Upload
syed-muhammad-zeeshan-alam
View
215
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Beneficial
Citation preview
Internal Audit Plan
INTERNAL AUDIT DEPARTMENT
Year
2014
VERSION 1.0/2014
Year 2014 INTERNAL AUDIT PLAN
Urban Sector Planning & Management Services Unit (Pvt) Limited 1
T
AB
LE O
F C
ON
TEN
TS
CONTENTS PAGE
1. Introduction... 01
2. Purpose of Internal Audit Plan.. 02
3. Internal Audit Approach.. 03
4. Internal Audit Process.. 03
5. Annual Enterprise Risk Assessment. 03
6. Development of Internal Audit Plan.. 06
7. Allocation of Internal Audit Resources. 07
8. Internal Audit Plan 2014 Matrix 08
9. Internal Audit Plan 2014 Timelines. 12
10. Pre-payment Audit (Pre-audit). 13
11. Auxiliary Internal Audit services. 13
12. Internal Audit Plan Revision. 13
13. Internal Audit Reports. 13
14. Internal Audit Follow-up.. 14
15. Coordination with External Auditors.. 14
16. Professional Standards.. 14
17. Appendices.. 15
Year 2014 INTERNAL AUDIT PLAN
Urban Sector Planning & Management Services Unit (Pvt) Limited 2
1. Introduction
Urban Sector Planning & Management Services Unit (Pvt) Limited (hereinafter called the Urban Unit)
was incorporated under the Companies Ordinance 1984 on June 18, 2012.The core areas of operations
include Urban Planning, Urban Transport, Solid Waste Management, Urban Water & Sanitation, GIS &
Spatial Planning, and Municipal Finance etc. The support services activities comprised of human
resource, procurement, information technology, communication, financial management, internal audit
and administration etc. The organogram of the company splits up the human resources into three broad
categories namely Specialists, corporate and administrative positions.
The Board of Directors comprised of seven members. The authorized share capital of the company is divided into 1000 shares of Rs.10,000 each. P&D Department Punjab is the majority shareholder. The objectives of the company are articulated in the memorandum of association. The business of the company is governed by its articles, policies & procedures, Companies Ordinance 1984 & subordinate regulations and government laws & directives. The accountability is ensured through external and internal assurance. The external audit is conducted by a chartered accountant firm appointed by the BOD as well as by the auditors of the Auditor General Department under the provisions of Auditor Generals Ordinance 2001. The internal assurance is provided by the Internal Audit Department of the company which is responsible to the Audit Committee of the BOD. The terms of reference for the Internal Audit of the company are laid down in the Internal Audit Charter of the Company. The charter requires an annual internal audit plan to be approved by the Audit Committee.
2. Purpose of the Internal Audit Plan
The annual internal audit plan is intended to plan for internal audit engagements to evaluate, determine and opine whether the organizations risk management, control, and governance processes, as designed and represented by management, are adequate and functioning in a manner to ensure:
Risks are appropriately identified and managed. Significant financial, managerial, and operating information is accurate, reliable, and timely. Employees actions are in compliance with policies, standards, procedures, and applicable laws
and regulations. Resources are acquired economically, used efficiently, and adequately protected. Programs, plans, and objectives are achieved. Quality and continuous improvement are fostered in the organizations control process. Significant legislative or regulatory issues impacting the organization are recognized and
addressed appropriately.
Year 2014 INTERNAL AUDIT PLAN
Urban Sector Planning & Management Services Unit (Pvt) Limited 3
It is our intent to convey a current sense of the Company's internal control environment and the extent to which institutional risk mitigation is being assessed by regular audit activities, addressed proactively through advisory services, or investigated as a result of issues raised.
3. Internal Audit Approach
At the Urban Unit, Internal Audit Department is striving to dispel the notion of an audit as something done to the management, in a stand-alone activity. Rather, we are promoting the concept that an audit is something we accomplish with the management. This is what we call participatory auditing, and we are convinced that the product of this approach will be far superior to any audit completed without active involvement of the management and the process owner. Why are we so confident of this? The answer is simple: nobody knows the process better than its owner.
A step forward to participatory audit, our audit approach is risk based and demand driven to provide independent, objective assurance &review, aimed to add value to the Companys governance, risk management and control processes.
4. Internal Audit Process
In all phases of the audit we not only welcoming, but requesting the managements active involvement throughout the audit cycle, in all phases - starting before the entrance conference, and continuing through planning, testing, and reporting. Following are the audit process steps we normally follow:
Planning - The Internal Auditor meets with the senior management, department heads and process owners- the staff responsible for the function to be audited. This enables the auditor to understand the process being audited and the control environment. The Internal Auditor develops an audit program to outline the testing that will be performed to ensure controls are designed to function as management expects. The Internal Auditor will often develop flowcharts to document the process of being audited.
Testing - The Internal Auditor will test a sample of transactions and processes during field audit and express an opinion on the controlled environment. As a result of testing, the Internal Auditor will recommend audit improvements when noted.
Communication and Reporting - An informal summary of findings is shared with department heads or process owners directly involved in the audit for their comments. A draft audit report is prepared and communicated with management and their response is incorporated. The final report is presented to the Audit Committee for review and discussion. Afterwards, the final report is distributed to the Board and management.
Follow-up - The Internal Auditor generally performs a follow-up on corrective action plans or management response to address audit recommendations.
5. Annual Enterprise Risk Assessment
The Internal Audit department continues to utilize a formalized risk assessment methodology in selecting functions/processes/units/systems for inclusion in the annual audit plan. Relative risk
Year 2014 INTERNAL AUDIT PLAN
Urban Sector Planning & Management Services Unit (Pvt) Limited 4
assessment is necessary to provide a basis for the rational deployment of our limited resources for audit engagements across the Company.
The risk assessment comprised of internal & external assessments of existing and emerging risks within or outside the organization.
5.1 Internal Risk Assessment
As part of the annual risk assessment and audit planning process, we held risk discussions with the senior management, sectoral heads and process owners to identify risks of concern at the functional and organizational level. For internal risk assessment, a series of interviews & discussions with the functional heads were conducted and a personally administered risk assessment questionnaire was shared and response was recorded. On the basis of assessment, risks were rated. The risk areas & factors evaluated during annual internal risk assessment include:
The overall governance framework of the company and its functions Control environment Designing and implementation of adequate functional processes Functional significance & impact A well-defined futuristic business plan and revenue stream of the company Developing and implementation of sectoral/functional plans, targets and quantified KPIs Human resources planning, management, appraisals and capacity building Service delivery efficiency, effectiveness & impact Financial management Procurement planning and financial plans /budgets and their implementation Periodic operational and financial reporting and its reviews and access to information Documentation management, updation & data security Assets management & safeguarding
We also held discussions with heads from core and support services to solicit input on the Companys institutional risks and any specific areas of concern. We also used these meetings as an opportunity to obtain feedback on the priority & frequency of audit services we plan to provide.
Our internal risk assessment covered the assessment of 20 individual auditable functions/activities of the company including 9 Core services and 11 support services as listed below.
Core Services Support Services
Urban Planning Information Technology
Solid Waste Management Procurement management
Water & Sanitation Finance & Accounts
Urban Transport Human Resource Management
Geographical Information Systems Admin & logistics
Municipal & Local Government Finance Communication Management
Urban Economic services Monitoring & Evaluation
Program/Project Management (High value projects)
Office documentation & mail management
Business Development services Corporate Compliance
Assets & inventory management (stores)
Year 2014 INTERNAL AUDIT PLAN
Urban Sector Planning & Management Services Unit (Pvt) Limited 5
Library/Learning resource center
5.2 External Risk Assessment/Scan
The formal and informal discussions and scan of external environment of the company was undertaken. The external risks identified are:
The expectations of stakeholders and level of achievement of company objectives
The companys reputation in external environment
The effectiveness of services of the company
Adherence to corporate social responsibility
Future growth & sustainability of the company
5.3 Overall Risk Assessment Findings
The risk factors that we considered significant in prioritizing audit engagements and frequency (cycle) are:
Impact on the Companys mission & goodwill Impact on Company finances Impact on safeguarding assets & resources Assessment of the activitys control environment Level of compliance concerns Impact of information technology Complexity and/or diversity of the activity Changes in the organization or leadership Social responsibility & uplift
Our annual risk assessment 2014 resulted that out of the total 20 individual auditable functions/ activities of the company including 9 Core services and 11 support services (listed above), 6 functions/services are considered to be high risk, 7 moderate risk, and 7 low risk. A rating of high-risk does not mean that the activity is perceived to have control problems, but rather reflects the criticality or centrality of the activity to the Companys mission.
The overall risk assessments of the functions/services of the company is depicted in the following TL diagram showing High Risk (red light), Medium Risk (blue light) and Low Risk (green light) bars listing functions/activities of the company in each bar. The numbering of functions has nothing to do with risk rankings.
Year 2014 INTERNAL AUDIT PLAN
Urban Sector Planning & Management Services Unit (Pvt) Limited 6
It is again clarified that a rating of High-Risk does not mean that the activity/function is perceived to have severe control weaknesses & problems prone to its failure, rather it reflects the criticality, centrality or significance of the activity to the Companys mission bearing high risks.
6. Development of Annual Internal Audit Plan
The development of the annual audit plan is based on information gathered through broad consultation across the Company and annual risk assessment findings. Taking into account the information we obtained in our risk assessment process and its analysis, the Companys increased focus on introducing new and upgrading its major management systems/processes, paradigm shift in organizational mode, expanding and changing business spread and induction of fresh sectoral management is occurring within the Company, we believe that a back to the basics audit plan is most appropriate for 2014.
Finally, our annual planning process includes re-examining the audit universe to ensure that all Company activities are considered when determining how audit resources will be allocated. We also consider new regulatory developments, new business processes, institutional priorities and strategic initiatives.
1. Solid Waste Management
2. Geographical Information Systems
3. Project Management
(High Value projects)
4. HR management
5. Procurement management
6. Finance & Accounts
1. Urban Planning
2. Water & Sanitation
3. Urban Transport
4. Corporate Compliance
5. Admin & logistics
6. Information Technolgy
7. Assets & inventory Management
1. Urban economic Services
2. Municipal & LG Finance
3. Communication Management
4. Monitoring & Evaluation
5. Business Development
6. Library/LRC
7. Office documentation & mail
management
Year 2014 INTERNAL AUDIT PLAN
Urban Sector Planning & Management Services Unit (Pvt) Limited 7
7. Allocation of Audit Resources
The audit plan timelines are based on human resources available in Internal Audit Department. Internal audit resources have been allocated on activities required to be performed efficiently to discharge its responsibilities as per charter and to achieve IA objectives.
Approximately 63% of the Internal Audits resources are committed to the completion of planned audit engagements. Keeping in view the commencing stage of the Company, 10% resources are estimated to be consumed in consulting and advisory services while 12% are estimated for pre-audit. The remainder of our FY 2014 audit resources is reserved as follows:
5% has been reserved to accommodate requests from the Board, audit committee or executives for audit investigations.
3% has been reserved for follow-up procedures performed on behalf of the Audit Committee. 7% has been set aside for internal administrative functions, annual reporting and trainings
including continuous improvement efforts.
These allocations are based on risk assessment findings, activities level & current scenario in the company and are subject revision/modification as Audit plan is a living document and changes are usually envisaged.
The Internal Audit Department will be provided requisite budgetary resources and logistical support by the management and a free access to all information, documents, records, properties and employees in order to facilitate the implementation of the plan. The management will also provide additional human resources, if so required by the Internal Audit Department during the year, for efficient discharging of its responsibilities and execution of the plan.
Scheduled Audits 63% Special
Audits/Investigations
5%
Consulting/advisory services
10%
Pre-audit 12%
Internal Audit Plan 2014 Resource Allocation
48
12
3
68
19
7
High Risk Med Risk Low Risk
Internal Audit Plan 2014 Time Allocation for Scheduled Audits
(in days)
Core Services Support Serivces
Year 2014 INTERNAL AUDIT PLAN
Urban Sector Planning & Management Services Unit (Pvt) Limited 8
8. 2014 Internal Audit Plan Matrix
Year 2014 INTERNAL AUDIT PLAN
Urban Sector Planning & Management Services Unit (Pvt) Limited 9
URBAN SECTOR PLANNING & MANAGEMENT SERVICES UNIT (PVT) LIMITED
Internal Audit Plan Matrix Year 2014 (20th Feb 31st Dec 2014)
Audits Process Owner/ Functional Head
Audit Frequency
Budgeted diem p.a
Scope of audit Type of audit Risk Area(s) Covered
High Risk Audits
Support Services
Human Resource Management
Senior HR Manager Quarterly 16 Functional & Process
Compliance Governance, HR process, service delivery, internal controls, documentation, financial
Procurement management
Procurement Manager Quarterly 16 Functional & Process
Compliance Governance, HR process, service delivery, internal controls, documentation, financial
Finance & Accounts Chief Financial Officer Quarterly 36 Functional & Process
Compliance & assurance
Governance, internal controls, documentation, financial
Core Services
Solid waste management
Sr. SWM Specialist Quarterly 8 Functional Performance & Compliance
Governance, service delivery, internal controls, documentation, financial
Geographic information system
Sr. GIS Specialist Quarterly 8 Functional Performance & Compliance
Governance, service delivery, internal controls, documentation, financial
Program/Project Management
Project Manager/Team Leader
Quarterly 32 Functional & Process
Performance, Compliance & assurance
Governance, service delivery, internal controls, documentation, financial
Medium Risk Audits
Core services
Urban Planning Sr. Urban Planner Annually 3 Functional Performance & Compliance
Governance, service delivery, documentation
Water & Sanitation Sr. W&S Specialist Annually 3 Functional Performance & Compliance
Governance, service delivery, documentation
Urban Transport Sr. Transport Specialist Annually 3 Functional Performance & Compliance
Governance, service delivery, documentation
Support services
Corporate Compliance Company Secretary Annually 3 Functional Performance & Compliance
Governance, service delivery, documentation
Year 2014 INTERNAL AUDIT PLAN
Urban Sector Planning & Management Services Unit (Pvt) Limited 10
Admin & logistics Admin Manager Annually 5 Functional & Process
Performance & Compliance
Governance, service delivery, internal controls, documentation
Assets & inventory Management
Admin Manager & IT Annually 6 Functional & Process
Performance & Compliance
Governance, service delivery, internal controls, documentation
Information Technology
IT Specialist Annually 5 Functional & Process
Performance & Compliance
Governance, service delivery, internal controls, documentation, information system
Low Risk Audits Library, M&E, Communication, Office documentation & other low risk functions
Annually 10 Functional Performance & Compliance
Governance, service delivery, internal controls, documentation
Auxiliary Audit activities
Consulting & advisory services
CIA On demand
25
Pre-audit CIA Concurrent 30
Annual Audit Report CIA Annual 5
Audit Follow-up CIA Concurrent 8
Special Audit Investigations
CIA On demand
12
IA Management & trainings
CIA Concurrent 8
Year 2014 INTERNAL AUDIT PLAN
Urban Sector Planning & Management Services Unit (Pvt) Limited 11
9. Internal Audit Plan 2014 Timelines
Following is the proposed timelines (schedule) for Internal Audit Plan 2014
Quarter
Month
Week 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52
Planned Audits Cycle
Annual Risk
AssessmentAnnual
Annual Internal
Audit PlanAnnual
High Risk Audits
Support Services
Human Resource
ManagementQuarterly
Procurement
managementQuarterly
Finance & Accounts Quarterly
Q1 Audit Report Q1
Core Services
Sol id waste
managementQuarterly
Geographic
information systemQuarterly
Program/Project
ManagementQuarterly
Q2 Audit Report Q2
Medium Risk
Audits
Support services
Assets & inventory
ManagementAnnual
Information
Technology Annual
Admin & logis tics Annual
Corporate
Compl ianceAnnual
Core services
Urban Planning Annual
Water & Sanitation Annual
Urban Transport Annual
Q3 Audit Report Q3
Low Risk Audits Annual
Annual Audit
ReportQ4
Q1 Q2 Q3 Q4
July Aug Sep Oct Nov DecJan Feb Mar Apr May Jun
Year 2014 INTERNAL AUDIT PLAN
Urban Sector Planning & Management Services Unit (Pvt) Limited 12
Year 2014 INTERNAL AUDIT PLAN
Urban Sector Planning & Management Services Unit (Pvt) Limited 13
10. Pre-payment Audit (Pre-audit)
During the year, the Internal Audit Department will carry out pre-payment audit (pre-audit) of financial
transactions in accordance with its mandate given in Internal Audit Charter and decisions of the Audit
Committee of the Company. The pre-payment audit is a concurrent activity that will remain continue
during the year.
The materiality of the financial transaction of the company for pre-audit is determined as under:
i. All financial transactions of above Rs.500,000/- (five hundred thousand) involving procurement
of goods, services or works.
ii. Every financial transaction involving salary & salary supplements
iii. All financial transactions of above Rs. 100,000 relating to operating expenses including repair &
maintenance, advances and all other expenses.
Vouchers & cheques along with all supporting documents of all the financial transactions which are
subject to pre-audit, shall invariably be presented to internal audit department before making payments
by allowing a reasonable time for pre-audit. The internal audit officer will signed and stamp the
vouchers or otherwise furnish his observations on the transaction(s) for management response.
11. Auxiliary Internal Audit Services
The Internal Audit department will also continue to perform auxiliary services relating to internal audit
such as consulting services or special investigations on the request of management or the Board subject
to availability of resources and expertise. However, no member of the Internal Audit department will
assume or perform management responsibilities.
12. Internal Audit Plan Revision
The Internal Audit Plan 2014 may be revised during the year as the need arises or due to operational or
external exigencies with the prior approval of the Audit Committee.
13. Internal Audit Reports
The internal Audit Department will submit the plan status reports and internal audit reports periodically
in accordance with the plan at least quarterly to the audit committee regarding the progress of the
implementation of the Internal Audit Plan 2014 and audit findings along with management response, if
available.
Year 2014 INTERNAL AUDIT PLAN
Urban Sector Planning & Management Services Unit (Pvt) Limited 14
14. Internal Audit Follow-up
The Internal audit department will continue follow-up of the audit recommendations and management
action plan thereupon during the year.
15. Coordination with external auditors
The Internal Audit Department will coordinate its audit plan and reports with the Companys external auditors to ensure appropriate coverage is achieved through the internal and external audit plans and to leverage the collective efforts of both assurance providers.
16. Internal Auditing Standards
The Internal Audit Department will perform its audit activities in accordance with the Institute of Internal Auditors Standards for the Professional Practice of Internal Auditing. All members of the internal audit department are also required to comply with the Institutes Code of Conduct for Internal Auditors.
Year 2014 INTERNAL AUDIT PLAN
Urban Sector Planning & Management Services Unit (Pvt) Limited 15
17. Appendices
APPENDIX A
ANNUAL ENTERPRISE RISK PROFILE 2014
Year 2014 INTERNAL AUDIT PLAN
Urban Sector Planning & Management Services Unit (Pvt) Limited 16
APPENDIX B
ENTERPRISE RISK ASSESSMENT QUESTIONAIRE