INTERNAL AUDIT

1
INTERNAL AUDIT

• Smita Chaudhri
• Accountant General (CRA) U.P.

2
Audit types common terminologies

• Three categories of audit
• CA audit
• External / Statutory ( also known as audit by
  CAG/AG)
• Internal audit.

3
Audit types common terminologies

• CA audit
• For companies / corporations / nigams
• Done by CA firms
• Appointed by the management to check if the
  accounts present a true and fair view
• For PSUs appointed by CAG
• If accounts have been prepared according to the
  accounting standards (AS) laid down by the ICAI.
• Annual accounts are audited by these auditors.
• Satyam case..

4
Audit types common terminologies

• External Audit
• obvious - it is by an agency external to the
  entity
• For governments it is by the SAI ( in India
  CAG)
• For international organizations UN , WHO etc
  by SAIs of member nations
• For PSUs CAG
• It is independent therefore - impartial
• Responsible to the legislature.
• Functions under authority of Act.
• Checks - whether expenditure made was economical
  , efficient , effective and as per rules and
  revenue collection optimized

5
Audit types common terminologies

• Internal audit
• a diagnostic aid of top management
• to enable pinpointing of problems , internal
  control weaknesses and to suggest system
  improvements
• a part of the executive function enjoying its own
  degree of autonomy
• accountable to the entity but should be
  independent of the activity it audits in order to
  achieve its objectives
• hence world over IA reports directly to the
  Board/Audit committee
• is under administrative control of CEO of firms /
  companies/ corporations
• in Government should report directly to the
  Secy /Pr Secy of the department
• in US operates under an Act

6
Similarities Differences

• All check accuracy of financial data.
• EA IA focus on expenditure control and
  revenue optimization , adherence to policies
• EA focus is to unearth frauds and errors , annual
  / periodical exercise
• IA focus - on prevention of frauds and errors ,
  continuous stocktaking exercise
• CA audit focus correctness / accuracy of
  financial statements
• EA independent , impartial. Governed by DPC Act
• IA part of the entity , but should be
  independent of the part it audits hence report
  direct to CEO. Governed by rules of organization
• CA Audit appointed by management , responsible
  to code / standards set by ICAI / CAG/ GASAB

7
Definition - IA

• As defined by the Institute of Internal Auditors
  IA is
• An Independent , objective assurance activity
  designed to add value improve an organizations
  operations.
• It helps the organization accomplish its
  objectives by bringing a systematic, disciplined
  approach to evaluate and improve effectiveness of
  the management , control and governance
  processes.

8
Role of Internal Audit

• chief role
• to render effective financial advice through
  recurrent and sufficient sustained checks of the
  system of internal controls
• to help ensure an orderly and efficient conduct
  of business including adherence to policies,
  prevention of frauds and errors and ensure
  completeness of financial records.
• a tool of the management to ensure expenditure
  control and revenue optimization through system
  improvement

9
Role of Internal Audit

• management responsible for establishing
  policies /processes to help organization achieve
  specific objectives.
• IA evaluates whether the policies are designed
  properly and whether they are operating
  effectively
• identifies potential risk areas
• risks can be strategic, operational, financial,
  legal / regulatory

10
Role of Internal Audit

• role in corporate governance as one of the 4
  pillars ( BOD, management, EA, IA)
• improving of internal control is with reference
  to
• effectiveness and efficiency of operations.
• reliability of financial reporting
• compliance to laws regulations

11
Is IA a new concept ?

• for Government comparatively new especially in
  our country
• In UP started in 2000,
• WB was 1st state - in 1998
• for private sector old concept , initially
  stated as informal tool of owner / management
• after WW-II formal structure evolved, institute
  of Internal Auditors set up , standards developed
  
• especially strong in banking / financial
  institutions

12
Elements of IA

• Organizational independence - from management
  needed to enable unrestricted evaluation of
  activities and personnel
• Independence refers to
• reporting line who does IA ( IAO ) report to ?
• status of IA- and the IAO - so as to actively
  fulfill responsibilities
• attitude to IA free from interference esp
  w.r.t scope , performing of the audit
  communicating results
• right of communication directly to BOD/ head of
  the organization
• If even one of these is compromised the IA loses
  its relevance

13
Planning IA

• Prepare a plan
• Take management inputs while preparing plan so
  that it is clear that goals of IA organization
  are on the same track
• Establish and communicate the scope of audit to
  management
• Develop understanding of the processes under
  review
• Identify key risks
• Identify control procedures developed to control
  each process
• Sample and test check to examine control
  processes through interview , examining documents
  
• Report which should have recommendations
• Follow up

14
IA Reports

• Elements of internal audit reports ( the 5 Cs)
• Condition what was the problem identified
• Criteria what standard or policy could not be
  met
• Cause why did the problem occur
• Consequence what are the possible outcomes/
  risks associated with the problem
• Corrective action - recommendation

15
Internal Audit in Government

• In the Private sector priorities are well
  defined profit maximization
• In Govt.
• policies priorities based on public good ,
  welfare schemes , etc.
• limited scope / no incentives for efficiency
• disincentive for proactive protecting of public
  interest
• wastage due to poor judgement in managing /
  allocating resources

16
Internal Audit in Government

• Audit reports highlighting these are generally
  felt as damaging to Govt in power and / or to
  bureaucrats in control position
• Therefore IA in Govt presents unique
  opportunities and a challenge to advocates of
  good governance
• The Challenge
• work through with the system to achieve
  objectives , ensure public resources are
  effectively and efficiently used
• change mindset, promote independence, expand
  scope and develop a skill set which helps
  decision making

17
Internal Audit in Government

• Drawbacks
• while international standards ( like accounting
  standards ) are available -
• Governmental IA continues to focus on relatively
  minor issues viz accuracy of accounts, pointing
  out irregularities and frauds , check if initial
  books of account are maintained
• it is like compliance audit, is accorded low
  priority,
• there are lack of resources and professional
  knowledge
• no specific mandate is given by the executive

18
Why IA in Govt ?

• fiscal responsibility and accountability
  legislation has changed scenario in Govt
• coming of outcome budgeting will lead to shift
  in emphasis from outlays to outcomes
• disclosure statements will become a part of
  budget
• more transparency - RTI act , 24 7 media ,
  increased communication
• NEED OF THE HOUR
• accountability
• responsiveness
• IA - an aid to achieve this

19
Can IA aid effective governance ?

• IA
• is control of all controls checks whether
  internal controls are working as they should
• offers scope for mid course correction
• preventive vigilance as it concurrent rather than
  post audit
• to be taken as constructive input
• encouraged to give ve recommendation

20
Can IA aid effective governance ?

• YES
• Why ??
• a mandate of IA is to identify potential risk
  areas
• risks can be strategic, operational, financial,
  legal / regulatory
• Govt manages huge resources hence larger
  exposure to risks

21
Can IA aid effective governance ?

• Risks in Govt
• Financial like frauds, embezzlements
• Legal- not depositing EPF, non deduction of WCT,
  TDS
• Strategic Operational
• biased beneficiary selection, inconsistencies in
  programme management with objectives
• failures to meet contractual obligations
• project delays time /cost overruns
• Environmental damage (recent Mumbai chlorine
  gas leak)
• Threat assessment and response 26/11

22
Risk assessment by IA

• citizens lose if public services are inefficient
  / inadequate
• if fail to meet public expectations reputation
  of department / Govt. suffers
• Identification of risks and mitigation will help
  
• better service delivery ,
• better project management,
• improved allocation of resources , minimize waste

23
Can IA aid effective governance ?

• in brief - IA can check
• whether Government policies as set out in rules
  regulations are understood and properly
  implemented
• whether codes of conduct for Government employees
  followed or not
• whether levels of delegation of authority,
  responsibility and accountability and their
  demarcation / checks are clear
• presence or absence of - long and short term
  planning for setting up objectives
• cost benefit studies of major activities -
  whether the results are in conformity with the
  goals

24
Can IA aid effective governance ?

• IA can check
• the reliability and integrity of financial and
  operating information
• the means utilized to safeguard and verify the
  existence of financial and physical assets.
• proper accounting and operating procedures to
  ensure reliability of accounting data and
  efficiency of operations
• review of operations to reduce possibility of
  fraud / collusion

25
conclusion

• world is dynamic , rapidly evolving with
  changes in technology , globalization ,
  deregulation
• this causes
• rapid change in Govt. business
• changed relationship between Govt citizens
• rising public expectations

26

• hence - need for robust monitoring mechanisms to
  deliver quality services to citizens
• effective IA a major tool for ensuring
  delivery

27

• Thank you