Date post: | 13-Apr-2017 |
Category: |
Business |
Upload: | akgvg-associates |
View: | 127 times |
Download: | 0 times |
Internal Audit Internal Audit
AKGVG & ASSOCIATES
IntroductionIntroduction Recent events including global financial crises have emphasised need for internal
auditing within corporate governance structures
Internal audit function is now mandatory by most stock exchanges
Donors increasingly demand improved accountability & financial transparency in development projects
IFAD procedures do not specifically require internal audit, however, IFAD Operational Procedures for Project Audits (for use by IFAD & CIs) require that “as part of the assessment of the borrower’s capacity to implement and manage the project effectively, the appraisal mission will evaluate any internal audit (IA) mechanism for the project/ PMU”
Furthermore, internal audit is considered good practice & advisable as part of underlying control framework & financial management capacity of a project, particularly if complex &/ or decentralised
2
DefinitionDefinition
““Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. ”
The Institute of Internal Auditors
3
IA – Code of EthicsIA – Code of EthicsPrinciplesPrinciples
Internal auditors are expected to apply & uphold the following principles:
Integrity The integrity of internal auditors establishes trust & so provides the basis for reliance on their judgment
Objectivity
Internal auditors exhibit the highest professional objectivity in gathering, evaluating & communicating information. Internal auditors make a balanced assessment of all relevant circumstances & are not unduly influenced by their own interests or others in forming judgments
ConfidentialityInternal auditors respect the value and ownership of information they receive & do not disclose information without appropriate authority unless there is a legal or professional obligation to do so
Competency Internal auditors apply knowledge, skills, & experience needed
4
What is Internal Audit?What is Internal Audit?Internal Audit is a professional activity which helps organisations to achieve their stated objectives by: Analysis of key processes, procedures & operations
Identification of key controls in every process, procedure & operation
Evaluation of the adequacy of these controls Testing of the compliance of sample transactions against the controls
Reporting of the results of the compliance testing of transactions and evaluation of controls
Recommendation of stronger controls
Suggestions of methods for improvement of compliance with key controls
Follow up of action taken on recommendations made in previous reports
5
What are Internal Controls?What are Internal Controls?
Important checks instituted by the management to have reasonable assurance that:
Operations are carried out in an effective & efficient manner
Transactions are recorded completely & accurately
Assets are properly safeguarded & recorded
Laws are complied with
Reliable reports are generated
6
Some examples of Internal ControlSome examples of Internal Control
► Budgetary Control
► Fixed Assets Register
► Bank & Special Account Reconciliations
► Reconciliation of Financial & Physical Monitoring & Evaluation
Reports
7
How are Internal Audit & External Audit different?How are Internal Audit & External Audit different?
Internal audit is focused at internal management support and improving systems, procedures and processes
⇉ External audit (EA): normally statutory requirement, unlike internal audit (IA)
⇉ EA reports are addressed to stakeholders: IA reports are addressed to Management
⇉ EA reports express an opinion on the financial statements prepared by the entity for a specified period: IA reports evaluate and check compliance against key internal controls
⇉ EA reports are usually public documents which are available to all stakeholders. IA reports are for use only by Management
⇉ EA reports do not make recommendations, although may have a Management Letter: IA reports are incomplete without
⇉ EA is basically a review of financial statements for compliance: IA seeks to ensure value for money to Management
8
Why should IFAD funded projects be subject to IA?Why should IFAD funded projects be subject to IA?
IFAD funded projects may be subject to Internal Audit because:
External audit checks overall compliance to internal controls related to financial transactions.
Supervision Missions conduct only spot checks.
9
Internal audit is inherent in government structures in most developing countries.
Sample IA Terms of Reference enclosed
IA has a key role in Risk management of IFAD Projects
What are key concerns from a FM viewpoint?What are key concerns from a FM viewpoint?
► Is the accounting system capable of recording financial transactions in an accurate & timely manner? tracking the expenditure of the project by component & category? ► comparing actual expenditure to budget on a real time basis?► Are withdrawal applications properly prepared? project assets properly recorded &
safeguarded? Special Accounts & Project Accounts properly and timely operated & reconciled? audit arrangements proper and in place? audit reports properly followed up?
► Does the project generate reliable & accurate financial statements & reports? project funds flowing timely and smoothly to the intended beneficiaries?
10
Internal Audit (IA) MandateInternal Audit (IA) Mandate
11
What does it not do?
Perform management’s activities/ responsibilities (these include establishing internal controls)
Compliance & Advisory Compliance & Advisory rolesroles
What does it do?
improves accuracy, reliability, internal control & integrity of information including operational and financial reporting
Monitors & evaluates the effectiveness of the processes
Formulates corporate’s oversight, safeguards the assets, helps in economical & efficient usage of the resources, maintains compliance with laws & regulations, deters fraud
Internal Control Myths and FactsInternal Control Myths and FactsMYTHS: FACTS:
Internal control doesn’t have strong set of policies and procedures
Internal control not only has a strong set of policies and procedures but also starts with the same
We have internal auditors for managing the entire Internal control!
Internal auditors play an important role in controlling the system. The responsibility of the internal control lies with the management.
Internal control is related to the finance of the company
Internal control is important for every aspect of the operation/business
Internal controls are necessarily negative, like a list of “thou-shalt-nots”
Internal control is responsible for making the right things happen
Internal controls do not make the business processes change
Internal controls built “into,” the business processes does make the business processes change
12
Internal Control PracticesInternal Control PracticesHow?
Internal control is a process. It's a means to an end, not an end in itself
Internal control is effected by people as a team, not by internal auditor. It's not merely policy manuals & forms, but people at every level of an organization
Internal control can be expected to provide only reasonable assurance, not absolute assurance, to an entity's management and governing bodies/ committees
Uses systematic methodology for analysing business processes, procedures & activities
The cost of IA should not exceed expected benefits to be derived
13
An internal control structure is simply a different way of viewing operations – a perspective that focuses on doing the right things in the right way
MONITORING
INFORMATION AND COMMUNICATION
CONTROL ACTIVITIES
CONTROL ENVIRONMENT
CONTROL ACTIVITIES
RISK ASSESSMENT
INFORMATION &COMMUNICATION
Internal Control StructureInternal Control Structure
In many cases, you perform controls and interact with the control structure every day, perhaps without even realising it
• Monthly reviews of performance reports
• Supervisory activities
• Reporting• Corporate
communications (e-mail, meetings)
• Purchasing limits• Approvals/ segregations• Security• Reconciliations• Proper operating &
accounting procedures
• Based on identification & analysis of risks to achievement of objectives
• Corporate Policies• Tone at the top, ethics• Organisational authority • Skilled personnel
14
Role in Risk ManagementRole in Risk Management
15
Focuses on risks that can prevent the project from attaining the goals
There are many types of risks – credibility, human capital, ineffective usage of resources, strategic, operational, fraud, financial reporting, legal/regulatory, etc.
Focuses on areas where there is high risk & high probability of controls not being in place or being weak
Let’s not forget the positive risks – opportunities!
Adds value through elimination of unnecessary controls!
RoleRole in in InternalInternal Control Control
1. Compliance audit: review of financial & operating controls & transactions for conformity with laws, regulations & procedures, e.g.,
• Access to IT system appropriate to user’s role
• Segregation of duties in high risk areas
• Balancing & reconciliation between systems
• Systems back up & recovery
• Physical safeguard & access restriction controls
• Reconciliations, comparison budget of actual
2. Operational audit: review of various functions within project to evaluate efficiency, effectiveness, & economy
16
IA Role in Corporate OversightIA Role in Corporate Oversight
17
Four pillars – internal audit, executive management, external audit, & Board of directors/ steering committee
Combination of processes & organisational structures implemented by management to inform, direct, manage and monitor the project’s resources, strategies & policies towards the achievement of its objectives
Public sector governance Principles transparency, integrity, accountability
May include review of sufficiency of human resources, training needs, policies, etc.
Nature of Internal Audit ActivityNature of Internal Audit Activity
18
Establish Scope & activities for audit to Management Describe key risks facing the business activities within scope of audit Identify control procedures used to ensure each key risk is properly
controlled & monitored Develop & execute risk based sampling & testing approach to
determine whether most important controls are operating as intended (NB: input from Management required – e.g. 100% sampling of WA review)
Report issues/make recommendations/negotiate action plans with Management to address issues
Follow up on reported findings periodically
Contents of Audit PlanContents of Audit Plan
19
Updated annually
Risk based audit plan developed with input from project staff including Management
Summary of key goals, risks & corresponding major audits, to illustrate alignment
Based on risk assessment & available resources
Appendix materials, such as planning approach, assumptions & brief descriptions of all planned audits & related prioritization
Approved by management/ appropriate oversight Committee
Contents of Audit Report Contents of Audit Report
20
Observations
Narration/ description
Remedial action
Consequences/ fall out
Recommendation for improvement (prioritized between “high” and “normal”)
Response (action plan) – who, when and how
IA’s Proactive RoleIA’s Proactive Role
Identify Risks
Find Better Ways and Best Practices
Partner With Management to Find Solutions
Prevent Problems
Provide training
Respond to policy & technical accounting questions
Offer suggestions for improvement
Advisory role
21
Additional Resources Additional Resources
22
ConclusionConclusionWhy all this trouble?Why all this trouble? Additional comfort and “tightness” that the project is doing the right thing, the first time,
communicating right information internally, to external auditors, donors, ministries, etc.
More formal control structures reduce possibility that risks become real issues
External Auditor may receive additional assurance to provide unqualified report on accounts
Donor & government confidence increased, affecting financing flows
What are the next steps?What are the next steps? Identify areas of high risk & opportunities
Validation of process documentation & controls
Communication, with PCs & project staff
23
THANKSTHANKS
AKGVG & Associates
Corporate Head Office 307 Pearl Corporate, Mangalam Place,Sector-3, Rohini, New Delhi, India - 110085Contact No - +91- 9811118031Email ID - [email protected] - http://www.akgvg.com
24