Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
MAKING INTERNAL AUDIT COUNT: RISING TO THE EXPECTATIONS?
A CURTAIN RAISER
Bombay Chartered Accountants Society
CA. T.N.MANOHARAN
CURRENT ENVIRONMENT
• Corporate frauds beginning with Satyam
• Banking frauds such as PNB- Nirav Modi
• Rotation of auditors – Reporting of fraud
• Unmodified or modified reports or resignation?
• National Financial Reporting Authority
• Internal Financial Controls
• Vigil mechanism with direct access to AC chairperson
• RMC - Cyber security – SEBI guidelines
STATUTORY AUDIT FUNCTION
• True & Fair view of the Financial statements
• Adherence to Standards on Auditing
• Management representation not a substitution for verification
• Brand & reputation of auditee- relevance?
• Professional skepticism – Questioning mind
• Audit plan, risk assessment, Sampling, materiality, execution, check
list, standard procedure, queries, dive deep if required, gathering
evidence, documentation and reporting
• Working papers to support attestation
SELECT STANDARDS ON AUDITING (SA) BY ICAI
• SA 240, “The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial
Statements”,
• SA 315,(Revised) “Identifying and Assessing the Risks of Material Misstatement Through
Understanding the Entity and Its Environment”
• SA 330, “The Auditor’s Responses to Assessed Risks”
• SA 700 (Revised), “Forming an Opinion and Reporting on Financial Statements”
• SA 701 , “Communicating Key Audit Matters in the Independent Auditors Report”
• SA 705 (Revised), “Modifications to the Opinion in the Independent Auditor’s Report”
• SA 706 (Revised), “Emphasis of Matter Paragraph and Other Matter Paragraph in the
Independent Auditor’s Report” that deal with how to form an audit opinion, reach audit
conclusions and issue different types of auditor’s reports
• ICAI Implementation guide on Risk Based Audit - Auditors’ role in assessing risk factors
that could result in financial statement fraud and misappropriation of assets
INTERNAL AUDIT - RELEVANCE & GUIDANCE
• Companies Act,2013- Sec.138
• IIA Standards – (IPPF)
• ICAI Standards on Internal Audit (SIA) – 18
• ICAI –Industry specific Technical Guide on Internal Audit -23
• Standard on Auditing (SA) 610- Using work of Internal Auditors
• Code of conduct & Ethics applicability on Members of ICAI
• Documentation-Working papers critical
• Statutory Audit vs Internal Audit mutually exclusive
• COSO Internal Control Framework
Definition of “Internal Auditing” by IIA
“Internal Auditing is an independent, objective assurance and consulting activity designed to add
value and improve an organization's operations. It helps an organization accomplish its objectives by
bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk
management, control, and governance processes.”
Independence is established by the organizational and reporting structure. Objectivity is achieved by
an appropriate mind-set. The internal audit activity evaluates risk exposures relating to the
organization's governance, operations and information systems, in relation to:
Effectiveness and efficiency of operations.
Reliability and integrity of financial and operational information.
Ability of the existing risk assessment process to identify & negate emerging risks
Safeguarding of assets.
Compliance with laws, regulations, and contracts.
Changing Role of Internal Auditing
Internal auditing has moved from a traditional financial and compliance audit role to risk
based audit that provides assurance, advice and insight in risk management, internal
controls and governance.
The internal auditors are expected to provide recommendations for improvement in those
areas where opportunities or deficiencies are identified. While management is responsible
for internal controls, the internal audit activity provides assurance to management and the
audit committee that internal controls are effective and working as intended.
The internal audit activity is led by the chief Audit Executive (CAE) or the head of internal
audit. The CAE delineates the purpose, scope, authority, responsibility and independence of
the internal audit activity in a written charter that is approved by the audit committee.
Impact of Risk Management on Business Performance
33%
42%
10%
10%
3% 2% Strongly Positive
Marginally Positive
No Impact
Marginally Negative
Strongly Negative
Unaware
In a survey conducted by the Institute of Internal Auditors on audit executives, itwas revealed that over 70% of the business feel that assessing and deployment ofrisk management has had a positive impact on the day to day businessperformance of the company.
HOW IS ENTERPRISE- WISE RISK MANAGED CURRENTLY?
45%
26%
16%
13%
Compliance
Department
Legal
Department
Internal
Auditor
Others
Stakeholders expect an Internal Audit Professional to be more proactive in assessing and
providing measures in responding to risk.
Collaborate with other departments internal to the entity as well as with other assurance
providers to deliver quality service.
Greater need for efficiency and effectiveness, which calls for leveraging technology and
embracing data analytical tools more often to enhance the value of Internal Audits.
LEVEL OF MATURITY OF INTERNAL AUDIT PROFESSION
3%
2%
76%
19%
Goal not defined
Not Aligned
Partially Aligned
Fully Aligned
Only 19% of Internal Audit Department is fully aligned with strategic plan of theirorganisation and 76% are partially aligned.
There is a need for Internal Audit plan to encompass organisational strategic plan whichcould strategically support the attainment of the organisational goal.
Are the Objectives of an Internal Audit in line with objectives of their clientele?
INVOLVEMENT OF INTERNAL AUDITORS
54%
39%
60%
54%
61%
22%
44%
28%
37%
32%
24%
17%
12%
9%
7%
New Product/Service
Organic Growth Initiatives
Strategic Alliances
Mergers & Acquisitions
New Geographical Markets
Significant Involvement Moderate Involvement No Involvement
The Internal Audit Profession study reveals that across the diverse business opportunities available in
our country, the involvement of internal auditor & his function is only moderately utilised.
Knowledge of Business & Industry
41%
23%32%
47%
16% 15% 14%8%
43%
62%54%
45%
East Asia & Pacific Europe South Asia North America
Staff possess traditional accounting skills Staff possess knowledge of business and Industry
Staff possess both skills
Skills of Internal Audit Staff Region wise
SOURCES OF RECRUITING STAFF AT GLOBAL LEVEL?
14%
12%
19%
25%
19%
11%
Other
Other Audit Firms
Professional Networks
Internal Transfers
Employment Agencies
Universities
Responses to CBOK surveyquestions regarding sourcesused for recruitment showedthat different sources are usedfor recruitment of internalaudit functions.
The chart reflects that internaltransfers gained the highestpercentage, followed by useof an employment agencyand the use of professionalnetworks.
DEPLOYMENT OF DATA ANALYTICS
CURRENTLY
IN 3 YRS from NOW
ENTITY WIDE SPECIFIC USE ADHOC USE
35% 63% 2%
47% 50% 3%
Significant changes in the Internal Audit Function is predicted with entity widedeployment & utilisation of Data Analytics Tools, which would elevate theInternal Audit function & create a new standard of delivery by:• Providing actionable insights into the risks that matter & increase focus on risks• Embracing technology & improving audit quality.
Data Analytics - Use in Internal Audit Life Cycle
Risk Assessment
Audit Execution
Reporting
Audit Planning
Monitoring
80%
73%
70%
67%
67%
16%
20%
25%
26%
24%
4%
7%
5%
7%
9%
Utilised Not Utilised Cannot Say
Embedding data analytics into theaudit plan can help internal auditguide risk assessment, drive enterpriseefficiencies and result that add tangiblevalue to the business, and effectivelycommunicate to the interested parties.
The potential for making valueaddition through technology isenormous, especially if IA is able tointegrate a higher % of data analyticalprocedures into their audit approach.
Skills that provide significant value addition
25% 23% 19% 18% 15%
Communication Technology Skills Critical Thinking Global Markets Data Analytics
A survey for seeking value through Internal Audit wherein various skillswere presented and the respondent had to choose 5 options among variousoptions reflected that, Technology is second only to Communication followedby Critical thinking. It stands to reason, then, that a solid tech platform withthe propensity for advanced data analytical and feedback mechanism isinevitable.
INTERNAL AUDIT & FRAUD RISKS
• Fraud risk management
• Common fraud situations
• Investigation of suspected frauds-Schemes & Techniques
• Root cause analysis
• Control improvement recommendations
• Monitoring of a reporting/whistle blower hotline
• Providing Ethics training sessions
• SIA 11- Identify indicators of frauds/factors that might increase risk of
opportunities for frauds/exercise reasonable care and professional
skepticism.
EXTERNAL PRESSURE?
Experienced Coercion to change a rating or finding in an Internal Audit Report
Asia - Pacific USA & Canada Europe Middle East
78% 85%74% 76%
22% 15%26% 24%
No Yes
Every 4th Auditor in Europe is subject to coercion and is made to change or withdraw his findings followed by auditors in the Middle East and then Asia- Pacific. In such cases, crucial findings vital for business & investment decisions fail to make it to the Internal Audit Report.
Managers’ and External Auditors’ preference
In-House
Outsourcing
Co-sourcing
External Auditorsperception: Higherperceived quality ofinternal audit function,greater reliance oninternal audit function,and relatively lowplanned external auditeffort by externalauditor
Company managerspreference for internalaudit function sourcingarrangements
Common preference of external auditors and
company
Note: Red coloured arrows have a relatively stronger effect compared to dashed arrows
IA - ATTRIBUTES OF EXCELLENCE
Focus on critical
risks & issues
Match talent to
business model
Leverage
technology
efficiently
Align value
proposition with
stakeholders
expectation
Promote quality
improvement &
innovation
Engage & manage
stakeholders
relationshipsDeliver cost effective
services
Enable a client
service culture
Stakeholders prefer Strategic role of IA
99%
40%60%
1%
Strategic Role Support Functions
Audit Professionals Survey
Stakeholders Survey
Is an Internal Auditor a Strategist or a
Supporter ?
A Survey of diverse companies havingannual revenue of $1 Bn + wasconducted and their expectation of therole of Internal Audit Personnel wasenquired, the same set of question werepresented to the Professionals as well.
Focus of an Audit Plan
15%
13%
14%
18%
21%
19%
Compliance Financial Regulatory
Technology Operational Strategic
Comprehensive outlook
To summarise, the Internal Audit Professionals to meet the raised expectations, must adopt the following:
Align InternalAudit plan andobjectives with thelong term goal ofthe business.
Make use of Technology,Big Data, Data Analyticstools, Artificial Intelligencein providing insightful andvaluable reports.
Become more deeplyinvolved in businessmatters, and not just inquestioning processes,controls & compliances toplay a strategic role.
THANK YOU!