Академический Документы
Профессиональный Документы
Культура Документы
Dynamics of
Internal
Audit
Successful internal auditors must have the
hard edge of technical audit skills and the
commercial acumen to garner the respect of
the leadership team because they have
something important to contribute.
The
rapidly
changing business
environment
continues to require
astute
responsiveness
from
the
audit
profession
A REPORT ON
DYNAMIC CHANGES IN INTERNAL AUDIT
SUBMITTED BY
Mohit Kumar Baldewa
M.M.S-FINANCE (BATCH: 2015-2017)
This is to certify that Mr. Mohit Kumar Baldewa has completed the Summer
Internship Project name DYNAMIC CHANGES IN INTERNAL AUDIT with the
Desai Haribhakti Consultancy during the month of May & June 2016
under my guidance.
To the best of my knowledge the Report submitted by him is original: No part
of the report has been submitted for award of any other degree fellowship or
other similar titles or prizes.
Place: Mumbai
Date:
Signature
Mrs. Nehal Joshipura
Students Declaration
Place:
Date:
Acknowledgement
Executive Summary
Mandatory reporting on Internal Financial
Controls (IFC)
The Companies Act 2013 has significantly expanded applicability of internal
financial controls to cover all aspects of operations of the company.
Contents
Introduction to Internal Audit....................................................................................10
Industry Profile......................................................................................................... 11
Company Profile....................................................................................................... 13
Theory of Internal Audit............................................................................................ 14
Scope & Objectives of the Project............................................................................. 16
Methodology............................................................................................................. 18
Data Collection & Analysis........................................................................................ 19
Findings of the Study................................................................................................ 21
Conclusion & Recommendation................................................................................22
Appendices............................................................................................................... 24
Bibliography............................................................................................................. 26
auditing is
an
independent,
designed
to
add
value
and
management, control,
and
data
and
business processes.
With
commitment
and
the Board
of
Directors (or
of the Treadway
designed
to
provide
reasonable
assurance
regarding
the
achievement of the following core objectives for which all businesses strive:
Safeguarding of Assets
information
Managers
establish
and
communication;
policies,
processes,
and
and
monitoring
practices
in
activities.
these
five
operating
effectively,
and
if
not,
provide
recommendations
for
improvement.
Role in risk management
Internal auditing professional standards require the function to evaluate the
effectiveness
of
the
organization's Risk
management activities.
Risk
risk
management
(ERM)
Framework,
an
capital
planning,
budgeting,
hedging,
incentive
payout
structure,
changes,
conducting
business
abroad,
etc. Sarbanes-
Corporate
legal
counsel
often
prepares
comprehensive
Industry Profile
The current scenario All organizations are subject to fraud risks and there
have been several instances in the past couple of decades when frauds have
led to the downfall of organizations as a whole. Some notable examples
include, Enron and WorldCom in the USA and Satyam near home. The current
economic slowdown has brought to surface a number of high profile frauds
like the Reebok and Citibank cases thereby increasing the focus on fraud risk
management. Global regulations like the US Foreign Corrupt Practices Act
(FCPA),
UK
Bribery
Act,
Sarbanes
Oxley
Act
have
increasingly
put
Company Profile
satisfaction'.
Vibrant & Long-lasting Client Relationships
Our client relationships are more than just business partnerships. We
endeavor to understand the person as well as their business and build a
vibrant and long lasting relationship.
Trust, Reliability and Transparency
For a relationship to flourish, it must be based on trust, reliability and
transparency - values that we hold sacred.
We provide a whole range of accounting, assurance, advisory and
consulting services both nationally and internationally through our four
service divisions.
We are a full service organization with complete focus on niche services.
Our services are not static but are completely tailor- made as per the
changing needs of our clients. We continually ensure that our services are
internationally bench marked.
Within all our services divisions we have service specialists and sector
specialists to ensure seamless services to our clients.
roles
throughout
the
organization,
to
ensure
timely
fraud
risk
Audit
Department
provides
management
with
information,
their protection;
obligations.
Review
operations/programs
to
ascertain
whether
results
are
etc.
Audit Committee of the Board of Trustees periodically to report the plans for
audit activity, the results of audit activity, and to provide any other
information required. The Director of Internal Audit has direct access to the
President and the Board should matters of immediate significance arise
which demand such attention.
Methodology
Internal audit execution
A typical internal audit assignment involves the following steps:
1. Establish and communicate the scope and objectives for the audit to
appropriate management.
2. Develop an understanding of the business area under review. This
includes objectives, measurements, and key transaction types. This
involves
review
of
documents
and
interviews.
Flowcharts
and
6. Report issues and challenges identified and negotiate action plans with
management to address the problems.
7. Follow-up on reported findings at appropriate intervals. Internal audit
departments maintain a follow-up database for this purpose.
Audit assignment length varies based on the complexity of the activity being
audited and Internal Audit resources available. Many of the above steps are
iterative and may not all occur in the sequence indicated.
In addition to assessing business processes, specialists called Information
Technology (IT) Auditors review Information technology controls.
with their oversight responsibility and legal duties. It is set to evolve into a
more extensive, outward, forward looking and continuous activity playing an
enhanced role in 'Integrated Assurance' - an activity to outline who provides
assurance on what aspects of the entire assurance universe. This new
purpose, authority, and responsibility of the internal audit activity must be
formally defined in the new internal audit charter and presented to the senior
management and the board for approval. However, while Corporate India is
looking to their internal auditors to help deliver a more sustainable, efficient
and effective audit function. One that fully aligns with the new governance
needs and expectations, there is ambiguity in the minds of the board, audit
committee members, CXOs and Internal Auditors on what changes would be
needed in their roles to fulfill these new requirements.
As companies raise the bar on their own performance to contend with the
greater regulatory and stakeholder expectations, it also raises the bar on
Internal Audit Function. This whitepaper discusses four themes which would
now form part of the new Internal Audit Charter to support the organization
and the stakeholders meet the expectations of the new Companies Act 2013
raising the Bar on Governance. Here, we attempt to redefine the internal
audit charter from the perspective of governance stakeholders and build
what we call the 'New Performance Continuum' for the Chief Audit Executive
(CAE) in the wake of the changed environment. With these new expectations,
it is also necessary for Internal Auditors to review their methodology and
include specific procedures to address these changes. We have also
discussed some of the steps and procedures which should find place in new
audit plans, roles and responsibilities for the Internal Auditor.
Mandatory reporting on
Internal financial controls
The Companies Act 2013 requires the Directors report for listed companies,
including public companies with paid up capital of INR25 crores or more, and
auditors report for all companies to comment on whether the company has
adequate
internal
financial
controls
system
in
place
and
operating
effectiveness for such controls. For this purpose, the term internal financial
controls means the policies and procedures adopted by the company for
ensuring the orderly and efficient conduct of its business, including
adherence to companys policies, the safeguarding of its assets, the
prevention
and
detection
of
frauds
and
errors,
the
accuracy
and
AD sse v e s l so pa n d
DTe e s vt e t lho ep a
The Act places a stronger emphasis than before on the role of the Audit
Committee on internal financial controls and risk management. Given the
importance of these areas, internal audits assurance role is very important
in helping audit committee directors fulfill their oversight responsibility and
legal duties.The changing role of Internal Audit the ever increasing
regulations and expansion of organizations across the globe into new
markets exposed the organizations to greater regulatory and compliance
Banking
Fraud
Survey
2014
Assurance
Assessment
and
to
have
strong
fraud
prevention
programme.
As
organizations work towards reducing the losses due to fraud, their anti-fraud
programmes are increasingly looking towards the internal audit function for
support in light of the fact that over time as internal auditors review systems
in the organization, they develop an overall knowledge of the organizations
processes, risks, control systems and personnel which can contribute to an
effective fraud risk management. The IIA provides mandatory guidance for
internal auditors in its International Professionals Practices Framework (IPPF).
Internal auditors are expected to have sufficient knowledge to evaluate the
risk of fraud in their organizations, and are required to report to the board
any fraud risks found during their investigations. IPPF also expects the
internal audit activity to evaluate the potential for the occurrence of fraud
and how the organization manages its fraud risk. The expectation is that
internal auditing should provide objective assurance to the board and
management that fraud controls are sufficient for identified fraud risks and
ensure that the controls are functioning effectively. Internal auditors may
review the comprehensiveness and adequacy of the risks identified by
management especially with regard to management override risks.
Strengthening enterprise
Risk assessment processes
Risk
management
is
central
part
of
any
organization's
strategic
for framing, implementing and monitoring the risk management plan for the
company.
Internal audit is third line of defense, which through its risk based approach
provides reasonable independent assurance to the organisations board of
directors and senior management on the effectiveness of risk management
processes. In organisations where risk management implementation is in its
initial stages, the role of internal audit is often that of a catalystor facilitator
to help foster development of the organization's risk management process.
Further, the more risk mature the organization is, it is better for the internal
audit function to provide a realistic picture to the board on risk management
against its strategic objectives.
Key Considerations for the Chief Risk Officer (CRO)
Provide credible risk governance. Inputs to strategy formulation; integrate
risk management and strategy execution. Aggregate information to identify
operational control weaknesses. Identify risks presenting the most significant
risks to shareholder value. Build a risk management dashboard. Use
behavioural change management techniques to maintain risk awareness
capabilities. Coordinate with assurance providers to provide an opinion on
the control environment. Develop prudent risk management techniques to
address key risks, and establish sufficient monitoring of strategic risk
'signposts' to identify risk occurrences in time. View risk management as a
core competency and try to ensure that auditors receive appropriate training
on risk and risk manage-ment practices.
CAE response
Internal Audit function must align its activities with the organisations key
strategies and critical risks must be driven from the top with input from the
executive management and the Board. It should be coordinated with other
key oversight functions. Regardless of whether risk management and internal
audit operate as distinct and separate units, or are closely aligned, it is
imperative that they leverage off each other, continually developing
knowledge and awareness of the environments in which they operate. They
must work within the same risk management framework and conduct
dialogue to continually question each others perspective of the nature and
severity of the risk profile.
for
delinquency,
fixes
extensive
management,
independent
Directors
and
responsibility
auditors,
for
senior
introduces
the
Section 447 of the Act provides a specific definition of fraud and also
makes extensive provisions for penalising fraudulent activities. Fraud
includes any act, omission, concealment of any fact or abuse of the position
committed by any person, with intent to deceive, to gain undue advantage
from, or to injure the interests of, the company or its shareholders or its
creditors or any other person, whether or not there is any wrongful gain or
wrongful loss.
Under the new act, liability and punishment for fraud is extended to every
individual who has been a party to it deliberately, including the auditors of
the company
Companies are also required to establish a vigil mechanism for directors
and employees to report genuine concerns, even directly to the chairperson
of the Audit Committee for appropriate cases.
The
mechanism
should
provide
for
adequate
safeguards
against
that are material, internal auditors are often in a better position to detect the
symptoms that accompany fraud. Internal auditors usually have continual
presence in the organisation that provides them with a better understanding
of the organisation and its control systems. Therefore, the CAE will now need
to take responsibility over the adequacy of fraud prevention/ mitigation
controls in business processes. He will have to consider fraud procedures as
part of every audit. He can no longer take shelter that the IA function is not
responsible for preventing and detecting fraud.
Fraud risk and the role of a CAE
Proactive auditing to look for misappropriation and misrepresentation
Examining and evaluating the adequacy and
effectiveness of internal controls that might address
fraud risks include:
Controls over significant, unusual transactions
Controls over adjustments in the period-end financial reporting process
Controls over related party transactions
Controls related to significant management estimates
Controls that mitigate incentives for, and pressures on, management to falsify or inappropriately
manage financial results.
Fraud Detection activities include potential fraud indicators in the Risk Control Matrix/Audit
Program. Gather sufficient knowledge of fraud to identify red flags indicating fraud that may have been
committed, the techniques used to commit fraud, and the various fraud schemes and scenarios
associated with the activities reviewed.
Leverage data mining and data analytics to find unusual
items and perform detailed analyses of high risk
accounts and transactions.
Establish effective fraud prevention measures based
on a companys SWOT analysis.
Define robust control activities i.e., policies and
procedures for business processes, including
appropriate authority limits and segregation of
incompatible duties, employee training etc.
Test operating effectiveness of fraud prevention and
detection controls.
Identify relevant fraud risk factors: understand
organisations external and internal business environment.
Review the documentation of previous and suspected
frauds, frauds at similar organisations, root cause analysis
and control improvement recommendations, monitoring
the reporting/whistleblower hotline, and providing ethics
training sessions.
Map existing controls to potential fraud schemes
and carry out a gap assessment: identify preventive
and detective controls in place to address fraud risks and
likelihood and significance of each potential fraud.
Entity level anti-fraud controls such as whistleblower
hotline, whistleblower protection policy, board oversight,
results of continuous monitoring, code of conduct are
important elements in the exercise.
information
and
make
recommendations
for
internal
control
Appendices
Bibliography
Sources:
1. IPPF Practice Guide on Internal Auditing and Fraud
2. Managing the Business Risk of Fraud: A Practical Guide
Paper sponsored by IIA, AICPA and ACFE
https://www.protiviti.com/en-US/Documents/RegulatoryReports/General-Business/Protiviti-Flash-Report-New-ICReqs-Companies-with-India-Operations.pdf
https://www.pwc.in/assets/pdfs/publications/2015/pwc-reportingperspectivesoctober-2015.pdf
https://www.wirc-icai.org/(S(ao1o00a1y1dnqv55oxdi0ujq)X(1))/material/WIRCIFC.pdf
https://www.kpmg.com/IN/en/IssuesAndInsights/ArticlesPublications/Documents/KPM
G-the-New-Internal-Audit-Charter.pdf