Transcript INTERNAL AUDIT

INTERNAL AUDIT
Smita Chaudhri
Accountant General (C&RA) U.P.
Audit types – common terminologies
Three categories of audit :
• CA audit
• External / Statutory ( also known as audit by
CAG/AG)
• Internal audit.
Audit types – common terminologies
CA audit
• For companies / corporations / nigams
• Done by CA firms
• Appointed by the management to check if the
accounts present a true and fair view
• For PSUs – appointed by CAG
• If accounts have been prepared according to the
accounting standards (AS) laid down by the ICAI.
• Annual accounts are audited by these auditors.
• Satyam case…..
Audit types – common terminologies
External Audit
• obvious - it is by an agency external to the entity
• For governments – it is by the SAI ( in India – CAG)
• For international organizations – UN , WHO etc – by SAIs
of member nations
• For PSUs – CAG
• It is independent therefore - impartial
• Responsible to the legislature.
• Functions under authority of Act.
• Checks - whether expenditure made was economical ,
efficient , effective and as per rules and revenue
collection optimized
Audit types – common terminologies
Internal audit
• a diagnostic aid of top management
• to enable pinpointing of problems , internal control weaknesses
and to suggest system improvements
• a part of the executive function enjoying its own degree of
autonomy
• accountable to the entity but should be independent of the activity
it audits in order to achieve its objectives
• hence world over – IA reports directly to the Board/Audit
committee
• is under administrative control of CEO of firms / companies/
corporations
• in Government – should report directly to the Secy /Pr Secy of the
department
• in US – operates under an Act
Similarities & Differences
• All check accuracy of financial data.
• EA & IA – focus on expenditure control and revenue optimization ,
adherence to policies
• EA focus is to unearth frauds and errors , annual / periodical
exercise
• IA focus - on prevention of frauds and errors , continuous
stocktaking exercise
• CA audit focus – correctness / accuracy of financial statements
• EA – independent , impartial. Governed by DPC Act
• IA – part of the entity , but should be independent of the part it
audits – hence report direct to CEO. Governed by rules of
organization
• CA Audit – appointed by management , responsible to code /
standards set by ICAI / CAG/ GASAB
Definition - IA
As defined by the Institute of Internal
Auditors IA is :
• An Independent , objective assurance activity
designed to add value & improve an organization’s
operations.
• It helps the organization accomplish its objectives by
bringing a systematic, disciplined approach to
evaluate and improve effectiveness of the
management , control and governance processes.
Role of Internal Audit
• chief role –
– to render effective financial advice through
recurrent and sufficient sustained checks of the
system of internal controls
– to help ensure an orderly and efficient conduct of
business including adherence to policies,
prevention of frauds and errors and ensure
completeness of financial records.
– a tool of the management to ensure expenditure
control and revenue optimization through system
improvement
Role of Internal Audit
• management – responsible for establishing policies
/processes to help organization achieve specific
objectives.
• IA – evaluates whether the policies are designed
properly and whether they are operating effectively
• identifies potential risk areas
• risks can be – strategic, operational, financial, legal /
regulatory
Role of Internal Audit
• role in corporate governance – as one of
the 4 pillars ( BOD, management, EA, IA)
• improving of internal control is with
reference to:
– effectiveness and efficiency of operations.
– reliability of financial reporting
– compliance to laws & regulations
Is IA a new concept ?
• for Government – comparatively new especially in
our country
– In UP – started in 2000,
– WB was 1st state - in 1998
• for private sector – old concept , initially stated as
informal tool of owner / management
• after WW-II formal structure evolved, institute of
Internal Auditors set up , standards developed
• especially strong in banking / financial institutions
Elements of IA
• Organizational independence - from management –
needed to enable unrestricted evaluation of activities
and personnel
• Independence refers to –
– reporting line – who does IA ( IAO ) report to ?
– status of IA- and the IAO - so as to actively fulfill
responsibilities
– attitude to IA – free from interference – esp w.r.t scope ,
performing of the audit & communicating results
– right of communication – directly to BOD/ head of the
organization
If even one of these is compromised the IA loses its
relevance
Planning IA
 Prepare a plan
 Take management inputs while preparing plan so that it is
clear that goals of IA & organization are on the same track
 Establish and communicate the scope of audit to
management
 Develop understanding of the processes under review
 Identify key risks
 Identify control procedures developed to control each
process
 Sample and test check to examine control processes through
interview , examining documents
 Report which should have recommendations
 Follow up
IA Reports
Elements of internal audit reports: ( the 5 Cs)
– Condition –what was the problem identified
– Criteria – what standard or policy could not be
met
– Cause – why did the problem occur
– Consequence – what are the possible outcomes/
risks associated with the problem
– Corrective action - recommendation
Internal Audit in Government
• In the Private sector priorities are well
defined – profit maximization
• In Govt. –
– policies & priorities based on public good ,
welfare schemes , etc.
– limited scope / no incentives for efficiency
– disincentive – for proactive protecting of public
interest
– wastage due to poor judgement in managing /
allocating resources
Internal Audit in Government
• Audit reports highlighting these are generally felt as
damaging to Govt in power and / or to bureaucrats in
control position
• Therefore IA in Govt presents unique opportunities and a
challenge to advocates of good governance
• The Challenge –
– work through & with the system to achieve objectives ,
ensure public resources are effectively and efficiently
used
– change mindset, promote independence, expand
scope and develop a skill set which helps decision
making
Internal Audit in Government
Drawbacks
while international standards ( like accounting standards )
are available • Governmental IA continues to focus on relatively minor
issues viz; accuracy of accounts, pointing out irregularities
and frauds , check if initial books of account are
maintained
• it is like compliance audit, is accorded low priority,
• there are lack of resources and professional knowledge
• no specific mandate is given by the executive
Why IA in Govt ?
• fiscal responsibility and accountability legislation
– has changed scenario in Govt
• coming of outcome budgeting – will lead to shift
in emphasis from outlays to outcomes
• disclosure statements will become a part of
budget
• more transparency - RTI act , 24* 7 media ,
increased communication
NEED OF THE HOUR
• accountability
• responsiveness
IA - an aid to achieve this
Can IA aid effective governance ?
IA –
• is control of all controls – checks whether
internal controls are working as they should
• offers scope for mid course correction
• preventive vigilance as it concurrent rather than
post audit
• to be taken as constructive input
• encouraged to give +ve recommendation
Can IA aid effective governance ?
YES
Why ??
a mandate of IA is to identify potential risk
areas
• risks can be – strategic, operational,
financial, legal / regulatory
• Govt manages huge resources – hence
larger exposure to risks
Can IA aid effective governance ?
Risks in Govt
• Financial – like frauds, embezzlements
• Legal- not depositing EPF, non deduction of
WCT, TDS
• Strategic & Operational
– biased beneficiary selection, inconsistencies in
programme management with objectives
– failures – to meet contractual obligations
– project delays – time /cost overruns
– Environmental damage – (recent Mumbai chlorine
gas leak)
– Threat assessment and response – 26/11
Risk assessment by IA
• citizens lose if public services are inefficient
/ inadequate
• if fail to meet public expectations –
reputation of department / Govt. suffers
Identification of risks and mitigation will
help
better service delivery ,
better project management,
improved allocation of resources , minimize
waste
Can IA aid effective governance ?
•
•
•
•
•
in brief - IA can check
whether Government policies as set out in rules &
regulations – are understood and properly implemented
whether codes of conduct for Government employees –
followed or not
whether levels of delegation of authority, responsibility
and accountability and their demarcation / checks are
clear
presence or absence of - long and short term planning for
setting up objectives
cost benefit studies of major activities - whether the
results are in conformity with the goals
Can IA aid effective governance ?
IA can check
• the reliability and integrity of financial and
operating information
• the means utilized to safeguard and verify the
existence of financial and physical assets.
• proper accounting and operating procedures to
ensure reliability of accounting data and efficiency
of operations
• review of operations – to reduce possibility of
fraud / collusion
conclusion
world is dynamic , rapidly evolving with
changes in technology , globalization ,
deregulation
this causes –
• rapid change in Govt. business
• changed relationship between Govt &
citizens
• rising public expectations
hence - need for robust monitoring
mechanisms to deliver quality services to
citizens
effective IA – a major tool for ensuring
delivery
Thank you