AKGVG & ASSOCIATES

Internal Audit
 Introduction
Recent events including global financial crises have emphasised need for internal
auditing within corporate governance structures

Internal audit function is now mandatory by most stock exchanges

Donors increasingly demand improved accountability & financial transparency in

development projects

IFAD procedures do not specifically require internal audit, however, IFAD

Operational Procedures for Project Audits (for use by IFAD & CIs) require that as
part of the assessment of the borrowers capacity to implement and manage the
project effectively, the appraisal mission will evaluate any internal audit (IA)
mechanism for the project/ PMU

Furthermore, internal audit is considered good practice & advisable as part of

underlying control framework & financial management capacity of a project,
particularly if complex &/ or decentralised

1
 Definition

Internal auditing is an independent, objective

assurance and consulting activity designed to add
value and improve an organization's operations. It
helps an organisation accomplish its objectives by
bringing a systematic, disciplined approach to
evaluate and improve the effectiveness of risk
management, control, and governance processes.
The Institute of Internal Auditors

2
 IA Code of Ethics
Principles
Internal auditors are expected to apply & uphold the following principles:

The integrity of internal auditors establishes trust & so provides

Integrity
the basis for reliance on their judgment

Internal auditors exhibit the highest professional objectivity in

gathering, evaluating & communicating information. Internal
Objectivity auditors make a balanced assessment of all relevant
circumstances & are not unduly influenced by their own
interests or others in forming judgments
Internal auditors respect the value and ownership of information
Confidentialit they receive & do not disclose information without appropriate
y authority unless there is a legal or professional obligation to do
so

Competency Internal auditors apply knowledge, skills, & experience needed

3
 What is Internal Audit?
Internal Audit is a professional activity which helps organisations to achieve their
stated objectives by:
Analysis of key processes, procedures & operations
Identification of key controls in every process, procedure & operation

Evaluation of the adequacy of these controls

Testing of the compliance of sample transactions against the controls
Reporting of the results of the compliance testing of transactions and
evaluation of controls

Recommendation of stronger controls

Suggestions of methods for improvement of compliance with key controls

Follow up of action taken on recommendations made in previous reports

4
 What are Internal Controls?

Important checks instituted by the management to have reasonable

assurance that:

Operations are carried out in an effective & efficient manner

Transactions are recorded completely & accurately

Assets are properly safeguarded & recorded

Laws are complied with

Reliable reports are generated

5
Some examples of Internal Control

Budgetary Control

Fixed Assets Register

Bank & Special Account Reconciliations

Reconciliation of Financial & Physical Monitoring & Evaluation

Reports

6
 How are Internal Audit & External Audit different?
Internal audit is focused at internal management support and improving systems,
procedures and processes

External audit (EA): normally statutory requirement, unlike internal audit (IA)

EA reports are addressed to stakeholders: IA reports are addressed to Management

EA reports express an opinion on the financial statements prepared by the entity for a
specified period: IA reports evaluate and check compliance against key internal
controls

EA reports are usually public documents which are available to all stakeholders. IA
reports are for use only by Management

EA reports do not make recommendations, although may have a Management Letter:

IA reports are incomplete without

EA is basically a review of financial statements for compliance: IA seeks to ensure

value for money to Management

7
Why should IFAD funded projects be subject to IA?

IFAD funded projects may be subject to Internal Audit because:

External audit checks overall compliance to internal controls related

to financial transactions.

Supervision Missions conduct only spot checks.

Internal audit is inherent in government structures in most developing

countries.

Sample IA Terms of Reference enclosed

IA has a key role in Risk management of IFAD Projects

8
What are key concerns from a FM viewpoint?

Is the accounting system capable of

recording financial transactions in an accurate & timely manner?
tracking the expenditure of the project by component & category?
comparing actual expenditure to budget on a real time basis?
Are withdrawal applications properly prepared? project assets properly recorded &
safeguarded? Special Accounts & Project Accounts properly and timely operated &
reconciled? audit arrangements proper and in place? audit reports properly followed
up?
Does the project generate reliable & accurate financial statements & reports?
project funds flowing timely and smoothly to the intended beneficiaries?

9
 Internal Audit (IA) Mandate
Compliance & Advisory roles

What does it do?

improves accuracy, reliability, internal control & integrity of information
including operational and financial reporting
Monitors & evaluates the effectiveness of the processes
Formulates corporates oversight, safeguards the assets, helps in
economical & efficient usage of the resources, maintains compliance with
laws & regulations, deters fraud

What does it not do?

Perform managements activities/ responsibilities (these include

establishing internal controls)

10
 Internal Control Myths and Facts
MYTHS: FACTS:
Internal control not only has a
Internal control doesnt have
strong set of policies and
strong set of policies and
procedures but also starts with the
procedures Internal auditors play an
same
We have internal auditors for important role in controlling the
managing the entire Internal system. The responsibility of the
control! internal control lies with the
management.
Internal control is important for
Internal control is related to the
every aspect of the
finance of the company
operation/business
Internal controls are necessarily
Internal control is responsible for
negative, like a list of thou-shalt-
making the right things happen
nots
Internal controls built into, the
Internal controls do not make the
business processes does make the
business processes change
business processes change

11
 Internal Control Practices
How?
Internal control is a process. It's a means to an end, not an end in itself

Internal control is effected by people as a team, not by internal

auditor. It's not merely policy manuals & forms, but people at every
level of an organization

Internal control can be expected to provide only reasonable

assurance, not absolute assurance, to an entity's management and
governing bodies/ committees

Uses systematic methodology for analysing business processes,

procedures & activities

The cost of IA should not exceed expected benefits to be derived

12
 Internal Control Structure
An internal control structure is simply a different way of viewing operations a
perspective that focuses on doing the right things in the right way
Reporting
Monthly reviews of
Corporate
performance reports MONITORING communications
Supervisory activities
(e-mail, meetings)
INFORMATION &
INFORMATION AND
Purchasing limits COMMUNICATION
COMMUNICATION Based on identification
Approvals/ segregations & analysis of risks to
Security CONTROL ACTIVITIES
CONTROL ACTIVITIES achievement of
Reconciliations objectives
Proper operating &
RISK ASSESSMENT
accounting procedures
Corporate Policies
CONTROL Tone at the top, ethics
ENVIRONMENT Organisational authority
Skilled personnel
In many cases, you perform controls and
interact with the control structure every
day, perhaps without even realising it

13
 Role in Risk Management
Focuses on risks that can prevent the project from attaining
the goals

There are many types of risks credibility, human capital,

ineffective usage of resources, strategic, operational, fraud,
financial reporting, legal/regulatory, etc.

Focuses on areas where there is high risk & high probability

of controls not being in place or being weak

Lets not forget the positive risks opportunities!

Adds value through elimination of unnecessary

controls!

14
 Role in Internal Control
1. Compliance audit: review of financial & operating controls & transactions for
conformity with laws, regulations & procedures, e.g.,
Access to IT system appropriate to users role
Segregation of duties in high risk areas
Balancing & reconciliation between systems
Systems back up & recovery
Physical safeguard & access restriction controls
Reconciliations, comparison budget of actual

2. Operational audit: review of various functions within project to evaluate efficiency,

effectiveness, & economy

15
IA Role in Corporate Oversight
Four pillars internal audit, executive management, external audit, &
Board of directors/ steering committee

Combination of processes & organisational structures implemented by

management to inform, direct, manage and monitor the projects
resources, strategies & policies towards the achievement of its objectives

Public sector governance Principles

transparency, integrity, accountability

May include review of sufficiency of human resources,

training needs, policies, etc.

16
Nature of Internal Audit Activity
Establish Scope & activities for audit to Management
Describe key risks facing the business activities within scope of audit
Identify control procedures used to ensure each key risk is properly
controlled & monitored
Develop & execute risk based sampling & testing approach to determine
whether most important controls are operating as intended (NB: input from
Management required e.g. 100% sampling of WA review)
Report issues/make recommendations/negotiate action plans with
Management to address issues
Follow up on reported findings periodically

17
 Contents of Audit Plan
Updated annually

Risk based audit plan developed with input from project staff
including Management

Summary of key goals, risks & corresponding major audits, to illustrate

alignment

Based on risk assessment & available resources

Appendix materials, such as planning approach, assumptions & brief

descriptions of all planned audits & related prioritization

Approved by management/ appropriate oversight Committee

18
 Contents of Audit Report
Observations

Narration/ description

Remedial action

Consequences/ fall out

Recommendation for improvement (prioritized between high and

normal)

Response (action plan) who, when and how

19
 IAs Proactive Role

Identify Risks

Find Better Ways and Best Practices

Partner With Management to Find Solutions

Prevent Problems

Provide training

Respond to policy & technical accounting questions

Offer suggestions for improvement

Advisory role

20
Additional Resources

21
 Conclusion
Why all this trouble?
Additional comfort and tightness that the project is doing the right thing, the first time,
communicating right information internally, to external auditors, donors, ministries, etc.
More formal control structures reduce possibility that risks become real issues
External Auditor may receive additional assurance to provide unqualified report on
accounts
Donor & government confidence increased, affecting financing flows

What are the next steps?

Identify areas of high risk & opportunities
Validation of process documentation & controls
Communication, with PCs & project staff

22
 THANKS

AKGVG & Associates

Corporate Head Office
307 Pearl Corporate, Mangalam Place,
Sector-3, Rohini, New Delhi, India - 110085
Contact No - +91- 9811118031
Email ID - info@akgvg.com
Website - http://www.akgvg.com

23