GOVERNMENT INTERNAL AUDITBASIC CONCEPT OF INTERNAL AUDIT

UNDERSTANDING THE INTERNAL AUDIT Definition according to IIA: Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Output: 1. Assurance 2. Consultation Quality: 1. Independent 2. Objective Aim: 1. Add value 2. Improve operations Purpose: Help accomplish objectives Method: evaluate & improve effectiveness of risk management, control and governance.

Definition according to SPIP (PP No.60/2008 1.1.3): Pengawasan Intern adalah seluruh proses kegiatan audit, reviu, evaluasi, pemantauan, dan kegiatan pengawasan lain terhadap penyelenggaraan tugas dan fungsi organisasi dalam rangka memberikan keyakinan yang memadai bahwa kegiatan telah dilaksanakan sesuai dengan tolok ukur yang telah ditetapkan secara efektif dan efisien untuk kepentingan pimpinan dalam mewujudkan tata kepemerintahan yang baik. Output: Assurance Quality: Not clear (memadai=sufficient) Aim: 1. Reach stated standard 2. Effective & efficient operations Purpose: Leaders interest for realizing good governance Method: audit, review, evaluation, monitoring, and other auditing activities.

INTERNAL AUDIT ORGANISATIONAL POSITION

Source: http://www.bbkonline.com/

INTERNAL AUDIT ROLES

INTERNAL AUDIT ROLES

HISTORY OF INTERNAL AUDIT 4000BC: formal record-keeping systems were first instituted by organized businesses and governments in the Near East to allay their concerns about correctly accounting for receipts and disbursements and collecting taxes. 1122-256 BC: Zhao dynasty in China, governments in Babylonia, Greece, the Roman Empire, the City States of Italy, etc. all worried about incompetent officials prone to making bookkeeping errors and inaccuracies as well as corrupt officials who were motivated to perpetrate fraud whenever the opportunity arose.

1800 BC - 95 AD: Bible explains the basic rationale for instituting controls straightforwardly: if employees have an opportunity to steal they may take advantage of it. The Bible also contains examples of internal controls such as the dangers of dual custody of assets, the need for competent and honest employees, restricted access, and segregation of duties (OReilly et al., 1998). 620 AD: Quran taught Muslims in Middle East Asia to record their business transactions and provide an internal control in the form of two witnesses (QS 2:282). This recording and controlling methods later on brought to Europe (by Turkey Ottoman and Spain Andalusia).

1494 AD: the critical need for exercising stewardship and control emerged. Throughout European history, e.g., fraud cases such as the South Sea bubble of the 18th century, and the tulip scandal provided the justification for exercising more control over managers, hence the double entry bookkeeping. (Luca Pacioli, "Summa de Arithmetica, Geometria, Proportioni et Proportionalit meaning: "Review of Arithmetic, Geometry, Ratio and Proportion Venice: 1494). 1815-1914 AD: the mass migration brought auditing to the US from England during the industrial revolution. Managerial control through auditing continued to gain favour up to and through the 20th century.

1914 AD: The Federal Trade Commission (FTC) was created to anticipate the growing rapidly economy after World War I which was accompanied by a rise in pricefixing, interlocking directorates, stock manipulations, and false statements of business performance. Regulatory actions followed and auditing was used as a means to confirm that laws were being followed. 1930s : The Great Depression brought more regulatory action for publicly traded securities. The Securities Act of 1933, the Securities and Exchange Act of 1934, the Public Utilities Holding Company Act of 1935, and the Investment Company Act of 1940 were enacted by the US Congress.

1977 AD: Foreign Corrupt Practices Act was issued as the US government's response to outcries as news of corporate wrong-doings increased. The Act was passed to prevent secret funds and bribery. It specifically prohibited offering of bribes to foreign officials. It required organizations to maintain adequate systems of internal control and maintain complete and accurate financial records. While the Act did not specifically call for an internal auditing function, internal auditors were poised and ready to help management fulfill the requirements of this Act. Testing and evaluation of internal controls within companies increased significantly. The role of internal auditors was viewed with new importance.

1987 AD: In the mid-to-late 1980s there were a number of large business failures and financial statement frauds. On several occasions external auditing firms failed to detect those frauds. The issues of fraudulent financial reporting were examined by a group of private sector organizations which included: the American Institute of Certified Public Accounts (AICPA), the American Accounting Association (AAA), the Financial Executives Institute (FEI), the Institute of Internal Auditors (IIA), and the National Association of Accountants (NAA). This group of organizations, known as the Treadway Commission, issued its final recommendations in 1987.

1992 AD: Among other recommendations, the Treadway Commission's report directs companies: to maintain adequate internal control systems, to establish effective and objective internal audit functions staffed with adequate qualified personnel, and to coordinate internal auditing with the external audit of the financial reports. The report also directed internal auditors to consider whether their findings of a non-financial nature could impact the financial statements. The Commission also directed its sponsoring organizations to develop guidance on internal control which in turn issued its report Internal Control Integrated Framework in 1992, which again emphasized the importance of internal controls. The report is known as COSO (Committee of Sponsoring Organizations of the Treadway Commission) framework.

PHASES OF INTERNAL AUDITPLANNING During the planning portion of the audit, the auditor notifies the client of the audit, discusses the scope and objectives of the examination in a formal meeting with organization management, gathers information on important processes, evaluates existing controls, and plans the remaining audit steps.

PLANNING PHASE OF INTERNAL AUDITAnnouncement Letter The client is informed of the audit through an announcement or engagement letter from the Internal Audit Director. This letter communicates the scope and objectives of the audit, the auditors assigned to the project and other relevant information.

PLANNING PHASE OF INTERNAL AUDITInitial Meeting During this opening conference meeting, the client describes the unit or system to be reviewed, the organization, available resources (personnel, facilities, equipment, funds), and other relevant information. The internal auditor meets with the senior officer directly responsible for the unit under review and any staff members s/he wishes to include. It is important that the client identify issues or areas of special concern that should be addressed.

PLANNING PHASE OF INTERNAL AUDITPreliminary Survey In this phase the auditor gathers relevant information about the unit in order to obtain a general overview of operations. S/He talks with key personnel and reviews reports, files, and other sources of information.

PLANNING PHASE OF INTERNAL AUDITInternal Control Review The auditor will review the unit's internal control structure, a process which is usually time-consuming. In doing this, the auditor uses a variety of tools and techniques to gather and analyze information about the operation. The review of internal controls helps the auditor determine the areas of highest risk and design tests to be performed in the fieldwork section. Click here for an annual internal control review plan.

PLANNING PHASE OF INTERNAL AUDITAudit Program Preparation of the audit program concludes the preliminary review phase. This program outlines the fieldwork necessary to achieve the audit objectives.

PHASES OF INTERNAL AUDITFIELD WORK The fieldwork concentrates on transaction testing and informal communications. It is during this phase that the auditor determines whether the controls identified during the preliminary review are operating properly and in the manner described by the client. The fieldwork stage concludes with a list of significant findings from which the auditor will prepare a draft of the audit report.

FIELDWORK PHASE OF INTERNAL AUDITTransaction Testing After completing the preliminary review, the auditor performs the procedures in the audit program. These procedures usually test the major internal controls and the accuracy and propriety of the transactions. Various techniques including sampling are used during the fieldwork phase.

FIELDWORK PHASE OF INTERNAL AUDITAdvice & Informal Communications As the fieldwork progresses, the auditor discusses any significant findings with the client. Hopefully, the client can offer insights and work with the auditor to determine the best method of resolving the finding. Usually these communications are oral. However, in more complex situations, memos and/or e-mails are written in order to ensure full understanding by the client and the auditor. Our goal: No surprises.

FIELDWORK PHASE OF INTERNAL AUDITAudit Summary Upon completion of the fieldwork, the auditor summarizes the audit findings, conclusions, and recommendations necessary for the audit report discussion draft. Working Papers Working papers are a vital tool of the audit profession. They are the support of the audit opinion. They connect the clients accounting records and financials to the auditors opinion. They are comprehensive and serve many functions.

PHASES OF INTERNAL AUDITREPORTING Audit Report Our principal product is the final report in which we express our opinions, present the audit findings, and discuss recommendations for improvements. To facilitate communication and ensure that the recommendations presented in the final report are practical, Internal Audit discusses the rough draft with the client prior to issuing the final report.

REPORTING PHASE OF INTERNAL AUDITDiscussion Draft At the conclusion of fieldwork, the auditor drafts the report. Audit management thoroughly reviews the audit working papers and the discussion draft before it is presented to the client for comment. This discussion draft is prepared for the unit's operating management and is submitted for the client's review before the exit conference.

PHASES OF INTERNAL AUDITCLOSING Exit Conference When audit management has approved the discussion draft, Internal Audit meets with the unit's management team to discuss the findings, recommendations, and text of the draft. At this meeting, the client comments on the draft and the group works to reach an agreement on the audit findings

CLOSING PHASE OF INTERNAL AUDITFormal Draft The auditor then prepares a formal draft, taking into account any revisions resulting from the exit conference and other discussions. When the changes have been reviewed by audit management and the client, the final report is issued.

PHASES OF INTERNAL AUDITFinal Report Internal Audit prints and distributes the final report to the unit's operating management, the unit's reporting supervisor, the Vice President for Administration, the Chief Accountant, and other appropriate members of senior management. This report is primarily for internal management use. The approval of the Internal Audit Director is required for release of the report outside of the organisation.

CLOSING PHASE OF INTERNAL AUDITClient ResponseThe client has the opportunity to respond to the audit findings prior to issuance of the final report which can be included or attached to our final report. However, if the client decides to respond after we issue the report, the first page of the final report is a letter requesting the client's written response to the report recommendations. In the response, the client should explain how report findings will be resolved and include an implementation timetable. In some cases, managers may choose to respond with a decision not to implement an audit recommendation and to accept the risks associated with an audit finding. The client should copy the response to all recipients of the final report if s/he decides not to have their response included/attached to Internal Audit's final report.

CLOSING PHASE OF INTERNAL AUDITClient Comments Finally, as part of Internal Audit's self-evaluation program, we ask clients to comment on Internal Audit's performance. This feedback has proven to be very beneficial to us, and we have made changes in our procedures as a result of clients' suggestions.

PHASES OF INTERNAL AUDITFOLLOW UP Within approximately one year of the final report, Internal Audit will perform a follow-up review to verify the resolution of the report findings. Follow-up Review The client response letter is reviewed and the actions taken to resolve the audit report findings may be tested to ensure that the desired results were achieved. All unresolved findings will be discussed in the follow-up report.

FOLLOW-UP PHASE OF INTERNAL AUDITFollow-up Report The review will conclude with a follow-up report which lists the actions taken by the client to resolve the original report findings. Unresolved findings will also appear in the followup report and will include a brief description of the finding, the original audit recommendation, the client response, the current condition, and the continued exposure to the organisation. A discussion draft of each report with unresolved findings is circulated to the client before the report is issued. The follow-up review results will be circulated to the original report recipients and other officials as deemed appropriate.

INTERNAL AUDIT PROCESS: A COLLABORATIVE EFFORTAs pointed out, during each stage in the audit process-preliminary review, field work, audit reports, and follow-up-clients have the opportunity to participate. There is no doubt that the process works best when client management and Internal Audit have a solid working relationship based on clear and continuing communication. Many clients extend this working relationship beyond the particular audit. Once the audit department has worked with management on a project, we have an understanding of the unique characteristics of your unit's operations. As a result, we can help evaluate the feasibility of making further changes or modifications in your operations.

CONCLUSIONGroup Work Each group consists of 5-6 students. Write your own conclusion regarding our Government Internal Audit lessons today.

The EndThank you for your kind attention!

Allhumma infan bim allamtan wa allimn ma yanfaun. Oh Allah! Make useful for me what You taught me and teach me knowledge that will be useful to me.

Bibliography: Lawrence B. Sawyer (2003), Internal Auditing The Practice of Modern Internal Auditing, The Institute of Internal Auditors; Akmal (2006), Pemeriksaan Internal (Interal Audit), PT Indeks, Gramedia Group. Audit Network www.auditnet.org The Institute of Internal Auditors www.theiia.org

INDIVIDUAL HOMEWORKHomework, due next week: Write a 500 word essay on any of the following topics: - Definition of Internal Audit - History of Internal Audit - The Phases of Internal Audit