Professional Opportunities in Internal Audit/Assurance Work

Professional Professional Opportunities in Internal Opportunities in Internal

Audit/Assurance WorkAudit/Assurance Work

CA. Rajkumar S. AdukiaCA. Rajkumar S. Adukia

B. Com (Hons.), FCA, ACS, AICWA, LL.B. M.B.A. B. Com (Hons.), FCA, ACS, AICWA, LL.B. M.B.A.

Dip IFR (UK), Dip LL & LWDip IFR (UK), Dip LL & LW

Chairman, Internal Audit Standard Board, ICAIChairman, Internal Audit Standard Board, [email protected]

09820061049/0932306104909820061049/09323061049

mailto:[email protected]

CA Rajkumar S. AdukiaCA Rajkumar S. Adukia 22

“He is able ,who

thinks he is able.”-Buddha

ATTITUDEATTITUDE

PAUL CATTS

2


What is an Internal What is an Internal Audit/Assurance Work?Audit/Assurance Work?

• A management functionA management function• Internal auditors to render impartial Internal auditors to render impartial

judgmentsjudgments• It is a dynamic oneIt is a dynamic one• It assists board in governance It assists board in governance

responsibilityresponsibility• Auditor assures the effectiveness of Auditor assures the effectiveness of

internal auditinternal audit• It is a component of internal controlIt is a component of internal control


Origin of AuditingOrigin of Auditing

• The process audit, timely submission of The process audit, timely submission of accounts and audit was initiated by Arya accounts and audit was initiated by Arya Chanakya in 300 BC.Chanakya in 300 BC.

• Auditing in the form of ancient checking Auditing in the form of ancient checking activities was found in the ancient activities was found in the ancient civilizations of civilizations of China, Egypt and Greece. China, Egypt and Greece.

• The ancient checking activities found in The ancient checking activities found in Greece (around 350 B.C.) Greece (around 350 B.C.)

• In the period pre-1840, Auditing was In the period pre-1840, Auditing was restricted to performing detailed restricted to performing detailed verification of every transaction verification of every transaction


Development of AuditingDevelopment of Auditing

• Auditing did not become established until Auditing did not become established until the industrial revolution during 1840s-the industrial revolution during 1840s-1920s in the UK 1920s in the UK

• Growth of the US economy in the 1920s-Growth of the US economy in the 1920s-1960s caused a shift of auditing 1960s caused a shift of auditing development from the UK to the USA.development from the UK to the USA.

• Auditors in the 1970s played an important Auditors in the 1970s played an important role in enhancing the credibility of role in enhancing the credibility of financial information and furthering the financial information and furthering the operations of an effective capital market. operations of an effective capital market.


Development of AuditingDevelopment of Auditing

• The auditing profession witnessed The auditing profession witnessed substantial and rapid change since substantial and rapid change since 1990s as a result of the accelerating 1990s as a result of the accelerating growth at the world economies. growth at the world economies.

7

Definition of Internal Definition of Internal AuditAudit

“ “Internal audit is an independent Internal audit is an independent management function, which involves a management function, which involves a continuous and critical appraisal of the continuous and critical appraisal of the functioning of an entity with a view to functioning of an entity with a view to suggest improvements thereto and add suggest improvements thereto and add value to and strengthen the overall value to and strengthen the overall governance mechanism of the entity, governance mechanism of the entity, including the entity's strategic risk including the entity's strategic risk management and internal control management and internal control systemsystem.”- Preface to SIA.”- Preface to SIA

CA Rajkumar S. Adukia

8

Scope of Internal AuditScope of Internal Audit

• Evaluating the adequacy of internal Evaluating the adequacy of internal controls controls

• Suggesting ways to reduce the costs and Suggesting ways to reduce the costs and promote efficiency promote efficiency

• Assessing the compliance with the Assessing the compliance with the applicable laws and regulations applicable laws and regulations

• Assist management in decision making Assist management in decision making

• Backbone of a sound corporate Backbone of a sound corporate governance system governance system


9

Need for Internal AuditNeed for Internal Audit

• Increased complexity of businessesIncreased complexity of businesses• Enhanced compliance requirementsEnhanced compliance requirements• Focus on risk management and internal Focus on risk management and internal

controls to manage themcontrols to manage them• Unconventional business modelsUnconventional business models• Intensive use of information technologyIntensive use of information technology• Stringent norms mandated by regulators Stringent norms mandated by regulators

to protect investorsto protect investors• An increasingly competitive environment An increasingly competitive environment


10

Internal Audit/Assurance Internal Audit/Assurance CycleCycle

– Pre engagement activityPre engagement activity– Understanding the workUnderstanding the work– Assurance planAssurance plan– Substantive workSubstantive work– ReportReport


11

What is an opportunity?What is an opportunity?

Every event has two exhaustive Every event has two exhaustive classification namelyclassification namely

1.1. OpportunityOpportunity

2.2. RiskRisk


12

Listing of Broad Listing of Broad Opportunities in Internal Opportunities in Internal AuditAudit1.1. Internal Controls AuditingInternal Controls Auditing2.2. Internal Audit Functions/Requirements Under Internal Audit Functions/Requirements Under

Various LawsVarious Laws3.3. Enterprise Risk Management – The ERM RoleEnterprise Risk Management – The ERM Role4.4. Audit of Compliance of Standards on Internal Audit of Compliance of Standards on Internal

Audit Audit 5.5. Monitoring XBRL Implementation and Monitoring XBRL Implementation and

Reporting ResultsReporting Results6.6. Audit of IFRS ConvergenceAudit of IFRS Convergence7.7. Forensic AuditForensic Audit


13

Listing of Broad Listing of Broad Opportunities in Internal Opportunities in Internal AuditAudit8.8. Fraud DetectionFraud Detection9.9. Internal Audit and Corporate Internal Audit and Corporate

GovernanceGovernance10.10. Internal Audit Of Management Functions Internal Audit Of Management Functions 11.11. Stock Audit/Credit AuditStock Audit/Credit Audit12.12. Internal Audit of Compliance with Internal Audit of Compliance with

Commercial LawsCommercial Laws13.13. Due DiligenceDue Diligence14.14. Social Audit Social Audit



Listing of Broad Listing of Broad Opportunities in Internal Opportunities in Internal AuditAudit15.15.Environmental AuditEnvironmental Audit16.16.Corporate Social Responsibility (CSR) Corporate Social Responsibility (CSR)

AuditAudit17.17.ISO 9000 AuditISO 9000 Audit18.18.Cyber AuditCyber Audit19.19.Industry Specific Internal Audit ProgramsIndustry Specific Internal Audit Programs20.20.Assurance ServicesAssurance Services21.21.Internal Audit of Tendering ProcessInternal Audit of Tendering Process22.22.Audit of Sustainability Initiatives and Audit of Sustainability Initiatives and

Integrated ReportsIntegrated Reports


Procedural Aspects Procedural Aspects

of of

Internal Audit/Assurance Internal Audit/Assurance WorkWork


Internal Audit ProcedureInternal Audit Procedure

• Organizing Internal Audit FunctionOrganizing Internal Audit Function• Managing Internal Audit FunctionManaging Internal Audit Function• Internal Audit PlanningInternal Audit Planning• Importance of Effective Internal Control Importance of Effective Internal Control

Process Process • Internal Audit-Business Related KnowledgeInternal Audit-Business Related Knowledge• Knowledge of Processes followed by the Knowledge of Processes followed by the

OrganizationOrganization• Field SurveyField Survey


Internal Audit ProcedureInternal Audit Procedure

• Internal Audit ProgrammeInternal Audit Programme• Audit ProcedureAudit Procedure• Communication of Internal Auditor Communication of Internal Auditor

with Management Teamwith Management Team• Information Request ListInformation Request List• Audit Notification to ManagementAudit Notification to Management• Audit Report Cover LetterAudit Report Cover Letter• Internal Audit ReportInternal Audit Report


Change Change

in in

Business TrendsBusiness Trends


Industrial ServicesIndustrial Services

• Classification into Primary, Secondary, Classification into Primary, Secondary, Tertiary and QuaternaryTertiary and Quaternary

• Categorized into Public and Private SectorCategorized into Public and Private Sector

• Classification of Internal AuditClassification of Internal Audit– Systems AuditSystems Audit– Operational AuditOperational Audit– Management AuditManagement Audit

• Source Anywhere and Build Anywhere Source Anywhere and Build Anywhere Business ModelsBusiness Models


Financial ServicesFinancial Services

• Onset of Globalization in 1991Onset of Globalization in 1991• 1969 Nationalization of Banks1969 Nationalization of Banks• IRDA Bill, 1999 – Privatization Process IRDA Bill, 1999 – Privatization Process

CommencedCommenced• Mutual Funds – 1963 UTI enactedMutual Funds – 1963 UTI enacted• 1986 Public Sector banks permitted1986 Public Sector banks permitted• 1993 – Economic Policy – Private Sector 1993 – Economic Policy – Private Sector

Mutual FundsMutual Funds• 2009 – Interest Rate Future launched in NSE2009 – Interest Rate Future launched in NSE


Financial ServicesFinancial Services

• E-finance dramatically changed the E-finance dramatically changed the structure and nature of financial structure and nature of financial servicesservices

• Technological advances changing the Technological advances changing the face of the financial services industryface of the financial services industry

• Electronic Trading and Electronic Trading and Communication NetworksCommunication Networks

• Financial services in India changed Financial services in India changed since 1991since 1991


Service IndustryService Industry

• Largest and fastest-growing sector in the Largest and fastest-growing sector in the global economy in the last 2 decades global economy in the last 2 decades

• Provides more than 60 per cent of global Provides more than 60 per cent of global outputoutput

• Also provides a larger share of Also provides a larger share of employmentemployment

• It now contributes around 51 percent of It now contributes around 51 percent of GDP GDP

• Growth pattern in the service sector has Growth pattern in the service sector has not been uniform across all services in not been uniform across all services in India India


Computer Computer

Assisted Assisted

Auditing TechniquesAuditing Techniques

(CAAT)(CAAT)


CAATsCAATs

• Provides reasonable evidenceProvides reasonable evidence• Helps in performingHelps in performing

– Tests of transactions Tests of transactions – Analytical review procedures Analytical review procedures – Compliance tests Compliance tests – Sampling ProgramsSampling Programs– Penetration TestingPenetration Testing

• Need for CAATNeed for CAAT– Audit Objective Audit Objective – Nature of data to be reviewedNature of data to be reviewed– Availability of requisite CAAT toolsAvailability of requisite CAAT tools– Availability of skilled audit staffAvailability of skilled audit staff


CAATsCAATs

• Types of computer audit Types of computer audit softwaresoftware– Generalized Audit software toolsGeneralized Audit software tools– Specialized Audit test and analysis Specialized Audit test and analysis

softwaresoftware– Utility softwareUtility software– Test data techniquesTest data techniques– Expert systems Expert systems – Embedded audit procedures Embedded audit procedures


Standards Standards

on on

Internal AuditInternal Audit

27

Internal Audit Standards Internal Audit Standards Board - IASBBoard - IASB

• Internal Audit Standards Board was Internal Audit Standards Board was constituted as the Committee on constituted as the Committee on Internal Audit in the year 2004Internal Audit in the year 2004

• With the mission of reinforcing the With the mission of reinforcing the primacy of the Institute of Chartered primacy of the Institute of Chartered Accountants of India (ICAI)Accountants of India (ICAI)



Standards on Internal Standards on Internal AuditAudit1.1. Standard on Internal Audit (SIA) 1, Planning an Standard on Internal Audit (SIA) 1, Planning an

Internal Audit Internal Audit

2.2. Standard on Internal Audit (SIA) 2, Basic Standard on Internal Audit (SIA) 2, Basic Principles Governing Internal Audit Principles Governing Internal Audit

3.3. Standard on Internal Audit (SIA) 3, Standard on Internal Audit (SIA) 3, Documentation Documentation


Standards on Internal Standards on Internal AuditAudit4.4. Standard on Internal Audit (SIA) 4, Reporting Standard on Internal Audit (SIA) 4, Reporting

5.5. Standard on Internal Audit (SIA) 5, Sampling Standard on Internal Audit (SIA) 5, Sampling

6.6. Standard on Internal Audit (SIA) 6, Analytical Standard on Internal Audit (SIA) 6, Analytical Procedures Procedures


Standards on Internal Standards on Internal AuditAudit7.7. Standard on Internal Audit (SIA) 7, Quality Standard on Internal Audit (SIA) 7, Quality

Assurance in Internal Audit Assurance in Internal Audit

8.8. Standard on Internal Audit (SIA) 8, Terms Standard on Internal Audit (SIA) 8, Terms of Internal Audit Engagement of Internal Audit Engagement

9.9. Standard on Internal Audit (SIA) 9, Standard on Internal Audit (SIA) 9, Communication with Management Communication with Management


Standards on Internal Standards on Internal AuditAudit10.10.Standard on Internal Audit (SIA) 10, Internal Standard on Internal Audit (SIA) 10, Internal

Audit Evidence Audit Evidence

11.11.Standard on Internal Audit (SIA) 11, Standard on Internal Audit (SIA) 11, Consideration of Fraud in an Internal Audit Consideration of Fraud in an Internal Audit

12.12.Standard on Internal Audit (SIA) 12, Internal Standard on Internal Audit (SIA) 12, Internal Control EvaluationControl Evaluation


Standards on Internal Standards on Internal AuditAudit13.13.Standard on Internal Audit (SIA) 13, Enterprise Standard on Internal Audit (SIA) 13, Enterprise

Risk Management Risk Management

14.14.Standard on Internal Audit (SIA) 14, Internal Standard on Internal Audit (SIA) 14, Internal Audit in an Information Technology Environment Audit in an Information Technology Environment

15.15.Standard on Internal Audit (SIA) 15, Knowledge Standard on Internal Audit (SIA) 15, Knowledge of the Entity and its Environmentof the Entity and its Environment


Standards on Internal Standards on Internal AuditAudit16.16.Standard on Internal Audit (SIA) 16, Standard on Internal Audit (SIA) 16,

Using the Work of an ExpertUsing the Work of an Expert

17.17.Standard on Internal Audit (SIA) 17, Standard on Internal Audit (SIA) 17, Consideration of Laws and Regulations in Consideration of Laws and Regulations in an Internal Audit an Internal Audit


Professional Professional OpportunitiesOpportunities

InIn

Internal AuditInternal Audit

35

1. Internal Controls 1. Internal Controls AuditingAuditing

– Evaluation of Effectiveness Internal Audit Evaluation of Effectiveness Internal Audit FunctionFunction

– Providing Assurance regarding Internal Providing Assurance regarding Internal ControlsControls

– Determination of Adequacy of Internal Determination of Adequacy of Internal Control FrameworkControl Framework

– Internal Audit evaluating the policies and Internal Audit evaluating the policies and procedures of the organizationsprocedures of the organizations

– Offering Control Self AssessmentOffering Control Self Assessment



1. Internal Controls 1. Internal Controls AuditingAuditing– Internal Audit of various controls in an Internal Audit of various controls in an OrganizationOrganization

• Cash and Bank BalanceCash and Bank Balance

• CapitalCapital

• Debenture and Long Term LoansDebenture and Long Term Loans

• Creditors, Accruals, ProvisionCreditors, Accruals, Provision

• Contingent LiabilitiesContingent Liabilities


1. Internal Controls 1. Internal Controls AuditingAuditing

• Purchase & Other ExpenditurePurchase & Other Expenditure

• Sales & Other IncomeSales & Other Income

• Fixed AssetFixed Asset

• InvestmentsInvestments

• Debtors, Prepayments, Accrued IncomeDebtors, Prepayments, Accrued Income

• Stock and WIPStock and WIP

• Wages & SalariesWages & Salaries

• Bank BranchesBank Branches

• Bank Head Office/Central OfficeBank Head Office/Central Office

38

2. Internal Audit 2. Internal Audit Functions /Requirements Functions /Requirements Under Various LawsUnder Various Laws

– Risk Based Internal Audit (RBIA) in Banks Risk Based Internal Audit (RBIA) in Banks under RBI Guidanceunder RBI Guidance

– Internal Audit requirement under sections Internal Audit requirement under sections 302 and 404 of the Sarbanes Oxley Act of 302 and 404 of the Sarbanes Oxley Act of 2002 f2002 f

– Compliance of Internal Audit requirements Compliance of Internal Audit requirements under Companies (Auditor's Report) Order, under Companies (Auditor's Report) Order, 20032003

– Internal audit of Operations of Depositary Internal audit of Operations of Depositary ParticipantsParticipants

– Internal Audit requirements mandated by Internal Audit requirements mandated by SEBI on a half yearly basis for stock SEBI on a half yearly basis for stock brokers/trading members/ clearing membersbrokers/trading members/ clearing members


39


– System Audit of Investment functions of System Audit of Investment functions of Insurance CompaniesInsurance Companies

– Concurrent Audit in banksConcurrent Audit in banks– Internal audit to be undertaken in respect of Internal audit to be undertaken in respect of

Credit Rating Companies Operations Credit Rating Companies Operations – Internal Audit of Mutual fundsInternal Audit of Mutual funds– Internal Audit of CustodiansInternal Audit of Custodians– Internal Audit of Registrar & Share Transfer Internal Audit of Registrar & Share Transfer

AgentsAgents


40


– Internal audit mandatory for multiple Internal audit mandatory for multiple banking or consortium - RBIbanking or consortium - RBI

– Internal Audit requirement every Internal Audit requirement every quarterly required for insurers under quarterly required for insurers under IRDA (Investment) (Fourth Amendment) IRDA (Investment) (Fourth Amendment) Regulations, 2008Regulations, 2008


41

3. 3. Enterprise Risk Enterprise Risk Management – The ERM Management – The ERM RoleRole• Providing assurance on the design and Providing assurance on the design and

effectiveness of risk management effectiveness of risk management processes.processes.

• Providing assurance that risks are Providing assurance that risks are correctly evaluated.correctly evaluated.

• Evaluating risk management processes.Evaluating risk management processes.

• Evaluating the reporting on the status of Evaluating the reporting on the status of key risks and controls.key risks and controls.



3.Enterprise Risk 3.Enterprise Risk Management – The ERM Management – The ERM RoleRole• Reviewing the management of key risks, Reviewing the management of key risks,

including the effectiveness of the controls and including the effectiveness of the controls and other responses to them.other responses to them.

Consulting ActivitiesConsulting Activities• Championing the establishment of ERM within the Championing the establishment of ERM within the

organization.organization.• Developing risk management strategy for board Developing risk management strategy for board

approval.approval.• Facilitating the identification and evaluation of Facilitating the identification and evaluation of

risks.risks.


3.Enterprise Risk 3.Enterprise Risk Management – The ERM Management – The ERM RoleRole• Coaching management on responding to Coaching management on responding to

risks.risks.• Coordinating ERM activities.Coordinating ERM activities.• Consolidating the reporting on risks.Consolidating the reporting on risks.• Maintaining and developing the ERM Maintaining and developing the ERM

framework.framework.

Roles the internal auditors should NOT Roles the internal auditors should NOT undertake areundertake are::

• Setting the risk appetite.Setting the risk appetite.• Imposing risk management processes.Imposing risk management processes.


3.Enterprise Risk 3.Enterprise Risk Management – The ERM Management – The ERM RoleRole• Providing assurance to the board and Providing assurance to the board and

managementmanagement

• Making decisions on risk responses. Making decisions on risk responses. This is management's responsibility.This is management's responsibility.

• Implementing risk responses on Implementing risk responses on management s behalf.management s behalf.

• Accountability for risk management.Accountability for risk management.

45

4. 4. Internal Audit of Internal Audit of Compliance of Compliance of Standards on Internal Standards on Internal Audit Audit

– Till date there are 17 standards issued Till date there are 17 standards issued by IASB ,ICAIby IASB ,ICAI

– Standards on Internal Audit shall be Standards on Internal Audit shall be recommendatory in nature in the initial recommendatory in nature in the initial period. period.

– The Standards shall become The Standards shall become mandatory from such date as notified mandatory from such date as notified by the Council.by the Council.



Framework for Assurance Framework for Assurance Engagement Engagement (Effective 1(Effective 1stst April 2008) April 2008)

• Framework defines the elements and Framework defines the elements and objectives of an assurance objectives of an assurance engagementengagement

• Frame of reference is offered to Frame of reference is offered to – PractitionersPractitioners– Other involved in assurance engagementsOther involved in assurance engagements– AASB Board in the development of SAs, AASB Board in the development of SAs,

SREs and SAEsSREs and SAEs


Framework for Assurance Framework for Assurance Engagement (Engagement (Effective 1Effective 1stst April 2008) April 2008)

• The framework distinguishes the The framework distinguishes the assurance engagements from other assurance engagements from other engagements like consulting engagements like consulting engagementsengagements

• Assurance engagements include Assurance engagements include internal audit and due diligence internal audit and due diligence audits.audits.


Framework for Assurance Framework for Assurance

Engagement Engagement (Effective 1(Effective 1stst April 2008 April 2008))

• Definition of Assurance Engagement under Definition of Assurance Engagement under the Framework the Framework

““““Assurance engagement” means an Assurance engagement” means an engagement in which a practitioner engagement in which a practitioner expresses a conclusion designed to expresses a conclusion designed to enhance the degree of confidence of the enhance the degree of confidence of the intended users other than the responsible intended users other than the responsible party about the outcome of the evaluation party about the outcome of the evaluation or measurement of a subject matter or measurement of a subject matter against criteria.”against criteria.”


Framework for Assurance Framework for Assurance Engagement Engagement (Effective 1(Effective 1stst April 2008) April 2008)

Framework identifies 5 elements of Framework identifies 5 elements of assurance engagements namelyassurance engagements namely– A three party relationshipA three party relationship– A subject matterA subject matter– CriteriaCriteria– EvidenceEvidence– Assurance ReportAssurance Report

50

5. Monitoring XBRL 5. Monitoring XBRL Implementation & Reporting Implementation & Reporting ResultsResults

– Ensuring savings in cost/resources for Ensuring savings in cost/resources for redundant data related work - XBRL redundant data related work - XBRL ensures data re-usabilityensures data re-usability

– Efficiency gains in external reporting Efficiency gains in external reporting processesprocesses

– Enables more frequent Enables more frequent review/updation of internal credit review/updation of internal credit rating systemrating system




– Integrating different systems and provide Integrating different systems and provide for easier generation of complete, for easier generation of complete, consolidated and centralized informationconsolidated and centralized information

– Enhanced internal controls/audit Enhanced internal controls/audit processes if XBRL is extensively processes if XBRL is extensively leveragedleveraged

– Generation of standard and ad-hoc Generation of standard and ad-hoc reports as requiredreports as required

– Ease of incorporating data for various Ease of incorporating data for various analytical studies and periodic reportsanalytical studies and periodic reports



– Use of business intelligence tool for advanced Use of business intelligence tool for advanced analytics and drill-down/roll up facilityanalytics and drill-down/roll up facility

– Contextual and explanatory information Contextual and explanatory information available around every dataavailable around every data

– There is a common framework of definitionsThere is a common framework of definitions– Corporate information is available with Corporate information is available with

transparency and accuracytransparency and accuracy– Comparison of financial data among multiple Comparison of financial data among multiple

companies made easiercompanies made easier

53

6. Audit of IFRS 6. Audit of IFRS Convergence Convergence

• Whether IFRS standards followedWhether IFRS standards followed

• Selection of options providedSelection of options provided

• First time adoption options selectedFirst time adoption options selected

• Fair value determinationsFair value determinations


54

7. Forensic Audit7. Forensic Audit

– Strengthens control mechanisms, with Strengthens control mechanisms, with the objective of protecting the the objective of protecting the business against financial crimesbusiness against financial crimes

– Can play an important role for Can play an important role for companies under review by regulatory companies under review by regulatory authoritiesauthorities

– Can help protect organizations from Can help protect organizations from the long-term damage to reputation the long-term damage to reputation caused by the publicity associated with caused by the publicity associated with insider crimes. insider crimes.


55

8.Fraud Detection8.Fraud Detection

• Banking FraudsBanking Frauds

• Insurance FraudsInsurance Frauds

• Stock market fraudsStock market frauds

• Internet fraudsInternet frauds

• Investment FraudsInvestment Frauds

• Cyber crimesCyber crimes


56

8. Fraud Detection8. Fraud Detection

Common type of frauds which internal Common type of frauds which internal auditors are likely to come acrossauditors are likely to come across

• Frauds in computerized environmentFrauds in computerized environment• Cheque fraudCheque fraud• Trojan horse fraud or the time bomb fraudTrojan horse fraud or the time bomb fraud• Achilles Heel fraudsAchilles Heel frauds• Piggyback fraudsPiggyback frauds• Accounting manipulationsAccounting manipulations


57

9.Internal Audit & 9.Internal Audit & Corporate GovernanceCorporate Governance

– The four characteristics of good governance The four characteristics of good governance areare• Transparency, Transparency, • Accountability, Accountability, • Effectiveness/efficiency and Effectiveness/efficiency and • Responsiveness. Responsiveness.

– The role of internal control in a CG frameworkThe role of internal control in a CG framework– Risk AssessmentRisk Assessment– Providing Assurance regarding controlsProviding Assurance regarding controls– ComplianceCompliance– Consulting and Operations Consulting and Operations



9.Internal Audit & 9.Internal Audit & Corporate GovernanceCorporate Governance

– Organizational Independence is vital Organizational Independence is vital for an effective internal audit function for an effective internal audit function of the governance frameworkof the governance framework

– An Internal Audit Charter helps in An Internal Audit Charter helps in administering the audit functionadministering the audit function

– Unrestricted access to all forms of Unrestricted access to all forms of evidence offers efficient audit resultsevidence offers efficient audit results

59

10.Internal Audit Of 10.Internal Audit Of Management FunctionsManagement Functions

– Business strategy processBusiness strategy process– Human resources functionsHuman resources functions– Marketing strategyMarketing strategy– Production processProduction process


60

Internal Audit of Human Internal Audit of Human Resource FunctionResource Function

• The Human resource audit ensures The Human resource audit ensures that the organization is aware of the that the organization is aware of the existing laws and rules and whether existing laws and rules and whether it is implementing them effectively.it is implementing them effectively.

• This creates an atmosphere of This creates an atmosphere of transparency and goes a long way in transparency and goes a long way in avoiding legal confrontation later avoiding legal confrontation later


61

Internal Audit of Human Internal Audit of Human Resource FunctionResource Function• Human Resource Management (HRM) is Human Resource Management (HRM) is

the function within an organization that the function within an organization that focuses on recruitment of, management focuses on recruitment of, management of, and providing direction for the people of, and providing direction for the people who work in the organization. who work in the organization.

• The Human resource audit ensures that The Human resource audit ensures that the followingthe following– organization is aware of the existing laws and organization is aware of the existing laws and

rules and whether it is implementing them rules and whether it is implementing them effectively so that legal confrontation is effectively so that legal confrontation is avoided later. Tavoided later. T

..


62


– It helps build trust in the minds of the It helps build trust in the minds of the employees who are confident that employees who are confident that things pertaining to their wellbeing are things pertaining to their wellbeing are being taken care of being taken care of

– It also makes the HR employees familiar It also makes the HR employees familiar with the current laws. with the current laws.

– It adds credibility to the company in the It adds credibility to the company in the eyes of the investors, who may look eyes of the investors, who may look favorably. favorably.


63


– Laws such as those pertaining to Laws such as those pertaining to discrimination, sexual harassment, discrimination, sexual harassment, overtime etc should be particularly overtime etc should be particularly looked into. looked into.

– Even seemingly minor things such as Even seemingly minor things such as the employment application should be the employment application should be studied if it solicits inappropriate studied if it solicits inappropriate information information


64

11.Stock Audit/Credit 11.Stock Audit/Credit AuditAudit

• Stock audit for bank borrowersStock audit for bank borrowers

• Stock audit other than bank borrowersStock audit other than bank borrowers


65

12.Internal Audit of 12.Internal Audit of Compliance with Commercial Compliance with Commercial Laws (Illustrative List)Laws (Illustrative List)

1.1. Anti Money Laundering LawsAnti Money Laundering Laws

2.2. Laws relating to Alternate Dispute ResolutionLaws relating to Alternate Dispute Resolution

3.3. Laws relating Real EstateLaws relating Real Estate

4.4. Family and Succession Laws Family and Succession Laws

5.5. Legal Metrology laws Legal Metrology laws

6.6. Laws Relating to Charity Laws Relating to Charity

7.7. Labour Laws Labour Laws

8.8. IPR IPR

9.9. Insolvency Laws/BIFR Insolvency Laws/BIFR


66


10.10.Securitization LawsSecuritization Laws

11.11.Laws relating to Non Banking Financial Laws relating to Non Banking Financial InstitutionsInstitutions

12.12.Competition Laws Competition Laws

13.13.Consumer Laws Consumer Laws

14.14.Laws relating to Cooperative SocietiesLaws relating to Cooperative Societies

15.15.Corporate LawsCorporate Laws

16.16.Laws Relating To Limited Liability Laws Relating To Limited Liability Partnership (LLP)Partnership (LLP)


67


17.17.Laws Relating To Micro, Small And Medium Laws Relating To Micro, Small And Medium Enterprises (MSMES) Enterprises (MSMES)

18.18.Banking LawsBanking Laws

19.19.Insurance Laws Insurance Laws

20.20.Securities Law Securities Law

21.21.Laws relating to International Trade Laws relating to International Trade

22.22.Foreign Exchange Management LawsForeign Exchange Management Laws

23.23.Right to Information Law Right to Information Law

24.24.Laws relating to Special Economic Zones (SEZ) Laws relating to Special Economic Zones (SEZ)


68


25.25.Energy Laws Energy Laws

26.26.Carriage Laws And Multi-Modal Carriage Laws And Multi-Modal Transportation Of Goods Transportation Of Goods

27.27.Laws relating to Aviation SectorLaws relating to Aviation Sector

28.28.Laws relating to Telecom IndustryLaws relating to Telecom Industry

29.29.Laws relating to PharmaceuticalsLaws relating to Pharmaceuticals

30.30.Information Technology and Cyber LawsInformation Technology and Cyber Laws

31.31.Environmental LawsEnvironmental Laws

32.32.Carbon Credit Carbon Credit


69

13.Due Diligence (26)13.Due Diligence (26)

1.1. Commercial Due DiligenceCommercial Due Diligence

2.2. Legal Due DiligenceLegal Due Diligence

3.3. Operational Due Diligence Operational Due Diligence

4.4. Business Strategy/ Management Culture Business Strategy/ Management Culture Due Diligence Due Diligence

5.5. Environmental Due Diligence Environmental Due Diligence

6.6. Human Resource Due Diligence Human Resource Due Diligence


70

13.Due Diligence13.Due Diligence

7.7. Marketing Due Diligence Marketing Due Diligence

8.8. Business Environmental Due Diligence Business Environmental Due Diligence

9.9. Preliminary Due Diligence Preliminary Due Diligence

10.10. Full Due Diligence Full Due Diligence

11.11. Ongoing Due Diligence Ongoing Due Diligence

12.12. Private Equity Due Diligence Private Equity Due Diligence


71


13.13. Mergers and Acquisitions Due Diligence Mergers and Acquisitions Due Diligence 14.14. Joint Venture Due Diligence Joint Venture Due Diligence 15.15. Venture Capital Due Diligence Venture Capital Due Diligence 16.16. Purchase of Business Due Diligence Purchase of Business Due Diligence 17.17. Investment in Business Due Diligence Investment in Business Due Diligence 18.18. Loans for Business Due Diligence Loans for Business Due Diligence


72


19.19. Partnership in Business Due Diligence Partnership in Business Due Diligence 20.20. Substantial Supply to Business Due Substantial Supply to Business Due

Diligence Diligence 21.21. Financial and Accounting Due Diligence Financial and Accounting Due Diligence 22.22. Tax Due Diligence Tax Due Diligence 23.23. Information Technology Due Diligence Information Technology Due Diligence 24.24. Strategic and Commercial Due Diligence Strategic and Commercial Due Diligence


73


25.25. Investor Due Diligence Investor Due Diligence

26.26. Vendor Due Diligence Vendor Due Diligence



14. Social Audit14. Social Audit

• Prepare a statement of purpose, Prepare a statement of purpose, objectives, key issues and activities for objectives, key issues and activities for Social Auditing.Social Auditing.

• Preparation of Social accounting plan and Preparation of Social accounting plan and timelinetimeline

• Budgeting for Social AuditBudgeting for Social Audit• Prepare social accounts using existing Prepare social accounts using existing

information, data collected and views of information, data collected and views of stakeholders.stakeholders.

• Reviewing support to civil society for its Reviewing support to civil society for its participationparticipation


14. Social Audit14. Social Audit

• The 6 steps followed in the performance The 6 steps followed in the performance of Social Audit areof Social Audit are

– Preparatory activities Preparatory activities – Defining audit boundaries and identifying Defining audit boundaries and identifying

stakeholders stakeholders – Social accounting and book‐keeping Social accounting and book‐keeping – Preparing and using social accounts Preparing and using social accounts – Social audit and dissemination Social audit and dissemination – Feedback and institutionalization of social Feedback and institutionalization of social

auditaudit


15. Environmental Audit15. Environmental Audit

• Reviewing the effectiveness of Reviewing the effectiveness of Environmental ManagementEnvironmental Management

• Reviewing the compliance of an Reviewing the compliance of an organization with all regulatory and organization with all regulatory and environmental performanceenvironmental performance

• Ensuring conformity with environmental Ensuring conformity with environmental assessment requirementsassessment requirements

• Testing the accuracy of the assessmentTesting the accuracy of the assessment


16. Corporate Social 16. Corporate Social Responsibility (CSR) AuditResponsibility (CSR) Audit• Gain an understanding of Corporate Social Responsibility Gain an understanding of Corporate Social Responsibility

(CSR) influences and initiatives. (CSR) influences and initiatives. • Understand CSR stakeholders and their needs. Understand CSR stakeholders and their needs. • Understand the economic value proposition and reputation Understand the economic value proposition and reputation

drivers. drivers. • Examine how organizations approach: climate change Examine how organizations approach: climate change

challenges, health and safety issues, and supply chain challenges, health and safety issues, and supply chain imperatives. imperatives.

• Review emerging practices in social responsibility and Review emerging practices in social responsibility and sustainable development.sustainable development.

• Examine CSR links to governance and risk management.Examine CSR links to governance and risk management.• A guidance on social responsibility ISO 26000:2010 ( Draft A guidance on social responsibility ISO 26000:2010 ( Draft

Stage) can be referred toStage) can be referred to• Network with your peers on this emerging area of internal Network with your peers on this emerging area of internal

audit focus. audit focus.


16. Corporate Social 16. Corporate Social Responsibility (CSR) AuditResponsibility (CSR) Audit

• A CSR audit program can cover all or any of the A CSR audit program can cover all or any of the following risks:following risks:

– Effectiveness of the operating framework for CSR Effectiveness of the operating framework for CSR implementationimplementation

– Effectiveness of implementation of specific, large Effectiveness of implementation of specific, large CSR projectsCSR projects

– Adequacy of internal control and review Adequacy of internal control and review mechanismsmechanisms

– Reliability of measures of performanceReliability of measures of performance– Management of risks associated with external Management of risks associated with external

factors like regulatory compliance, management factors like regulatory compliance, management of potential adverse NGO attention, etcof potential adverse NGO attention, etc


17. ISO 9000 Audit17. ISO 9000 Audit

– The term The term ISO 9000 ISO 9000 has two different has two different meanings: meanings: • It refers to a single standard (ISO 9000) and It refers to a single standard (ISO 9000) and

• It refers to a set of three standards (ISO It refers to a set of three standards (ISO 9000, ISO 9001, and ISO 9004). 9000, ISO 9001, and ISO 9004).

– All three are referred to as All three are referred to as quality quality management system standardsmanagement system standards



• Two types of auditing are required to Two types of auditing are required to become registered to the standard: become registered to the standard: auditing by an external certification auditing by an external certification body (external audit) and audits by body (external audit) and audits by internal staff trained for this process internal staff trained for this process (internal audits).(internal audits).

• The internal audit programs The internal audit programs comprises of five programs comprises of five programs



• The five programs comprise ofThe five programs comprise of– ISO 9001 ISO 9001 Compliance Audit ProgramCompliance Audit Program – ISO 9001 ISO 9001 Policy Audit ProgramPolicy Audit Program – ISO 9001 ISO 9001 Procedures Audit ProgramProcedures Audit Program – ISO 9001 ISO 9001 Process Audit ProgramProcess Audit Program – ISO 9001 ISO 9001 Records Audit ProgramRecords Audit Program


18. Cyber Audit18. Cyber Audit

– COBIT based AuditsCOBIT based Audits• Reviews of Baselines and Standards for ITReviews of Baselines and Standards for IT

• Information System ImplementationsInformation System Implementations

• Pre-Implementation ReviewPre-Implementation Review

• Implementation of Controls Certification Reviews Implementation of Controls Certification Reviews

• Post Implementation ReviewPost Implementation Review

• Code Development / Source Code Management Code Development / Source Code Management ReviewsReviews

• General Controls ReviewsGeneral Controls Reviews

• Data Center reviewsData Center reviews

• Audits of the Business Continuity ProgramAudits of the Business Continuity Program


18. Cyber Audit18. Cyber Audit

• Audits of Security ConfigurationAudits of Security Configuration

• Reviews of Security AdministrationReviews of Security Administration

• Reviews of IT Purchasing and ProcurementReviews of IT Purchasing and Procurement

• Application Review / AuditsApplication Review / Audits

• Audits of Business ProcessesAudits of Business Processes

– System AuditSystem Audit– Internal Audit of System Security PolicyInternal Audit of System Security Policy– Network Security AuditNetwork Security Audit– Quality Management Systems AuditQuality Management Systems Audit

84

19. 19. Industry Specific Internal Industry Specific Internal Audit ProgramsAudit Programs (Illustrative (Illustrative List)List)

1.1. Educational InstitutionsEducational Institutions2.2. Information Technology CompaniesInformation Technology Companies3.3. HotelsHotels4.4. HospitalsHospitals5.5. Stock BrokersStock Brokers6.6. Portfolio ManagerPortfolio Manager7.7. CompanyCompany8.8. Mutual FundsMutual Funds


85

19. 19. Industry Specific Internal Industry Specific Internal Audit ProgramsAudit Programs (Illustrative (Illustrative List)List)

8.8. Construction CompanyConstruction Company9.9. BanksBanks10.10.Manufacturing CompanyManufacturing Company11.11.Insurance CompanyInsurance Company12.12.Non Banking Finance CompaniesNon Banking Finance Companies13.13.Asset Management CompanyAsset Management Company14.14.Telecom CompaniesTelecom Companies15.15.Cooperative SocietiesCooperative Societies



20. Assurance Services20. Assurance Services

1.1. Revenue AuditRevenue Audit2.2. Special AuditSpecial Audit3.3. Concurrent AuditConcurrent Audit4.4. Income & Expenditure AuditIncome & Expenditure Audit5.5. Grants AuditGrants Audit6.6. Projects AuditProjects Audit7.7. Investigative AuditInvestigative Audit8.8. CAG Audit for PSUsCAG Audit for PSUs9.9. Diligence ReportDiligence Report10.10. Assurance On Sustainability ReportingAssurance On Sustainability Reporting


List of Audit /Assurance List of Audit /Assurance Services under Internal Services under Internal AuditAudit1.1. Financial AuditFinancial Audit2.2. Operational AuditOperational Audit3.3. Grant AuditGrant Audit4.4. Project AuditProject Audit5.5. Information Systems AuditInformation Systems Audit6.6. Compliance AuditCompliance Audit7.7. Investigative AuditInvestigative Audit8.8. Enterprise Risk ManagementEnterprise Risk Management


List of Audit /Assurance List of Audit /Assurance Services under Internal Services under Internal AuditAudit9.9. Assurance on Sustainability Assurance on Sustainability

ReportingReporting

10.10.Revenue AuditRevenue Audit

11.11.Special AuditSpecial Audit

12.12.Audit of Public Sector UndertakingAudit of Public Sector Undertaking

13.13.Audit of Stock BrokersAudit of Stock Brokers

21. Internal Audit of 21. Internal Audit of Tendering ProcessTendering Process

1.1. Open TendersOpen Tenders

2.2. Limited or Closed TendersLimited or Closed Tenders

3.3. International Competitive Bidding (ICB)International Competitive Bidding (ICB)

4.4. National Competitive Bidding (NCB)National Competitive Bidding (NCB)

5.5. Request for Proposal (RPF)Request for Proposal (RPF)

6.6. Request for Quote (RFQ)Request for Quote (RFQ)

7.7. Request for Information (RFI)Request for Information (RFI)

8.8. Expression of Interest (EOI)Expression of Interest (EOI)

21. Internal Audit of 21. Internal Audit of Tendering ProcessTendering Process

9.9. Single Envelop BiddingSingle Envelop Bidding

10.10.2 Envelop Bidding2 Envelop Bidding

11.11.Multiple Envelop BiddingMultiple Envelop Bidding

22. Audit of Sustainability 22. Audit of Sustainability Initiatives and Integrated Initiatives and Integrated ReportsReports• Report on Sustainability Progress and IssuesReport on Sustainability Progress and Issues• Best Practice Assessments – identify Best Practice Assessments – identify

enhancement opportunitiesenhancement opportunities• Best Practice Standards/Framework – Best Practice Standards/Framework –

Adoption of externally recognized Adoption of externally recognized framework, guidelines, standards in testing framework, guidelines, standards in testing sustainability activities and performance sustainability activities and performance measurementsmeasurements

• Assurance Service – Performing the Assurance Service – Performing the “Sustainability Readiness Audit” of non “Sustainability Readiness Audit” of non financial performance measurements for financial performance measurements for independent auditindependent audit

22. Audit of Sustainability 22. Audit of Sustainability Initiatives and Integrated Initiatives and Integrated ReportsReports• Advisory Opportunities – offering Advisory Opportunities – offering

consultancy services to management consultancy services to management by identifying key trends like green by identifying key trends like green building, brand positioningbuilding, brand positioning

• Looking out for regulatory changes Looking out for regulatory changes and process verification in place to and process verification in place to communicate changes if anycommunicate changes if any


Internal Audit Internal Audit

ReportingReporting


Contents of a Good Contents of a Good Internal/Assurance Audit Internal/Assurance Audit ReportReportThe assurance report should include The assurance report should include

the following basic elements the following basic elements – A TitleA Title– An addressee An addressee – An identification and description of the An identification and description of the

subject matter information and, when subject matter information and, when appropriate, the subject matter appropriate, the subject matter

– Identification of the criteria Identification of the criteria


Contents of a Good Contents of a Good Internal/Assurance Audit Internal/Assurance Audit ReportReport

– Where appropriate, a description of any Where appropriate, a description of any significant, inherent limitation associated with significant, inherent limitation associated with the evaluation or measurement of the subject the evaluation or measurement of the subject matter against the criteria matter against the criteria

– When the criteria used to evaluate or measure When the criteria used to evaluate or measure the subject matter are available only to specific the subject matter are available only to specific intended users, or are relevant only to a intended users, or are relevant only to a specific purpose, a statement restricting the specific purpose, a statement restricting the use of the assurance report to those intended use of the assurance report to those intended users or that purpose users or that purpose



– A statement to identify the responsible A statement to identify the responsible party and to describe the responsible party and to describe the responsible party’s and the practitioner’s party’s and the practitioner’s responsibilities responsibilities

– A statement that the engagement was A statement that the engagement was performed in accordance with SAEs performed in accordance with SAEs

– A summary of the work performed A summary of the work performed – Practitioner’s Signature Practitioner’s Signature



– The assurance report date The assurance report date – The place of signature – the report The place of signature – the report

should name specific location, which is should name specific location, which is ordinarily the city where the report is ordinarily the city where the report is signed signed


Audit Reporting CycleAudit Reporting Cycle

• Outline Audit findingsOutline Audit findings• Preparation of Audit report - First Preparation of Audit report - First

draft draft • Discussion with clientDiscussion with client• Preparation of Final Audit report draftPreparation of Final Audit report draft• Closing conferenceClosing conference• Issuance of Final reportIssuance of Final report• Evaluation and Follow UpEvaluation and Follow Up


Role of an Internal Role of an Internal AuditorAuditor

The role of an Internal Auditor can be The role of an Internal Auditor can be simply captured in four pointssimply captured in four points

• To act as a CatalystTo act as a Catalyst

• To interface between different To interface between different groupsgroups

• To advise on the processTo advise on the process

• To report the facts of audit resultsTo report the facts of audit results


Characteristics of an Characteristics of an Internal AuditorInternal Auditor

• ProfessionalismProfessionalism

• ProficiencyProficiency

• Due Professional CareDue Professional Care

• Continuing Professional DevelopmentContinuing Professional Development

• IndependenceIndependence

101

How to Succeed as an How to Succeed as an Internal AuditorInternal Auditor

• Sharpen dialogue with top management Sharpen dialogue with top management and directors in order to clearly establish and directors in order to clearly establish the value-added objectives of internal audit the value-added objectives of internal audit (i.e., strategic issues, risk management and (i.e., strategic issues, risk management and protection of company assets).protection of company assets).

• Realign to meet key stakeholders’ Realign to meet key stakeholders’ expectations (stockholders, executive expectations (stockholders, executive management, external auditors and management, external auditors and regulators).regulators).

• Think and act strategically.Think and act strategically.


102


• Expand audit coverage to include “tone at Expand audit coverage to include “tone at the top,” the conduct of executive the top,” the conduct of executive management in protecting the company.management in protecting the company.

• Assess and strengthen expertise for Assess and strengthen expertise for complex business auditing.complex business auditing.

• Leverage technology in high-risk areas.Leverage technology in high-risk areas.

• Focus on enterprise risk management Focus on enterprise risk management capabilities.capabilities.


103


• Make the audit process dynamic, Make the audit process dynamic, changing with changed business changing with changed business conditions.conditions.

• Strengthen quality assurance Strengthen quality assurance processes.processes.

• Measure the enhanced performance Measure the enhanced performance against expectations of stakeholders.against expectations of stakeholders.


Invitation for the Invitation for the activities of IASBactivities of IASB• Preparing draft for new standardsPreparing draft for new standards

• Preparing background material for Preparing background material for industry specific guidance noteindustry specific guidance note

• Articles on internal audit for CA journalArticles on internal audit for CA journal

Contact email id Contact email id [email protected]

104CA Rajkumar S. Adukia

mailto:[email protected]


Questions ????Questions ????

CA Rajkumar S AdukiaCA Rajkumar S Adukia 106106

Thank You!!Thank You!!

Documents

Professional Opportunities in Internal Audit/Assurance Work