A PROJECT ON
HOW INTERNAL AUDIT CAN CONTROL COST
IN THE SUBJECT
ADVANCED COST ACCOUNTNG
NAME: SOUMEET D. SARKAR
ROLL NO.: 041
M.Com. Part – I in Advance Accountancy
UNDER THE GUIDANCE OF
PROF. KEDAR BHIDE
UNIVERSITY OF MUMBAI FOR
MASTER OF COMMERCE PROGRAMME (SEMESTER - I)
NARSEE MONJEE COLLEGE OF COMMERCE &ECONOMICS
VILE PARLE (W), MUMBAI – 400056.
This is to certify that the undersigned have assessed and evaluated the project
on “HOW INTERNAL AUDIT CAN CONTROL COST” submitted by
student of M.Com. – Part - I (Semester – I) for the academic year 2013-14. This
project is original to the best of our knowledge and has been accepted for
Name & Signature of Internal Examiner
Name & Signature of External Examiner
Shri. Sunil B. Mantri
DECLARATION BY THE STUDENT
I, student of M.Com. (Part – I) Roll No.:041 hereby declare that the project
titled “HOW INTERNAL AUDIT CAN CONTROL COST” for the
Semester- I of the academic year 2013-14, is based on actual work carried
out by me under the guidance and supervision of PROF. KEDAR BHIDE . I
further state that this work is original and not submitted anywhere else for
(SOUMEET D. SARKAR)
Name & Signature of Student
It is indeed a great pleasure and proud privilege to present this project
I thank my project guide and M-COM co-ordinator of SVKM’S NARSEE
MONJEE COLLEGE OF COMMERCE AND ECONOMICS, VILE PARLE
(WEST). Their co-operation and guidance have helped me to complete this
I would sincerely like to thank the principal of our college Shri.Sunil
B.Mantri for his support and guidance.
I would also like to thank the college library and its staff for patiently
listening and guiding me and finally. I would like to thank my family and
friends who supported me in this project.
CHAPTER I – INTRODUCTION
Meaning & Definition
History of Internal Audit
CHAPTER II – INTERNAL AUDIT and COST CONTROL
Mission of Internal Audit
Purpose of Internal Audit
Objective of Internal Audit
Principles of Internal Audit
Areas of Operation
Essentials of Internal Audit
Roles of Internal Audit
Standards related to Internal Audit
Methods of Cost Control
CHAPTER V – CONCLUSIONS & SUGGESTIONS
INTRODUCTION:The general definition of an audit is an evaluation of a person, organization, system,
process, enterprise, project or product. The term most commonly refers to audits in
accounting, internal auditing and government auditing, but similar concepts also exist in
project management, quality management, water management and energy conservation.
Auditing is defined as a systematic and independent examination of data, statements,
records, operations and performances (financial or otherwise) of an enterprise for a stated
purpose. In any auditing the auditor perceives and recognizes the propositions before him
for examination, collects evidence, evaluates the same and on this basis formulates his
judgment which is communicated through his audit report. The types of audit are:1. EXTERNAL AUDIT:- independent of the organisation.
2. INTERNAL AUDIT:- an organization auditing its own systems, a self-assessment.
Here, we will study about internal audit and how it helps to control cost.
is an independent, objective assurance and consulting activity
designed to add value and improve an organization's operations. It helps an organization
accomplish its objectives by bringing a systematic, disciplined approach to evaluate and
improve the effectiveness of risk management, control, and governance processes. Internal
audit is a catalyst for improving an organization's governance, risk management and
management controls by providing insight and recommendations based on analyses and
assessments of data
processes. With commitment
accountability, internal audit provides value to governing bodies and senior management
as an objective source of independent advice. Professionals called internal auditors are
employed by organizations to perform the internal auditing activity.
The scope of internal audit within an organization is broad and may involve topics such
as an organization's governance, risk management and management controls over:efficiency/effectiveness of operations (including safeguarding of assets), the reliability of
financial and management reporting and compliance with laws and regulations. Internal
audit may also involve conducting proactive fraud audits to identify potentially fraudulent
acts; participating in fraud investigations under the direction of fraud investigation
breakdowns and establish financial loss. Internal audit is an audit conducted by an
internal auditor appointed by the management of the enterprises with a view to
highlighting the weak areas of the organizations. It includes examination and evaluation
of various organizational activities and to produce the helping hand to the management
complete their responsibilities efficiently and effectively. The institute of internal auditor
has defined internal auditing as follows: “ Internal auditing is the independent appraisal
activity within an organization for the review of the accounting, financial and other
operation as a basis for protective and constructive service to the management. It is a
type of control, which functions by measuring and evaluating the effectiveness of other
types of control. It deals primarily with accounting and financial matters but it may also
properly deal with matters of an operating nature.” The internal auditor audits the
accounts and other relevant records daily, regularly or on periodical basis to accomplish
the following requirements:1. Internal audit may be conducted to ascertain whether all rules,
policies, procedures and principles have been followed by the company or not.
2. To check whether the existing internal control system is adequate and effective
and according to the size of the organization.
3. To ensure that all the assets of organization are properly safeguarded, if not, he
reports the management about the drawback with suggestions.
4. To highlight the weak areas of the organization and give suggestion to strengthen
5. To check whether working of the organization is smooth, effective, efficient and
HISTORY OF INTERNAL AUDIT:The Internal Auditing profession evolved steadily with the progress of management
science after World War II. It is conceptually similar in many ways to financial auditing
by public accounting firms, quality assurance and banking compliance activities. While
some of the audit technique underlying internal auditing is derived from management
consulting and public accounting professions, the theory of internal auditing was
conceived primarily by Lawrence Sawyer (1911-2002), often referred to as "the father of
modern internal auditing"; and the current philosophy, theory and practice of modern
internal auditing as defined by the International Professional Practices Framework (IPPF)
of the Institute of Internal Auditors owes much to Sawyer's vision.
With the implementation in the United States of the Sarbanes-Oxley Act of 2002, the
profession's exposure and value was enhanced, as many internal auditors possessed the
skills required to help companies meet the requirements of the law. However, the focus
by internal audit departments of publicly traded companies on SOX related financial
policy and procedures derailed progress made by the profession in the late 20th century
toward Larry Sawyer's vision for internal audit. Beginning in about 2010, the IIA once
again began advocating for the broader role internal auditing should play in the corporate
arena, in keeping with the IPPF's philosophy.
MISSION OF INTERNAL AUDIT:The internal audit supports effective and efficient discharging of the guiding and
monitoring duties of the organization’s management by producing assurance services for
its internal customers relating to governance, control and risk management processes. The
internal audit brings added value and promotes achievement of the set goals by giving
improvement recommendations, producing objective and independent information and by
training supervisors and employees in understanding and application of monitoring
processes and self-assessment of business and other activities within the organization. The
internal audit sets its own objectives and performs its duties so that the values of the
organization are included in them and that these values also guide the work of the
auditors. The internal auditors function as partners of the other organizational parts and
work as experts in different teams (especially development teams) if they do not
endanger their independence.
PURPOSE OF INTERNAL AUDIT:The internal audit is one of the management’s control tools who through its operations
assist the entire organization by examining and evaluating the adequacy and efficiency of
internal control, risk management, quality of operations and governance processes. The
internal audit furnishes the organization with analyses, appraisals, recommendations,
counsel and information. The purpose is to ascertain that the internal control system, by
taking into account also the information produced by the external auditors, functions so
that the management can be reasonably sure that the set objectives and goals will be
achieved, the operations are effective, reporting is reliable and safeguarding of assets and
compliance with the laws and regulations is done.
OBJECTIVES OF INTERNAL AUDIT:1. To determine the reliability and integrity of information; (i.e. evaluating the
internal control systems and the integrity of financial and operating information
produced by those systems).
2. To determine whether compliance exists with policies, procedures, laws and
3. To establish that there is a proper authority for every acquisition, retirement and
disposal of assets.
4. To confirm that liabilities have been incurred only for legitimate activities of the
5. To appraise the economy and efficiency of resource utilization (i.e. physical,
monetary and most importantly staff).
6. To review operations or programs for consistency with established management
goals and objectives.
7. To assist members of the organization in the effective and successful performance
recommendations and other pertinent information concerning the activities being
8. To analyze and improve the system of internal check, in particular to see that it
b) sound, and
9. To facilitate the prevention and detection of frauds.
10. To review the operation of the overall internal control system and to bring
material departures and non-compliances to the notice of the appropriate level of
management, to locate unnecessary and weak control system effective and
PRINCIPLES OF ESTABLISHING INTERNAL AUDIT:The basic principles of establishing internal audit in a business concern are:1. Independence:- The internal audit department should have an independent
status in the organization. The internal auditor must have sufficiently high
status in the organization. He may be required to report directly to the board
2. Objectives:- The objectives of the internal audit function should be made very
clear and unambiguous. The objective should be properly communicated so
that internal audit is not viewed as “ over the shoulder check” by other
3. Clarity In Scope:- The scope of internal audit department must be specified
in a comprehensive manner. The department must at all times, have authority
to investigate from the financial angle, every phase of organizational activity
under any circumstance.
4. Definition Of Duties:- The
internal audit department’s duty is to review
operations as part of the internal control system. It should not be involved in
performance of executive actions.
5. Internal Audit Department:- The size and qualification of staff of the internal
audit department should be commensurate with the size of the business. The
cost of internal audit department should not exceed the benefits expected to be
derived from it.
6. Reporting:- The programme of internal audit should be time-bound. There
should be provisions for periodic reporting on various operational and other
7. Follow-up and review:- There should be sufficient scope for the follow-up
action on the various points raised in internal audit report. Top management
should take active part in ensuring compliance with action points raised in the
8. Relationship with Statutory Auditor:- The copy of the internal audit report
should be made available to the statutory auditor, who can deal with the same
in the manner as he deems fit.
AREAS in which INTERNAL AUDIT OPERATES:Internal audit covers the following areas1) Review
establishment of an adequate accounting system and related controls is the
responsibility of management which demands proper attention on a continuous
basis. The internal audit function is often assigned specific responsibility by
management for reviewing the accounting system and related internal controls,
monitoring their operation and recommending improvements thereto.
2) Examination for Management of Financial and Operating Information:- This
may include review of the means used to identify, measure, classify and report
such information and specific inquiry into individual items including detailed
testing of transactions, balances and procedures.
3) Examination of the Economy, Efficiency and Effectiveness of Operations
including Non-Financial Controls of an Organization:- Generally, the external
auditor is interested in the results of such audit work only when it has important
bearing on the reliability of the financial records.
4) Physical Examination and Verification of Tangible Assets
ESSENTIALS OF INTERNAL AUDITING:The essentials for effective internal auditing are:-
Independence:- The internal auditor should have the independence in terms of
organizational status and personal objectivity which permits the proper performance
of his duties.
Staffing and Training:- The internal audit unit should be appropriately staffed in
terms of numbers, grades, qualifications and experience, having regard to its
responsibilities and objectives. The internal auditor should be properly trained to
substantially on the quality, training and experience of its staff. The aim should be
to appoint staff with the appropriate background, personal qualities and potential.
Thereafter, steps should be taken to provide the necessary experience, training and
continuing professional education.
The internal audit unit should be managed by a head of internal audit who should
be suitably qualified and should possess wide experience in internal audit and its
management. He should plan, direct, control and motivate the resources available
to ensure that the responsibilities of the internal audit unit are met. The full range
of duties may require internal audit staff to be drawn from a variety of
disciplines. The effectiveness of internal audit may be enhanced by the use of
specialist staff, particularly in the internal audit of activities of a technical nature.
The internal audit unit should employ staff with varying types and levels of skills,
qualifications and experience in order to satisfy the requirements of each internal
The organization has a responsibility to ensure that the internal auditor receives
the training necessary for the performance of the full range of duties. Training
should be tailored to the needs of the individual. It should include both
theoretical knowledge and its practical application under the supervision of suitably
competent and experienced internal auditors. Account should be taken of:a) internal audit objectives and priorities;
b) the type of internal audit work;
c) previous training, experience and qualifications; and
d) personal development in the light of the needs of the organization and the
internal audit unit.
The internal auditor should keep abreast of current developments, improvements,
new techniques and practices in auditing. The head of internal audit should coordinate, and keep under review, the training requirements of internal auditors. He
should be responsible for preparing training profiles which identify the training
requirement for different grades of internal auditors, and should maintain personal
training records for each individual. In large organizations this may be performed
by a designated training officer.
Relationships:- The internal auditor should seek to foster constructive working
relationship and mutual understanding with management, with external auditors,
with any other review agencies and, where one exist, the audit committee. In order
that the internal auditor may properly perform all his tasks, it is necessary for all
those with whom he has contact to have confidence in him. Constructive working
relationships make it more likely that internal audit work will be accepted and
acted upon, but the internal auditor should not allow his objectivity to be
The head of internal audit should prepare the internal audit plan in consultation
with senior management. The internal auditor should arrange the timing of internal
audit assignments in consultation with the management concerned, except on those
rare occasions where an unannounced visit is a necessary part of the audit
approach. Consultation can lead to the identification of areas of concern or of
other interest to management. Matters which arise in the course of the audit are
confidential and discussion should be restricted to management directly responsible
for the area being audited unless they have given express agreement to broaden
the discussion. Discussions with management are necessary when preparing the
audit report. This is an essential feature of the good relationship between the
auditor and the management.
Relationship with External Audit
The relationship between internal and external audit needs to take account of their
differing roles and responsibilities. Internal audit is an independent appraisal
function within the organization and internal auditors are direct employees. The
external auditor usually has a statutory responsibility to express an independent
opinion on the financial statements and stewardship of the organization. The aim
should be to achieve mutual recognition and respect, leading to a joint
improvement in performance and the avoidance of unnecessary over-lapping of
work. It should be possible for the external and internal auditors to rely on each
other's work, subject to limits determined by their different responsibilities,
respective strengths and special abilities. Consultations should be held and
consideration given to whether any work of either auditor is adequate for the
purpose of the other. The internal auditor does not automatically have a right of
access to the records of the external auditor. However, the relationship between
the internal and external auditor will usually be such that the external auditor will
be able to allow access to the necessary records. Since internal audit evaluates an
organization's internal control system the external auditor may need to be satisfied
that the internal audit function is being planned and performed effectively. This
review needs to be seen by both parties as a necessary part of the working
relationship (Institute's International Auditing Guideline No: 10 on "Using the work
of an Internal Auditor"). Regular meetings should be held between internal and
external auditors at which joint audit planning, priorities, scope and audit findings
are discussed and
programmes and joint audit work should also be considered.
Review Agencies and Specialists
Certain information obtained during an internal audit assignment may assist a
review agency, such as management services or consultants, which are seeking to
secure improvements in the organization's performance. Management's formal
approval should be obtained before releasing any audit report or other information
to the review agencies. The internal auditor should establish a regular dialogue
with review agencies and obtain their reports for information, review and
comment where proposals may affect internal control arrangements. Where it is
necessary for the internal auditor to have contact with other specialists the same
basic principles about information apply as in the case of review agencies.
Due Care:- The internal auditor should exercise due care in fulfilling his
responsibilities. The internal auditor cannot be expected to give total assurance that
control weaknesses or irregularities do not exist. In order to demonstrate that due
care has been exercised the internal auditor should be able to show that his work has
been performed in a way which is consistent with this guideline. The internal auditor should
possess a thorough knowledge of the aims of the organization and the internal
control system. He should also be aware of the relevant laws and the requirements
of relevant professional and regulatory bodies. The internal auditor must be
impartial in discharging all responsibilities; bias, prejudice or undue influence must
not be allowed to limit or over-ride objectivity. At all times, the integrity and
conduct of the internal auditor must be above reproach. He should not place
himself in a position where responsibilities and private interests conflict and any
personal interests should be declared. The internal auditor should not improperly
disclose any information obtained during the course of his work.
Planning, Controlling And Recording:- The internal auditor should adequately plan,
control and record his work. The main purposes of internal audit planning are:a) To determine priorities and to establish the most cost-effective means of
achieving audit objectives;
b) To assist in the direction and control of audit work;
c) To help ensure that attention is devoted to critical aspects of audit work;
d) To help ensure that work is completed in accordance with pre-determined
Control of the internal audit unit and of individual assignments is needed to
ensure that internal audit objectives are achieved and work is performed
effectively. The most important elements of control are the direction and
supervision of the internal audit staff and review of their work. This will be
assisted by an established audit approach and standard documentation. The degree
of control and supervision required depends on the complexity of assignments and
the experience and proficiency of the internal audit staff.
Internal audit work should be properly recorded because:a) The head of internal audit needs to be able to ensure that work delegated
to staff has been properly performed. He can generally do this only by
reference to detailed working papers prepared by the internal audit staff
who performed the work;
b) Working papers provide, for future reference, evidence of work performed,
details of problems encountered and conclusions drawn; and
c) The preparation of working papers encourages each internal auditor to
adopt a methodical approach to his work.
Evaluation of the Internal Control System:- The internal auditor should identify
and evaluate the organization's internal control system as a basis for reporting upon
its adequacy and effectiveness.
Evidence:- The internal auditor should obtain sufficient, relevant and reliable
evidence on which to base reasonable conclusions and recommendations. Internal
audit evidence is information obtained by an internal auditor which enables
conclusions to be formed on which recommendations can be based. The internal
auditor should determine what evidence will be necessary by exercising judgement
in the light of the objectives of the internal audit assignment. This judgement will
be influenced by the scope of the assignment, the significance of the matters under
review, the relevance and the reliability of available evidence and the cost and
time involved in obtaining it. The collection and assessment of internal audit
evidence should be recorded and reviewed to provide reasonable assurance that
conclusions are soundly based and internal audit objectives achieved.
Reporting and Follow-Up:- The internal auditor should ensure that findings,
conclusions and recommendations arising from each internal audit assignment are
communicated promptly to the appropriate level of management and he should
actively seek a response. He should ensure that arrangements are made to follow
up audit recommendations to monitor what action has been taken on them. Internal
audit reports provide a formal means of communicating to management the results
arising from audits undertaken. Such reports should include audit findings,
recommendations and conclusions relating to the adequacy of and compliance with
the system of internal control and the efficiency, effectiveness and economy of
operations in the area covered by the audit. From the point of view of
completeness, management response to the audit findings should preferably also be
included in the report. The aim of every internal audit report should be:a) To prompt management action to implement recommendations for change
leading to improvement in performance and control; and
b) To provide a formal record of points arising from the internal audit
assignment and, where appropriate, of agreements reached with management.
DIFFERENT ROLES of INTERNAL AUDIT:1. Role in Internal Control:- Internal auditing activity is primarily directed at
improving internal control. Internal control is broadly defined as a process,
effected by an entity's board of directors, management and other personnel,
designed to provide reasonable assurance regarding the achievement of objectives
in the following internal control categories:a) Effectiveness and efficiency of operations.
b) Reliability of financial reporting.
c) Compliance with laws and regulations.
Management is responsible for internal control. Managers establish policies and
processes to help the organization achieve specific objectives in each of these
categories. Internal auditors perform audits to evaluate whether the policies and
processes are designed and operating effectively and provide recommendations for
2. Role in Risk Management:- Internal auditing professional standards require the
function to monitor and evaluate the effectiveness of the organization's risk
management processes. Risk management relates to how an organization sets
and responds to those risks that could
potentially impact its ability to realize its objectives. Risks fall under strategic,
performs risk assessment activities as part of the ordinary course of business in
each of these categories. Examples include:- strategic planning, marketing planning,
capital planning, budgeting, hedging, incentive pay out structure, and credit/lending
practices. Internal auditors may evaluate each of these activities, or focus on the
processes used by management to report and monitor the risks identified. For
example, internal auditors can advise management regarding the reporting of
forward looking operating measures to the Board, to help identify emerging risks.
In larger organizations, major strategic initiatives are implemented to achieve
objectives and drive changes. As a member of senior management, the Chief
Audit Executive (CAE) may participate in status updates on these major
initiatives. This places the CAE in the position to report on many of the major
risks the organization faces to the Audit Committee, or ensure management's
reporting is effective for that purpose. Internal auditors may help companies
establish and maintain Enterprise Risk Management processes.
3. Role in Corporate Governance:- Internal auditing activity as it relates to
participation in meetings and discussions with members of the Board of Directors.
Corporate governance is a combination of processes and organizational structures
implemented by the Board of Directors to inform, direct, manage and monitor the
organization's resources, strategies and policies towards the achievement of the
organizations objectives. The internal auditor is often considered one of the "four
pillars" of corporate governance, the other pillars being the Board of Directors,
management, and the external auditor. A primary focus area of internal auditing
as it relates to corporate governance is helping the Audit Committee of the Board
of Directors (or equivalent) perform its responsibilities effectively. This may
include reporting critical internal control problems, informing the Committee
privately on the capabilities of key managers, suggesting questions or topics for
the Audit Committee's meeting agendas, and coordinating carefully with the
external auditor and management to ensure the Committee receives effective
CATEGORIES of INTERNAL AUDIT:1. System Based Audit:- It refers to an in-depth evaluation of the internal control
system with the objective to assess to extent to which the controls are functioning
effectively. It is designed to assess the accuracy and completeness of financial
statements, the legality and regularity of underlying transactions and the economy,
efficiency and effectiveness of operations. A systems based audit should be
followed-up through substantive testing of a number of transactions, account
balances, etc. to determine whether the financial statements of the auditee are
accurate and complete, the underlying transactions legal and regular and/or the
criteria for economy, efficiency and effectiveness have been achieved.
2. Performance Audit or Operational Audit:- It assesses whether the activity,
programme or body has been managed economically and/or efficiently and/or
effectively. A particular performance audit will not necessarily seek to reach
conclusions about all three aspects above:- it should be clear from the audit
objectives, which need to be examined. When carrying out audits of economy or
efficiency, however, the auditor does need to make a general consideration of the
effectiveness of the audited entity:- it may be better that the entity does the right
thing badly rather than doing the wrong thing well.
3. Financial or Accounting Audit:- It evaluates the accuracy of the accounting and
related procedures and practices. It assesses the accuracy and completeness of the
financial statements of the activity, programme or body being audited; and/or
evaluates whether the transactions underlying the financial statements are legal and
regular. However, according to the definition of internal auditing, internal auditors
are mainly evaluating the system of internal control. Therefore internal auditors
primary interest is not the accounting as such, but rather the controls which
ensures the quality of accounting information and financial reporting.
4. Compliance Audit:- It evaluates the how well the organization conforms and
policies, plans, procedures, laws, regulations, and
contracts. Usually all audits include the compliance element, because the auditor
uses the laws, policies and regulations as a yardstick to measure the performance
of the organization. Therefore these guidelines do not contain separate section for
compliance audit, but the aspect is included in all audit instructions later in these
STANDARDS RELATED to INTERNAL AUDIT:1. Standard on Internal Audit 1 - Planning an Internal Audit
a) Internal audit plan should cover areas such as obtaining knowledge of legal
and regulatory framework within which the entity operates, obtaining
knowledge of the entity’s accounting and internal control systems and
policies, determining the effectiveness of internal control procedures adopted
by the entity, determining the nature, timing and extent of procedures to be
materiality and criticality of such activities, and their overall effect on
operations of the entity, identifying and allocating staff to different
activities to be undertaken.
b) Planning process includes obtaining knowledge of business, establishing the
audit universe, establishing the objectives of engagement, establishing scope
of the engagement, deciding resource allocation, preparation of audit
c) Plan to be finalised in consultation with the appropriate authority before
commencement of the work.
2. Standard on Internal Audit 2 - Basic Principles Governing Internal Audit
a) Internal auditor should adhere to the basic principles governing an internal
b) These principles are integrity, objectivity and independence, confidentiality,
skills and competence, work performed by others, documentation, planning,
internal audit evidence, accounting system and internal control, and internal
audit conclusions and reporting.
3. Standard on Internal Audit 3 - Documentation
a) Internal audit documentation should be designed and properly organized to
meet the requirements and circumstances of each audit. To formulate
policies for standardization of internal audit documentation.
b) It should be sufficiently complete and detailed for an internal auditor to
obtain an overall understanding of the audit.
evaluation carried out, review of the findings, communication and reporting
and follow up.
4. Standard on Internal Audit 4 - Reporting
a) To review and assess the analysis drawn from internal audit evidence
obtained as the basis for his conclusion on the efficiency and effectiveness
of systems, processes and controls including items of financial statements.
recommendations based on the policies, processes, risks, controls and
transaction processing taken as a whole and managements responses.
c) Report includes basic elements such as title, addressee, report distribution
list, period of coverage of the report, opening or introductory paragraph,
objectives paragraph, scope paragraph (describing the nature of an internal
audit), executive summary (highlighting key material issues, observations,
recommendations made by the internal auditor, comments from the local
management, action taken report – action taken / not taken pursuant to the
observations made in the previous internal audit reports, date of the report,
place of signature and Internal auditor’s signature with membership number.
5. Standard on Internal Audit 5 - Sampling
a) Design and select an audit sample, perform audit procedures thereon, and
evaluate sample results so as to provide sufficient appropriate audit
evidence to meet the objectives of internal audit engagement unless
otherwise specified by the client.
b) When designing an audit sample, internal auditor should consider specific
audit objectives, the population from which internal auditor wishes to
sample, and the sample size.
the sample size,
sampling risk, tolerable error and the expected error.
6. Standard on Internal Audit 6 - Analytical Procedures
a) To apply analytical procedures as the risk assessment procedures at the
planning and overall review stages of internal audit.
b) Analytical procedures are analysis of significant ratios and trends including
resulting investigation of fluctuations and relationships that are inconsistent
with other relevant information or which deviate from predicted amounts.
c) Factors to be considered for analytical procedures are significance of the
availability and reliability of financial and non–financial information, the
precision with which results of analytical procedures can be predicted,
availability and comparability of information regarding the industry in
which the organization operates, the extent to which other auditing
aforementioned factors, internal auditor should consider and use additional
auditing procedures, as necessary, to achieve the audit objective.
7. Standard on Internal Audit 7 - Quality Assurance in Internal Audit
a) A system for assuring quality in internal audit should provide reasonable
assurance that the internal auditors comply with professional standards,
regulatory and legal requirements, so that the reports issued by them are
appropriate in the circumstance. In order to ensure compliance with the
professional standards, regulatory and legal requirements, and to achieve the
desired objective of internal audit, a person within the organization should
be entrusted with the responsibility for the quality in the internal audit,
whether done in–house or by an external agency.
b) In case of in–house internal audit or a firm carrying out internal audit, the
person entrusted with the responsibility for the quality in internal audit
should ensure that the system of quality assurance includes policies and
procedures addressing leadership responsibilities for quality in internal audit,
ethical requirements, acceptance and continuance of client relationship and
specific engagement, as may be applicable, human resources, engagement
performance, monitoring. The quality assurance framework should cover all
the elements of internal audit activity.
8. Standard on Internal Audit 8 - Terms of Internal Audit Engagement
a) Internal auditor and the auditee should agree on the terms of engagement
before commencement. Terms should be approved by the Board of
Directors or a relevant Committee thereof such as the Audit Committee or
such other person(s) as may be authorized by the Board in this regard.
b) It should contain a statement in respect of the scope of internal audit
c) It should clearly mention that internal auditor would not be involved in the
preparation of auditee’s financial statements. It should also be made clear
that the internal audit would not result in the expression of an opinion or
any other form of assurance on the auditee’s financial statements or any
d) The terms of engagement should clearly mention the responsibility of the
auditee vis-a-vis the internal auditor.
9. Standard on Internal Audit 9 - Communication with Management
a) Internal auditor while performing audit should communicate clearly the
responsibilities of internal auditor and an overview of the planned scope
and timing of audit with the management.
b) Communication regarding the planned scope and timing of internal audit
may assist the management to understand better the objectives of internal
auditor’s work, to discuss issues of risk and materiality with internal
auditor and to identify any areas in which they may request the internal
auditor to undertake additional procedures, assist the internal auditor to
understand the entity and its environment better.
c) Different stages of communication and discussion should be:- discussion of
draft; exit meeting; formal draft; and final report.
10. Standard on Internal Audit 10 - Internal Audit Evidence
a) To obtain sufficient appropriate evidence to enable him to draw reasonable
conclusions there from on which to base his opinion or findings.
b) Scope of an internal audit is much broader in comparison to that of
management function, would also be much wider. An internal audit
function normally is spread beyond checking of financial transactions and is
systems, risk management, propriety aspect of transactions.
c) To evaluate sufficiency of appropriate audit evidence before conclusions
there from. The internal audit evidence should enable internal auditor to
form an opinion on the scope of the terms of engagement.
11. Standard on Internal Audit 11 - Consideration of Fraud in an Internal Audit
a) An internal auditor is not expected to possess skills and knowledge of a
person expert in detecting and investigating frauds, he should, however,
have reasonable knowledge of factors that might increase the risk of
opportunities for frauds in an entity and exercise reasonable care and
professional skepticism while carrying out internal audit.
b) A system of internal control comprise of following five elements namely
control environment, entity’s risk assessment process, information system
and communication, control activities and monitoring of controls. It is
essential for internal auditor to gain an understanding of the components of
system of internal control.
c) The primary responsibility for prevention and detection of frauds is that of
the management of the entity. The internal auditor should, however, help
the management fulfill its responsibilities relating to fraud prevention and
12. Standard on Internal Audit 12 - Internal Control Evaluation
a) The system of internal control must be under continuous supervision by
management to determine that it is functioning as prescribed and is
modified, as appropriate, for changes in environment. Internal control
system extends beyond those matters which relate directly to the functions
of accounting system and comprises of control environment and control
b) To examine the continued effectiveness of internal control system through
effectiveness. To focus towards improving internal control structure and
promoting better corporate governance.
c) To obtain an understanding of significant processes and internal control
systems sufficient to plan the internal audit engagement and develop an
effective audit approach, assess and evaluate the maturity of entity’s
internal control, assess management’s attitudes, awareness and actions
regarding internal controls and their importance in the entity.
13. Standard on Internal Audit 13 - Enterprise Risk Management
a) Risk is an event which can prevent, hinder, fail to further or otherwise
obstruct the enterprise in achieving its objectives. Risk may be broadly
classified into Strategic, Operational, Financial and Knowledge.
b) ERM is a structured, consistent and continuous process of measuring or
assessing risk and developing strategies to manage risk within the risk
appetite. It involves identification, assessment, mitigation, planning and
implementation of risk and developing an appropriate risk response policy.
c) ERM process consists of Risk identification, prioritization and reporting,
Risk mitigation, Risk monitoring and assurance. The corporate risk function
establishes the policies and procedures, and the assurance phase is
accomplished by internal audit. The role of internal auditor is to provide
assurance to management on the effectiveness of risk management.
14. Standard on Internal Audit 14 - Internal Audit in an Information Technology
a) The overall objective and scope of an internal audit does not change in an
IT environment. However, the use of a computer changes the processing,
storage, retrieval and communication of financial information and the
interplay of processes, systems and control procedures. This may affect the
internal control systems employed by the entity. Accordingly, and IT
environment may affect the procedures followed by the internal auditor in
obtaining a sufficient understanding of the processes, systems and internal
control system and the auditor’s review of the entity’s risk management and
b) To consider the effect of an IT environment on internal audit engagement,
inter alia the extent to which IT environment is used to record, compile,
process and analyse information and the system of internal control in
existence in the entity with regard to flow of authorised, correct and
complete data to the processing centre, the processing, analysis and
reporting tasks undertaken in the installation and the impact of computer–
based accounting system on the audit trail that could otherwise be expected
to exist in an entirely manual system.
c) To have sufficient knowledge of information technology systems to plan,
direct, supervise, control and review the work performed. The sufficiency of
knowledge would depend on the nature and extent of the IT environment.
15. Standard on Internal Audit 15 - Knowledge of the Entity and its Environment
a) To obtain knowledge of the economy, entity’s business and its operating
environment, including its regulatory environment and the industry in which
it operates, sufficient to enable him to review the key risks and entity–
wide processes, systems, procedures and controls. To identify sufficient,
appropriate, reliable and useful information to achieve the objectives of the
b) Prior to accepting an engagement, the internal auditor should obtain a
preliminary knowledge of the industry and of the nature of ownership,
management, regulatory environment and operations of the entity subjected
to internal audit, and should consider whether a level of knowledge of the
entity’s business adequate to perform the internal audit can be obtained.
c) Following the acceptance of the engagement, further and more detailed
information should be obtained.
16. Standard on Internal Audit 16 - Using the Work of an Expert
a) To obtain technical advice and assistance from competent experts if the
internal audit team does not possess necessary knowledge, skills, expertise
or experience needed to perform all or part of the internal audit
b) When the internal auditor uses the work of an expert, he should satisfy
himself about the competence, objectivity and independence of such expert
and consider the impact of such assistance or advice on the overall result
of internal audit engagement, especially in cases where the outside expert
is engaged by senior management or those charged with governance.
c) When determining whether to use the work of an expert or not, internal
auditor should consider the materiality of the item being examined, the
nature and complexity of the item including the risk of error therein, the
other internal audit evidence available with respect to the item.
17. Standard on Internal Audit 17 - Consideration of Laws and Regulations in an
a) It is the primary responsibility of management, with the oversight of those
charged with governance, to ensure that the entity’s operations are
conducted in accordance with the provisions of laws and regulations,
including compliance with the provisions of laws and regulations that
determine the reported amounts and disclosures in an entity’s financial
b) The objectives of the internal auditor are to obtain sufficient appropriate
audit evidence regarding compliance with the provisions of those laws and
statements, to perform specified audit procedures to help identify instances
of non-compliance with other laws and regulations that may have a
significant impact on the functioning of the entity and to respond
appropriately to non-compliance or suspected non-compliance with laws and
regulations identified during the internal audit.
COST CONTROL:Cost control and reduction refers to the efforts business managers make to monitor,
evaluate, and trim expenditures. These efforts might be part of a formal, company-wide
program or might be informal in nature and limited to a single individual or department.
In either case, however, cost control is a particularly important area of focus for small
businesses, which often have limited amounts of time and money. In a small business
the focus is often on selling and servicing the customer. This leaves the task of
purchasing slightly sidetracked. Even seemingly insignificant expenditures - for items like
office supplies, telephone bills, or overnight delivery services - can add up for small
businesses. On the plus side, these minor expenditures can often provide sources of cost
Cost control refers to management's effort to influence the actions of individuals who are
responsible for performing tasks, incurring costs, and generating revenues. First managers
plan the way they want people to perform, then they implement procedures to determine
whether actual performance complies with these plans. Cost control is a continuous
process that begins with the annual budget. As the fiscal year progresses, management
compares actual results to those projected in the budget and incorporates into the new
plan the lessons learned from its evaluation of current operations. Through the budget
process and accounting controls, management establishes overall company objectives,
defines the centers of responsibility, and determines specific objectives for each
responsibility center, and designs procedures and standards for reporting and evaluation.
Cost control is the practice of managing and/or reducing business expenses. Cost controls
starts by the businesses identifying what their costs are and evaluate whether those costs
are reasonable and affordable. Then, if necessary, they can look for ways to cut costs
through methods such as cutting back, moving to a less expensive plan or changing
service providers. The cost control process seeks to manage expenses ranging from
phone, internet and utility bills to employee payroll and outside professional services. To
be profitable, companies must not only earn revenues, but also control costs. If costs are
too high, profit margins will be too low, making it difficult for a company to succeed
against its competitors. In the case of a public company, if costs are too high, the
company's may find that its share price is depressed and that it is difficult to attract
investors. The following are some simple successful cost control methods:1. Review and Modify Business Model:- There is a great, economically and
commercially successful business model, that is used to lay down the foundations
of any company. The business model must be however subject to small and big
changes. It means as a manager, you should subject the business model to
changes according to your competitors actions and markets status. By the term
change, I also mean that you should be upgrading and improving all possible
business operations. You need to come up with new process and procedures to
2. Daily Updates:- One of the best ways to start controlling costs it to have daily
updates of production, all possible long and short term expenditures. Divide all
these expenditures, even the ones such cost of machinery or insurance, and sales,
by the number of working days. This will give you a concrete figure of the total
amount that has been spent. Similarly after sales of your goods or services, you
may also divide the total amount of sales by the number of working days. This
will give you a micro figure about the daily expenditure and sales. It will
definitely help you to zero down on all possible cost problems that you incur.
3. Uniformity:- Cost control management is all about deriving the best outputs in a
least cost. Hence, set up a highly efficient and specialized stores department which
will oversee all purchases. You may also take a risk and make long term
agreements regarding the quality and quantity of materials that are being supplied
to your manufacturing process. This uniformity will ensure a timely, cheap and
assured supply of raw materials.
4. Time Planning:- Time is money! Well divide the amount of wages that you give
out with the number of work hours per month. Explain to the employees per
hour expenditures that you incur, and hence the necessity for time management.
You may also install good cost control systems, in order to help your employees
to manage their work hours well. A cost control software will also work wonders
in the finance and accounting department.
5. Renegotiate all Contracts Annually:- For whatever reason, businesses presume
that multiple year contracts will result in lower costs. Maybe sometimes, but not
always. A smart company policy is not to have the life of a contract exceed one
year. This forces annual bidding or at least renewal discussions with the current
suppliers. Almost always these discussions will result in lower cost of goods. A
multi-year contract will usually favor the vendor. Of course this is a lot of work,
but it sure pays out.
6. Ask your Customers:- Annual planning sessions with customers have many
benefits. Naturally these discussions primarily should focus on ways to grow the
business. But too often these discussions fail to address costs. By discussing costs
holistically up and down the combined supply chains, customers often can
recommend ways to reduce costs. For example, how to take wasted steps out of
the process, or how to plan jointly to smooth production, or maybe even how to
change the product mix to get rid of costly items and replace them with some
that are more profitable. Talking to the customer is never a bad thing. But talking
about how to jointly improve business deepens the relationship, shows them you
care, and helps reduce costs for both parties.
7. Match terms with turns:- Each item in your inventory moves at a different rate,
and yet suppliers normally apply a one size fits all approach to payment terms.
You can reduce your working capital to zero if payment terms were matched with
the inventory turns of each item. By negotiating this into your contracts it incents
the suppliers only to sell the best moving items and to work with you to improve
inventory productivity. The results will free up cash that can be deployed
elsewhere in the business and improve profits.
8. Ask Vendors to own their Inventory:- Better even than matching terms with
turns is to have the vendors keep title to their inventory until sold. Normally
inventory acquired from a vendor is held in your warehouse for use in
manufacturing conversion or resale to your customers. But why think of it as
your inventory, it hasn’t been used yet so why isn’t it their inventory. Best
planning results in “just-in-time” delivery so there is no inventory. But this isn’t
always possible, for instance, in industries like retail where that inventory is
necessary for your own customers. But again, why are you paying them and then
sitting on their inventory. They need to own the inventory until time of sale. This
is commonly referred to as “scan based trading” or “just-in-time trading.”
INTERNAL AUDIT and COST CONTROL:Many organizations focus their cost reduction efforts around the numbers. This is the
reason why cost reduction initiatives are regarded as the sole domain of the financial
community. Cost cutting is often no more than a review of the budget, the introduction
of a saving against each line item, and then monitoring actual versus planned spend.
There is no problem with this approach if it is short-term cuts that are wanted. It is
easy to reduce costs by a small amount on each line item by delaying expenditure into
a future period. However, these are not real savings and the organization loses the
opportunity to review underlying business practices during difficult economic periods that
have the potential to create sustainable cost savings. Once the pressure is off, these “so
called” cost savings quickly come back into the budgets and management are none the
wiser. This is the tactical response to cost cutting. It can be done and it does have
benefits but these are mainly short term in nature. On the other hand, organizations that
approach their cost reduction efforts in a strategic manner have the opportunity to
significantly strengthen their competitive position from a cost perspective rather than just
survive the current economic downturn. Activity-based cost reduction is a strategic
response to cost cutting that provides sustainable benefits. This means the focus shifts
from the individual line items on the income statement or balance sheet toward the
underlying activities that drive the expenditure. Once these underlying activities are
understood, it is relatively easy to identify and prioritize improvements that will have a
larger and longer-term impact on the business.
The biggest risk for any major initiative is the ability of the organization to sustain the
benefits. In a survey of 115 multinationals taken from the Financial Times Stock
Exchange’s top 350 companies, it was found that 70% could not sustain the benefits of
their cost reduction efforts beyond two years. Often this is due to the fact that the
changes introduced are not continuously re-enforced through regular, visible reporting of
the key measures that determined success in the beginning. The organization loses sight
of those aspects that were considered essential when the program was first introduced.
This is where the internal audit function can play a significant role.
The internal audit function should be an integral part of any strategic cost reduction
program because it can ensure the redesigned business processes, activities and structures
(if any) remain responsive to the risks, and are embedded in the business methods and
The value that can be achieved by the inclusion of the internal audit function is
immense, as it can support a number of strategic objectives, including the following:
1. Achieving buy-in to the cost reduction program from a broader group of
2. Improving visibility at management, executive and board levels by ensuring
internal audit reports include commentary on the cost cutting initiatives.
3. Identifying the risks and implications of cost reduction initiatives.
4. Providing valuable input and insight into the key processes and activities that
drive certain costs.
5. Identifying critical improvement drivers to keep the business focused on priority
6. Bringing a process and control capability to the overall program.
7. Monitoring and evaluating key performance indicators on a continuous basis.
8. Developing regular reviews as part of the annual internal audit plan to support
9. Providing an objective view point on the proposed initiatives prior to, during and
after the introduction of the cost cutting program.
10. Reporting on the benefits realized by the program.
As an example, overtime cost was considered to be excessive in one very large
organization. Certain employees were actually earning more by way of overtime pay than
from their regular salaries. Management decided to cut this cost, especially as difficult
economic circumstances were resulting in lower business activity levels. As a result of
the increased focus on overtime pay together with more regular reporting, the cost began
to show a reducing trend. However, as often happens, the moment the emphasis changed
to other significant areas and the level of scrutiny reduced, the cost of overtime began
to increase. This example highlights the need for much more effort in understanding and
changing the underlying reasons for a particular cost rather than simply focusing on the
cost itself. For example, travel expenditure may be under review and the finance
manager might request a saving of 20% in the following year’s budget. One approach
would simply be to cut the number of trips by an average of 20%, and the target would
be achieved with no difficulty. Except during the following year, when the pressure is
off, the costs will creep back into the system and the benefits of the saving will be
short lived. An alternative approach, in addition to the above action (which is a very
good starting point), would be to review and redesign the underlying activities that drive
travel expenditure in order to change the way the organization operates. This would have
the effect of sustaining the saving over a much longer term and ultimately gain the
organization competitive advantage.
The following questions in relation to travel expenses should also be asked:1. What is the breakdown of the travel expense ? (In order to understand the
makeup of the cost and where to focus improvement efforts.)
2. What activities are performed that result in these costs being incurred ?
3. Why do these activities need to be performed and do they add value to the
business ? And how can the benefit or value of the activity be determined ?
4. What are the interdependencies and risks of changing these activities ?
5. Is there a better way to achieve the same or even a better result, e.g., scenario or
option planning ?
6. What should the targeted cost be, taking into account potential improvements ?
7. What needs to be done to redesign the approach to travel to enhance the process
and reduce the cost ?
8. What controls or performance measures need to be introduced to ensure
sustainable success ?
9. How will the performance of the activities be reported to ensure that the costs
don’t creep back into the system ?
10. Who will sponsor the change program ?
This simple example demonstrates how cost cutting is much more than just the
elimination of expenses from a budget. It is a strategic adjustment that may well have a
material impact on how an organization does business. Working through this approach in
a meticulous way, organizations are more likely to achieve substantial benefits over the
longer term by identifying significant improvement areas. After an exercise similar to
that described is performed, it is possible to prepare a much more informed budget for
the next period, which will recognize the embedded savings derived. All too often
budgets are simply a derivative of the previous period plus an adjustment for perceived
economic and market changes. In fact, it is recommended that three year rolling budgets
be introduced, showing the expenditure trends and the benefits derived from any cost
saving initiatives over a longer term. Unfortunately, many organizations leave the cost
reduction program in the hands of the financial community which also has many other
priorities. This results in a number of quick wins and short-term benefits but often fails
to achieve the longer-term sustainable impact that could make a strategic difference to
the entity. Organizations that view cost reduction initiatives as a strategic imperative that
could potentially result in a competitive advantage, and that approach the overall effort
in an inclusive and methodical manner, will be much stronger when the economic cycle
turns. No one yet knows who will survive, who will thrive, and who will disappear
during the current downturn - only time will tell. Nonetheless, those organizations that
approach cost reduction with the right mindset have a better chance of success than
those which simply tamper on the periphery.
CONCLUSION:The internal auditor should check whether proper operating standards and norms have
been established for cost control and reduction. They should be detailed enough to be
identifiable with specific operating responsibilities and should be capable of being used
by operating personnel for monitoring and evaluating their performance. The internal
auditor should review the methods of establishing the operating standards and norms. He
should carefully examine the assumptions made while setting the standards to ensure that
they are appropriate and necessary. The variances should be examined to evaluate
whether or not the standards and norms are practical. Where there is a wide divergence
between actual performance and the corresponding standards, reasons may be looked into.
The system of identification and analysis of deviations from standards should be
examined. The internal auditor should examine whether analysis of variances is
communicated to those concerned in time. He should also examine whether in
communicating the variances serious matters are highlighted and whether exceptional
variances are communicated more expeditiously than is done in the normal course. As a
part of evaluating resources utilization, identifying the facilities which are under-utilized
is an important function of the internal auditor. Such instances may consist of underutilized machines, unoccupied storage space, huge cash or bank balances, idle man power
etc. The internal auditor may also identify understaffing and overstaffing in various areas
as these prevent optimum use of resources.
While commenting on staffing, the internal auditor should pay special attention to nonproductive work being performed. This would require an enquiry into the job descriptions
of employees combined with an intelligent observation of the work being done. Finally
the internal auditor should review all procedures with reference to their costs and
benefits. One of the factors resulting in inefficiency is that in many cases procedures
become hindrance to operations.
BIBLOGRAPHY:1) AUDITING books of ICAI.
2) COSTING books of ICWAI.