1 / 118

Standard on Internal Audit (SIA) 1

Standard on Internal Audit (SIA) 1. Planning an Internal Audit. Objectives of Planning Use of Internal Audit Factors affecting Planning Process Scope of Planning Factors affecting scope of Internal Audit. Planning process. Objective of Planning.

sibyl
Télécharger la présentation

Standard on Internal Audit (SIA) 1

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Standard on Internal Audit (SIA) 1

  2. Planning an Internal Audit • Objectives of Planning • Use of Internal Audit • Factors affecting Planning Process • Scope of Planning • Factors affecting scope of Internal Audit. • Planning process

  3. Objective of Planning Internal audit plan is a document defining the scope, coverage and resources, including time, required for an internal audit over a defined period. Objectives include: • suggest improvements to the functioning of the entity. • strengthen the overall governance mechanism of the entity

  4. Use of Internal Audit • Understand, assess and evaluate the risks and adequacies of the prevalent internal controls. • Identifying areas for systems improvement • Ensuring optimum utilization of the resources • Ensuring proper and timely identification of liabilities • Ensuring compliance with internal/ external guidelines • Safeguarding the assets of the entity • Reviewing and ensuring adequacy of information systems security and control. • Reviewing and ensuring adequacy, relevance, reliability and timeliness of management information system.

  5. Factors affecting Planning Process • Objectives of the activity and significant risks associated with the same. • The risk management and internal control system instituted in the organization. • Selection of engagement team. • Business/Industry developments. • Changes in the financial reporting framework

  6. Scope of Planning • Knowledge of the legal and regulatory framework • Knowledge of the entity’s accounting, internal control systems and policies • Determining the effectiveness of the internal control procedures • Determining the nature, timing and extent of procedures to be performed • Identifying the activities warranting special focus • Allocation of staff to different activities. • Setting the time budget for each of the activities • Identifying the reporting responsibilities

  7. Factors affecting scope of Internal Audit • Terms of the engagement • Nature of accounting system and Accounting policies adopted. • Nature of information technology system used by the client • Authorization and delegation of authority in the systems environment • The nature of management information system in vogue and Expected audit coverage • Materiality thresholds established in respect of various areas of audit • Nature and extent of audit evidence to be obtained • Experience and skills of the staff • Requirements of the applicable pronouncements of the ICAI. • Statutory or regulatory framework in which the entity operates

  8. Planning Process • Obtaining Knowledge of the Business • Establishing the Audit Universe • Establishing the Objectives of the Engagement • Establishing the Scope of the Engagement • Deciding the Resource Allocation • Preparation of Audit Programme

  9. Standard on Internal Audit (SIA) 2

  10. Basic Principles Governing Internal Audit • Integrity, Objectivity and Independence • Confidentiality • Due Professional Care , Skills and Competence • Work performed by Others and Documentation • Planning • Evidence • Internal Control; and Risk Management System • Reporting

  11. Integrity, Objectivity and Independence • Straightforward, honest and sincere in his approach to his professional work • Maintain an impartial attitude • Immediately bring any actual or apparent conflict of interest to the attention of the appropriate level of management Confidentiality • Maintain the confidentiality of the information acquired in the course of his work

  12. Due Professional Care , Skills and Competence Due professional Care to be applied: • In Deciding the extent of work required to achieve the objectives of the engagement. • In assessment of risk management • Control and governance processes and • Cost benefit analysis. • Obtain skills and competence through general education, technical knowledge through study and formal courses.

  13. Work Performed by Others • Direct, supervise and review the work delegated to assistants. • No reasons to believe that he should not have relied on the work of the expert • Responsible for forming his opinion on the areas/ processes being subject to internal audit or his findings. Documentation Document matters, providing evidence that the audit was carried out in accordance with the Standards on Internal Audit

  14. Planning • Obtain knowledge of the legal and regulatory framework • Obtain knowledge of the entity’s accounting and internal control systems. • Determining the effectiveness of the internal control procedures. • Identifying the activities warranting special focus • Setting the time budget for each of the activities • Identifying the reporting responsibilities • Benchmark the actual results of the activities.

  15. Internal Control and Risk Management Systems • Obtain an understanding of the risk management and internal control framework. • Perform steps for assessing the adequacy. • Review the adequacy. • Perform risk-based audits on the basis of risk assessment process. • Evidence: obtain appropriate evidence to draw reasonable conclusions. • Reporting: Review and assess the conclusions drawn from the evidence obtained and suggest remedial action

  16. Standard on Internal Audit (SIA) 3

  17. Documentation • Reviewer • Use of documentation • Factors affecting Documentation • Matters to be Documented • Identification of Preparer and Reviewer • Exceptional Circumstances • Document Retention and Access

  18. REVIEWER Reviewer means an Individual who has: • reasonable knowledge and experience of internal audit processes • reasonable knowledge of SIAs, other relevant pronouncements of the Institute. • reasonable understanding of the business environment in which the entity operates • reasonable understanding of internal audit issues relevant to the entity’s industry

  19. Use of Documentation Enables an experienced internal auditor, having no previous connection with the internal audit to understand: • The nature, timing and extent of the audit procedures performed. • The results of the audit procedures and the audit evidence obtained. • Significant matters arising during the audit and the conclusions reached thereon. • Terms and conditions of an internal audit engagement, scope of work, reporting requirements, any other special conditions, affecting the internal audit.

  20. Factors affecting Documentation • The nature and extent of the audit procedures to be performed • The identified risks of material misstatement • The extent of judgment required in performing the work. • The significance of the audit evidence obtained. • The nature and extent of exceptions identified. • The need to document a conclusion or the basis for a conclusion. • The audit methodology and tools used.

  21. Matters to be Documented • Engagement letter or the internal audit charter • Internal audit plan and programme, Chart of the organizational structure and Progress report, MIS report. • Analytical procedures performed and results thereof • Copies of significant contracts and agreements • Internal review reports • Evaluation questionnaires, checklists, flowcharts • Certification and representations obtained from management • Results of risk and internal control assessments

  22. Identification of Preparer and Reviewer • Who performed that task and the date such work was completed. • Who reviewed the task performed and the date and extent of such review. • Reasons for creating particular internal audit documentation. • Source of the information contained in the internal audit documentation and • Any cross referencing to any other internal audit documentation • The preparers and reviewers of the internal audit documentation should also sign the workings. • The internal audit file should be assembled within sixty days after the signing of the internal audit report.

  23. Exceptional Circumstances • The details of circumstances encountered along with the documentary evidence. • The new or additional audit procedures performed, audit evidence obtained, and conclusions reached and • When and by whom the resulting changes to the audit documentation were made, and reviewed.

  24. Document Retention and Access • Formulate policies for custody and retention. • Ownership of audit documents. • Access to Third party. • Retention of Documents.

  25. Standard on Internal Audit (SIA) 4

  26. Reporting Contents of the SIA • Introduction • Basic Elements of Internal Audit Report • Communication to Management • Limitation on Scope • Restriction on Usage and Report Circulation Otherwise Than to the List of Intended Recipients

  27. Introduction and Basic Elements of an Internal Audit Report Introduction • To establish standards on the form and content of the internal auditor’s report. Basic Elements of an Audit Report • Title • Addressee • Report Distribution List • Period of coverage of the Report • Opening or introductory paragraph, Objectives & scope Paragraph • Executive Summary • Observations, findings and recommendations • Comments from the local management and Action Taken Report • Date, Place, Signature with membership number of the Internal Auditor.

  28. Communication to Management • Communication with the management to ensure that the recommendations in the final report are practical. • The stages of communication and discussion should be as under : • Discussion Draft • Exit Meeting • Formal Draft • Final Report

  29. Limitation on scope and Restriction on Usage and Report Circulation • Limitation on Scope • When there is a limitation on the scope of the work, the report should describe the limitation. • Restriction on Usage and Report Circulation Otherwise Than to the List of Intended Recipients • The Report should contain: • It should be used for intended purpose only as agreed upon. • The circulation of the Report should be limited to the recipients mentioned in the Report Distribution List.

  30. Standard on Internal Audit (SIA) 5

  31. Sampling Contents of the SIA • Introduction • Definitions • Use of Sampling in Risk Assessment Procedures and Tests of Controls • Design of the Sample • Sample Size • Statistical and Non-Statistical Approaches • Selection of the Sample • Evaluation of Sample Results • Documentation

  32. Introduction ,Definition and Use of Sampling • Introduction To establish standards on the design and selection of an audit sample and provide guidance on the use of audit sampling. • The SIA defines the following • Audit Sampling • Error • Population • Sampling Risk • Sampling Unit • Statistical Sampling • Tolerable Error • Use of sampling in Risk Assessment and tests of control • To obtain an understanding of the entity, business and its environment, and its internal control. • Sampling of tests of controls is appropriate when application of the control leaves audit evidence of performance • Risk can be reduced by increasing sample size for both tests of controls and tests of details.

  33. Design and size of the sample and Statistical and non Statistical Approaches • Design of the sample • The sample should be designed considering the specific audit objectives, the population from which the auditor wishes to sample, and the sample size • Sample Size • Should be determined considering sampling risk, the tolerable error, and the expected error. • Lower the risk, greater the sample size. • Statistical and Non-Statistical Approaches • Decision of using either statistical or non-statistical sampling is a matter of the internal auditor’s professional judgment. • When applying statistical sampling, sample size may be ascertained using either probability theory or professional judgment.

  34. Selection & Evaluation of Sample • Selection of Sample • It should be selected in such a way that the sample can be expected to be representative of the population. • Commonly used sampling methods are: • Random selection and use of CAAT’s • Systematic Selection • Haphazard Selection • Evaluation of Sample Results The auditor should: • Analyse the nature and cause of any errors detected in the sample. • Project the errors found in the sample to the population. • Reassess the sampling risk. • Consider their possible effect on the particular internal audit objective. • Evaluate the sample results to determine if the assessment of the relevant characteristics of the population is confirmed or not.

  35. Documentation • The documentation includes: • Relationship between the design of the sample and specific audit objectives. • Assessment of the expected rate of error in the population to be tested. • Assessment of the sampling risk and the tolerable error • Assessment of the nature and cause of errors. • Rationale for using a particular sampling technique and results thereof. • Analysis of the nature an cause of any errors detected in the sample. • Projection of the errors found in the sample to the population • Reassessment of sampling risk, where appropriate • Effect of the sample results on the internal audit’s objective.

  36. Standard on Internal Audit (SIA) 6

  37. Analytical Procedures Contents of the SIA • Introduction. • Nature and Purpose. • Analytical Procedures as Risk Assessment Procedures and in Planning the Internal Audit. • Analytical Procedures as Substantive Procedures. • Analytical Procedures in the Overall Review at the End of the Internal Audit. • Extent of Reliance on Analytical Procedures • Investigating Unusual Items or Trends.

  38. Introduction, Nature and Purpose Introduction • To apply analytical procedures as the risk assessment procedures at the planning and overall review stages of the internal audit. • Nature and Purpose • Analytical procedures include the consideration of comparisons of the entity's financial and non-financial information. • In determining the extent to which the analytical procedures should be used, the following factors have to be considered • Significance of the area being examined. • Adequacy of the system of internal control. • Availability and reliability of financial and non-financial information. • Precision with which the results of analytical procedures can be predicted. • Availability and comparability of information regarding the industry in which the organization operates. • Extent to which other auditing procedures provide support for audit results.

  39. Analytical Procedures as Risk Assessment Procedures and as Substantive Procedures • Analytical Procedures as Risk Assessment Procedures and in Planning the Internal Audit. • To obtain an understanding of the business, the entity and its environment and in identifying areas of potential risk. • Planning the internal audit for use both financial and non-financial information • Analytical Procedures as Substantive Procedures • To reduce detection risk relating to specific financial statement assertions and assertions relating to process. • Inquire with the management as to the availability and reliability of information needed to apply analytical procedures.

  40. Analytical Procedures in the Overall Review at the End of audit, Extent of reliance and Investigating Unusual Items or Trends Analytical procedure should be applied at or near the end of the internal audit when forming an overall conclusion. • Extent of Reliance on Analytical Procedures is based on the following factors • Materiality of the items involved. • Internal audit procedures directed toward the same internal audit objectives. • Accuracy with which the expected results of analytical procedures can be predicted. • Assessments of inherent and control risks. • Investigating Unusual Items or Trends • When analytical procedures identify significant fluctuations or • When relationships that are inconsistent with other relevant information or • Data that deviate from predicted amounts. The internal auditor should investigate and obtain adequate explanations and appropriate corroborative evidence.

  41. Standard on Internal Audit (SIA) 7

  42. Quality Assurance in Internal Audit • Introduction • Scope and Objective • In House Internal Audit • Quality Review

  43. Internal Audit • Independent management function. • Continuous and critical appraisal of the entity • Suggest improvements and strengthen the overall governance mechanism of the entity. • Provides assurance that there is transparency in reporting, as a part of good governance.

  44. Scope and Objective Scope: • Applicable whenever an internal audit is carried. • Whether by internal audit department or external firm of Professional accountants. Objective: • To Establish standards and provide guidance • To Ensure Compliance with professional standards, regulatory and legal requirements. • To Improve functionalities of the organization, Transparency in reporting and good governance.

  45. In House Internal Audit • Leadership responsibilities for quality in internal audit • Ethical requirements • Acceptance and continuance of client relationship and specific engagement • Human resources • Engagement performance • Monitoring

  46. Quality Review • Internal Quality Reviews • Internal Quality Reviewer • Communicating the results of Internal Quality Reviews • External Quality Reviews • External Quality Reviewer • Communicating the results of External Quality Reviews

  47. Standard on Internal Audit (SIA) 8

  48. Terms of Internal Audit Engagement • Introduction • Elements of Terms of Engagement • Withdrawal from Engagement

  49. Introduction • Agree on the terms of the engagement before commencement of Audit. • The agreed terms would need to be recorded in an engagement letter. • The responsibility of the internal auditor to prepare the engagement letter. • To be signed both by the internal auditors as well as the auditee. • Approval by Board of Directors/ Audit Committee. • Periodic review and modification of Terms of Engagement.

  50. Elements of Terms of Engagement • Scope • Responsibility • Authority • Confidentiality • Limitations • Reporting • Compensation • Compliance with Standards

More Related