Accounting and Financial

Programs

Modern approaches of internal audit

and internal control
 Content of the Program
Internal audit concepts and standards
Internal audit evolution and development
Internal audit traditional definition
Internal audit modern definition
Internal audit standards (attached at end of the papers); The review and development of
the Standards is an ongoing process. The International Internal Audit Standards Board engages in extensive consultation and
discussion prior to issuing the Standards.
Internal Auditing as a Profession
Internal control concept
- Internal control definition
- Internal control objectives
- Control environment
- Internal control types
Internal audit organizational setup
- Corporate governance and internal audit
- Factors affecting the establishment of an internal audit department.
- Audit committee
- Internal audit scope of work
 content
Internal audit programs
- Fixed assets audit program
- Salaries and wages audit program
- Purchases and creditors audit program
- Revenues and debtors audit program
Fraud and errors
- Definition of fraud and error
- Prevention, detection and correction of fraud and errors
Audit working papers
Frauds and mistakes
- Frauds
- Mistakes
Statistical sampling
- The principal concepts and terminologies relevant in the process of sample selection
- The use of statistical methods in the selection of audit samples
Audit reports
- Types of reports
the process of preparing internal audit reports
- Form and content of internal audit report

Introduction
In the last few decades, greater attention has been focused on the
concept of internal controls. One of the most important reasons for
that is the increase in the size and complexity of business
organizations, in addition to the changing nature and scale of
commerce and globalization of business organizations that lead to
huge transitions (Higson 2002). Another reason is the financial
scandals during the 1980s and the 1990s, such as Enron and
Maxwell, which forced the profession to attempt to improve global
confidence in accountancy (Grant 2003). International
developments in the area of corporate governance started with the
publications of the Internal Control Integrated Framework by the
Committee of Sponsoring Organizations of the Tread way
Commission (COSO Report 1992) and finally the Sarbanes- Oxley
Act 2002 in USA. In the UK it started with the Cadbury Committee in
1992 and culminated in the revised Turnbull Report in 2005. These
reports played an important role in highlighting the concept of
internal controls as a part of corporate governance. This part will
discuss issues related to internal controls and discuss their
importance in the context of corporate governance.
 Internal audit evolution and development
At the beginning of the Twentieth Century, the economic growth and developments in business
organisations increased the need of organisations to maintain control over their business activities
and operations. It is argued that management lost direct contact with the most subordinates.
Therefore, internal auditors were appointed to address the problem of controlling the activities and
operations of their organisations. The primary tasks of internal auditors were to review and report
on the activities of their organisations. However, their tasks varied from checking routine financial
and operational activities to analysing and appraising these activities and operations (Institute of
Internal Auditors 2004).
Historically, the internal audit function has been considered as a monitoring function to aid
management in controls. Morgan 1979, viewed internal audit as an important aspect of
organisational control and identified the aspiration of internal auditors to move from the controller
role to controller-advisor role as a part of their profession (internal auditing).
The year 1947 witnessed the issue of the Statement of Auditing Responsibilities by IIA that included
the first definition of internal auditing. The main concern of internal auditors at that time was to
evaluate the correctness of financial transactions.
Besides issuing the Statement of Responsibilities in 1947, Ratliff et al (1988) explained that the
Institute of Internal Auditors has taken four important steps for promoting a high degree of
professionalism among internal auditors and their departments. The Institute has adopted since its
formation: a Statement of Responsibilities, Standard of Professional Practice, a Code of Ethics and a
Programme of Auditor Certification. All these actions were considered to be the most important
developments since that time.
The new definition of internal auditing approved by the IIA Board of Directors in 1999 has shifted
the focus of the internal audit function from assurance activity to that of value added and
attempted to shift the internal audit function to a standard-driven approach (Nagy and Cenker
2002).
IIA Definitions as part of development

Internal auditing is an independent appraisal function

established within an organization to examine and
evaluate its activities as a service to the organization
(1978)
Internal auditing is an independent, objective
assurance and consulting activity designed to add value
and improve an organization's operations. It helps an
organization accomplish its objectives by bringing a
systematic, disciplined approach to evaluate and
improve the effectiveness of risk management, control,
and governance processes (1999)
 Internal Audit traditional definition

Internal audit is the review of operations and records

undertaken within a business by specially assigned staff
on a continuous basis. Internal audit has been defined
as "the independent appraisal of activity within an
organization for the review of accounting, financial and
other business practices as a protective and
constructive arm of management. It is a type of control
which functions by measuring and evaluating the
effectiveness of other types of controls." Therefore it is
clear that internal audit not only includes the
verifications of accounting matters but also financial
and other matters.
 Modern Internal Auditing
Modern, leading edge internal audit services are characterized by a shift toward
more proactive auditing rather than after-the-fact detective auditing. The
intention is to identify risks, trends or breakdowns before problems occur. 1 Key
strategies aimed at ensuring that internal audit services are leading edge are as
follows :
Establish an Internal Audit Committee with some members who are external to
the organization.
Adopt and comply with professional standards.
Recruit and retain capable staff.
Establish and communicate a clear vision and strategy.
Demonstrate the value of internal audit.
Understand client/stakeholder needs.
Focus on risk.
Monitor internal controls.
Educate management on risks and controls.
Improve audit processes.
Improve the communication of results.
Continuously strive to improve quality in internal audit services.
 Internal audit standards
Internal auditing is conducted in diverse legal and cultural environments; within organizations that
vary in purpose, size, complexity, and structure; and by persons within or outside the organization.
While differences may affect the practice of internal auditing in each environment, conformance
with The IIAs International Standards for the Professional Practice of Internal Auditing (Standards)
is essential in meeting the responsibilities of internal auditors and the internal audit activity. If
internal auditors or the internal audit activity is prohibited by law or regulation from conformance
with certain parts of the Standards, conformance with all other parts of the Standards and
appropriate disclosures are needed.
If the Standards are used in conjunction with standards issued by other authoritative bodies,
internal audit communications may also cite the use of other standards, as appropriate. In such a
case, if inconsistencies exist between the Standards and other standards, internal auditors and the
internal audit activity must conform with the Standards, and may conform with the other standards
if they are more restrictive.
The purpose of the Standards is to:
1. Delineate basic principles that represent the practice of internal auditing.
2. Provide a framework for performing and promoting a broad range of value-added internal
auditing.
3. Establish the basis for the evaluation of internal audit performance.
4. Foster improved organizational processes and operations.
The Standards are principles-focused, mandatory requirements consisting of:
Statements of basic requirements for the professional practice of internal auditing and for
evaluating the effectiveness of performance, which are internationally applicable at
organizational and individual levels.
Interpretations, which clarify terms or concepts within the Statements.
The structure of the Standards is divided between Attribute and Performance Standards.
 The Standards Mandatory Element Under
International Professional Practices Framework

Mandatory
Mandaory
IPPF =
Non mandatory
Strongly
recommended
 Attribute Standards:
Purpose, Authority and Responsibility..(1000)
Independence and Objectivity(1100)
Proficiency and Due Professional Care(1200)
Quality Assurance and Improvement Program ..(1300)
Performance Standards:
Managing the Internal Auditing Activity...(2000)
Nature of Work....(2100)
Engagement Planning....(2200)
Performing the Engagement.(2300)
Communicating Results.....(2400)
Monitoring Progress...(2500)
Communicating the Acceptance of Risks...(2600)
 Internal Auditing as a Profession

Professional Practice Framework

Code of Ethics
Standards for the Professional Practice of Internal Auditing
Attribute Standards (1000 series)
Performance Standards (2000 series)
Implementation Standards (nnnn Xn)
Practice Advisories
Development & Practice Advisories
Common Body of Knowledge
Certification Program
Professional association and publications
 Objects (PURPOSE)
of Internal Audit
1. To verify the correctness of the financial accounting and statistical
records presented to the management.
2. To comment on the effectiveness of the internal control system and the
internal check system in force and to suggest means to improve them.
3. To facilitate the early detection and prevention of frauds.
4. To ensure that the standard accounting practices to be followed by the
organization are strictly followed.
5. To confirm that the liabilities have been incurred by the organization in
respect of its legitimate activities.
6. To examine the protection provided to assets and the uses to which
they are put.
7. To undertake special investigation for the management.
8. To identify the authorities responsible for purchasing assets and other
item as well as disposal of assets.
 Internal audit and internal control
Internal audit is an independent appraisal
activity established within an organization as a
service to it . It is a control which functions by
examining and evaluating the adequacy and
effectiveness of other controls, the
investigative techniques developed are
applied to the analysis of the effectiveness of
all parts of an entity` s operations and
management part of the internal control
system
Need for internal audit depend on (Turnbull
report) :

The scale, diversity and complexity of the company` s

activities
Number of employees
Cost-benefit considerations
Changes in organisational structures , reporting processes
or underlying information systems
Change in key risks
Problems with internal control systems
Increased number of unexplained or unacceptable events
 Objectives of internal audit

Review of the accounting and internal control

systems
Examination of financial and operating
information
Review of the economy, efficiency and
effectiveness of operations
Review of compliance with laws, regulations and
other external requirements and with internal
policies and directives and other requirements
 Cont.
Review of the safe guarding of assets
Reviews of the implementation of corporate
objectives
Identification of significant business and financial
risks, monitoring the organisation` s overall risk
management policy and the risk management
strategies
Special investigation into particular areas.
 Assessment of internal audit
Internal audit will assess:
Adequacy of the risk management and response
processes
Risk management and control culture
Internal controls in operation to limit risks
Operation and effectiveness of the risk
management processes
External vs. Internal Auditor (Missions)

EA: Report on companys financial statements

IA: Furnish management with needed information
EA: Narrowly focused on financial matters
IA: Comprehensive in scope
EA: Material fraud
IA: Any fraud
Differences between internal and external audit
Reason
Reporting to
Relating to
Relationship with the company
Relationship between external and internal
audit

Periodic meeting to plan the overall audit

Periodic meeting s to discuss matters of mutual
interest
Mutual access to audit programmes and working
papers
Exchange of audit reports and management
letters
Common development of audit
techniques ,methods and terminology
 Internal control
Internal control has been defined as being "no only
internal check and internal audit but the whole
system of controls, financial and otherwise,
established by the management in order to carry on
the business of the company in on orderly, manner,
safeguard its assets and secure as far as possible the
accuracy and reliability of its records."
Therefore internal control is a broad term with a
wide coverage. Its scope extends beyond those
matters which relate directly to the functions of
accounting and financial records. In its modern
sense, audit control includes two types of controls:
(a) Accounting(financial) Controls
(b) Administrative(management) Controls
Characteristics of Good Internal Control System

1. There should be a well developed plan of organization with delegation

of proper responsibilities at various levels of operational hierarchy.
2. These should be a scientifically developed system of record procedures
with a view to maintain reasonable control over assets, liabilities,
revenues and expenses.
3. A system of healthy practices and traditions is also necessary for the
performance of duties and activities of various departments of the
organization.
4. The personnel engaged in the business should be of high quality and
character with a deep understanding of their responsibilities and a proper
background of training and ability. This is necessary because controls are
exercised by personnel engaged in the business.
5. There should be managerial supervision and reviews of the company's
financial operation and positions at regular and frequent intervals by
means of interim accounts and reports and operating summaries etc.
 Divisions of Internal control
Depending upon the nature of business and the environment in which it works, the main divisions
of an overall internal control system are:
1. General Financial Control : This control includes a proper efficient system of accounting,
adequate supervision, recording and duplicating systems, good efficient staff and the maintenance
of healthy relationships amongst the staff.
2. Cash Control: The system includes certain important aspects of control for receipts, payments
and balances held. A proper system of internal check must operate at all stages. There may be
specially deputed officials including the internal audit staff to exercise checks at regular and
irregular intervals. Effort should be made to avoid misappropriation of cash.
3. Employee Remuneration : The system must cover all sections of employee remuneration and
maintenance of records for remuneration, their preparation and methods of payment should be
brought under tight control. So pacific instructions must be issued to the staff concerned.
4. Trading Transactions : These refer to the purchases, sales etc. So in respect of these transactions,
effective procedure should laid down for acquisitions, handling and accounting of goods purchased
or sold.
5. Fixed Assets : Capital expenditure on fixed assets should be kept under strict check and
supervision. The authority right from sanctioning of capital expenditure to its use should be clearly
defined so that any type of misappropriation by officials of the organization can be reduced to the
minimum.
6. Stock maintenance : Stocks of raw materials, work-in-progress and finished goods should be
properly maintained and accounted for. Regular stock taking procedures are quite helpful as means
of independent, checks and reconciliation of records.
7. Investments : The procedures of control in regard to investments cover such measures as
authorisation, recording and maintaining record of investments held and safeguarding the
documents of title.
 Internal control types
In general, there are two types of internal control within an
organization: financial control and management control. Financial
controls are primarilyconcerned with budgetary controls and
internal controls regarding procedures to insure the accuracy and
reliability of accounting records/ data and to safeguard assets.
Management control, on the other hand, is concerned with the
plan of organization and all of the coordinate methods and
measures adopted within a business to promote operational
efficiency and encourage adherence to prescribed managerial
policies.
The two types of internal controls are not mutually exclusive as
some of the methods and procedures in financial controls may also
be involved in management controls. For example, sales and cost
records classified by products may be used both for financial control
purposes and for making management decisions about product
pricing.
Internal Control Components
 Internal Control Components
Internal control is designed to provide reasonable
assurance that the organization's general
objectives are being achieved. Although general
control objectives may vary from organization to
organization the most important are
accountability and reporting; compliance with
laws and regulations; orderly, ethical, economical,
efficient and effective operations; and
safeguarding resources. Therefore, clear
objectives are a prerequisite for an effective
internal control process.
 Components of Internal control
Control activities actions supported by
management policies to address risk. Five specific
control activities:

- Adequate separation of duties

- Proper authorization of transactions and
activities
- Adequate documents and records
- Physical control over assets and records
independent checks on performance
 Components of Internal control
(contd..)
Risk assessment - identification
and analysis of risks relevant to
financial reporting in accordance
with accounting standards.

Information and communication

ensuring that the entitys control
environment, risks, control
activities and performance results
are communicated company-wide
 Components of Internal control
(contd..)
Monitoring ongoing/ periodic assessment of the quality of internal
control performance. Sources include, studies of existing internal controls,
internal auditor reports and so on.

Control environment the actions, policies and procedures that reflect

the overall attitudes of top management, directors and owners of an
entity towards internal control. Sub-elements for the auditor to consider:

- managements philosophy and operating style

- organizational structure
- assignment of authority and responsibility
- internal audit
- human resources
 Fundamental Concepts

1.Internal Control is a process. It is a mean to an

end not an end itself.
2.Internal control is not merely a policy manual
and forms but it is the assurance of effective and
efficient implementation of those manuals.
3.Internal control can be expected to provide only
reasonable assurance not an absolute assurance
of the implemented control.
4.Internal control is geared to the achievement of
the objectives in one or more overlapping
categories
 Financial controls

Financial controls relates to the preparation of reliable published

financial statements, including interim and condensed financial
statements and selected financial data derived from such
statements, such as earnings releases, reported publicly

Financial controls are designed to ensure that:

There are no errors in the preparation of accounting records and
financial statements.
No fraud is committed (there may be controls for detecting fraud
when it occurs , as well as controls that try to prevent fraud from
being able to occur).
Assets of the company are not stolen, lost or damaged.
 Operational controls

Operational controls addresses the company 's basic

business objectives, including performance and profitability
goals and safeguarding of resources.
Operational controls are designed to prevent failures in
operational procedures, or to detect and correct
operational failures if they do occur. Operational failures
may be caused by:
Program breakdowns (total breakdown or in certain function)
Failures in the performance of systems.
Weaknesses in procedures / process execution.
Poor management such as no planning, monitoring,
 Compliance controls

Compliance controls ensure that the company

complies with the most significant laws, rules
and regulations.
The most significant regulations for a company
vary according to the nature of its business,
(i.e. compliance with health and safety
regulations, in the case of banks money
laundering prevention regulations,.)
 Establishing internal control system (1)

The board of directors is responsible for maintaining a sound system of

internal control.
They should set appropriate policies on internal control & seek regular
assurance to satisfy that the system is operating effectively.
In deciding the policies for internal control and assessing what constitutes
an effective system of internal control, the board should consider the
following factors:
1.The nature and extent of the risks facing the company;
2.The extent and categories of risks that the board regards as
acceptable for the company to bear.
3.The likelihood that the risks will materialise.
4.The companys ability to reduce the incidence and impact on the
business of the risks that do materialise.
5.The costs of operating particular controls relative to the benefits to
be obtained from managing the risks they control.
 Establishing internal control system (2)

The internal control system should:

1.Be embedded in the operations of the company
and form part of its culture.
2.Be capable of responding quickly to risks which
the business may face as they emerge and
develop.
3.Include procedures for reporting immediately
to the management responsible of control failings
and any corrective action that should be
undertaken.
 Internal audit overview

Internal audit is defined as an independent appraisal activity

established within an organisation as a service to it. It is a control
which functions by examining and evaluating the adequacy and
effectiveness of other controls.
If the board of directors and the audit committee do not have the
time to carry out a detailed review themselves, and they can rely on
information provided to them by internal auditors
Internal auditors may be full-time employees of the company or
external professionals appointed by the company to carry out
specific investigations.
There must be a system for monitoring and review by higher level
management
 The possible tasks of internal audit (1)
1.Reviewing the internal control system. Traditionally,
an internal audit department would carry out checks
on the financial controls in an organisation. The
checks would be to establish whether suitable
financial controls exist and if so, whether they are
applied properly and are effective. It is not the
function of internal auditors to manage risks, only to
monitor and report them, and to check that risk
controls are efficient and cost-effective.
2.Special investigations. Internal auditors might conduct
special investigations into particular aspects of the
organisations operations (systems and procedures),
to check the effectiveness of operational controls.
 The possible tasks of internal audit (2)
3.Examination of financial and operating information.
Internal auditors might be asked to investigate the
timeliness of reporting and the accuracy of the
information in reports.
4.Value for money (VFM) audits. This is an investigation
into an operation or activity to establish whether it is
economical, efficient and effective.
5.Reviewing compliance by the organisation with
particular laws or regulations. This is an investigation
into the effectiveness of compliance controls..
 The possible tasks of internal audit (3)
6.Risk assessment. Internal auditors might be asked to
investigate aspects of risk management, and in particular
the adequacy of the mechanisms for identifying, assessing
and controlling significant risks to the organisation, from
both internal and external sources.
7.Internal auditors might be involved in providing continuous
support to the risk management process. If a company has
established a risk oversight committee with responsibility
for the oversight and reporting of risks, a senior internal
auditor might be one of the committee members. The
internal audit department might even have responsibility
for coordinating risk management within the company,
and reporting to the board or audit committee about risks
on a company-wide basis.
 Investigation of internal controls

Internal auditors are commonly required to check the soundness of

internal financial controls. In assessing the effectiveness of
individual controls, and of an internal control system generally.
Factors to be considered:
1.Automated controls are by no means error- or fraud-proof, but
may be more reliable than similar manual controls.
2.Non-discretionary controls are checks and procedures that must
be carried out. Discretionary controls are those that do not have to
be applied, either because they are voluntary or because an
individual can choose to dis-apply them.
3.Finding if the controls extensive enough or carried out frequently
enough ? Are the controls applied rigorously? For example, is a
supervisor doing his job properly? (to check whether the controls
are effective in achieving their purpose)
 Types of Control Activities

Directive
Preventive
Detective
Corrective
Recovery
(Automated)
 Internal Auditor Reports on Internal Control

Should detail control strengths and

weaknesses.
Should suggest corrective action to be taken
and that has already been taken.
Can be coordinated with traditional audit
examination.
Should go to top management and to the
audit committee.
Control self-assessment workshops
 The Audit of Controls

Are controls in place?

Are controls sound?
Will controls achieve desired objectives?
Are controls being utilized?
Are controls efficient?
Are controls effective?
Is management using control system output?
Is control risk reasonable?
 Corporate governance and internal audit
Boards of directors from all kind of companies are charged with responsibility for
the effectiveness of their organizations' internal control systems, in order to
promoting effective corporate governance. Corporate governance is the system by
which business corporations are directed and controlled.
More and more frequently, boards of directors from all kind of companies are
charged with responsibility for the effectiveness of their organizations' internal
control systems, in order to promoting effective corporate governance. In this
case, the internal audit function plays a key role in assisting the board to discharge
its governance responsibilities.
Corporate governance is one key element in improving economic efficiency and
growth as well as enhancing investor confidence. Corporate governance involves a
set of relationships between a company's management, its board, its shareholders
and other stakeholders. Corporate governance also provides the structure through
which the objectives of the company are set, and the means of attaining those
objectives and monitoring performance are determined.Corporate governance is
the system by which business corporations are directed and controlled.
The elements of corporate governance include the audit committee, external
auditor, internal audit, and the Board of Directors.
 Corporate governance and internal audit
cont. .d(2)
What is the definition of an Internal Audit?
Internal audit is an appraisal activity or monitoring
activity established within an entity as a service to an
entity.
What are the functions of an Internal Audit?
Special Investigations
Monitoring internal controls
Review compliance with laws and regulations
Examination of financial information
Examination of operating information
Review of the economy, efficiency and effectiveness of a
companys operations
 Corporate governance and internal audit
cont. .d(3)
What are the benefit of an Internal auditor work to the External auditor?
Internal auditor will carry out some work that can be useful to external
auditors, who may choose to rely on rather than repeat such work. These
include:
Testing the accuracy of management accounts during the year
Control testing throughout the year
Attendance at the inventory count
What would the External Auditor need to consider before relying on the
work of the Internal Audit?
Their experience
Their qualifications
Whether or not they act on the issues raise
Whether or not recommendations are taken seriously by the company and
implemented
The quality of their work
 Corporate governance and internal audit
cont. .d(4)
What is Corporate Governance?
Corporate governance is the system by which companies are directed and
controlled. These rules and guidelines aim to ensure directors manage the
company in the best interest of the owners and other stakeholders.
Why is there a need for strong Corporate Governance?
High profile corporate failures, the increases in corporate fraud, and unethical
business practices have lead to a growing lack of trust in directors and this has
lead to the development of corporate governance rules and guidelines.
Who set the rules?
Globally Organisation for Economic Co-operation and Development
(OECD)
Nationally individual countries develop their own
Companies Many companies develop their own policies on corporate
governance
 Corporate governance and internal audit
cont. .d(5)
What is the Underlying concept behind Corporate Governance?
Fairness: All stakeholders should be treated with equal consideration
Openness and transparency: All information should have been made available to
stakeholders and in a clear manner.
Independence: All those in a position of monitoring should be independent of
those whom they are monitoring. (Non-executive directors independent of
executive director; external auditors independent of the company)
Integrity and Honesty: Directors should always be truthful with stakeholders. They
must be fair in their dealings, presenting information without any attempt to bias
opinion.
Responsibility: Directors should understand their duty to stakeholders and accept
the consequences should they fail that responsibility.
Accountability: Directors must be willing to be held accountable for their actions
Reputation: Directors must protect their own reputation and that of the company,
as damage to either is likely to lead to more widespread damage to the company.
Judgement: Directors must ensure they have all the necessary information and
understanding in order to be able to make sensible business decisions that improve
the prosperity of the company.
 Corporate governance and internal audit
cont. .d(6)
What are the different types of directors that make up the Board of Directors?
Executive Directors
Non-Executive Directors
What are the characteristics of an effective Board of Directors?
An effective board of directors should:
Lead company strategy
Include Non-Executive directors
Meet regularly Detail its membership
Ensure that Chairman and NEDs meet without the Executives to consider their performance
Ensure that NEDs meet without Chairman to consider the Chairmans performance
What contributions do Non-Executive Directors provide?
Contribute to strategy
Assess the performance of Executive Directors
Asses the performance of the Chairman
Oversee the integrity of Financial Information
Oversee the integrity of control systems
Oversee the integrity of Risk Management
Decide remuneration of Executive Directors
Mutual Dependency

Corporate
Governance

Financial
Reporting External
and Internal
Audit
 Audit Committee Function

A key element within the corporate governance framework

Ideally all listed companies should have an audit committee function
Corporate governance statement Context
The Audit Committee should
Ensure that the Head of Internal Audit has direct access to the chairman of the
board/ supervisory board as well as to the audit committee
Ensure that the internal audit function is professionally accountable to the Audit
Committee
Review and assess the internal audit work plans
Receive regular reports on the execution of work plans and an annual report from
the internal audit function.
Review and monitor management's responsiveness to the findings and
recommendations of the internal audit function
Meet the Head of Internal Audit at least once a year
Monitor and assess the role and effectiveness of the internal audit function
 Audit program
Audit program are lists of audit procedures to be performed by audit staff in
order to obtain sufficient appropriate evidence.
Audit Programs
The internal audit program is a guide to the auditor and a contact with
audit supervision that certain audit steps will be taken. The audit steps are
designed (1) to gather audit evidence and (2) to permit internal auditors
to express opinions on the efficiency, economy, and effectiveness of the
activities to be reviewed. The program lists directions for the examination
and evaluation of the information needed to meet audit objectives within
the scope of the audit assignment.
Are designed to tell the auditor:
What is to be done.
When it is to be done.
How it is to be done.
Who will do it.
How long it will take
 Purpose of Audit Programs

A set of instructions to the audit team.

Assist with planning and performance of the audit.
A means to control and record the proper
execution of the audit work and also to review the
audit work.
A record of the audit procedures to be adopted,
the audit objectives, timing, sample size and basis
of selection of each criteria.
Audit evidence to support the auditor opinion.
 Areas Covered by Audit Program
General information
Existence
Valuation
Completeness
Cut-off test
Presentation and Disclosure
Conclusion
 Audit Program Tangible Fixed Assets
General
- Agree the opening balance
- Prepare lead schedule and reconcile to nominal ledger
- Examine material journal
- Carryout analytical procedure
(a) comparison of the current figures with prior periods;
(b) review of key ratios or other performance indicators.
- Review large or unusual transaction.
Existence
- Carry out physical inspection
Ownership
- Confirm title of freehold property
- Inspect property leases or obtain direct communication from bank
or other custody
 Audit Program Tangible Fixed Assets
Depreciation
- Compare bases and rates depreciation
- Review the appropriateness of methods
- Check calculation
- Ensure that no assets have been depreciated by more than cost
Valuation and disclosure
- Vouch addition to purchase invoices
- Vouch disposal to available evidence
- Consider the indicator of impairment
- Check consistent application of revaluation for a class of assets
- Check addition or revaluation treatment of investment property
Conclusion
- Consider whether there are any items which need to be included a
letter of representation
 Purchases and creditors audit
program
Existence
- Obtain or prepare a list of trade creditor balances
- Agree the list to the control account
- Obtain explanations for all material adjustments to the control account.

Completeness
- List all debit balances over Tk _____ and obtain explanations. Ensure they are
correctly treated in the accounts
- Perform a creditors circularization
- Where a circularization is not carried out, or the results are unsatisfactory, test
creditors for completeness as follows:
a) obtain the year end creditors listing;
b) compare to prior year to identify obvious omissions;
c) review purchase day book during the year and payments after the end to
identify main suppliers;
d) enquire to major suppliers not in the list.
Purchases and creditors audit program

Cut-off
- If the company retains goods received
records, examine the goods received/
purchased records immediately before and
after the year end

Presentation and disclosure

- Ensure that there is evidence on the file to
support all disclosures made.
 Audit Program Debtors &
Prepayments
Cost/Existence
- Obtain or prepare an aging schedule
- Agree the aging schedule balances to the control account.
- Obtain explanations for all material adjustments
- Perform a debtors circularization
- Where circularization has not been carried out select a sample of trade
debtors or where unsatisfactory results are obtained carry out alternative
procedures.
a) examine the ledger for cash after date;
b) for unpaid items inspect proof of delivery or despatch;
c) review correspondence files for items in to determine whether any
disputes exist;
d) Check transaction history from key customers.
 Audit Program Debtors &
Prepayments
Valuation
- Review ledger accounts and obtain a list of any debts with balances

Cut-off
- Review credit notes after the year end and consider whether these
have been accounted for in the correct period
- If the company has despatch records, examine sales and despatch
records before and after the year end

Presentation and disclosure

- Ensure that there is evidence on the file to support the disclosures
made such as long term debtors.
- Review transactions and balances with directors and ensure they
are properly presented as related party transactions
 Definition of fraud and error
Fraud generally involves an act of deception, bribery, forgery, extortion,
theft, misappropriation, false representation, conspiracy, corruption,
collusion, embezzlement, or concealment of material facts. Fraud may be
committed by an individual, a group of individuals, or by one or more
organizations. Fraud is a violation of trust that, in general, refers to an
intentional act committed to secure personal or business advantage.
In accordance with the Institute of Internal Auditor Practice Advisory
1210.A2-
1, Identification of Fraud,
Fraud encompasses an array of irregularities and illegal acts characterized
by intentional deception perpetrated for the benefit of or to the detriment
of the Public Body and by persons inside and/ or outside the Public Body.
Fraud designed to benefit the Public Body generally produce such benefit
by exploiting an unfair or dishonest advantage that also may deceive an
outside party. Perpetrators of such frauds usually accrue an indirect
personal benefit to themselves.
 Prevention, detection and correction of fraud
and errors
Internal auditors are responsible for assisting in the determination of fraud by
examining and evaluating the adequacy and the effectiveness of the system of
internal control, commensurate with the extent of the potential exposure/ risk in
the various components/ segments of the organizations operations. In carrying
out this responsibility, internal auditors should, for instance, determine:
1. The organizational environment fosters control consciousness.
2. Realistic organizational goals and objectives are set.
3. Written policies (e. g. Code of Conduct) exist that describe prohibited activities
and the action required whenever violations are discovered.
4. Appropriate authorization policies for transactions are established and
maintained.
5. Policies, practices, procedures, reports, and other mechanisms are developed
to monitor activities and safeguards assets, particularly in high-risk areas.
6. Communication channels provide management with adequate and reliable
information.
7. Recommendations need to be made for the establishment or enhancement of
cost-effective controls to help deter fraud.
 Prevention, detection and correction
of fraud and errors cont..d (1)
Once the fraud investigation is concluded, internal auditors should
assess the facts known in order to:
Determine if controls need to be implemented or strengthened to
reduce future vulnerability.
Design engagement tests to help disclose the possibility of similar
fraud occurring in the future.
Help meet internal auditors responsibility to maintain sufficient
knowledge of fraud and thereby be able to identify future indicators
of fraud.
Reporting of fraud consists of the various oral or written, interim or
final communication to management regarding the status and
results of fraud investigation.
Fraud can be classified in different ways. There are internal and
external frauds.
 Prevention, detection and correction
of fraud and errors cont..d (2)
Major causes of Fraud
The major causes of fraud can be grouped under three headings - poor
internal control, collusion between/ among workers and the environment
in which the Public Body works.
Fraud control detection and prevention or deterrence
It is said that prevention is better than cure. The first attempt of
management and the internal auditor should, therefore, be on the
prevention of fraud. Fraud deterrence consists of those actions that are
taken:
To discourage the perpetration of fraud; and also,
To limit the exposure if fraud does occur.
Detection consists of identifying indicators of fraud sufficient to warrant
recommending an investigation. These indicators may arise as a result of
control established by management, tests conducted by the internal
auditor and other sources both from within and outside the Public Body.
 Audit working papers
Audit working papers that document the audit should be prepared by the
internal auditors in Public Bodies and reviewed by the management of the
internal audit unit or senior auditor authorized by same. The working
papers should record the information obtained and the analysis made,
and should support the bases for the observations and recommendations
to be reported. Audit working papers generally:
Provide the principal support for audit reports;
Aid in the planning performance and review of audits;
Document whether the audit objectives were achieved;
Facilitate third party reviews;
Provide a basis for evaluating the internal audit units quality program;
Provide support in circumstances such as insurance claims, fraud cases, and
lawsuits;
Aid in the professional development of the internal audit staff;
Demonstrate the internal audit units compliance with the Standard for the
Professional Practice of Internal Auditing.
 Audit working papers cont..d(1)
Audit working papers should be complete and include support for
engagement conclusions reached. Among other things, audit working
papers may include:
Planning documents and engagement (audit) programs;
Control questionnaires, flowcharts, checklists and narratives;
Notes/ memorandum resulting from interviews;
Organizational data, such as organizational charts and job
descriptions;
Copies of important contracts and agreements;
Information about operating and financial policies;
Results of control evaluations;
Letter of confirmation and representation;
Analysis and tests of transactions, processes, and account balances;
Results of analytical audit procedures;
The engagements final communications and managements
responses;
Engagement correspondence if it documents engagement conclusion
reached .
 Audit working papers cont..d(2)
Audit working papers are the documents which record all audit evidence
obtained during financial statements auditing, internal management
auditing, information systems auditing, and investigations.
Audit working papers are in principle confidential. The Head of the
Internal Audit unit may decide to share audit working papers, only if there
is good reason.
Audit working papers should be reviewed to ensure that they properly
support the audit report and that all necessary auditing procedures have
been performed.
Importance of Working Papers
Indicates professionalism
Documents work performed
Evidences conditions found
Supports audit reports
Facilitates reviews by others
Provides documents under Foreign Corrupt Practices Act
 Statistical Sampling
Statistical sampling is particularly useful in
error testing large volumes of transactions.
Population of at least 1,000 items.
To the auditor has to;
determine the sample size;
evaluate the results quantitatively; and
estimate the sampling risk, and thus draw
conclusions regarding the whole population
 Benefits of a Statistical Sample
May save time and staff cost supposing we avoid
oversampling
Result is objective = unbiased
Result is defensible
Sample size is objectively chosen
Provides an estimate of sample size before work
starts
Provides an estimate of the sampling error (the
auditors risk)
 Some Disadvantages of Statistical
Sampling
As a technique it is not always fully understood so
that false conclusions may be drawn from the
results
Time is spent playing with mathematics which
might better be spent on auditing
Audit judgement takes second place to precise
mathematics
It is inflexible
Often several attributes of transactions or
documents are tested at the same time. Statistics
do not easily incorporate this.
 Purpose and Function of Audit
Reports
The primary purpose of the internal audit report is to record and
communicate the auditors findings and to recommend courses of
action to correct weaknesses
Purpose
To record
To communicate
Functions
To inform reader
To persuade reader as to conditions
To obtain results
Internal Audit Reports
In the case of internal audit the process of reporting will be
determined by the organization concerned, by senior management
or the board.
 Common Components of External and
Internal Reporting

Debriefing session with line management at

the end of the field work
Written report to senior and line
management at the end of each assignment
Summary of activities to senior management
and/or to the board at the end of each period
Formal assessment on accounting systems in
some countries (e.g. UK) for external review
agency
 Standards for Audit Reporting
IIA Standards for Reporting
A signed, written report should be issued after the
audit examination is completed
Internal auditors should discuss conclusions and
recommendations at appropriate levels of
management before issuing final written reports
Reports should be objective, clear, concise,
constructive, and timely
Reports should present the purpose, scope, and
results of the audit; and, where appropriate, should
contain an expression of the auditors opinion.
 Meaning

Objects: the result that is wanted from an activity:

Appraisal: the act of examining someone or something
in order to judgetheir qualities, success, orneeds:
culminated:
Turnbull report: