Internal Audit Methodology
Download as PPTX, PDF35 likes35,026 views
The document provides an overview of internal audit methodology. It defines internal audit as an independent function that appraises entity operations to strengthen governance and controls. The agenda outlines types of audits like compliance, operational and risk-based audits. It then describes the stages of a risk-based internal audit framework from defining scope to the audit report. Tools discussed include an audit tracker, control testing, and preparing audit reports and presentations.
![Types of Audits
6
Financial
Audit or a
Typical
Internal
Audit
A financial audit, or more accurately, an audit of financial statements, is
the verification of the financial statements of a legal entity, with a view to
express an audit opinion.
http://en.wikipedia.org/wiki/Financial_audit
Risk Based
Audit
Risk based Internal Audit (RBIA) is an internal methodology which is
primarily focused on the inherent risk involved in the activities or system
and provide assurance that risk is being managed by the management
within the defined risk appetite level.[1] It is the risk management
framework of the management and seeks at every stage to reinforce the
responsibility of management and BOD (Board of Directors) for managing
risk
http://en.wikipedia.org/wiki/Risk_based_audit
Control
Based Audit
Audit of Controls
Internal control is a process, effected by an entity’s board of directors,
management, and other personnel, designed to provide reasonable
assurance regarding the achievement of objectives relating to operations,
reporting, and compliance. -COSO](https://image.slidesharecdn.com/internalauditmethodologyicaiwirc20140510-140511223232-phpapp02/85/Internal-Audit-Methodology-6-320.jpg)
Internal Audit Methodology
- 1. Internal Audit Methodology Presented by CA Manoj Agarwal May 10, 2014, Mumbai, ICAI
- 2. Disclaimer All the contents of the presentation constitute the opinion of the speaker, and the speaker alone; they do not represent the views and opinions of the speaker’s employers, supervisors, nor do they represent the view of organizations, businesses or institutions the speaker is, or has been a part of. 2
- 3. Agenda • Definition of Internal Audit • Types of Audit • Internal Audit Methodology • Tools 3
- 4. Definition 4 “Internal audit is an independent management function, which involves a continuous and critical appraisal of the functioning of an entity with a view to suggest improvements thereto and add value to and strengthen the overall governance mechanism of the entity, including the entity’s strategic risk management and internal control system. Internal audit, therefore, provides assurance that there is transparency in reporting, as a part of good governance.” -The Internal Audit Standards Board of the ICAI “Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes” -Definition of Internal Auditing by Institute of Internal Auditors (IIA)
- 5. Types of Audits 5 Compliance Audit A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines. http://searchcompliance.techtarget.com/definition/compliance-audit Operational Audit Operational Audit is a systematic review of effectiveness, efficiency and economy of operation. http://en.wikipedia.org/wiki/Operational_audit Quality Audit Quality audit is the process of systematic examination of a quality system carried out by an internal or external quality auditor or an audit team. It is an important part of organization's quality management system and is a key element in the ISO quality system standard, ISO 9001. http://en.wikipedia.org/wiki/Compliance_Audit Functional Audit An audit that is held prior to software delivery in order to verify that all requirements specified in the software requirements document have been met. ICAI : A Functional Audit deals with one or more functions in an organization. It could concern, for example, the payroll function for a division or for the company as a whole. (Para 19.8.4 of chapter 19 of Advanced auditing and professional ethics - CA Final (3))
- 6. Types of Audits 6 Financial Audit or a Typical Internal Audit A financial audit, or more accurately, an audit of financial statements, is the verification of the financial statements of a legal entity, with a view to express an audit opinion. http://en.wikipedia.org/wiki/Financial_audit Risk Based Audit Risk based Internal Audit (RBIA) is an internal methodology which is primarily focused on the inherent risk involved in the activities or system and provide assurance that risk is being managed by the management within the defined risk appetite level.[1] It is the risk management framework of the management and seeks at every stage to reinforce the responsibility of management and BOD (Board of Directors) for managing risk http://en.wikipedia.org/wiki/Risk_based_audit Control Based Audit Audit of Controls Internal control is a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance. -COSO
- 7. Auditor’s Dilemma 7 Cost Dilemma Giving a level of confidence that IA has captured and assessed ‘all’ material risk that threaten the company
- 8. Risk Based Audit 8 Type Stage 1 Stage 2 Stage 3 Stage 4 Stage 5 Stage 6 Stage 7 Stage 8 RBIA Framework Defining Scope Mapping Risk Registration/ Identificatio n Control Identifica tion Control Investigation Audit Test Audit Report Risk profiling Risk taxonomies Business unit mapping Risk register Risk evaluation Control owner Volume Value Complexity Cost SOP SOD Past losses IT Risk definition card: Description Includes Excludes Driver Impact Processes Systems KPIs Function boundaries Transactions All risks Risk type Risk levels Risk Sizes Statistical tools Material and potential loss from control weakness Criteria to assess whether the control has been operated effectively or compromised by staff What to sample? How much to sample?
- 9. My Risk Based Audit 9 Type Stage 1 Stage 2 Stage 3 Stage 4 Stage 5 Stage 6 Stage 7 Stage 8 RBIA Framework Defining Scope Mapping Risk Registration/ Identificatio n Control Identificatio n Control Investigati on Audit Test Audit Report My IA Financial Scoping Mapping Top 3 Risks Control identificatio n Checkpoin ts Testing Audit report Trial balance Common size statement Identificatio n of major items groups Identifica tion of Major Items with in group Compliance, FA, Bank Tools Pareto Rule Audit Tracker, Excel (Pivot, Sort, Index, vlookup), Benford Law, Pareto Rule (80:20) Audit Report
- 10. Tools Audit Tracker 1. Contacts (of auditee/ audit team) 2. Status Tracker (Scope, Start Date, Completion date, Reason for Pending, responsibility, Population, Sample, Sample methodology, remarks) 3. Review Notes 4. Requirement Tracker (Requirement, Area, Responsibility, Request Date, Received date, Time Lag in receipt of data, days lapsed) 5. Checklist (Scope, Sub scope, Risk, Control, Checkpoints, Population, Sample, Exceptions, Observations, Backup paper) 6. Query Sheet (Query, Financial Impact, Risk, recommendations, Area, Annexure, Resolved, Response, Responsibility, Reportable/ Dropped, Backup paper) 7. Audit Completion Checklist 10 Control Failure Vs. impact of business control failure Traffic Light vs. specific financial amounts
- 11. Tools Audit Report 1. Cover letter, 2. Background and Objective of audit 3. Scope and approach 4. Detailed Observation (High, Medium, Low) 5. Other Points for Management Attention 6. Positive assurance Audit Presentation 1. Audit Summary (Area, Location, Audit Period, Audit Team, Function Head, Scope, Field audit dates/ period) 2. Scope, Sampling and Limitation to scope 3. Positive Assurance 4. Key Observations 5. Other observations 11
- 12. Resources • Risk Based Audit: https://drive.google.com/file/d/0B9LJxar8oKPmQ0JxaEpJRmxMaVU/edit? usp=sharing • Risk Template: https://app.box.com/s/p7tns5kbrliny06mnouu 12