Internal controls should be built “into,” not “onto” business processes

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. 

What is Internal Audit?What is Internal Audit?What is Internal Audit?What is Internal Audit?

Internal Audit is a professional activity which helps organisations to achieve their stated objectives by:

Analyzing key processes, procedures & operations

Identifying key controls in each such operation, procedure & process

Evaluating the adequacy of these controls

Testing compliance of sample transactions against these controls

Reporting results of the evaluation of controls and compliance testing of transactions

Recommending stronger controls wherever necessary

Suggesting methods to improve compliance with key controls

Follow up of action taken on recommendations made in previous reports

Why Internal Audit? Why Internal Audit? Why Internal Audit? Why Internal Audit?

Legal and Statutory RequirementAs per Companies Act 1956 :

Internal Audit system is compulsory if,

a. Paid-up capital and reserves exceeding Rs. 50 lakhs as at the commencement of the FY. or

b. Having an average annual turnover exceeding Rs.5.00 crores for a period of three consecutive FY’s immediately preceding the FY concerned,

Why Internal Audit? Continued…Why Internal Audit? Continued… Why Internal Audit? Continued…Why Internal Audit? Continued…

Management RequirementTo ensure error free accountingTo support statutory auditTo have proper control over businessTo control on the size of operations

PrinciplesPrinciplesInternal auditors are expected to apply & uphold the following

principles:

Integrity The integrity of internal auditors establishes trust & so provides the basis for reliance on their judgment

Objectivity

Internal auditors exhibit the highest professional objectivity in gathering, evaluating & communicating information. Internal auditors make a balanced assessment of all relevant circumstances & are not unduly influenced by their own interests or others in forming judgments

Confidentiality

Internal auditors respect the value and ownership of information they receive & do not disclose information without appropriate authority unless there is a legal or professional obligation to do so

Competency Internal auditors apply knowledge, skills, & experience needed

IA – Code of EthicsIA – Code of Ethics

What are Internal Controls?What are Internal Controls?What are Internal Controls?What are Internal Controls?

Internal Controls are important checks instituted by management to have reasonable assurance that:

Operations are carried out in an efficient & effective manner

Transactions are recorded accurately & completely

Assets are properly recorded & safeguarded

Laws are complied with

Reliable reports are generated

Internal Control Myths and FactsInternal Control Myths and FactsInternal Control Myths and FactsInternal Control Myths and Facts

MYTHS: FACTS:

Internal control starts with a strong set of policies and procedures

Internal control starts with a strong set of policies and procedures

Internal control: That’s why we have internal auditors!

While internal auditors play a key role in the system of control, management has responsibility for internal control

Internal control is a finance thing

Internal control is integral to every aspect of business/operations

Internal controls are essentially negative, like a list of “thou-shalt-nots”

Internal control makes the right things happen the first time

Internal controls take time away from our core activities of implementing development objectives

Internal controls should be built “into,” not “onto” business processes

Internal Control PracticesInternal Control PracticesInternal Control PracticesInternal Control Practices

How?

Internal control is a process. It's a means to an end, not an end in itself

Internal control is effected by people as a team, not by internal auditor. It's not merely policy manuals & forms, but people at every level of an organization

Internal control can be expected to provide only reasonable assurance, not absolute assurance, to an entity's management and governing bodies/ committees

Uses systematic methodology for analysing business processes, procedures & activities

The cost of IA should not exceed expected benefits to be derived

An internal control structure is simply a different way of viewing operations – a perspective that focuses on doing the right things in the right way

MONITORING

INFORMATION AND COMMUNICATION

CONTROL ACTIVITIES

CONTROL ENVIRONMENT

CONTROL ACTIVITIES

RISK ASSESSMENT

INFORMATION &COMMUNICATION

Internal Control StructureInternal Control Structure Internal Control StructureInternal Control Structure

In many cases, you perform controls and interact with the control structure every

day, perhaps without even realising it

• Monthly reviews of performance reports

• Supervisory activities

• Reporting• Corporate

communications (e-mail, meetings)

• Authorisation Matrix• Approvals/ segregations• Security• Reconciliations• Proper operating &

accounting procedures

• Based on identification & analysis of risks to achievement of objectives

• Corporate Policies• Tone at the top, ethics• Organisational authority • Skilled personnel

How are Internal Audit & External Audit different?How are Internal Audit & External Audit different?How are Internal Audit & External Audit different?How are Internal Audit & External Audit different?

Internal audit is focused at internal management support and improving systems, procedures and processes

⇉ External audit (EA): normally statutory requirement, unlike internal audit (IA)

⇉ EA reports are addressed to stakeholders: IA reports are addressed to Management

⇉ EA reports express an opinion on the financial statements prepared by the entity for a specified period: IA reports evaluate and check compliance against key internal controls

⇉ EA reports are usually public documents which are available to all stakeholders. IA reports are for use only by Management

⇉ EA reports do not make recommendations, although may have a Management Letter: IA reports are incomplete without recommendations.

⇉ EA is basically a review of financial statements for compliance: IA seeks to ensure value for money to Management

Benefits of Internal Audit Benefits of Internal Audit Benefits of Internal Audit Benefits of Internal Audit

Correct financial figuresNo deviation in processTimely work completionReduction in reconciliationDelegation of workDetection of errors and fraudsProper place of documents and records

Risks of not having Internal AuditChances of conflict and delay in accountingAffects day to day activity by

Increase in Reconciliation activityDocumentation problem

Delay in closing books of accountsLack of track on businessNon compliance of statutory regulation

Nature of Internal Audit ActivityNature of Internal Audit ActivityNature of Internal Audit ActivityNature of Internal Audit Activity Establish scope & activities for audit to Management

Describe key risks facing the business activities within scope of audit

Identify control procedures used to ensure each key risk is properly controlled & monitored

Develop & execute risk based sampling & testing approach to determine whether most important controls are operating as intended (NB: input from Management required – e.g. 100% vouching of Credit notes to Trade partners )

Report issues/make recommendations/negotiate action plans with Management to address issues

Follow up on reported findings periodically

ATR ( Action Taken Report ) Submission on or before time by Respective Department.

Contents of Audit PlanContents of Audit PlanContents of Audit PlanContents of Audit Plan

Updated annually

Risk based audit plan developed with input from project

staff including Management

Summary of key goals, risks & corresponding major audits, to

illustrate alignment

Based on risk assessment & available resources

Appendix materials, such as planning approach, assumptions &

brief descriptions of all planned audits & related prioritization

Approved by management/ appropriate oversight Committee

Contents of Audit Report Contents of Audit Report Contents of Audit Report Contents of Audit Report

Observations

Narration/ description

Remedial action

Consequences/ fall out

Recommendation for improvement (prioritized

between “high” and “normal”)

Response (action plan) – who, when and how

IA’s Proactive RoleIA’s Proactive RoleIA’s Proactive RoleIA’s Proactive Role Identify Risks

Find Better Ways and Best Practices

Partner With Management to Find Solutions

Prevent Problems

Provide training

Respond to policy & technical accounting questions

Offer suggestions for improvement

Advisory role

Ideal Scope of Internal AuditIdeal Scope of Internal AuditVouchingCash and Bank Income and ExpensesCapital and Petty expenses Stocks & Inventory VerificationPurchases and Sales RegistersDebtors and CreditorsLedger & Trial ScrutinyApproval Matrix in routine operations

Scope Continued…..Scope Continued…..Statutory CompliancesVAT & Service TaxESI & PFTDS & TCSExcise and CustomsChannel Management Performance of Channel Partners Report NPA Channel Partners to Management Revenue vs Cost Ratio of Channel Partners.Dispute and Grievances of Channel Partner, If any Long Pending Claims of Channel PartnersLocal Support to Channel Partners, if any up gradation require

in Infrastructure then recommend to Management in Report

ConclutionConclutionCompany can achieve its goals

in a organised and systematic manner with help of Internal Audit

More formal control structures reduce possibility that risks become real issues

Identify areas of high risk & opportunities

Validation of process documentation & controls

Incorporate best Practices of Trade with in SOP and Review & update changes regularly in SOP and Credit Policy of Business to strengthen the support function to sales

Thank You………. A Honest Attempt to Describe the Core function of Enterprise

Auditors believes in ……….

“ Perception can not be reality every time”

“ Tenure has nothing to do with Honesty “

“ Best has to be Acknowledged and Worst has to be reported “

“ Only Apple to Apple to Comparisons attitude, no Apple to Orange “

“Integrity and Ethics - Zero Tolerance behaviour ”