INTERNAL AUDIT SmitaChaudhri Accountant General (C&RA) U.P.
Audit types – common terminologies Three categories of audit : • CA audit • External / Statutory ( also known as audit by CAG/AG) • Internal audit.
Audit types – common terminologies CA audit • For companies / corporations / nigams • Done by CA firms • Appointed by the management to check if the accounts present a true and fair view • For PSUs – appointed by CAG • If accounts have been prepared according to the accounting standards (AS) laid down by the ICAI. • Annual accounts are audited by these auditors. • Satyam case…..
Audit types – common terminologies External Audit • obvious - it is by an agency external to the entity • For governments – it is by the SAI ( in India – CAG) • For international organizations – UN , WHO etc – by SAIs of member nations • For PSUs – CAG • It is independent therefore - impartial • Responsible to the legislature. • Functions under authority of Act. • Checks - whether expenditure made was economical , efficient , effective and as per rules and revenue collection optimized
Audit types – common terminologies Internal audit • a diagnostic aid of top management • to enable pinpointing of problems , internal control weaknesses and to suggest system improvements • a part of the executive function enjoying its own degree of autonomy • accountable to the entity but should be independent of the activity it audits in order to achieve its objectives • hence world over – IA reports directly to the Board/Audit committee • is under administrative control of CEO of firms / companies/ corporations • in Government – should report directly to the Secy /Pr Secy of the department • in US – operates under an Act
Similarities & Differences • All check accuracy of financial data. • EA & IA – focus on expenditure control and revenue optimization , adherence to policies • EA focus is to unearth frauds and errors , annual / periodical exercise • IA focus - on prevention of frauds and errors , continuous stocktaking exercise • CA audit focus – correctness / accuracy of financial statements • EA – independent , impartial. Governed by DPC Act • IA – part of the entity , but should be independent of the part it audits – hence report direct to CEO. Governed by rules of organization • CA Audit – appointed by management , responsible to code / standards set by ICAI / CAG/ GASAB
Definition - IA As defined by the Institute of Internal Auditors IA is : • An Independent , objective assurance activity designed to add value & improve an organization’s operations. • It helps the organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve effectiveness of the management , control and governance processes.
Role of Internal Audit • chief role – • to render effective financial advice through recurrent and sufficient sustained checks of the system of internal controls • to help ensure an orderly and efficient conduct of business including adherence to policies, prevention of frauds and errors and ensure completeness of financial records. • a tool of the management to ensure expenditure control and revenue optimization through system improvement
Role of Internal Audit • management – responsible for establishing policies /processes to help organization achieve specific objectives. • IA – evaluates whether the policies are designed properly and whether they are operating effectively • identifies potential risk areas • risks can be – strategic, operational, financial, legal / regulatory
Role of Internal Audit • role in corporate governance – as one of the 4 pillars ( BOD, management, EA, IA) • improving of internal control is with reference to: • effectiveness and efficiency of operations. • reliability of financial reporting • compliance to laws & regulations
Is IA a new concept ? • for Government – comparatively new especially in our country • In UP – started in 2000, • WB was 1st state - in 1998 • for private sector – old concept , initially stated as informal tool of owner / management • after WW-II formal structure evolved, institute of Internal Auditors set up , standards developed • especially strong in banking / financial institutions
Elements of IA • Organizational independence - from management – needed to enable unrestricted evaluation of activities and personnel • Independence refers to – • reporting line – who does IA ( IAO ) report to ? • status of IA- and the IAO - so as to actively fulfill responsibilities • attitude to IA – free from interference – esp w.r.t scope , performing of the audit & communicating results • right of communication – directly to BOD/ head of the organization If even one of these is compromised the IA loses its relevance
Planning IA • Prepare a plan • Take management inputs while preparing plan so that it is clear that goals of IA & organization are on the same track • Establish and communicate the scope of audit to management • Develop understanding of the processes under review • Identify key risks • Identify control procedures developed to control each process • Sample and test check to examine control processes through interview , examining documents • Report which should have recommendations • Follow up
IA Reports Elements of internal audit reports: ( the 5 Cs) • Condition –what was the problem identified • Criteria – what standard or policy could not be met • Cause – why did the problem occur • Consequence – what are the possible outcomes/ risks associated with the problem • Corrective action - recommendation
Internal Audit in Government • In the Private sector priorities are well defined – profit maximization • In Govt. – • policies & priorities based on public good , welfare schemes , etc. • limited scope / no incentives for efficiency • disincentive – for proactive protecting of public interest • wastage due to poor judgement in managing / allocating resources
Internal Audit in Government • Audit reports highlighting these are generally felt as damaging to Govt in power and / or to bureaucrats in control position • Therefore IA in Govt presents unique opportunities and a challenge to advocates of good governance • The Challenge – • work through & with the system to achieve objectives , ensure public resources are effectively and efficiently used • change mindset, promote independence, expand scope and develop a skill set which helps decision making
Internal Audit in Government Drawbacks while international standards ( like accounting standards ) are available - • Governmental IA continues to focus on relatively minor issues viz; accuracy of accounts, pointing out irregularities and frauds , check if initial books of account are maintained • it is like compliance audit, is accorded low priority, • there are lack of resources and professional knowledge • no specific mandate is given by the executive
Why IA in Govt ? • fiscal responsibility and accountability legislation – has changed scenario in Govt • coming of outcome budgeting – will lead to shift in emphasis from outlays to outcomes • disclosure statements will become a part of budget • more transparency - RTI act , 24* 7 media , increased communication NEED OF THE HOUR • accountability • responsiveness IA - an aid to achieve this
Can IA aid effective governance ? IA – • is control of all controls – checks whether internal controls are working as they should • offers scope for mid course correction • preventive vigilance as it concurrent rather than post audit • to be taken as constructive input • encouraged to give +ve recommendation
Can IA aid effective governance ? YES Why ?? a mandate of IA is to identify potential risk areas • risks can be – strategic, operational, financial, legal / regulatory • Govt manages huge resources – hence larger exposure to risks
Can IA aid effective governance ? Risks in Govt • Financial – like frauds, embezzlements • Legal- not depositing EPF, non deduction of WCT, TDS • Strategic & Operational • biased beneficiary selection, inconsistencies in programme management with objectives • failures – to meet contractual obligations • project delays – time /cost overruns • Environmental damage – (recent Mumbai chlorine gas leak) • Threat assessment and response – 26/11
Risk assessment by IA • citizens lose if public services are inefficient / inadequate • if fail to meet public expectations – reputation of department / Govt. suffers Identification of risks and mitigation will help • better service delivery , • better project management, • improved allocation of resources , minimize waste
Can IA aid effective governance ? in brief - IA can check • whether Government policies as set out in rules & regulations – are understood and properly implemented • whether codes of conduct for Government employees – followed or not • whether levels of delegation of authority, responsibility and accountability and their demarcation / checks are clear • presence or absence of - long and short term planning for setting up objectives • cost benefit studies of major activities - whether the results are in conformity with the goals
Can IA aid effective governance ? IA can check • the reliability and integrity of financial and operating information • the means utilized to safeguard and verify the existence of financial and physical assets. • proper accounting and operating procedures to ensure reliability of accounting data and efficiency of operations • review of operations – to reduce possibility of fraud / collusion
conclusion world is dynamic , rapidly evolving with changes in technology , globalization , deregulation this causes – • rapid change in Govt. business • changed relationship between Govt & citizens • rising public expectations
hence - need for robust monitoring mechanisms to deliver quality services to citizens effective IA – a major tool for ensuring delivery