INTERNAL AUDIT PROCESS

INTERNAL AUDITING

(According to IIA)

-Azleen Ilias-

1 IPPF_AI

The learning objectives

Understand the types of engagements

internal auditors perform

Understand the key activities involved in

planning and performing an assurance

engagement and reporting the

engagement outcomes

2 IPPF_AI

Relevant standards

1200 Proficiency and Due

Professional Care

1210 Proficiency

1220 Due Professional Care

1230 Continuing Professional

Development

3 IPPF_AI

Relevant standards

2000 Managing the Internal Audit Activity

2010 Planning

2020 Communication and Approval

2030 Resource Management

2040 Policies and Procedures

2050 Coordination

2060 Reporting to Senior Management and the Board

2070 External Service Provider and Organizational Responsibility for Internal Auditing

2200 Engagement Planning

2201 Planning Considerations

2210 Engagement Objectives

2220 Engagement Scope

2230 Engagement Resource Allocation

4 IPPF_AI

Relevant standards 2240 Engagement Work Program

2300 Performing the Engagement

2310 Identifying Information

2320 Analysis and Evaluation

2330 Documenting Information

2340 Engagement Supervision

2400 Communicating Results

2410 Criteria for Communicating

2420 Quality of Communications

2421 Errors and Omissions

2430 Use of Conducted in Conformance with the International Standards for the

Professional Practice of Internal Auditing

2431 Engagement Disclosure of Nonconformance

2440 Disseminating Results

2450 Overall Opinions

2500 Monitoring Progress

2600 Communicating the Acceptance of Risks 5 IPPF_AI

Types of IA engagements

Assurance Services- An objective examination of

evidence for the purpose of providing an independent

assessment on governance, risk management and

control processes for the organization. For examples:

Include financial, performance, compliance, system

security and due diligence enagagements.

Consulting Services- Advisory and related service

activities, the nature an scope of which are agreed with

the customer, are intended to add value and improve an

organizations governance, risk management and

control processes without the internal auditor assuming

management responsibility. For examples: counsel,

advice, facilitation and training.

6 IPPF_AI

IA assurance engagements

Comprises three fundamental phases

1. Planning

2. Performing

3. Communicating

7 IPPF_AI

IA assurance engagements

Plan - Determine engagement objectives and scope.

- Understand the auditee, including auditee objectives and

assertions

- Indentify and assess risks

- Identify key control activities

- Evaluate adequacy of control designs

- Create a test plan

- Develop a work program

- Allocate resources to engagement

8 IPPF_AI

IA assurance engagements

Perform

- Conduct tests to gather evidence

- Evaluate evidence gathered and reach

conclusions

- Develop observations and formulate

recommendations

9 IPPF_AI

IA assurance engagements

Communicate - Perform observation evaluation and escalation process

- Conduct interim and preliminary engagement

communications

- Develop final engagement communications

- Distribute formal and informal final communications

- Performing monitoring and follow-up procedures

10 IPPF_AI

IA consulting engagement

Engagement Planning

2201 Planning Considerations

In planning the engagement, internal auditors must consider:

The objectives of the activity being reviewed and the means by

which the activity controls its performance;

The significant risks to the activity, its objectives, resources, and

operations and the means by which the potential impact of risk is kept

to an acceptable level;

The adequacy and effectiveness of the activitys governance, risk

management, and control processes compared to a relevant

framework or model; and

The opportunities for making significant improvements to the

activitys governance, risk management, and control processes.

11 IPPF_AI

IA consulting engagement

2201.C1 Internal auditors must establish an understanding

with consulting engagement clients about objectives, scope,

respective responsibilities, and other client expectations. For

significant engagements, this understanding must be

documented.

12 IPPF_AI

IA consulting engagement

Performing the engagement

2300 Performing the Engagement

Internal auditors must identify, analyze,

evaluate, and document sufficient

information to achieve the engagements

objectives.

13 IPPF_AI

IA consulting engagement

Communicating the engagement

2400 Communicating Results

Internal auditors must communicate the results of engagements.

2410.C1 Communication of the progress and results of

consulting engagements will vary in form and content depending

upon the nature of the engagement and the needs of the client.

2440.C1 The chief audit executive is responsible for

communicating the final results of consulting engagements to

clients.

2440.C2 During consulting engagements, governance, risk

management, and control issues may be identified. Whenever these

issues are significant to the organization, they must be

communicated to senior management and the board.

14 IPPF_AI

Risk Based Auditing Process

2200 Engagement Planning

Internal auditors must develop and document a plan for each

engagement, including the engagements

1. Objectives

2. Scope

3. Timing

4. Resource allocations.

15 IPPF_AI

Risk Based Auditing Process

Objectives, Examples : Evaluate the design adequacy of..,

Determine the operating effectiveness of., Assess

compliance with.

Scope, Examples : Boundaries of the process, In scope, Sub

process, Component, Time frame

1. Timing

2. Resource allocations.

16 IPPF_AI

Risk Based Auditing Process

2300 Performing the Engagement

Internal auditors must identify, analyze, evaluate, and document

sufficient information to achieve the engagements objectives.

1. Identifying Information - sufficient, reliable, relevant, and useful

information

2. Analysis and Evaluation - conclusions and engagement results

3. Documenting Information - Internal auditors must document

relevant information to support the conclusions and engagement

results.

4. Engagement Supervision - Engagements must be properly supervised

to ensure objectives are achieved, quality is assured, and staff is

developed.

17 IPPF_AI

Audit Plans and Schedules

Based on Sawyers (2012), effective audit planning and

scheduling are key components of successful internal

auditing. Based on comprehensive risk assessment, audit

plans and schedules are developed, formalized, reviewed

with management and the audit committee or board.

Benefits and Uses of Audit Schedules:

1. The long range schedules gives evidence that, barring

the emergence of risk oriented situations

2. Key business units are covered at appropriate intervals

Long range schedules based on Standard 2010:

Planning

18 IPPF_AI

Risk Based Auditing Process

2400 Communicating Results

Criteria for Communicating

1. The Engagement's objectives

2. Scope

3. Conclusions

4. Recommendations

5. Action plans.

Quality of Communications

1. Accurate

2. Objective

3. Clear

4. Concise

5. Constructive

6. Complete

7. Timely 19 IPPF_AI

Risk Based Auditing Process Engagement Disclosure - Internal auditors may report that their

engagements are conducted in conformance with the International

Standards for the Professional Practice of Internal Auditing, only if the

results of the quality assurance and improvement program support the

statement.

Disseminating Results - The chief audit executive is responsible for

reviewing and approving the final engagement communication before

issuance and for deciding to whom and how it will be disseminated.

When the chief audit executive delegates these duties, he or she

retains overall responsibility.

20 IPPF_AI

Risk Based Auditing Process

2500 Monitoring Progress

The chief audit executive must establish and

maintain a system to monitor the disposition of

results communicated to management.

21 IPPF_AI

References

Kurt F.R., Paul., J.S., Urton., L.A., Michael., J.H., Sridhar., R., Mark., S., & Cris., R. (2009). Internal Auditing: Assurance & Consulting Services. ISBN-13: 978-0894136436. The Institute of Internal Auditors Research Foundation.

International Standards for the Professional Practice of Internal Auditing (Standards). (2012). Issued: October 2008. Revised: October 2012. The Institute of Internal Auditors

Adams,P., Cutler,S., McCuaig,B., Rai,S., & Roth,J. (June 30, 2012). Sawyer s Guide for Internal Auditors, 6th Edition, ISBN-13: 978-0894137211, The Institute of Internal Auditors Research Foundation.

Main references from The Institute of Internal Auditors Research Foundation.

22 IPPF_AI

Thank you and please refer to references

and articles for further reading

-Azleen Ilias, AM (M), AIIA-

IPPF_AI 23