Standards on Internal Audit

Business Risk Services Chennai Training Session September 24, 2011

- Praveen Kumar , Assistant Manager

Contents
1. Internal Audit Indian Scenario 2. Statutory Requirement for Internal Audit 3. Standards on Internal Audit 4. Important Requirements of the Standard

We all know what is an Internal Audit?

ICAI Definition of Internal Audit

Internal audit is an independent management function, involving a continuous and critical appraisal of the functioning of the entity

to suggest certain improvements and value additions

to strengthen the governance mechanism of the entity

including strategic risk management and internal control system

to provide assurance regarding transparency in reporting.

Is Internal Audit MANDATORY?

Companies (Auditor's Report) Order, 2003. Clause (vii) requires the auditor to report as follows:

Whether the Company has an internal audit system commensurate with its size and
nature of business

Other statutory requirements of internal audit

IRDA (Investment) (Fourth Amendment) Regulations, 2008 has introduced requirements of quarterly internal audit for insurers.
The Securities and Exchange Board of India has mandated complete internal audit on a half-yearly basis for stock brokers/trading members/ clearing members.

Other statutory requirements of internal audit

Compliance to provisions of Clause 49 of the listing agreement which imposes duties on Audit Committee to review and discuss with the internal auditors on the internal controls of the companies.
Section 292A of the Companies Act, 1956, requires public companies having paid up capital not less than Rs. 5 crores to constitute a committee of the Board, i.e., the Audit Committee and also requires internal auditors to attend the audit committee meetings

Should only Chartered Accountants be Internal Auditors?

Is there any statutory requirement that only a Chartered Accountant be appointed as Internal Auditor?

YES!

Which Act? Which section?

Section 581ZF of the Companies Act, 1956 requires that every Producer Company shall have internal audit of its accounts carried out by a Chartered Accountant

Then for OTHER COMPANIES??

No Statutory Requirement that only a Chartered Accountant be appointed as Internal Auditors!

But In India, as a practice a Chartered Accountant is appointed as an internal auditor

As Chartered Accountants are generally appointed as Internal Auditors ICAI has issued the Standards on Internal Audit to regulate and provide guidance to members

Applicability of Standards of Internal Audit

While carrying out Internal Audits, it shall be the duty of the member to comply with the requirements of the internal audit standards.
If for some reason, member of the institute has not able to comply to the requirement of the standards, the report should draw attention to material departures Non compliance to the above requirements may result in professional misconduct

Standards on Internal Audit issued by ICAI 17 Standards

1. 2. Planning an Internal Audit Basic Principles Governing Internal Audit 3. Documentation 4. Reporting 5. Sampling 6. Analytical Procedures 7. Quality Assurance in Internal Audit 8. Terms of Internal Audit Engagement 9. Communication with Management 10. Internal Audit Evidence 11. Consideration of Fraud in an Internal Audit 12. Internal Control Evaluation 13. Enterprise Risk Management 14. Internal Audit in an Information Technology Environment 15. Knowledge of the Entity and its Environment 16. Using the Work of an Expert 17. Consideration of Laws and Regulations in an Internal Audit

SIA 3 Documentation
What is to be documented: Matters which provide evidence that the audit was carried out as per the standards and support his findings

Why documentation? aids in planning and performing the internal audit aids in supervision and review of the provide evidence of the internal audit work performed to support the internal auditors findings and opinion. aid in third party reviews provide evidence of the fact that the internal audit is performed in accordance terms of engagement

SIA 3 Documentation
Form and content of documentation Internal audit documentation should record the internal audit charter, the internal audit plan, the nature, timing and extent of audit procedures performed, and the conclusions drawn from the evidence obtained Audit documentation to include all aspects of the engagement Engagement acceptance; Engagement planning; Risk assessment Review of findings Communication and follow up
Documentation to also contain who prepared the work paper, who reviewed the work paper. The preparer and reviewer are required to sign off the work paper

SIA 3 Documentation
Time limit for completion of documentation The internal audit file should be assembled within sixty days after the signing of the internal audit report. Ownership The work paper documents obtained during internal audit is the property of the internal auditor. Retention of work papers Audit documentation to be retained for a period of seven years

SIA 4 Audit Report

Basic elements of Internal Audit Report 1. 2. 3. 4. 5. Title; Addressee; Report Distribution List; Period of coverage of the Report; Opening or introductory paragraph: identification of the processes/ functions and items of financial statements audited; and a statement of the responsibility of the entitys management and the responsibility of the internal auditor; Objectives paragraph - statement of the objectives and scope of the internal audit engagement; Scope paragraph (describing the nature of an internal audit): Executive Summary, highlighting the key material issues, observations, control weaknesses and exceptions;

6.
7. 8.

SIA 4 Audit Report

Basic Elements of Internal Audit Report 9. Observations, findings and recommendations made by the internal auditor; 10. Comments from the local management; 11. Action Taken Report Action taken/ not taken pursuant to the observations made in the previous internal audit reports; 12. Date of the report; 13. Place of signature; and 14. Internal auditors signature with Membership Number.

Standard also suggests to include a clause on Restriction on usage and report circulation otherwise to the intended recipients

SIA 5 Sampling
What is Audit Sampling: "Audit sampling" means the application of audit procedures to less than 100% of the items within an account balance or class of transactions to enable the internal auditor to obtain and evaluate audit evidence about some characteristic of the items selected in order to form a conclusion concerning the population;

Sampling risk means the risk that from the possibility that the internal auditors conclusions, based on examination of a sample may be different from the conclusion reached if the entire population was subjected to the same types of internal audit procedure.

SIA 5 Sampling
Considerations when determining the sample size Tolerable Error

Smaller sample sizes are considered when the population is expected to be error free Smaller the tolerable error, greater the sample size to be

SIA 5 Sampling Sample Size Table

Frequency of control activity
Annual Quarterly (including period- end, i.e., +1) Monthly Weekly Daily Recurring manual control (multiple times per day) Minimum sample size Risk of failure Lower Higher 1 1 1+1 1+1 2 3 5 8 15 25 25 40

Smaller sample sizes are considered when the population is expected to be error free Smaller the tolerable error, greater the sample size to be

SIA 5 Sampling Sample Selection Methodology

Using Random Number Generators

Systematic Selection

Haphazard Selection

Block Selection

SIA 5 Sampling Documentation Requirements

1. Relationship between the design of the sample vis a vis specific audit objectives, population from which sample is drawn and the sample size.

2. Assessment of the expected rate of error in the population to be tested vis a vis auditors understanding of the design of the relevant controls.
3. Assessment of the sampling risk and the tolerable error. 4. Assessment of the nature and cause of errors.

5. Rationale for using a particular sampling technique and results thereof.

6. Analysis of the nature an cause of any errors detected in the sample. 7. Projection of the errors found in the sample to the population. 8. Reassessment of sampling risk, where appropriate. 9. Effect of the sample results on the internal audits objective(s). 10. Projection of sample results to the characteristics of the population.

SIA 10 Audit Evidence

The internal auditor should, based on his professional judgment, obtain sufficient appropriate evidence to enable him to draw reasonable conclusions therefrom on which to base his opinion or findings. Sufficient evidence Sufficiency refers to the quantum of evidences Appropriate evidence Appropriateness relates to relevance of the evidences Internal Auditors judgment as to what is sufficient and appropriate internal audit evidence is influenced by: 1. The materiality of the item. 2. The type of information available. 3. Degree of risk of misstatement which may be affected by factors such as : The nature of the item. The nature or size of the business carried on by the entity. Situation which may exert an unusual influence on management.

SIA 10 Audit Evidence

Methods of obtaining audit evidence:

Inspection

Observation

Inquiry and Confirmation

Computation

Analytical Review

Let us follow SIA

Any Questions?