Internal Audit 101

8/12/2019 Internal Audit 101

1/72


2/72

Governance, Risk

Management & Compliance

Our Vision

To be the lead advocate, trainer

and practitioner in internal

auditing in Africa by providing

superior internal audit solutionsto the private and public sectors

as well as the third sector .


3/72

Governance, Risk


Our Mission

To engage internal audit leaders

and their customers; government

officials, corporate executives and

senior management in a constantdialogue on the position, role and

value of the internal audit

activity.


4/72

Governance, Risk



5/72

Governance, Risk


Internal Audit 101:

Audit Principles and Techniques


6/72

Governance, Risk


Course Overview

Day One Modern Internal Auditing The Audit Process

Risk Management and Risk Assessment

Audit Planning

Day Two Process Documentation

Audit Programs

Audit Fieldwork

Audit Reports

Soft Skills


7/72

Governance, Risk


Module One

Modern Internal Auditing


8/72

Governance, Risk


Modern Internal Auditing

Internal Auditing Defined

Code of Ethics

The Value Proposition of IA

The Role of Internal Auditor

The IIA Competency Framework

Components of the Audit Model


9/72

Governance, Risk



independent, objective assurance

and consulting activity designed to1add value and improve an

organizations operations. It 2helps

an organization accomplish itsobjectivesby bringing a systematic,disciplined approach to 3evaluate

and improve the effectiveness ofrisk management, control, and

governance processes


10/72

Governance, Risk



Thewhat

The

how

The

why


11/72

Governance, Risk


What are we doing?

1adding value and improving on

organisations operations

Making things better than whenwe met it.

Systems | Processes | Procedures


12/72

Governance, Risk


Why are we doing it?

2helping the organization

accomplish its objectives

How do you determineorganisational objectives?

Gain a seat at the table


13/72

Governance, Risk


How are you doing it?

3evaluating and improving the

effectiveness of risk

management, control, and


The triple magic wand


14/72

Governance, Risk


IIA Definition Logic

Helps the organizationaccomplish its objectives

Adding value and improving onorganisations operations

Evaluating and improving on the effectivenessof GRC processes


15/72

Governance, Risk



independent, objective assurance

and consulting activity designed to1add value and improve an

organizations operations. It 2helps

an organization accomplish itsobjectivesby bringing a systematic,disciplined approach to 3evaluate

and improve the effectiveness ofrisk management, control, and



16/72

Governance, Risk


Code of Ethics

Principles and Rules

Integrity

Objectivity

Confidentiality

Competency


17/72

Governance, Risk


Code of EthicsPrinciples

Integrity

The integrity of internal auditors

establishes trust and thus provides

the basis for reliance on their

judgment


18/72

Governance, Risk


Integrity Rules

Shall perform their work with honesty,

diligence, and responsibility Shall observe the law and make

disclosures expected by the law and the

profession Shall not knowingly be a party to any

illegal activity, or engage in acts that are

discreditable to the profession of internal

auditing or to the organization

Shall respect and contribute to the

legitimate and ethical objectives of the

organization


19/72

Governance, Risk



Objectivity

Internal auditors exhibit the

highest level of professional

objectivity in gathering,

evaluating, and communicating

information about the activity or

process being examined.


20/72

Governance, Risk


Objectivity Rules

Shall not participate in any activity or

relationship that may impair or bepresumed to impair their unbiased

assessment.

Shall not accept anything that mayimpair or be presumed to impair their

professional judgment.

Shall disclose all material facts known

to them that, if not disclosed, may

distort the reporting of activities

under review.


21/72

Governance, Risk



Confidentiality

Internal auditors respect the value

and ownership of information they

receive and do not disclose

information without appropriateauthority unless there is a legal or

professional obligation to do so.


22/72

Governance, Risk


Confidentiality Rules

Shall be prudent in the use and

protection of information acquiredin the course of their duties.

Shall not use information for any

personal gain or in any manner

that would be contrary to the law

or detrimental to the legitimateand ethical objectives of the

organization.


23/72

Governance, Risk



Competency

Internal auditors apply the

knowledge, skills, and experience

needed in the performance of internal

audit services.


24/72

Governance, Risk


Competency Rules

Shall engage only in those services

for which they have the necessaryknowledge, skills, and experience.

Shall perform internal audit services

in accordance with the InternationalStandards for the ProfessionalPractice of Internal Auditing.

Shall continually improve theirproficiency and the effectiveness andquality of their services


25/72

Governance, Risk


Internal Auditing is the

cornerstone for sustainable

organisational success

The IIA Value Proposition


26/72

Governance, Risk


Role of Internal Auditors

Re- Corporate Governance

Re- Risk Management

Re- Fraud

Re- Corporate Ethics

Re- Internal Controls

Re- Information Technology Re- Financial Reporting

Th IIA Gl b l I t l A dit


27/72

Governance, Risk


The IIA Global Internal Audit

Competency Framework - 2013


28/72

Governance, Risk


Module Two

The Audit Process


29/72

Governance, Risk


The Audit Process

h d


30/72

Governance, Risk


The Audit Process

h l d


31/72

Governance, Risk


The Internal Audit Process


32/72

Governance, Risk


H di i d d


33/72

Governance, Risk


How an audit is conducted

Pl i


34/72

Governance, Risk


Planning Distribute Audit Notification

Conduct Pre-Audit Meeting

Interview Department Personnel

Review Policies and Procedures

Understand and Document theBusiness Processes

Perform Risk Assessment

Prepare a Detailed Audit Program

Prepare audit budget (in hours)

Select items to be Audited (samples,not 100%)

Fi ld k


35/72

Governance, Risk


Fieldwork Review Supporting Documentation

Interview department personnel

Perform analyses

Identify Exceptions

Identify Recommendations forImprovement

Prepare Written Audit Comments (i.e.,findings)

Department Provides WrittenResponse and Corrective Action Planfor findings

R ti


36/72

Governance, Risk


Reporting

Issue a draft report

Discuss draft report with unit

management

Issue final report Report is factual, clear, concise,

with an appropriate tone


37/72

Governance, Risk


Module Three

Risk Management/Assessment


38/72

Governance, Risk


A f thi b t Ri k


39/72

Governance, Risk


A few things about Risk

What is Risk?

The effect of uncertainty on an

objective

Could be positive or negative

A f thi b t Ri k


40/72

Governance, Risk



What is Risk Management?

Coordinated activities to direct and

control an organisation with regard to

risk

Th Ri k M P


41/72

Governance, Risk


The Risk Management Process

A f thi b t Ri k


42/72

Governance, Risk



What is Risk Management

Process? Systematic application of management

policies, procedures and practices to

the activities of communicating,consulting, establishing the context,

and identifying, analyzing, evaluating,

treating, monitoring and reviewingrisk.

C t f Ri k A t


43/72

Governance, Risk


Components of Risk Assessment

Risk Identification

Risk Analysis

Risk Evaluation

2013 COSO Internal Control


44/72

Governance, Risk


2013 COSO Internal Control

Definition

Pillars | Components | Standards

Principles

The ORC Relationship


45/72

Governance, RiskManagement & Compliance

The ORC Relationship

Group Work


46/72


Module Four

Audit Planning

Audit Planning


47/72


Audit Planning

Annual Audit Planning

Components of the Audit Project

Plan



48/72



Risk Based Audit Planning

Overview

Components of the Audit Project Plan


49/72


Components of the Audit Project Plan

Audit Objectives

Audit Scope

Audit Methodology

Audit Program

Audit Time Budget

Audit milestone dates

Audit Objectives


50/72


Audit Objectives

General audit objectives

Specific audit objectives

Audit Objectives


51/72


Audit Objectives

Select one functional area in

your organisation and formulatea general audit objective and the

appropriate specific objectives

for that function


52/72


Module Five

Audit Programs

Audit Programs


53/72


Audit Programs

Components of the Audit

Program

Audit Objectives and Lines of

Enquiry

Components of the Audit Program


54/72


Components of the Audit Program

the audit objective(s);

the relevant line(s) of inquiry,

criteria, and audit questions;

the information to be requestedfrom entities

how the evidence will be

analyzed;

Example of Audit Program


55/72


Example of Audit Program

Cash at Bank and on Hand

Cash and bank.doc
http://localhost/var/www/apps/conversion/Course%20Materials/IInternal%20Audit%20101/I%20-%20Cash%20and%20bank.dochttp://localhost/var/www/apps/conversion/Course%20Materials/IInternal%20Audit%20101/I%20-%20Cash%20and%20bank.doc


56/72


Module Six

Process Documentation



57/72



Process Flow charts

Tools for Process Mapping

System Narratives

Interviewing Skills

Process Flow charts


58/72


Process Flow charts

A Flowchart is a diagram that

uses graphic symbols to depictthe nature and flow of the steps

in a process

This is very helpful in identifying

the risks embedded within the

process

Drawing a flow chart


59/72


Drawing a flow chart

Start with the big picture

Observe the current process

Record process steps

Arrange the sequence of steps

Draw the Flowchart


60/72


Example Washing of Hands


61/72


Example Washing of Hands


62/72


Module Seven

Audit Fieldwork

Audit Fieldwork


63/72


Audit Fieldwork

Testing Controlsdesign and

operating effectiveness

Techniques for gathering audit

evidence Working paper preparation

Testing Controls design and


64/72


Testing Controlsdesign and

operating effectiveness

Group work.

Design procurement (G1) and

recruitment and selection G2)

systems with requisite controls

for review by the audit team.


65/72


Module Eight

Audit Reporting

Why write internal audit reports?


66/72


Why write internal audit reports?

Required by Standards.

Inform- (Tell what auditorsfound)

Persuade(Convincemanagement of worth andvalidity of findings)

Get Results(Movemanagement towards changeand improvement.)

Audit Reports


67/72


Audit Reports

From issues to findings

The Five Cs

Reporting Formats

Other Reports



68/72



Findings are issues which are

fully developed to add value Improve the current condition

The 5 Cs


69/72


The 5 Cs

Criterion

Consequence

Corrective action

condition

Cause

In a nutshell


70/72


In a nutshell

What should be?

What is? Why the deviation from the what

should be occurred?

What happened or could happenbecause the what is differed from

the what should be?

What is needed to correct thecondition and improve operations?

Soft Skills


71/72


Soft Skills

Team work

Communication

Discussion with delegates Importance of teamwork and

communication

Improving teamwork and

comunication

The End


72/72

The End

Thank you for your time

Date post:	03-Jun-2018
Category:	Documents
Upload:	altum-tc
View:	225 times
Download:	1 times

Internal Audit 101

Documents