of 72
8/12/2019 Internal Audit 101
1/72
8/12/2019 Internal Audit 101
2/72
Governance, Risk
Management & Compliance
Our Vision
To be the lead advocate, trainer
and practitioner in internal
auditing in Africa by providing
superior internal audit solutionsto the private and public sectors
as well as the third sector .
8/12/2019 Internal Audit 101
3/72
Governance, Risk
Management & Compliance
Our Mission
To engage internal audit leaders
and their customers; government
officials, corporate executives and
senior management in a constantdialogue on the position, role and
value of the internal audit
activity.
8/12/2019 Internal Audit 101
4/72
Governance, Risk
Management & Compliance
8/12/2019 Internal Audit 101
5/72
Governance, Risk
Management & Compliance
Internal Audit 101:
Audit Principles and Techniques
8/12/2019 Internal Audit 101
6/72
Governance, Risk
Management & Compliance
Course Overview
Day One Modern Internal Auditing The Audit Process
Risk Management and Risk Assessment
Audit Planning
Day Two Process Documentation
Audit Programs
Audit Fieldwork
Audit Reports
Soft Skills
8/12/2019 Internal Audit 101
7/72
Governance, Risk
Management & Compliance
Module One
Modern Internal Auditing
8/12/2019 Internal Audit 101
8/72
Governance, Risk
Management & Compliance
Modern Internal Auditing
Internal Auditing Defined
Code of Ethics
The Value Proposition of IA
The Role of Internal Auditor
The IIA Competency Framework
Components of the Audit Model
8/12/2019 Internal Audit 101
9/72
Governance, Risk
Management & Compliance
Internal Auditing Defined
independent, objective assurance
and consulting activity designed to1add value and improve an
organizations operations. It 2helps
an organization accomplish itsobjectivesby bringing a systematic,disciplined approach to 3evaluate
and improve the effectiveness ofrisk management, control, and
governance processes
8/12/2019 Internal Audit 101
10/72
Governance, Risk
Management & Compliance
Internal Auditing Defined
Thewhat
The
how
The
why
8/12/2019 Internal Audit 101
11/72
Governance, Risk
Management & Compliance
What are we doing?
1adding value and improving on
organisations operations
Making things better than whenwe met it.
Systems | Processes | Procedures
8/12/2019 Internal Audit 101
12/72
Governance, Risk
Management & Compliance
Why are we doing it?
2helping the organization
accomplish its objectives
How do you determineorganisational objectives?
Gain a seat at the table
8/12/2019 Internal Audit 101
13/72
Governance, Risk
Management & Compliance
How are you doing it?
3evaluating and improving the
effectiveness of risk
management, control, and
governance processes
The triple magic wand
8/12/2019 Internal Audit 101
14/72
Governance, Risk
Management & Compliance
IIA Definition Logic
Helps the organizationaccomplish its objectives
Adding value and improving onorganisations operations
Evaluating and improving on the effectivenessof GRC processes
8/12/2019 Internal Audit 101
15/72
Governance, Risk
Management & Compliance
Internal Auditing Defined
independent, objective assurance
and consulting activity designed to1add value and improve an
organizations operations. It 2helps
an organization accomplish itsobjectivesby bringing a systematic,disciplined approach to 3evaluate
and improve the effectiveness ofrisk management, control, and
governance processes
8/12/2019 Internal Audit 101
16/72
Governance, Risk
Management & Compliance
Code of Ethics
Principles and Rules
Integrity
Objectivity
Confidentiality
Competency
8/12/2019 Internal Audit 101
17/72
Governance, Risk
Management & Compliance
Code of EthicsPrinciples
Integrity
The integrity of internal auditors
establishes trust and thus provides
the basis for reliance on their
judgment
8/12/2019 Internal Audit 101
18/72
Governance, Risk
Management & Compliance
Integrity Rules
Shall perform their work with honesty,
diligence, and responsibility Shall observe the law and make
disclosures expected by the law and the
profession Shall not knowingly be a party to any
illegal activity, or engage in acts that are
discreditable to the profession of internal
auditing or to the organization
Shall respect and contribute to the
legitimate and ethical objectives of the
organization
8/12/2019 Internal Audit 101
19/72
Governance, Risk
Management & Compliance
Code of EthicsPrinciples
Objectivity
Internal auditors exhibit the
highest level of professional
objectivity in gathering,
evaluating, and communicating
information about the activity or
process being examined.
8/12/2019 Internal Audit 101
20/72
Governance, Risk
Management & Compliance
Objectivity Rules
Shall not participate in any activity or
relationship that may impair or bepresumed to impair their unbiased
assessment.
Shall not accept anything that mayimpair or be presumed to impair their
professional judgment.
Shall disclose all material facts known
to them that, if not disclosed, may
distort the reporting of activities
under review.
8/12/2019 Internal Audit 101
21/72
Governance, Risk
Management & Compliance
Code of EthicsPrinciples
Confidentiality
Internal auditors respect the value
and ownership of information they
receive and do not disclose
information without appropriateauthority unless there is a legal or
professional obligation to do so.
8/12/2019 Internal Audit 101
22/72
Governance, Risk
Management & Compliance
Confidentiality Rules
Shall be prudent in the use and
protection of information acquiredin the course of their duties.
Shall not use information for any
personal gain or in any manner
that would be contrary to the law
or detrimental to the legitimateand ethical objectives of the
organization.
8/12/2019 Internal Audit 101
23/72
Governance, Risk
Management & Compliance
Code of EthicsPrinciples
Competency
Internal auditors apply the
knowledge, skills, and experience
needed in the performance of internal
audit services.
8/12/2019 Internal Audit 101
24/72
Governance, Risk
Management & Compliance
Competency Rules
Shall engage only in those services
for which they have the necessaryknowledge, skills, and experience.
Shall perform internal audit services
in accordance with the InternationalStandards for the ProfessionalPractice of Internal Auditing.
Shall continually improve theirproficiency and the effectiveness andquality of their services
8/12/2019 Internal Audit 101
25/72
Governance, Risk
Management & Compliance
Internal Auditing is the
cornerstone for sustainable
organisational success
The IIA Value Proposition
8/12/2019 Internal Audit 101
26/72
Governance, Risk
Management & Compliance
Role of Internal Auditors
Re- Corporate Governance
Re- Risk Management
Re- Fraud
Re- Corporate Ethics
Re- Internal Controls
Re- Information Technology Re- Financial Reporting
Th IIA Gl b l I t l A dit
8/12/2019 Internal Audit 101
27/72
Governance, Risk
Management & Compliance
The IIA Global Internal Audit
Competency Framework - 2013
8/12/2019 Internal Audit 101
28/72
Governance, Risk
Management & Compliance
Module Two
The Audit Process
8/12/2019 Internal Audit 101
29/72
Governance, Risk
Management & Compliance
The Audit Process
h d
8/12/2019 Internal Audit 101
30/72
Governance, Risk
Management & Compliance
The Audit Process
h l d
8/12/2019 Internal Audit 101
31/72
Governance, Risk
Management & Compliance
The Internal Audit Process
8/12/2019 Internal Audit 101
32/72
Governance, Risk
Management & Compliance
H di i d d
8/12/2019 Internal Audit 101
33/72
Governance, Risk
Management & Compliance
How an audit is conducted
Pl i
8/12/2019 Internal Audit 101
34/72
Governance, Risk
Management & Compliance
Planning Distribute Audit Notification
Conduct Pre-Audit Meeting
Interview Department Personnel
Review Policies and Procedures
Understand and Document theBusiness Processes
Perform Risk Assessment
Prepare a Detailed Audit Program
Prepare audit budget (in hours)
Select items to be Audited (samples,not 100%)
Fi ld k
8/12/2019 Internal Audit 101
35/72
Governance, Risk
Management & Compliance
Fieldwork Review Supporting Documentation
Interview department personnel
Perform analyses
Identify Exceptions
Identify Recommendations forImprovement
Prepare Written Audit Comments (i.e.,findings)
Department Provides WrittenResponse and Corrective Action Planfor findings
R ti
8/12/2019 Internal Audit 101
36/72
Governance, Risk
Management & Compliance
Reporting
Issue a draft report
Discuss draft report with unit
management
Issue final report Report is factual, clear, concise,
with an appropriate tone
8/12/2019 Internal Audit 101
37/72
Governance, Risk
Management & Compliance
Module Three
Risk Management/Assessment
8/12/2019 Internal Audit 101
38/72
Governance, Risk
Management & Compliance
A f thi b t Ri k
8/12/2019 Internal Audit 101
39/72
Governance, Risk
Management & Compliance
A few things about Risk
What is Risk?
The effect of uncertainty on an
objective
Could be positive or negative
A f thi b t Ri k
8/12/2019 Internal Audit 101
40/72
Governance, Risk
Management & Compliance
A few things about Risk
What is Risk Management?
Coordinated activities to direct and
control an organisation with regard to
risk
Th Ri k M P
8/12/2019 Internal Audit 101
41/72
Governance, Risk
Management & Compliance
The Risk Management Process
A f thi b t Ri k
8/12/2019 Internal Audit 101
42/72
Governance, Risk
Management & Compliance
A few things about Risk
What is Risk Management
Process? Systematic application of management
policies, procedures and practices to
the activities of communicating,consulting, establishing the context,
and identifying, analyzing, evaluating,
treating, monitoring and reviewingrisk.
C t f Ri k A t
8/12/2019 Internal Audit 101
43/72
Governance, Risk
Management & Compliance
Components of Risk Assessment
Risk Identification
Risk Analysis
Risk Evaluation
2013 COSO Internal Control
8/12/2019 Internal Audit 101
44/72
Governance, Risk
Management & Compliance
2013 COSO Internal Control
Definition
Pillars | Components | Standards
Principles
The ORC Relationship
8/12/2019 Internal Audit 101
45/72
Governance, RiskManagement & Compliance
The ORC Relationship
Group Work
8/12/2019 Internal Audit 101
46/72
Governance, RiskManagement & Compliance
Module Four
Audit Planning
Audit Planning
8/12/2019 Internal Audit 101
47/72
Governance, RiskManagement & Compliance
Audit Planning
Annual Audit Planning
Components of the Audit Project
Plan
Annual Audit Planning
8/12/2019 Internal Audit 101
48/72
Governance, RiskManagement & Compliance
Annual Audit Planning
Risk Based Audit Planning
Overview
Components of the Audit Project Plan
8/12/2019 Internal Audit 101
49/72
Governance, RiskManagement & Compliance
Components of the Audit Project Plan
Audit Objectives
Audit Scope
Audit Methodology
Audit Program
Audit Time Budget
Audit milestone dates
Audit Objectives
8/12/2019 Internal Audit 101
50/72
Governance, RiskManagement & Compliance
Audit Objectives
General audit objectives
Specific audit objectives
Audit Objectives
8/12/2019 Internal Audit 101
51/72
Governance, RiskManagement & Compliance
Audit Objectives
Select one functional area in
your organisation and formulatea general audit objective and the
appropriate specific objectives
for that function
8/12/2019 Internal Audit 101
52/72
Governance, RiskManagement & Compliance
Module Five
Audit Programs
Audit Programs
8/12/2019 Internal Audit 101
53/72
Governance, RiskManagement & Compliance
Audit Programs
Components of the Audit
Program
Audit Objectives and Lines of
Enquiry
Components of the Audit Program
8/12/2019 Internal Audit 101
54/72
Governance, RiskManagement & Compliance
Components of the Audit Program
the audit objective(s);
the relevant line(s) of inquiry,
criteria, and audit questions;
the information to be requestedfrom entities
how the evidence will be
analyzed;
Example of Audit Program
8/12/2019 Internal Audit 101
55/72
Governance, RiskManagement & Compliance
Example of Audit Program
Cash at Bank and on Hand
Cash and bank.doc
http://localhost/var/www/apps/conversion/Course%20Materials/IInternal%20Audit%20101/I%20-%20Cash%20and%20bank.dochttp://localhost/var/www/apps/conversion/Course%20Materials/IInternal%20Audit%20101/I%20-%20Cash%20and%20bank.doc8/12/2019 Internal Audit 101
56/72
Governance, RiskManagement & Compliance
Module Six
Process Documentation
Process Documentation
8/12/2019 Internal Audit 101
57/72
Governance, RiskManagement & Compliance
Process Documentation
Process Flow charts
Tools for Process Mapping
System Narratives
Interviewing Skills
Process Flow charts
8/12/2019 Internal Audit 101
58/72
Governance, RiskManagement & Compliance
Process Flow charts
A Flowchart is a diagram that
uses graphic symbols to depictthe nature and flow of the steps
in a process
This is very helpful in identifying
the risks embedded within the
process
Drawing a flow chart
8/12/2019 Internal Audit 101
59/72
Governance, RiskManagement & Compliance
Drawing a flow chart
Start with the big picture
Observe the current process
Record process steps
Arrange the sequence of steps
Draw the Flowchart
8/12/2019 Internal Audit 101
60/72
Governance, RiskManagement & Compliance
Example Washing of Hands
8/12/2019 Internal Audit 101
61/72
Governance, RiskManagement & Compliance
Example Washing of Hands
8/12/2019 Internal Audit 101
62/72
Governance, RiskManagement & Compliance
Module Seven
Audit Fieldwork
Audit Fieldwork
8/12/2019 Internal Audit 101
63/72
Governance, RiskManagement & Compliance
Audit Fieldwork
Testing Controlsdesign and
operating effectiveness
Techniques for gathering audit
evidence Working paper preparation
Testing Controls design and
8/12/2019 Internal Audit 101
64/72
Governance, RiskManagement & Compliance
Testing Controlsdesign and
operating effectiveness
Group work.
Design procurement (G1) and
recruitment and selection G2)
systems with requisite controls
for review by the audit team.
8/12/2019 Internal Audit 101
65/72
Governance, RiskManagement & Compliance
Module Eight
Audit Reporting
Why write internal audit reports?
8/12/2019 Internal Audit 101
66/72
Governance, RiskManagement & Compliance
Why write internal audit reports?
Required by Standards.
Inform- (Tell what auditorsfound)
Persuade(Convincemanagement of worth andvalidity of findings)
Get Results(Movemanagement towards changeand improvement.)
Audit Reports
8/12/2019 Internal Audit 101
67/72
Governance, RiskManagement & Compliance
Audit Reports
From issues to findings
The Five Cs
Reporting Formats
Other Reports
From issues to findings
8/12/2019 Internal Audit 101
68/72
Governance, RiskManagement & Compliance
From issues to findings
Findings are issues which are
fully developed to add value Improve the current condition
The 5 Cs
8/12/2019 Internal Audit 101
69/72
Governance, RiskManagement & Compliance
The 5 Cs
Criterion
Consequence
Corrective action
condition
Cause
In a nutshell
8/12/2019 Internal Audit 101
70/72
Governance, RiskManagement & Compliance
In a nutshell
What should be?
What is? Why the deviation from the what
should be occurred?
What happened or could happenbecause the what is differed from
the what should be?
What is needed to correct thecondition and improve operations?
Soft Skills
8/12/2019 Internal Audit 101
71/72
Governance, RiskManagement & Compliance
Soft Skills
Team work
Communication
Discussion with delegates Importance of teamwork and
communication
Improving teamwork and
comunication
The End
8/12/2019 Internal Audit 101
72/72
The End
Thank you for your time