Internal audit means “An independent management function, which involves a continuous and critical appraisal of the functioning of an entity with a view to suggest improvements thereto and add value to and strengthen the overall governance mechanism of the entity, including the entity’s strategic management and internal control system’’.
As per section 138 of companies act, 2013 following class of companies shall be required to appoint an internal auditor or a firm of internal auditors, namely;
Every listed company;
Every unlisted public company having-
Paid-up share capital of fifty crore rupees or more during the preceding financial year; or
Turnover of two hundred crore rupees or more during the preceding financial year; or
Outstanding loans or borrowings from the bank or public financial institutions exceeding one hundred crore rupees or more at any point of time during the preceding financial year; or
Outstanding deposits of twenty-five crore rupees or more at any point of time during the preceding financial year; and
Every private company having-
Turnover of two hundred crore rupees or more during the preceding financial year; or
Outstanding loans or borrowings from the bank or public financial institutions exceeding one hundred crore rupees or more at any point of time during the preceding financial year:
It is provided that an existing company covered under any of the above criteria shall comply with the requirements within six months of commencement of such section.
As per section 138, the internal auditor shall either be a chartered accountant or a cost accountant (whether engaged in the practice or not), or such other professional as may be decided by the board to conduct an internal audit of the functions and activities of the companies. The internal auditor may or may not be an employee of the company.
A function of an entity that performs assurance and consulting activities designed to evaluate and improve the effectiveness of the entity’s governance, risk management and internal control processes.
The objectives and scope of internal audit functions
As per SA 610, “Using the work of an internal auditor’’ the objectives of internal audit functions vary widely and depend on the size and structure of the entity and the requirement of management, and where applicable, those charged with governance.
The objectives and scope of internal audit functions typically including assurance and consulting services designed to evaluate and improve the effectiveness of the entity’s governance processes, risk management and internal control such as the followings:
Activities relating to Governance: The internal audit functions may asses the governance process in its accomplishment of objectives on ethics and values, performance management and accountability, communicating risk and control information to appropriate areas of the organisation and effectiveness of communication among those charged with governance, external and internal auditors, and management.
Activities relating to risk management: The internal audit functions may assist the entity by identifying and evaluating significant exposures to risk and contributing to the improvement of risk management and internal control. The internal audit functions may perform a procedure to assist the entity in the detection of fraud.
Activities relating to internal control:
Evaluation of internal control
Examination of financial and operating information
Review of operating activities
Review of compliances with laws and regulations
Basics of standards on internal audit issued by ICAI
SIA 1: Planning an Internal Audit.
SIA 2: Basic principles governing internal audit.
SIA 3: Documentation.
SIA 4: Reporting.
SIA 5: Sampling.
SIA 6: Analytical procedures.
SIA 7: Quality Assurance in internal audit.
SIA 8: Terms of internal audit.
SIA 9: Communication with management.
SIA 10: Internal audit Evidence.
SIA 11: Consideration of fraud in an internal audit.
SIA 12: Internal control evaluation.
SIA 13: Enterprise Risk Management.
SIA 14: Internal Audit of an Information Technology Environment.
SIA 15: Knowledge of the Entity and its Environment.
SIA 16: Using the work of an Expert.
SIA 17: Consideration of laws and regulation in an internal audit.
SIA 18: Related Parties.
Internal audits may take place on a daily, weekly, monthly or annual basis. Some departments may be audited more frequently than others. For example, a manufacturing process may be audited on a daily basis for quality control, while the human resources department might only be audited once a year. Audits may be scheduled, to give managers time to prepare the required documents and information, or they may be a surprise if unethical or illegal activity is suspected.
Internal Auditor(s)
Audit plan
Audit checklist (recommended)
Audit schedule
Operating environment: An internal auditor determines how a company operates by asking segment or departmental employees, external auditors, accounting managers, human resources staff and risk specialists. A firm's operating environment describes management's ethical qualities, leadership style and business practices. An internal auditor also could determine how a corporation operates by evaluating industry trends and regulations.
Review control: An internal auditor determines how a company's segment or departmental controls operate by reading prior audit reports or working papers and by inquiring from segment employees who perform such controls on a regular basis. An auditor applies generally accepted auditing standards (GAAS) to detect mechanisms, procedures, tools and methodologies that build controls.
Test control: An internal auditor tests a business organization's controls, policies and guidelines to ensure that such controls are adequately designed and are operating effectively. Controls are mechanisms and methodologies a corporation's management put into place to prevent losses due to error, fraud, theft or breaks in technology systems. Effective controls remedy deficiencies and problems properly.
Account balances: An internal auditor analyses account balances in a corporation's financial statements to evaluate whether such statements comply with generally accepted accounting principles (GAAP), industry practices and regulatory mandates. An auditor also tests account balances to verify "completeness" and "fairness".
Account details: An internal auditor performs tests of account details to ensure that financial statements of a business entity are not "materially misstated." Tests of account details and account balances are referred to as substantive tests. An auditor conducts such tests if a firm's controls and processes are not adequate or not functioning properly.
Internal auditors typically issue reports at the end of each audit that summarize their findings, recommendations, and any responses or action plans from management. An audit report may have an executive summary—a body that includes the specific issues or findings identified and related recommendations or action plans, and appendix information such as detailed graphs and charts or process information. Each audit finding within the body of the report may contain five elements, sometimes called the "5 C's":
Condition: What is the particular problem identified?
Criteria: What is the standard that was not met? The standard may be a company policy or other benchmark.
Cause: Why did the problem occur?
Consequence: What is the risk/negative outcome (or opportunity foregone) because of the finding?
Corrective action: What should management do about the finding? What have they agreed to do and by when?
Objectivity - The comments and opinions expressed in the Report should be objective and unbiased.
Clarity - The language used should be simple and straightforward.
Accuracy - The information contained in the report should be accurate.
Brevity - The report should be concise.
Timeliness - The report should be released promptly immediately after the audit is concluded, within a month.
FAQ:
Ans: Although they are independent of the activities they audit, internal auditors are integral to the organization and provide ongoing monitoring and assessment of all activities. On the contrary, external auditors are independent of the organization, and provide an annual opinion on the financial statements. The work of the internal and external auditors should be coordinated for optimal effectiveness and efficiency.
Ans: INDEPENDENCE: The audit charter should establish independence of the internal audit activity by the dual reporting relationship to management and the organization's most senior oversight group. The internal auditors should have access to records and personnel as necessary, and be allowed to employ appropriate probing techniques without impediment.
OBJECTIVITY: To maintain objectivity, internal auditors should have no personal or professional involvement with or allegiance to the area being audited; and should maintain an un-biased and impartial mindset in regard to all engagements.
Independence and objectivity are two critical components of an effective internal audit activity.
Ans: whether an organisation is required to have an internal audit activity or not depends on the respective regulatory requirements that govern the organisation.
Ans: ERM is a structured and coordinated, entity-wide governance approach to identify, quantify, respond to, and monitor the consequences of potential events. Implemented by management, ERM is evaluated by the internal auditors for effectiveness and efficiency.
Ans: If in the opinion of the Auditor, it thinks that review is required for any other area it may undertake further examination for the same. If any noncompliance is observed by the auditor, the same shall form part of the Internal Audit Report and commented under the head “Other Areas” as given in the format of Audit Report.
Ans: Definitely! The purpose of internal controls and procedures is to mitigate risk. Developing and designing management controls into operations early is the most cost effective and efficient use of resources.
Ans: Definitely! The purpose of internal controls and procedures is to mitigate risk. Developing and designing management controls into operations early is the most cost effective and efficient use of resources.
Your experience on this site will be improved by allowing cookies.