Вы находитесь на странице: 1из 79
Standards on Internal Audit – Codifying the Best Practices 1
Standards on Internal
Audit – Codifying the
Best Practices
1
Standards on Internal Audit (SIAs) SIAs – Issued by the Council of the Institute of
Standards on Internal Audit (SIAs)
SIAs –
Issued by the Council of the Institute of
Chartered Accountants of India
Till date 18 SIAs issued
Codify best practices in area of internal audit
Provide a benchmark of the performance of
the internal audit services
Preface to the Standards on Internal Audit
Framework for Standards on Internal Audit
2
Preface to the Standards on Internal Audit (Issued in January 2004) Scope of the Standards
Preface to the Standards on Internal Audit
(Issued in January 2004)
Scope of the Standards on Internal Audit
(SIAs)
Scope of the Guidance Notes on Internal
Audit
Implications of the departures from SIAs
Procedure for issuing the SIAs and
Guidance Notes
3
Scope of the Standards on Internal Audit SIAs apply whenever internal audit is carried out
Scope of the Standards on Internal Audit
SIAs apply whenever internal audit is
carried out
Describes internal audit as
• A continuous and critical appraisal of
functioning of an entity with a view:
– to suggest improvements,
– to add value and strengthen the overall
governance mechanism
– including
the
entity’s
strategic
risk
management and internal control system
4
Framework for Standards on Internal Audit (Issued in August 2008) Objective is to promote the
Framework for Standards on Internal Audit
(Issued in August 2008)
Objective is to promote the professionalism
in the internal audit activity.
Provide a frame of reference for the SIAs
being issued.
5
Components of the Framework The Code of Conduct Establishes the essential principles of conduct and
Components of the Framework
The Code of Conduct
Establishes the essential principles of conduct and prescribes
for the professionals in internal audit activity.
The Competence Framework
Describes the key characteristics that are required of persons
performing internal audit.
The Body of Standards
Standards specifies the basic principles and processes.
Mandatory minimum requirements
The Technical Guidance
Provide guidance to internal auditors in resolving professional
issue arising while carrying out internal audit.
6
SIA 1, Planning an Internal Audit (Issued in May 2006) Gives an insight into the
SIA 1, Planning an Internal Audit
(Issued in May 2006)
Gives an insight into the objectives of
the planning
Provides knowledge about the factors
affecting the planning process
Deals with scope of the planning and
the planning process
7
Planning Develop and document plan in consultation with those charged with governance, including the Audit
Planning
Develop and document plan in consultation
with those charged with governance,
including the Audit Committee
Internal audit plan should be based on :
• the objectives of the activity
• significant risks
• risk management and internal control system
• reflect the risk management strategy
8
SIA 2, Basic Principles Governing Internal Audit (Issued in August 2007) Explains the principles which
SIA 2, Basic Principles Governing Internal
Audit
(Issued in August 2007)
Explains the principles which governs the internal
auditor’s professional responsibilities:
Integrity, objectivity and independence,
Confidentiality
Due professional care, skills and competence
Work performed by others
Documentation
Planning
Evidence
Internal Control and Risk Management
Reporting
9
Elaborate principles to give guidance on auditing procedure and reporting practices Compliance with basic principles
Elaborate principles to give guidance on
auditing procedure and reporting
practices
Compliance with basic principles
Require application of procedures and
practices appropriate to particular
circumstances
10
SIA 3, Documentation (Issued in August 2007) Provide guidance on documentation requirements in internal audit
SIA 3, Documentation
(Issued in August 2007)
Provide guidance on documentation
requirements in internal audit
Form and content of documentation
Detention and retention of the
documentation
Identification of the preparer and
reviewer
11
Documentation May be on paper or on electronic or any other media Should record internal
Documentation
May be on paper or on electronic or any other
media
Should record
internal audit charter,
internal audit plan,
nature, timing and extent of audit
procedures performed, and
conclusions drawn from the evidence
obtained
Signed by the preparers and reviewers
12
SIA 4, Reporting (Issued in August 2008) Establish standards on the form and content of
SIA 4, Reporting
(Issued in August 2008)
Establish standards on the form and
content of internal auditor’s report.
Describes basic elements of an internal
auditor’s report
Deals
with
different
stages
of
communication and discussion of the
report
Describes the reporting responsibilities
of the internal auditor
13
Basic Elements of the Internal Audit Report Title; Addressee; Report Distribution List; Period of coverage
Basic Elements of the Internal Audit Report
Title;
Addressee;
Report Distribution List;
Period of coverage of the Report;
Opening or introductory paragraph;
Objectives paragraph;
Scope paragraph;
Executive Summary;
Observations, findings and recommendations made by the internal
auditor;
Comments from the local management;
Action Taken Report;
Date of the report;
Place of signature; and
Internal auditor’s signature with Membership Number.
14
SIA 5, Sampling (Issued in August 2008) Provide guidance regarding the design and selection of
SIA 5, Sampling
(Issued in August 2008)
Provide guidance regarding the design
and selection of an audit sample
Guide on the use of audit sampling in the
internal audit engagement
Deals with evaluation of sample results
Guidance
on
use
of
sample
in
risk
assessment
procedures
and
tests
of
controls
performed
by
the
internal
auditor
15
Evaluation of Sample Results The internal auditor should: analyse the nature and cause of any
Evaluation of Sample Results
The internal auditor should:
analyse the nature and cause of any errors
detected in the sample;
project the errors found in the sample to
the population;
reassess the sampling risk; and
consider their possible effect on the
particular internal audit objective and on
other areas
engagement.
of
the
internal
audit
16
SIA 6, Analytical Procedures (Issued in August 2008) Provide guidance regarding the application of analytical
SIA 6, Analytical Procedures
(Issued in August 2008)
Provide guidance regarding the application of
analytical procedures during internal audit
Deals with the aspects such as:
the nature and purpose of analytical procedures,
analytical procedures as risk assessment procedures
and planning the internal audit
Analytical procedures as substantive procedures
Analytical procedures in the overall review at the
end of the internal audit
Extent of reliance on analytical procedures
17
Analytical Procedures as Risk Assessment Procedures and in Planning the Internal Audit to obtain an
Analytical Procedures as Risk Assessment Procedures and
in Planning the Internal Audit
to obtain an understanding of the business, the entity and its
environment and in identifying areas of potential risk
Analytical Procedures as Substantive Procedures
procedures to reduce detection risk relating to specific
financial statement assertions and assertions relating to
process, systems and controls
Analytical Procedures in the Overall Review at the
End of the Internal Audit
forming an overall conclusion as to whether the systems,
processes and controls as a whole are robust, operating
effectively and are consistent with the internal auditor's
knowledge of the business
18
SIA 7, Quality Assurance in Internal Audit (Issued in August 2008) A system for assuring
SIA 7, Quality Assurance in Internal Audit
(Issued in August 2008)
A system for assuring the quality in internal audit
should provide reasonable assurance that the internal
auditors comply with professional standards,
regulatory and legal requirements so that the reports
issued by them are appropriate in the circumstances.
provide the guidance to the person entrusted with
the responsibility for the quality of the internal audit
whether in-house internal audit or a firm carrying out
internal audit.
This Standard also provide the extensive knowledge
about the internal quality reviews, external quality
reviews and communicating the results thereof.
19
Objective Provide assurance that internal auditor comply with professional standards, regulatory and legal requirements
Objective
Provide assurance that internal auditor comply with professional
standards, regulatory and legal requirements
Person within the entity should be entrusted with the responsibility
for quality in the internal audit
Include
elements:
policies
and
procedures
addressing
each
of
following
Leadership responsibilities for quality in internal audit
Ethical requirements
Acceptance and continuance of client relationship and specific engagement,
as may be applicable
Human resources
Engagement performance
Monitoring
20
SIA 8, Terms of Internal Audit Engagement (Issued in August 2008) Establish standards in respect
SIA 8, Terms of Internal Audit Engagement
(Issued in August 2008)
Establish
standards
in
respect
of
terms
of
engagement of the internal audit activity whether
carried out in house or by an external agency.
Clarity on terms of internal audit engagement is
essential for inculcating professionalism and avoiding
misunderstanding as to any aspect of the
engagement.
21
Elements of Terms of Engagement Scope Responsibility Authority Confidentiality Limitations Reporting
Elements of Terms of Engagement
Scope
Responsibility
Authority
Confidentiality
Limitations
Reporting
Compensation
Compliance with Standards
22
SIA 9, Communication with Management (Issued in January 2009) Provides a framework for internal auditor’s
SIA 9, Communication with Management
(Issued in January 2009)
Provides a framework for internal auditor’s
communication with management and identifies
some specific matters to be communicated with
management as described in the terms of the
engagement.
Deals with the aspects such as:
Matters to be communicated
The communication process- Forms, Timing,
Adequacy
Documentation of Communication
23
Matters to be Communicated Internal Auditor’s Responsibilities in Relation to the Terms of Engagement Planned
Matters to be Communicated
Internal
Auditor’s
Responsibilities
in
Relation to the Terms of Engagement
Planned Scope and Timing of the Internal
Audit
Significant Findings from the Internal Audit
24
SIA 10, Internal Audit Evidence (Issued in January 2009) Deals with the aspects such as:
SIA 10, Internal Audit Evidence
(Issued in January 2009)
Deals with the aspects such as:
objective of the internal audit evidence,
sufficiency and appropriateness of internal
audit evidence,
procedures for obtaining evidence
Internal audit evidence should enable
internal auditor to form an opinion on
scope of terms of engagement
25
Sufficient and Appropriate Internal Audit Evidence Internal auditor’s judgement as to what is sufficient and
Sufficient and Appropriate Internal Audit
Evidence
Internal auditor’s judgement as to what is
sufficient and appropriate internal audit
evidence is usually influenced by:
The materiality of the item.
The type of information available.
Degree of risk of misstatement which may
be affected by factors such as :
•The nature of the item.
•The nature or size of the business carried
on by the entity.
•Situation which may exert an unusual
influence on management
26
SIA 11, Consideration of Fraud in an Internal Audit (Issued in January 2009) Deals with
SIA 11, Consideration of Fraud in an Internal
Audit
(Issued in January 2009)
Deals with the aspects such as:
what is fraud ?
concept of internal control system,
elements of internal control system,
responsibilities of the internal auditors,
to whom the internal auditors will communicate
about the presence of fraud,
documentation
identified
of
fraud
risk
factors
when
27
Responsibilities of the Internal Auditor Internal auditor to help management fulfill the responsibilities relating to
Responsibilities of the Internal Auditor
Internal auditor to help management
fulfill the responsibilities relating to fraud
detection and prevention
Approach of internal auditor should
include
Control Environment
Risk Assessment
Information System and Communication
Control Activities
Monitoring
28
SIA 12, Internal Control Evaluation (Issued in February 2009) Deals with the aspects such as:
SIA 12, Internal Control Evaluation
(Issued in February 2009)
Deals with the aspects such as:
Nature, Purpose and Types of Internal
Controls
Inherent Limitations of Internal Controls
Role
of
Internal
Auditor
in
Evaluating
Internal Controls
Monitoring Internal Audit findings
Communication
of
Continuing
Internal
Control Weaknesses
29
Role of Internal Auditor Examine continued effectiveness of internal control system through evaluation and make
Role of Internal Auditor
Examine
continued
effectiveness
of
internal
control
system
through
evaluation
and
make
recommendations,
if
any,
for
improving
effectiveness.
Focus
towards
improving
internal
control
structure
and
promoting
better
corporate
governance.
Make management aware, as soon as practical
and at an appropriate level, of material weaknesses
in design or operation of internal control systems
30
SIA 13, Enterprise Risk Management (Issued in February 2009) Describes Risk and Enterprise Risk Management
SIA 13, Enterprise Risk Management
(Issued in February 2009)
Describes
Risk
and
Enterprise
Risk
Management
Deals with the aspects such as:
Process of ERM and Internal Audit
Role of Internal Auditor in Relation to ERM
Monitoring Internal Audit findings
Internal Audit Plan and Risk Assessment
31
Role of Internal Auditor in Relation to ERM Provide assurance to management on effectiveness of
Role of Internal Auditor in Relation to ERM
Provide
assurance
to
management
on
effectiveness of risk management
Review maturity of ERM structure by considering
whether framework so developed,:
Protects enterprise against surprises;
Stabilizes
overall
performance
with
less
volatile
earnings;
Operates within established risk appetite;
Protects ability of enterprise to attend to its core
business
Creates system to proactively manage risks
32
SIA 14, Internal Audit in an Information Technology Environment (Issued in March 2009) Describes: Skills
SIA 14, Internal Audit in an Information
Technology Environment
(Issued in March 2009)
Describes:
Skills and competence to conduct internal audit in
an IT environment
Factors to be consider while planning such an
internal audit
Matters that may effect audit in an IT
environment
Risk Assessment
Audit Procedures
Review of IT Environment
Outsourced Information Processing
Documentation
33
Review of Information Technology Environment Overall objective and scope of an internal audit does not
Review of Information Technology Environment
Overall objective and scope of an internal audit does
not change in an IT environment
Consider IT environment in designing audit procedures
to review systems, processes, controls and risk
management framework
Apply professional judgment and skill in reviewing IT
environment and assessing interface of such IT
infrastructure with other business processes
34
SIA 15, Knowledge of the Entity and Its Environment (Issued in March 2009) Establish standards
SIA 15, Knowledge of the Entity and Its
Environment
(Issued in March 2009)
Establish standards to provide guidance on
what constitutes knowledge of an entity’s business
Its importance to various phases of internal audit
engagement
techniques
acquiring
to
be
adopted by
internal auditor in
such
knowledge
about
entity
and
its
environment
guidelines
regarding
application,
usage
and
documentation of such knowledge by internal auditor
35
Knowledge of the Entity and Its Environment Using information appropriately assists internal auditor in Assessing
Knowledge of the Entity and Its Environment
Using information appropriately assists
internal auditor in
Assessing risks and in identifying key focus
areas
Planning
and
performing
internal
audit
effectively and efficiently
Evaluating audit evidence
Providing better quality of service to client
36
SIA 16, Using the Work of an Expert (Issued in March 2009) Provide guidance where
SIA 16, Using the Work of an Expert
(Issued in March 2009)
Provide
guidance
where the
internal
auditor uses the work performed by an
expert
Explains situations in which need for
using work of an expert might arise
Considering skills and competence and
objectivity of the expert
Lays down procedures for evaluating
the work of an expert
37
Reference to an expert in Report Should not, normally, refer to work of an expert
Reference to an expert in Report
Should not, normally, refer to work of
an expert in internal audit report
Reference may be useful in cases
Existence
of
material
weaknesses
or
deficiencies in internal control system
Beneficial to the readers
Reference should outline assumptions,
broad methodology and conclusions of
expert
38
SIA 17, Consideration of Laws and Regulations in an Internal Audit Today's organizations face greater
SIA 17, Consideration of Laws and
Regulations in an Internal Audit
Today's
organizations
face
greater
legal/
regulatory scrutiny
due to proliferation of laws and regulations in
number and complexity
increased regulatory oversight
global operations take on additional regulatory
challenges, given their need to consider varying
regulatory environments
Heightened
compliance
risks
associated
with
non-
39
Background of Proposed SIA Based on Standard on Auditing (SA) 250, “Consideration of Laws and
Background of Proposed SIA
Based on Standard on Auditing (SA) 250,
“Consideration of Laws and Regulations in an
Audit of Financial Statements”
Suitable
modifications
made
w.r.t
responsibility of internal auditor
Role of Internal Auditor went beyond financial
statements and extends to matters which
impact functioning of entity
40
Coverage Scope Definition Effects of Laws and Regulations Responsibility of Management for Compliance with Laws
Coverage
Scope
Definition
Effects of Laws and Regulations
Responsibility of Management for Compliance with
Laws and Regulations
Objectives
Responsibility of the Internal Auditor
The Internal Auditor’s Consideration of Compliance
with Laws and Regulations
Internal Audit Procedures When Non-Compliance is
Identified or Suspected
Reporting of Identified or Suspected Non-compliance
Documentation
Effective Date
41
Scope of SIA Deals with internal auditor’s responsibility to consider laws and regulations (L&R) when
Scope of SIA
Deals with internal auditor’s responsibility
to consider laws and regulations (L&R)
when performing an internal audit
Applicable to other engagements in which
Internal Auditor specifically engaged to
test and report separately on compliance
with specific L&R.
42
What is Non-compliance? Acts of Omission or commission Either intentional or unintentional Contrary to the
What is Non-compliance?
Acts of Omission or commission
Either intentional or unintentional
Contrary to the prevailing L&R
Includes
Transactions entered into
by, or in the name of,
the entity, or on its behalf
by TCWG, Mgmt
or employees
Does not include
personal misconduct
(unrelated to the
business activity)
43
Effect of L&R Effect on functioning of an entity of L&R varies considerably Direct effect
Effect of L&R
Effect on functioning of an
entity of L&R varies considerably
Direct effect on the
Financial statements
---- determine reported
Amounts and
disclosures
Complied with by
Mgmt or set provisions
Under which Entity is
Allowed to
Conduct business &
No direct effect on FS
44
Mgmt. Responsibility for Compliance Mgmt. responsible under oversight of TCWG Policies and procedures that assist
Mgmt. Responsibility for Compliance
Mgmt. responsible under oversight of TCWG
Policies and procedures that assist in prevention &
detection of non-compliance
Monitoring legal requirements and ensuring appropriate
operating procedures
Instituting, operating appropriate systems of internal control
Developing, publicising, following a code of conduct
Targeting information for compliance to employees/depts.
who can verify non-compliance
Legal advisors, Register of significant L&R
Supplemented by Audit Committee and Compliance
function
45
Objectives of Internal Auditor Obtain sufficient appropriate audit evidence regarding compliance with provisions of
Objectives of Internal Auditor
Obtain sufficient appropriate audit evidence regarding
compliance with provisions of L&R recognised to have
direct effect on determination of material amounts &
disclosures in FS
Perform specified audit procedures to help identify
instances of non-compliance with L&R that have
significant effect on functioning entity
Respond appropriately to non-compliance/ suspected
non-compliance
46
Responsibility of Internal Auditor Role of IA - continuous & critical appraisal of functioning of
Responsibility of Internal Auditor
Role of IA - continuous & critical appraisal of
functioning of entity & suggest improvements
Identification of non-compliance with L&R is also an
inherent part of responsibilities
SIA 1 – scope of an internal audit also affected
by statutory/ regulatory framework in which
entity operates
Responsibilities wider than external auditor -
cover impact on financial statements &
functioning of entity
47
Responsibility of Internal Auditor Scope of internal audit determined by terms of engagement generally require
Responsibility of Internal Auditor
Scope of internal audit
determined by
terms of engagement
generally require IA to
examine status of compliance with L&R
In absence of explicit mention in terms
IA to verify within overall objectives of internal audit
48
Responsibility of Internal Auditor Evaluating internal control system includes compliance with applicable L&R Due
Responsibility of Internal Auditor
Evaluating internal control system includes
compliance with applicable L&R
Due
professional
care
in
detecting
non-
compliance with L&R
Neither
implies/guarantees
infallibility,
nor
requires IA to travel beyond scope
Requirements
of
SIA
assist
in
identifying
significant impact of non-compliance
Inherent Limitations of internal audit-------cannot
be expected to detect non-compliance with all L&R
49
Inherent limitations on IA ability Many L&R relate principally to operating aspects of entity that
Inherent limitations on IA ability
Many L&R relate principally to
operating aspects of entity that
do not affect F&S
Involve conduct designed to conceal
– Collusion, forgery, mgmt
override of controls
Act constitutes non-compliance
matter for legal determination
by a court of law
50
Responsibility w.r.t. different types of L& R Types of L & R A B Direct
Responsibility w.r.t. different types of L& R
Types of L & R
A
B
Direct effect on Material
amount
disclosures in FS
Fundamental impact on
operating aspects,
going concern,
functioning of the entity
Responsibilities
of IA
Obtain SAAE re
compliance- SIA 10
Undertake specified procedures
to help identify non-compliance
that may impact functioning
51
Internal Auditor’s Consideration of L&R SIA 15 - Obtain general understanding of L&R framework and
Internal Auditor’s Consideration of L&R
SIA 15 - Obtain general understanding of L&R framework and
compliance
Obtain SAAE for A
Perform audit procedures for B
Request Mgt/ TCWG for WR
YES
Non compliance
identified/ suspected
Understanding nature of the act
and circumstances
Further information to evaluate effect
on functioning
NO
END
52
Indications of Non-Compliance with Laws and Regulations Investigations by regulatory orgs and govt depts or
Indications of Non-Compliance with
Laws and Regulations
Investigations by regulatory orgs and govt depts or payment
of fines or penalties.
Payments for unspecified services or loans to consultants,
related parties, employees or govt employees.
Sales commissions or agent’s fees that appear excessive in
relation to those ordinarily paid by the entity or in its industry
or to the services actually received.
Purchasing at prices significantly above or below market
price.
Unusual payments in cash, purchases in the form of cashiers’
cheques
payable to bearer or transfers to numbered bank
accounts.
Unusual payments towards legal and retainership fees.
contd/-
53
Indications of Non-Compliance with Laws and Regulations Unusual transactions with companies registered in tax havens.
Indications of Non-Compliance with
Laws and Regulations
Unusual transactions with companies registered in
tax havens.
Payments for goods or services made other than to
the country from which the goods or services
originated.
Payments
without
proper
exchange
control
documentation.
Existence
of
an
information
system
which
fails,
whether by design or by accident, to provide an
adequate audit trail or sufficient evidence.
Unauthorized transactions or improperly recorded
transactions.
Adverse media comment
54
Matters relevant to Internal Auditor’s Evaluation Potential financial consequences of non- compliance on functioning
Matters relevant to Internal Auditor’s
Evaluation
Potential financial consequences of non-
compliance on functioning of the entity
Whether potential financial consequences need to be
informed to mgmt for limited objective of suitable
disclosure.
Whether potential financial consequences are so
serious to call into question going concern assumption
Discuss with TCWG – provide additional
audit evidence
55
Internal Audit Procedures When Non compliance is Suspected/ Identified Suspected non compliance: Discuss matter with
Internal Audit Procedures When Non
compliance is Suspected/ Identified
Suspected non compliance:
Discuss matter with mgt./ TCWG
Obtain legal advice from entity’s in house/ external or own
legal counsel if:
● Mgt./ TCWG not providing sufficient information AND
● About application of L & R including possibility of fraud and
possible impact on functioning of entity
Insufficient information on suspected non-compliance,
evaluate effect of lack of SAAE on internal auditor’s
observations and findings.
Evaluate implication also in respect of risk assessment
and reliability of WR
Take appropriate action
56
Withdrawal from Engagement If no remedial action by Mgt./ TCWG, consider if withdrawal necessary, considering:
Withdrawal from Engagement
If no remedial action by Mgt./ TCWG,
consider if withdrawal necessary,
considering:
Obligation,
contractual,
or
otherwise
to
report the circumstances
57
Reporting Non-Compliance Communicate matters that come to internal auditor’s attention during internal audit –
Reporting Non-Compliance
Communicate
matters
that
come
to
internal auditor’s attention during
internal audit – SIA 9
No need to communicate if :
TCWG = Mgt.
Matters clearly inconsequential
Communicate
ASAP
non-compliance
believed to be intentional & material
58
Internal Auditor’s Report Significant impact on functioning Inadequately dealt with by mgmt. Limitation by Mgt./
Internal Auditor’s Report
Significant impact
on functioning
Inadequately
dealt with by mgmt.
Limitation by
Mgt./ TCWG
Limitation by
circumstances
Internal Auditor
unable to
obtain SAAE
Evaluate effect on
Observations and findings
Report in accordance
with SIA 4, Reporting
Report in accordance
with SIA 4, Reporting
59
Documentation In accordance with SIA 3 Identified/ suspected non compliance Results of discussions with mgt./
Documentation
In accordance with SIA 3
Identified/ suspected non compliance
Results
of
discussions
with
mgt./
TCWG/ parties outside the entity
Examples:
Copies of records & documents
Minutes of discussions
60
SIA 18, Related Parties Overview of SIA 18 Introduction Definitions Related Party Transactions Internal Audit
SIA 18, Related Parties
Overview of SIA 18
Introduction
Definitions
Related Party Transactions
Internal Audit Procedures
61
Relevance of SIA Over-reliance on owners, board members, and executives to identify related parties and
Relevance of SIA
Over-reliance
on
owners,
board
members, and executives to identify
related parties and related party
transactions
Failure to identify related parties
Not easily identifiable
Ownership structure can be complicated
62
SIA 18 - Purpose Establish Standard and provide guidance on procedures to be followed by
SIA 18 - Purpose
Establish Standard and provide
guidance on procedures to be followed
by internal auditor in ensuring:
RP activities of entity properly captured
through internal controls.
RP activities consistent with entity’s code
of conduct and conflict of interest policy,
applicable laws and regulations and
disclosure requirements.
63
Management Responsibility Identification & disclosure of RP and accounting of RP 64
Management Responsibility
Identification & disclosure of RP and
accounting of RP
64
Definitions Related Party Parties are considered to be related, if at any time during the
Definitions
Related Party
Parties are considered to be related, if at any time
during the reporting period, one party has the ability
to control the other party or exercise significant
influence over the other party in making financial
and/ or operating decisions.
Relative
In relation to an individual, means the spouse, son,
daughter, brother, sister, father and mother who may
be expected to influence, or be influenced by, that
individual in his/ her dealings with the reporting
enterprise.
65
Control Ownership, directly or indirectly, of more than one half of the voting power of
Control
Ownership, directly or indirectly, of more than one
half of the voting power of an enterprise, or
Control of the composition of the board of directors
in the case of a company or of the composition of the
corresponding governing body in case of any other
enterprise, or
A substantial interest in voting power and the power
to direct, by statute or agreement, the financial and/
or operating policies of the enterprise.
66
Significant Influence Participation in the financial and/ or operating policy decisions of an enterprise, but
Significant Influence
Participation in the financial and/ or operating policy
decisions of an enterprise, but not control of those
policies.
All other terms have
same
Definition as used in
Accounting Standard 18
“Related Party
Disclosures”
67
Related Party Transactions RP transaction is transfer of resources, services, obligations between entity and RP,
Related Party Transactions
RP transaction is transfer of resources,
services, obligations between entity and RP,
regardless of whether price is charged or not.
Transactions indicative include:
Borrowing/ lending on an interest free basis
Buying/ selling at a price different from appraised
value
Loans with no scheduled term of repayment
Granting
of
guarantee
without
adequate
compensation
68
Related Party Transactions RP transactions may not be conducted under normal market terms/ conditions at
Related Party Transactions
RP transactions may not be conducted under normal
market terms/ conditions at all times.
May be motivated by conditions similar to:
Lack of sufficient working capital/ credit
Urgent desire for continued favorable earnings
record
Overly optimistic earnings forecast
Depending on few products, services, customers,
suppliers or transactions for continuing success of
venture
Significant litigation or technology obsolescence
69
Internal Audit Procedures Perform procedures and related activities to obtain information relevant to evaluating
Internal Audit Procedures
Perform procedures and related activities to
obtain information relevant to evaluating
relevant internal controls. Gather information:
Identity of entity’s RP including changes
from prior period
Nature of relationship between entity and
RP
Whether entity entered into transactions
with RP during period and, if so, nature,
extent & purpose of these transactions
70
Documents to be Inspected Bank and legal confirmations obtained as part of internal audit procedures
Documents to be Inspected
Bank and legal confirmations obtained
as part of internal audit procedures
Minutes of meetings of shareholders &
those charged with governance
Other
records/
documents
as
considered necessary
71
Smaller Entities Identification of RP transactions often difficult Standard software package being used Obtain
Smaller Entities
Identification of RP transactions often
difficult
Standard software package being used
Obtain electronic copy of transactions &
import into electronic spreadsheet
Use
sort
feature
to
obtain
information
about customers/ suppliers with only few,
but large transactions, or significant
transactions of a size or nature
unusual
that is
72
Response to Identified Risks of Material Misstatement Determine whether underlying circumstances confirm existence.
Response to Identified Risks of Material Misstatement
Determine whether underlying circumstances
confirm existence.
Communicate information to engagement
team
Request mgmt to identify all transactions with
RP
If RP not identified earlier, consider
Failure of any RP identification controls
Fraud – Non-disclosure by mgmt appears
intentional
73
Response to Identified Risks of Material Misstatement Reconsider risk that other undisclosed RP or significant
Response to Identified Risks of Material
Misstatement
Reconsider risk that other undisclosed
RP or significant RP transactions may
exist & perform additional internal audit
procedures
Perform
appropriate
substantive
internal audit procedures.
74
Significant RP Transactions Significant RP transactions outside normal course of business, inspect underlying contracts
Significant RP Transactions
Significant RP transactions outside normal course of
business, inspect underlying contracts or
agreements, if any, and evaluate
Rationale suggests fraudulent financial reporting
or concealment of misappropriated assets
Terms are consistent with mgmt’s explanations
Transactions are accounted & disclosed as per
GAAP
Ensure transactions authorized & approved.
75
Sufficient Appropriate Audit Evidence (SAAE) Obtain SAAE about mgmt assertion that a RP was conducted
Sufficient Appropriate Audit Evidence
(SAAE)
Obtain SAAE about mgmt assertion that
a RP was conducted on terms
equivalent to prevailing in an arm’s
length transaction.
Appropriateness
of
mgmt’s
process
for
supporting assertion
Verify source of internal/ external data
supporting assertion
Evaluate reasonableness of any significant
assumptions
76
Matters to be considered Document names of identified RP and nature of RP relationships Communicate
Matters to be considered
Document names of identified RP and
nature of RP relationships
Communicate with Those Charged with
Governance or relevant Committee,
significant matters arising during
internal audit in connection with RP
77
Impact on Report Consider impact on Report If not possible to obtain SAAE concerning Related
Impact on Report
Consider impact on Report
If not possible to obtain SAAE concerning
Related Parties & Transactions
Suitably disclose in Report, based on
materiality
78
Thank You 79
Thank You
79