standards on internal audit v1.0

8/2/2019 Standards on Internal Audit V1.0

1/29

Standards on Internal Audit

Business Risk ServicesChennaiTraining SessionSeptember 24, 2011

- Praveen Kumar , Assistant Manager


2/29

Contents

1. Internal AuditIndian Scenario

2. Statutory Requirement for Internal Audit

3. Standards on Internal Audit

4. Important Requirements of the Standard


3/29

We all know what is an Internal Audit?


4/29

ICAI Definition of Internal Audit

Internal audit is an independent managementfunction,

involving a continuous and critical appraisalof the

functioning of the entity

to suggest certain improvementsandvalue additions

to strengthen thegovernancemechanism of the entity

includingstrategic risk managementand internal control system

to provide assurance regardingtransparency in reporting.


5/29

Is Internal Audit MANDATORY?


6/29

Companies (Auditor's Report) Order,2003. Clause (vii) requires the auditor to

report as follows:

Whether the Company has aninternal audit system

commensurate with itssize andnature of business


7/29

Other statutory requirements of internal

audit

IRDA (Investment) (Fourth Amendment) Regulations, 2008has introduced requirements of quarterly internal audit forinsurers.

The Securities and Exchange Board of India has mandated

complete internal audit on a half-yearly basis for stockbrokers/trading members/ clearing members.


8/29

Other statutory requirements of internal

audit

Compliance to provisions of Clause 49 of the listing agreementwhich imposes duties on Audit Committee to review anddiscuss with the internal auditors on the internal controls ofthe companies.

Section 292A of the Companies Act, 1956, requires public

companies having paid up capital not less than Rs. 5 crorestoconstitute a committee of the Board, i.e., the AuditCommittee and also requires internal auditors to attend theaudit committee meetings


9/29

Should only Chartered Accountants be

Internal Auditors?


10/29

Is there any statutory requirement that

only a Chartered Accountant beappointed as Internal Auditor?


11/29

YES!

Which Act? Which section?

Section 581ZF of the Companies Act, 1956 requires that every Producer Company

shall have internal audit of its accounts carried out by a Chartered Accountant

Then for OTHER COMPANIES??


12/29

No Statutory Requirement that only a

Chartered Accountant be appointed asInternal Auditors!

But In India, as a practice a Chartered

Accountant is appointed as an internal

auditor


13/29

As Chartered Accountants are generally

appointed as Internal Auditors ICAI has

issued the Standards on Internal Audit toregulate and provide guidance to

members


14/29

Applicability of Standards of Internal

Audit

While carrying out Internal Audits, it shall be the dutyof themember to comply with the requirementsof the internal auditstandards.

If for some reason, member of the institute has not able tocomply to the requirement of the standards, the reportshould draw attention to material departures

Non compliance to the above requirements may result inprofessional misconduct


15/29

Standards on Internal Audit issued by

ICAI17 Standards

1. Planning an Internal Audit

2. Basic Principles Governing InternalAudit

3. Documentation

4. Reporting

5. Sampling

6. Analytical Procedures

7. Quality Assurance in Internal Audit

8. Terms of Internal AuditEngagement

9. Communication with Management

10. Internal Audit Evidence

11. Consideration of Fraud in an InternalAudit

12. Internal Control Evaluation

13. Enterprise Risk Management

14. Internal Audit in an InformationTechnology Environment

15. Knowledge of the Entity and itsEnvironment

16. Using the Work of an Expert

17. Consideration of Laws and Regulationsin an Internal Audit


16/29

SIA 3Documentation

What is to be documented:

Matters which provide evidence that the audit was carried out as per the standardsand support his findings

Why documentation?

aids in planning and performing the internal audit

aids in supervision and review of the

provide evidence of the internal audit work performed to support the internalauditors findings and opinion.

aid in third party reviews

provide evidence of the fact that the internal audit is performed inaccordance terms of engagement


17/29

SIA 3Documentation

Form and content of documentationInternal audit documentation should record the

internal audit charter,

the internal audit plan,

the nature, timing and extent of audit procedures performed, and

the conclusions drawn from the evidence obtained

Audit documentation to include all aspects of the engagement

Engagement acceptance;

Engagement planning; Risk assessment

Review of findings

Communication and follow up

Documentation to also contain who prepared the work paper, who reviewed the work paper. Thepreparer and reviewer are required to sign off the work paper


18/29

SIA 3Documentation

Time limit for completion of documentationThe internal audit file should be assembled within sixty daysafter the signing of theinternal audit report.

Ownership

The work paper documents obtained during internal audit is the property of theinternal auditor.

Retention of work papers

Audit documentation to be retained for a period of seven years


19/29

SIA 4Audit Report

Basic elements of Internal Audit Report1. Title;

2. Addressee;

3. Report Distribution List;

4. Period of coverage of the Report;

5. Opening or introductory paragraph:

identification of the processes/ functions and items of financial statementsaudited; and

a statement of the responsibility of the entitys management and the

responsibility of the internal auditor;6. Objectives paragraph - statement of the objectives and scope of the internal

audit engagement;

7. Scope paragraph (describing the nature of an internal audit):

8. Executive Summary, highlighting the key material issues, observations, controlweaknesses and exceptions;


20/29

SIA 4Audit Report

Basic Elements of Internal Audit Report9. Observations, findings and recommendations made by the internal auditor;

10. Comments from the local management;

11. Action Taken ReportAction taken/ not taken pursuant to the observations

made in the previous internal audit reports;12. Date of the report;

13. Place of signature; and

14. Internal auditors signature with Membership Number.

Standard also suggests to include a clause on Restriction on usage and report circulation otherwiseto the intended recipients


21/29

SIA 5Sampling

What is Audit Sampling:

"Audit sampling" means the application of audit procedures to less than 100% of the items within an account balance or class of transactions

to enable the internal auditor to obtain and evaluate audit evidence about somecharacteristic of the items selected

in order to form a conclusion concerning the population;

Sampling risk means

the risk that from the possibility that the internal auditors conclusions, based on

examination of a sample may be different from the conclusion reached if the entire population was

subjected to the same types of internal audit procedure.


22/29

SIA 5Sampling

TolerableError

Considerations whendetermining the sample size

Smaller sample sizes are considered when the population is expected to be error free

Smaller the tolerable error, greater the sample size to be


23/29

SIA 5SamplingSample Size Table

Smaller sample sizes are considered when the population is expected to be error free

Smaller the tolerable error, greater the sample size to be

Frequency of control activity

Minimum sample size

Risk of failure

Lower Higher

Annual 1

Quarterly (including period- end, i.e., +1) 1+1 1+1Monthly 2 3

Weekly 5

Daily 15 25

Recurring manual control (multiple times perday) 25 40

SIA 5 S li S l S l i


24/29

SIA 5SamplingSample SelectionMethodology

Using

RandomNumber

Generators

SystematicSelection

HaphazardSelection

BlockSelection

SIA 5 S li D i


25/29

SIA 5SamplingDocumentationRequirements1. Relationship between the design of the sample vis a visspecific audit objectives, population

from which sample is drawn and the sample size.

2. Assessment of the expected rate of error in the population to be tested vis a visauditorsunderstanding of the design of the relevant controls.

3. Assessment of the sampling risk and the tolerable error.

4. Assessment of the nature and cause of errors.

5. Rationale for using a particular sampling technique and results thereof.

6. Analysis of the nature an cause of any errors detected in the sample.

7. Projection of the errors found in the sample to the population.

8. Reassessment of sampling risk, where appropriate.

9. Effect of the sample results on the internal audits objective(s).

10. Projection of sample results to the characteristics of the population.


26/29

SIA 10Audit Evidence

The internal auditor should, based on his professional judgment, obtain sufficientappropriateevidence to enable him to draw reasonable conclusions therefrom on which to base his opinionor findings.

Sufficient evidenceSufficiency refers to the quantum of evidences

Appropriate evidence Appropriateness relates to relevance of the evidences

Internal Auditors judgment as to what is sufficient and appropriate internal audit evidence is

influenced by:

1. The materiality of the item.

2. The type of information available.

3. Degree of risk of misstatement which may be affected by factors such as :

The nature of the item.

The nature or size of the business carried on by the entity.

Situation which may exert an unusual influence on management.


27/29

SIA 10Audit Evidence

Inspection ObservationInquiry and

Confirmation

AnalyticalReview

Computation

Methods of obtaining audit evidence:


28/29

Let us follow SIA


29/29

Any Questions?

standards on internal audit v1.0

Documents