Internal Audit as a decision making tool
Upcoming SlideShare
Loading in...5
×
 

Internal Audit as a decision making tool

on

  • 4,294 views

This presentation takes one through the basic mistakes often made while performing the internal audit function and calls for introspection of the internal audit function on a timely basis. It also ...

This presentation takes one through the basic mistakes often made while performing the internal audit function and calls for introspection of the internal audit function on a timely basis. It also defines the manner in which an internal audit function is to be approached.

Statistics

Views

Total Views
4,294
Views on SlideShare
2,659
Embed Views
1,635

Actions

Likes
0
Downloads
121
Comments
0

5 Embeds 1,635

http://sandesh.ca 674
http://www.sandesh.ca 402
http://casandesh.in 295
http://www.casandesh.in 213
http://www.linkedin.com 51

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Internal Audit as a decision making tool Internal Audit as a decision making tool Presentation Transcript

  • not My topic today - Internal Audit is a business decision making tool.     Trust None Gujarat     CA Sandesh Mundra
  • Statutory Warning
      • All the characters in this audit presentation are fictional. If they in any way relate to your professional lives, its only a matter of coincidence, and the presenter shall be in no way liable for any of his acts / verbal utterances during this brief presentation.
    CA Sandesh Mundra
  • To elaborate – Lets read a story….
      • M/s ABC is a growing concern in the construction sector which has very weak internal control systems at present, and so a need is felt for an external agency for better controls.
    CA Sandesh Mundra
      • A firm M/s CA is appointed as internal auditor after a lot of deliberations and negotiations.
      • Idiot
    CA Sandesh Mundra
      • Management is not in a position to give a proper scope for audit and ask CA to frame its scope on its own.
      • CA starts the review of the existing scenarios by visiting the construction sites of the entity.
      • In its audit plan it lays down various audit procedures so as to cover all the aspects.
    CA Sandesh Mundra
      • It ensures that the company staff is also verbally communicated about the audit procedures, since the audit procedures are not documented properly, they are not shared in black and white.
      • It deploys 3-4 articled assitants for carrying out the audits with immense focus on transactional audit
    CA Sandesh Mundra
    • Verbal Communication Problems in an organisation
    • Telephone Call :-
    • From: Managing Director To: General managers
    • Tomorrow morning there will be a total eclipse of the sun at nine o’clock. This is something which we cannot see everyday. So let all employees line up outside, in their best clothes to watch it. To mark the occasion of this rare occurrence, I will personally explain the phenomenon to them. If it is raining we will not be able to see it very well and in that case the employees should assemble in the canteen.  
    • From: General managers To: Industry Managers By order of the Managing Director, we shall follow the disappearance of the sun in our best clothes, in the canteen at nine o’ clock tomorrow morning. The Managing Director will tell us whether it is going to rain. This is something which we cannot see happen everyday. From: Industry Managers To: Location heads
    • If it is raining in the canteen tomorrow morning, which is something that we cannot see happen everyday, the Managing director in his best clothes, will disappear at nine o’ clock. From: Location heads To: Marketing Executives Tomorrow morning at nine o’ clock, the Managing Director will disappear without his clothes. It’s a pity that we can’t see this happen everyday?
    CA Sandesh Mundra
    • The CA then commences the audit and finds a lot of audit errors in all aspects be it accounts, stores management, HR, vehicle and admin controls. For e.g. It find various instances where:- a. Purchase orders are not available for materials purchased directly at the site b. No workorders are prepared for the sub-contractors c. Stores issues the materials without receiving proper indent from the site d. Payment vouchers do not carry the authorised signatory approvals e. Lack of controls over fuel consumption at the site
    CA Sandesh Mundra
      • Prepares a very big and exhaustive report (to the immense satisfaction of CA) and submits to the management and related staff by email.
    CA Sandesh Mundra
      • He keeps doing the same thing for the next one year, and finds that the management response to the queries is very poor and starts loosing interest in audit but pursues the audit due to monetary reasons. – Level of Perfection
    •  
      • Most of the reporting to the 
    •      client are prepared by the 
    •      transactional audit staff and 
    •      follow up for compliance is 
    •      regularly done with the 
    •      ground level 
    •      staff in the organisation.
    CA Sandesh Mundra
      • Management brings in Mr Z, a very senior professional with huge exp in the construction sector. Mr Z also brings in several new jobs at far off locations where he knows the local conditions - jee well.
      • CA is asked to frame the Role and Responsibility & Remuneration structure on paper for Mr Z.
      • Mr Z brings in several organisational changes, gets some staff from his old organisation and is found to be very co-operative to the internal auditors and seems to be well on the way to take organisation to the next level.
      • Mr Z also brings in various process changes based on his past experience. CA is very impressed with him.
    CA Sandesh Mundra
  • With some bad jobs in the pocket the cash flows start getting adversely affected. To make matters worse, huge investments are being made in Equipment purchase to cut down the rental cost. Because of poor accounting systems the organisation is not able to maintain the project wise accounting and hence the losses are not traced to any particular project. CA Sandesh Mundra
    • Two years go by and the management starts feeling the need to cut down overheads b’coz of business losses. 
    • In the very same year, Mr Z who manages the biggest construction Site - "X" is found to have carried out a fraud to the tune of Rs. 50 Lacs. This is discovered by the promoter after he left the organisation
    CA Sandesh Mundra
      • Meeting is called and Immediate question to auditor is "Was he able to detect any major problem at Site X". Auditor asks mgmt to read the report already submitted remains speechless after that.
        • Figuring out what went wrong in the audit procedures! – Non shrink
    CA Sandesh Mundra
      • He goes back and checks his internal audit report submitted for Site - "X" and finds out that their report contains a lot of documentation related issues for this business.
      • Upon reviewing the complete report he makes various observations
        • Most of the overtime payments carry only the signature of Mr Z.
        • For Purchases from two local parties no qty check is carried by stores.
        • Lot of delay observed in preparation of sub-contractor billing.
        • Site shows a lot of sales bills which have not been accepted by the client
      • He is astonished to see the nature of lapses and concludes that there could have been a fraud.
    CA Sandesh Mundra
  • He presents the same report again to the management in a summarised format, to give a feeling that there was no lapse in audit procedures adopted for Site - "X".   Also points out the failure on the part of the management in taking the previous audit report in a casual manner. - Interpretation CA Sandesh Mundra
      • After few months, the management in a bid to cut down the overheads, significantly reduces the fees and scope of internal auditor.
    CA Sandesh Mundra
  • Auditor is very unhappy! CA Sandesh Mundra
  • How does the Auditor feel?
      • Management should have given time to review the internal audit reports on regular basis.
      • Top Management being non-financial 
    •      guys, were never interested in following 
    •      the company policies themselves, 
    •      setting a very bad example for others.
      • Management should give a regular 
    •      feedback, if they wish to customize 
    •      the format of internal audit 
    •      report according to their needs.
    CA Sandesh Mundra
      • Management rarely called upon the internal auditors to discuss the internal audit reports on a periodic basis.
      • Management needs to be more clear in giving the scope of work for internal audit.
      • It is a pure failure on management compliance aspect and that the auditor has been unnecessarily made the scape goat.
    How does the Auditor feel? (cont……) CA Sandesh Mundra
      • Lets now look what the other side feels ?
        • If there is someone from the management side, do you have any points for the stand of fees reduction?
    CA Sandesh Mundra
    • MANAGEMENT's VIEW :-
      • When CA was appointed, the scope of work he had set, should not have been to carry out pure internal audit but to build stronger systems within the organization. Management is already aware of the various problems in the business.
      • Ensuring that the audit recommendations are implemented should also be in auditor’s scope.
    CA Sandesh Mundra
  • MANAGEMENT's VIEW (cont….) :-
      • Instead of always pointing out the documentation related issues, the auditor should have been the first to point out some possible wrong doing at Site - "X".
      • Adopting a passive mode of emails to communicate the reports was not appropriate for this kind of organisation, as all employees were not equipped to handle the emails.
      • The focus should have been more on the quality, rather than quantity in terms of reporting.
      • Post-Mortem Approach does not quite fit the requirements.
    CA Sandesh Mundra
      • At this stage are we all left pondering about the value that we are adding to the client
      • Are we approached by the client when any major business decisions are to be taken?
        • If No, then its very serious, as Internal Audit is considered as the “Nose” of the organisation
    CA Sandesh Mundra
  •   Thief and Police There are three categories in which we can divide the police :- a. Those who are not able to catch the thief b. Those who catch the thief after he has stolen something c. Those who catch when the idea of theft originates in the thief's mind CA Sandesh Mundra
  • “ When business fails, accountants perform” CA Sandesh Mundra
  • So we see after this GAP analysis that there are lot of lessons to be drawn from this story
      • Business Model of the client has to be absolutely clear to the auditor, if he wants to add some value to the client through his reports.
        • Org Hierarchy
        • Performance factors
        • Relevance of Documentation
        • Possibility of Cost overruns
        • Study of Cultures across the organisation
    CA Sandesh Mundra
      • Auditor should have a good foresight and should be able to present the actual scenario in a very crisp and clear fashion.
        • Report the present in summarised format
        • Predicting what can go wrong looking to present conditions
        • Understand the management’s language
        • Power to stop payments (This gives some feeling of power to the auditor). Audit is lot more meaningful if its part of the process rather than a standalone activity.
    Lessons (cont…..) CA Sandesh Mundra
  • CA Sandesh Mundra
      • Whatever may be client's opinion about the scope, the auditor needs to take a stand on the basis of his own understanding.
        • Focus may be more on implementation of internal controls rather than documentation for a given client depending on actual situation.
        • In the initial years, the role is more like management.
        • Importance of audit points to be explained till the last mile.
        • Ego creates a lot of practical issues
    Lessons (cont…..) CA Sandesh Mundra
  • Lessons (cont…..)
      • Communication Strategy should also change depending on the nature of client.
        • Flow from the top
        • Medium may be different at different levels within the same organisation
        • Delegation of responsibility within the organisation
        • Follow up (Immense amount of Patience)
    •  
    •  
    • “ God, give me patience…....
    • and make it quick! "
    CA Sandesh Mundra
  • Telecom Call Centre CA Sandesh Mundra
      • Voice level Modulation is of some importance in front of the management.
      • The auditor should also have the guts to say to the management, that because of management approach, he is not able to add any value to the organisation and he may better be disengaged from the assignment, to showcase the seriousness on his part.
        • Do you think its practicable?
        • Consciousness about reporting compliance.
    Lessons (cont…..) CA Sandesh Mundra
  • Think long Term
    • Baba Ramdev Model
    CA Sandesh Mundra
  • The Audit Process Model CA Sandesh Mundra
  • Audit Interaction with Auditee CA Sandesh Mundra
      • After this brief story lets focus on the other side of the topic
      • - Zia
    CA Sandesh Mundra
      • Internal Audit as a Business Decision Making Tool
        • Continuing the very same example ahead, lets see some of the areas where management was found to be weak in decision making and how CA could have played his part.
    CA Sandesh Mundra
  • Domain of Decision Making Strategic Planning Operations CA Sandesh Mundra
  • Vision and Mission
      •   Understanding the Promoter’s thought process about the organisation’s future
      • Whether the overall controls within the organisation are in sync with the vision statement
      • Whether the employee mindset is in sync
      • Uniformity of systems across the organisation
      • Parliament - Planning
    CA Sandesh Mundra
  • Organisational Hierarchy
      • Management is struck up in various areas:-
        • Bifurcation of the organisation into various departments
        • Deciding the designation and authority level posts in various deparments
        • Role, Responsibility and Authority Structure for all the posts
        • Built in mechanism to get the best out of the team
      • For e.g. At the construction site, the accountants at the site are not very clear whom do they have to report to.
    •  
      • Senior Joinee
    CA Sandesh Mundra
  • Corporate Governance
    • From Audit Perspective we divide all activities of
    • the organisation into :-
    •     a. Compliance - Identify Gaps
    •     b. Process Orientation - Adherence to processes
      • Transperancy
      • Legal Framework
    CA Sandesh Mundra
  • CA Sandesh Mundra
  • Enterprise Risk Management Two most important ways that internal auditing provides value to the organization are in providing objective assurance  - that the major business risks are being managed appropriately and  - providing assurance that the risk management and internal control framework is operating effectively. CA Sandesh Mundra
    • Role auditors can play in risk management domain:-
    • Core Internal Audit Roles with regard to ERM:-
      • Giving assurance on risk management process.
      • Giving assurance that the risks are correctly evaluated.
      • Evaluating risk management process
    •  
    • Legitimate internal audit roles with safeguards:-
      • Facilitating identification and evaluation of risks
      • Coaching management in responding to risks
      • Co-ordinating ERM activities
      • Consolidated reporting on risks
      • Maintaining and developing the ERM framework
      • Championing establishment of ERM
      • Developing RM Strategy for board approval
    •  
    • Roles the internal auditor should not take:-
      • Setting the risk appetite
      • Imposing the risk management process
      • Management assurance on risks
      • Taking decisions on risk response
      • Implementing risk response on management’s behalf
      • Accountability of risk management
      • Evaluating the reporting of key risks
      • Reviewing the management of key risks
    CA Sandesh Mundra
  • CA Sandesh Mundra
  • Is risk management really new?
    • Yes and no
    • Understanding risks is not new at all - most of us have an inherent understanding of risk ; e.g. health and safety risk assessments are well established; audit and others use it
    • However, risk management in a corporate governance sense is new. It promotes ownership of the RM process at a high level
  • Value of Risk-Based Audit Planning
    • Yields disciplined analytical approach to evaluating the audit universe
    • Highlights potential risks in organization that might otherwise be unknown
    • Fosters dedicated audit coverage to high-risk areas
    • Allocates resources where pay-back is greatest
    • Provides a tool for management to gauge or assess enterprise risk
  • Key Definitions
    • Risk: The uncertainty of an event occurring that could have an impact on the achievement of objectives.
    • Risk assessment: A systemic process for assessing and integrating professional judgments about probable adverse conditions and/or events.
    • Risk management: The culture, processes and structures that are directed towards the effective management of potential opportunities and adverse effects.
  • The Objective of Risk-Based Planning: Target audit resources where risk is greatest! Source: A Guide to the Use of Risk Management Within the Internal Audit Process © 2002 – The IIA – Australia Probability Impact H L H
  • A Risk Assessment Process for Annual Audit Planning
    • Define the audit universe
    • Identify and weight risk factors
    • Establish a mechanism and score risk factors for auditable units
    • Sort the auditable units by total risk score
    • Develop the annual audit plan based on the ranked audit universe
  • Risk Planning Model PROBABILITY PROBABILITY Risk Assessment in Annual Planning: MATERIALITY Visibility and Sensitivity Impact on Enterprise Operations
  • Risk Factors
    • Materiality Points
    • Audit Area over Rs. 100 Lacs 8-10
    • Audit Area Rs. 25 Las to Rs. 100 Lacs 4-7
    • Audit Area less than Rs. 25 Lacs 1-3
    Risk Assessment in Annual Planning:
  • Risk Factors Risk Assessment in Annual Planning:
    • Impact on Operations Points
    • Significant impact on core business 8-10
    • Significant impact on specific program moderate impact on core business 4-7
    • Negligible impact on specific program or core business 1-3
  • Risk Factors Risk Assessment in Annual Planning:
    • Public Sensitivity Points
    • Likely to result in public or congressional interest 8-10
    • May result in public or congressional interest 4-7
    • Unlikely to result in public or congressional interest 1-3
  • Probability Factors Risk Assessment in Annual Planning:
    • Probability of Risk Points
    • High probability of significant issues 0.8-1.0
    • Moderate probability of significant issues and high probability of improvement needed 0.4-0.7
    • Low probability of significant issues and moderate to low probability of improvement needed 0.1-0.3
  • CA Sandesh Mundra
  • Example of Risk Assessment Risk Assessment in Annual Planning: Security of Office Equipment Environmental Compliance Executive Compensation Materiality Impact Visibility Subtotal Probability Risk Score
    • 7 5 16 0.5 8.0
    • 7 8 22 0.6 13.2
    • 3 5 9 17 0.3 5.1
    Potential Audit Subject
    • The basic process steps are:
    Next Establish the context Identify the risks Analyse the risks Evaluate the risks Treat the risks
    • Some of the risks pertaining to the construction site are :-
    CA Sandesh Mundra
  • S.No. Particulars 1 Delay in possession of site 2 Productivity of equipment 3 Unavailability of equipment, spares, fuel 4 Inappropriate equipment 5 Weather Poor quality, productivity and unavailability of labour 6 Capability of professional staff – Incompetence, unreasonableness 7 Poor industrial relations with Suppliers 8 Labour – sickness, absenteeism 9 Poor supply, suitability and unavailability of materials 10 Poor quality, productivity and unavailability of subcontractors 11 Safety – accidents 12 Failure to construct to programme & specification 13 Poor workmanship 14 Ground conditions – inadequate site investigation, inadequate information in documents, unforeseen problems 15 Mistakes while performing work Poor relationship of professional staff to each other – consultants, architects, subcontractors, etc. 16 Coordination failure of construction Workers 17 Liaison with public services 18 Irregularity of work load 19 Theft 20 Errors or omissions and additions in bills of quantities 21 Insufficient time to prepare bid tenders 22 Accessibility to the site 23 Damage during transportation or storage 24 Damage during construction due to negligence of any party, vandalism, accident 25 Errors or omissions and additions in bills of quantities
  • Major Control Points
      • Out of all areas
        • Identify 4-5 major areas after proper study of the business model,
        • lay down the existing process flow for these areas,
        • suggest improvements and press hard for necessary changes taking the management in confidence. For e.g. For a civil contracting company some of major focus areas are:-
          • Supply Labour and Overtime controls
          • Equipment Related Controls - Own vs Hire
          • Client vs Sub-Contractor Qty comparison and timely billing at both ends
          • Free Issue Material Reconciliation
          • and Timely Project Completion.
    CA Sandesh Mundra
  • New Developments – Dynamic Business
      • Risk matrix should be prepared for any new venture / expansion to new locations.
          • Border Compliances for Material Transfer
          • Local civil Issues
          • Level of Security at Client's premises
          • Availability of staff locally
          • Distance between staff quarters and construction site, also between the labour colony and the construction site.
          • Level of implementation of Safety and Quality Measures at Client Premises.
          • Availability of drawings at the start of the work.
    CA Sandesh Mundra
  • Capital Expenditure
      • Expenditure on Immovables
      • Watch is even required on the personal capital expenditures by the promoters
      • Investment in Equipments – Most crucial decision
        • For e.g. in Construction the dynamics are most crucial as one is not aware of capacity constraints
        • Equipment Questionnaire for different equipments
        • Control Chart for deciding the rental terms
        • Monitoring the Equipment Usage
    CA Sandesh Mundra
  • Financial Decision Making
    • 1. MIS - Management Information System - 
    •     a) Checking the correctness as MIS is the basis for decision making.
    •      b) Continuous improvisation of MIS.
    •     
    • 2. Cash Flow Review - Alarm Bells
    •     a) Proper inputs to the promoters regarding short term and long term mismatch in cash flows. Solutions in case of big gaps in cash flow.
    • 3. Overhead Analysis
    •     a) Should be prepared in such a manner that cost cutting becomes easy at any point in time.
    CA Sandesh Mundra
  • Rules of Politics
    • Think
    • Speak
    • Write
    • Sign
    • Follow
    CA Sandesh Mundra
  • Lets take a break …… Independence of Internal Auditor
      • Thus if as a professional we can do all this we can achieve the needs of the client. And last and most important requirement is to ensure that we follow the same principles which we advocate.
      • Some examples
      • Out of Pocket Expenses purely as per company policies.
      • Not using any facilities of the company for one's own personal purposes.
      • Maintaining distance with the clients on a personal level.
      • If the fees is less, pls professional put across your viewpoint in front of the client.
      •  
      • These policies might affect you in short term, but would help you achieve the long term goal.
    CA Sandesh Mundra
  • Hierarchy within the audit organisation
      • Tier 1 - Transactional Audit
      • Tier 2 - Systems Audit
      • Tier 3 – Management Audit
      • Documented roles and responsibility structure of the audit team is the need of the hour
    CA Sandesh Mundra
    • Transaction audit - Can be pre, concurrent or post - Necessary evil - Help discipline in the organization - Systems cannot totally replace this
    • Systems audit - Backbone to the process/operations - Vital for efficiency & control - Necessary for survival
    CA Sandesh Mundra
    • Management audit - Judgmental - Hence controversial
    • Requires - In-depth knowledge - Technical capabilities - Credibility
    • Difficult to identify the areas for application
    CA Sandesh Mundra
  • Auditor’s Motto – We’re Here to Help!
    • Identify Risks
    • Find Better Ways and Best Practices
    • Partner to Find Solutions
    • Prevent Problems
    • - CA’s are smart
    CA Sandesh Mundra
    • Thanks for a patient hearing…..
    CA Sandesh Mundra