuddddiiiitttt &&&& EEEExxxxtttteeeerrrrnnnnaaaallll AAAAuuuuddddiiiitttt ddddiiiiffffffffeeeerrrreeeennnntttt????
Internal audit is focused at internal management support and improving
systems, procedures and processes
⇉ External audit (EA): normally statutory requirement, unlike internal audit (IA)
⇉ EA reports are addressed to stakeholders: IA reports are addressed to
Management
⇉ EA reports express an opinion on the financial statements prepared by the
entity for a specified period: IA reports evaluate and check compliance
against key internal controls
⇉ EA reports are usually public documents which are available to all
stakeholders. IA reports are for use only by Management
⇉ EA reports do not make recommendations, although may have a
Management Letter: IA reports are incomplete without recommendations.
⇉ EA is basically a review of financial statements for compliance: IA seeks to
ensure value for money to Management
13. Risks of not having Internal Audit
Chances of conflict and delay in accounting
Affects day to day activity by
Increase in Reconciliation activity
Documentation problem
Delay in closing books of accounts
Lack of track on business
Non compliance of statutory regulation
14. NNNNaaaattttuuuurrrreeee ooooffff IIIInnnntttteeeerrrrnnnnaaaallll AAAAuuuuddddiiiitttt AAAAccccttttiiiivvvviiiittttyyyy
Establish scope & activities for audit to Management
Describe key risks facing the business activities within scope of audit
Identify control procedures used to ensure each key risk is properly
controlled & monitored
Develop & execute risk based sampling & testing approach to determine
whether most important controls are operating as intended (NB: input from
Management required – e.g. 100% vouching of Credit notes to Trade partners )
Report issues/make recommendations/negotiate action plans with
Management to address issues
Follow up on reported findings periodically
ATR ( Action Taken Report ) Submission on or before time by Respective
Department.
15. CCCCoooonnnntttteeeennnnttttssss ooooffff AAAAuuuuddddiiiitttt PPPPllllaaaannnn
Updated annually
Risk based audit plan developed with input from project
staff including Management
Summary of key goals, risks & corresponding major audits, to illustrate
alignment
Based on risk assessment & available resources
Appendix materials, such as planning approach, assumptions & brief
descriptions of all planned audits & related prioritization
Approved by management/ appropriate oversight Committee
16. CCCCoooonnnntttteeeennnnttttssss ooooffff AAAAuuuuddddiiiitttt RRRReeeeppppoooorrrrtttt
Observations
Narration/ description
Remedial action
Consequences/ fall out
Recommendation for improvement (prioritized between
“high” and “normal”)
Response (action plan) – who, when and how
17. IIIIAAAA’’’’ssss PPPPrrrrooooaaaaccccttttiiiivvvveeee RRRRoooolllleeee
Identify Risks
Find Better Ways and Best Practices
Partner With Management to Find Solutions
Prevent Problems
Provide training
Respond to policy & technical accounting questions
Offer suggestions for improvement
Advisory role
18. IIddeeaall SSccooppee ooff IInntteerrnnaall AAuuddiitt
Vouching
Cash and Bank
Income and Expenses
Capital and Petty expenses
Stocks & Inventory
Verification
Purchases and Sales Registers
Debtors and Creditors
Ledger & Trial Scrutiny
Approval Matrix in routine operations
19. SSccooppee CCoonnttiinnuueedd……....
Statutory Compliances
VAT & Service Tax
ESI & PF
TDS & TCS
Excise and Customs
Channel Management
Performance of Channel Partners
Report NPA Channel Partners to Management
Revenue vs Cost Ratio of Channel Partners.
Dispute and Grievances of Channel Partner,
If any Long Pending Claims of Channel Partners
Local Support to Channel Partners, if any up gradation require in
Infrastructure then recommend to Management in Report
20. CCoonncclluuttiioonn
Company can achieve its goals in a
organised and systematic manner with
help of Internal Audit
More formal control structures reduce
possibility that risks become real
issues
Identify areas of high risk &
opportunities
Validation of process documentation
& controls
Incorporate best Practices of Trade
with in SOP and Review & update
changes regularly in SOP and Credit
Policy of Business to strengthen the
support function to sales
21. Auditors believes in ……….
“ Perception can not be reality every time”
“ Tenure has nothing to do with Honesty “
“ Best has to be Acknowledged and Worst has to be reported “
“ Only Apple to Apple to Comparisons attitude, no Apple to Orange “
“Integrity and Ethics - Zero Tolerance behaviour ”
Thank You……….
A Honest Attempt to Describe the Core function of
Enterprise