Audit & compliance
Upcoming SlideShare
Loading in...5




Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds


Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Audit & compliance Audit & compliance Presentation Transcript

  • Audit & compliance
  • Role of internal auditor
    Review acs & I.C.S
    Assist with identification of significant risks
    Review 3 E’s of operations- VFM audit
    Examine financial & operating information
    Special investigations , e.g suspected fraud
    Review compliance with laws & external regulations
  • Financial audit
    Operational audit
    Project audit
    VFM audit
    Social & environmental audit
    Mgmt audit
    I.A looks at controls - PAPAMOSS
    Types of audit work
  • Need for I.A
    I.A is a mgmt control- PAPA(M)OSS
    I.A review effectiveness of other controls in the org.
    Ensure controls are working properly
    I.A is also often a statutory requirement
    Good corporate governance may also suggest an I.A dept
    I.A is 100% audit – VFM audit
    Chief internal auditor is in charge of the dept and reports to the audit committee.
  • Need for I.A
    Factors affecting the need for I.A
    Scale & complex operations
    No of employees
    Cost benefit analysis
    Change in: org structure, reporting process or Mgmt.Info.Sys
    Change in key risks- change in PESTEL factors
    Problems with existing ICS
    Unexplained / doubtful txns
  • Need for I.A
    Per Turnbull report:
    • In absence of I.A function , mgmt needs to find other monitoring process.
    • To reassure the BOD that ICS are working properly
    • BOD will assess whether procedures provide sufficient & objective assurance.
    Auditor independence
    Independent objective assurance activity
    Ensure activity is carried out objectively
    I.A must be independent and must be seen as independent
    Independence is achieved by having a structure within which I.A work
    Independence assured by I.A following ethical & work stds
    Risks if No Independence
    Failure to report control breaches
    Accepting info without checking
    No professional skepticism
    Blind on unethical matters
    Give undeserved positive feedback
    Threats to independence
    Threat to independence is when the opinion of the auditor is doubted.
    Threats can be either REAL or PERCEIVED
    ACCA code of ethics : Self interest
    Self review
    Other measures to protect independence
    • Attribute standards :
    • Deal with characteristics of the org
    • Deal with parties performing Int Audit
    • Performance stds
    • Describe nature of Int Audit activities
    • Provide quality criteria for evaluating I.A services
  • Attribute stds for internal audit
    I.A should be independent .
    Head of I.A should be accountable to people who wont undermine his/her independence
    There should be no interference when deciding about scope of work, when performing the work & when reporting findings.
    I.A should be free from bias- objective – rely on facts only.
    Impartial attitude – avoid conflict of interests.
    Professional care
    Professional care & competence
    Knowledge of key IT risks & CAATs
  • Performance standards for internal audit
    Managing internal audit
    • Head I.A manages IA activity to add value to the org
    • Head IA : establish risk based plans, decide on work priorities, is consistent with org’s objectives.
    • Review IA plan annually
    • Head I.A submit plans to senior mgmt & BOD for approval
    • No interference of senior mgmt in the work of I.A
    Risk management
    • I.A identify & evaluate significant risk exposure
    • I.A contribute to improvement of risk mgmt & ICS
    • Evaluate risk exposure relating to : governance , ops , information sys.
    • Effectiveness & efficiency of ops
    • Safeguard assets
    • Comply with law, regulations, contracts.
  • Performance standards for internal audit
    • I.A helps to maintain effective internal controls
    • Helps evaluate efficiency & effectiveness of controls
    • Promotes continuous improvement
    • I.A assess Corporate governance process
    • Makes recommendations where possible
    • Independence maintained if I.A can report breach of C.G without fear of dismissal or retaliation.
  • Performance standards for internal audit
    • Internal audit work
    • Independence achieved when I.A can show that normal stds of I.A work have been followed
    • No pressure to “ cut-corners” from mgmt because of low std work.
    • IA work will be to : identify, analyseevaluate , record sufficient evidence to achieve objectives of the engagement .
    • Info should be : reliable , relevant , useful wrt objectives of the engagement
    • Auditor conclusion – based on suitable analysis & evaluation
    • Evidence should be recorded.
  • Performance standards for internal audit
    I.A communicates results of engagement
    Communicates conclusions, findings , recommendations.
    Communicate to appropriate officials.
    Independence maintained where IA can communicate to audit committee or Risk committee
    Or to any person with enough power to act upon recommendations of Int audit report.
  • Audit committee- reporting to s/h
    Per combined code
    • BOD should maintain sound ICS- to safeguard s/h investment & assets
    • S/h are owners of the Co. They are entitled to know if ICS are sufficient to protect their Inv & help maximizing value.
    • Provide s/h with sufficient assurance – BOD conduct annual review of ICS & report to s/h about effectiveness of controls.
    • Review cover all material controls eg. Financial , operational , risk mgmt.
    • Review done in line with COSO elements of effective ICS
    • Annual report- inform members of the work of IA
    • There may be additional reporting under SOX
  • SOX reporting on ICS- s404
    • Mgmt must report on ICS
    Audit committee
  • Audit committee
    Audit work:
  • Audit committee
    Consist of NED’s – at least 3
    At least one NED should have recent financial expertise
  • Audit committee
    Oversight, assessment, review of other functions / systems in the company.
    Board delegates work to audit comm to meet objectives pertaining to ICS
    Review ICS, oversee work of IA, monitor integrity of FS , review work of external audit
    Role of audit comm was considered in combined code & SOX and Kings report contain similar recommendations.
  • Audit committee
    Factors affecting role of audit comm
    Effectiveness of audit comm depends on how it is constituted and the power vested in that committee.
    • BOD decide how much power to grant audit comm
    • Audit comm should have min 3 annual meetings to coincide with external audit assignment.
    • Audit comm should meet once a yr with only internal & external audit – without mgmt. so that the auditors can voice out concern.
    • Chairman of audit comm can informally meet mgmt to get more indepth info about important matters.
    • Disagreement between audit comm members will be referred to main BOD for resolution
    • Audit comm reviews annually its TOR & effectiveness & recommend changes to the BOD
    • To be effective , the audit comm should be kept informed regularly by senior mgmt.
  • Audit comm & compliance
    Primary responsibility under SOX
    Check compliance with external reporting regulations
    Review significant financial reporting issues & judgments in connection with preparation of F/S.
    Audit comm can also drill for more info
    Ensure that FS received from mgmt & auditors are acceptable
    i.e adequate acc policies used, reasonable estimates & judgements, enquire methods used to account for significant / unusual txns , ensure clarity & completeness of FS disclosures.
    Listens to auditors views on matters above. If not satisfied then the audit comm will inform the BOD.
    Audit comm- review financial related info included in the FS & corporate govstmts , relative to audit & risk mgmt.
  • Audit committee & internal control
    Audit committee role
    • Review financial control
    • Supervise major txn
    • Receive reports from internal & external auditors iro Control Mechanisms
    • Approve Audit report- Internal control stmt
    • Review Fraud Risk Mgmt – ensure awareness promoted & a proper reporting/ investigating mechanism exist. Receive reports on conclusions of tests of ctrls by I.A & Ext aud and consider their recommendations.
    • Review compliance- regulation, legislation, ethics)
    • Monitor adequacy of ICS – focus on ctrl environment , mgmt attitude, mgmt control.