Documente Academic
Documente Profesional
Documente Cultură
Internal Audit
Introduction
Recent events including global financial crises have emphasised need for internal
auditing within corporate governance structures
1
Definition
2
IA Code of Ethics
Principles
Internal auditors are expected to apply & uphold the following principles:
3
What is Internal Audit?
Internal Audit is a professional activity which helps organisations to achieve their
stated objectives by:
Analysis of key processes, procedures & operations
Identification of key controls in every process, procedure & operation
4
What are Internal Controls?
5
Some examples of Internal Control
Budgetary Control
Reports
6
How are Internal Audit & External Audit different?
Internal audit is focused at internal management support and improving systems,
procedures and processes
External audit (EA): normally statutory requirement, unlike internal audit (IA)
EA reports express an opinion on the financial statements prepared by the entity for a
specified period: IA reports evaluate and check compliance against key internal
controls
EA reports are usually public documents which are available to all stakeholders. IA
reports are for use only by Management
7
Why should IFAD funded projects be subject to IA?
8
What are key concerns from a FM viewpoint?
9
Internal Audit (IA) Mandate
Compliance & Advisory roles
10
Internal Control Myths and Facts
MYTHS: FACTS:
Internal control not only has a
Internal control doesnt have
strong set of policies and
strong set of policies and
procedures but also starts with the
procedures Internal auditors play an
same
We have internal auditors for important role in controlling the
managing the entire Internal system. The responsibility of the
control! internal control lies with the
management.
Internal control is important for
Internal control is related to the
every aspect of the
finance of the company
operation/business
Internal controls are necessarily
Internal control is responsible for
negative, like a list of thou-shalt-
making the right things happen
nots
Internal controls built into, the
Internal controls do not make the
business processes does make the
business processes change
business processes change
11
Internal Control Practices
How?
Internal control is a process. It's a means to an end, not an end in itself
12
Internal Control Structure
An internal control structure is simply a different way of viewing operations a
perspective that focuses on doing the right things in the right way
Reporting
Monthly reviews of
Corporate
performance reports MONITORING communications
Supervisory activities
(e-mail, meetings)
INFORMATION &
INFORMATION AND
Purchasing limits COMMUNICATION
COMMUNICATION Based on identification
Approvals/ segregations & analysis of risks to
Security CONTROL ACTIVITIES
CONTROL ACTIVITIES achievement of
Reconciliations objectives
Proper operating &
RISK ASSESSMENT
accounting procedures
Corporate Policies
CONTROL Tone at the top, ethics
ENVIRONMENT Organisational authority
Skilled personnel
In many cases, you perform controls and
interact with the control structure every
day, perhaps without even realising it
13
Role in Risk Management
Focuses on risks that can prevent the project from attaining
the goals
14
Role in Internal Control
1. Compliance audit: review of financial & operating controls & transactions for
conformity with laws, regulations & procedures, e.g.,
Access to IT system appropriate to users role
Segregation of duties in high risk areas
Balancing & reconciliation between systems
Systems back up & recovery
Physical safeguard & access restriction controls
Reconciliations, comparison budget of actual
15
IA Role in Corporate Oversight
Four pillars internal audit, executive management, external audit, &
Board of directors/ steering committee
16
Nature of Internal Audit Activity
Establish Scope & activities for audit to Management
Describe key risks facing the business activities within scope of audit
Identify control procedures used to ensure each key risk is properly
controlled & monitored
Develop & execute risk based sampling & testing approach to determine
whether most important controls are operating as intended (NB: input from
Management required e.g. 100% sampling of WA review)
Report issues/make recommendations/negotiate action plans with
Management to address issues
Follow up on reported findings periodically
17
Contents of Audit Plan
Updated annually
Risk based audit plan developed with input from project staff
including Management
18
Contents of Audit Report
Observations
Narration/ description
Remedial action
19
IAs Proactive Role
Identify Risks
Prevent Problems
Provide training
Advisory role
20
Additional Resources
21
Conclusion
Why all this trouble?
Additional comfort and tightness that the project is doing the right thing, the first time,
communicating right information internally, to external auditors, donors, ministries, etc.
More formal control structures reduce possibility that risks become real issues
External Auditor may receive additional assurance to provide unqualified report on
accounts
Donor & government confidence increased, affecting financing flows
22
THANKS
23