Internal Audit Project


Published on

Costing Theory Project

Published in: Education, Business, Technology
1 Comment
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Internal Audit Project

  2. 2. EVALUATION CERTIFICATE This is to certify that the undersigned have assessed and evaluated the project on “HOW INTERNAL AUDIT CAN CONTROL COST” submitted by student of M.Com. – Part - I (Semester – I) for the academic year 2013-14. This project is original to the best of our knowledge and has been accepted for Internal Assessment. Name & Signature of Internal Examiner Name & Signature of External Examiner PRINCIPAL Shri. Sunil B. Mantri 2
  3. 3. DECLARATION BY THE STUDENT I, student of M.Com. (Part – I) Roll No.:041 hereby declare that the project titled “HOW INTERNAL AUDIT CAN CONTROL COST” for the subject ADVANCED COST ACCOUNTING submitted by me for Semester- I of the academic year 2013-14, is based on actual work carried out by me under the guidance and supervision of PROF. KEDAR BHIDE . I further state that this work is original and not submitted anywhere else for any examination. Place: MUMBAI. Date: (SOUMEET D. SARKAR) Name & Signature of Student 3
  4. 4. ACKNOWLEDGEMENT It is indeed a great pleasure and proud privilege to present this project work. I thank my project guide and M-COM co-ordinator of SVKM’S NARSEE MONJEE COLLEGE OF COMMERCE AND ECONOMICS, VILE PARLE (WEST). Their co-operation and guidance have helped me to complete this project. I would sincerely like to thank the principal of our college Shri.Sunil B.Mantri for his support and guidance. I would also like to thank the college library and its staff for patiently listening and guiding me and finally. I would like to thank my family and friends who supported me in this project. THANK YOU. 4
  5. 5. CONTENT Sr. No. PARTICULARS Page No. CHAPTER I – INTRODUCTION 1.1 Meaning & Definition 6 1.2 History of Internal Audit 8 CHAPTER II – INTERNAL AUDIT and COST CONTROL 2.1 Mission of Internal Audit 8 2.2 Purpose of Internal Audit 9 2.3 Objective of Internal Audit 9 2.4 Principles of Internal Audit 10 2.5 Areas of Operation 11 2.6 Essentials of Internal Audit 12 2.7 Roles of Internal Audit 18 3.1 Categories 20 3.2 Standards related to Internal Audit 21 4.1 Cost Control 30 4.2 Methods of Cost Control 31 CHAPTER V – CONCLUSIONS & SUGGESTIONS 5.1 Conclusion 37 5.3 Biblography 38 5
  6. 6. INTRODUCTION:The general definition of an audit is an evaluation of a person, organization, system, process, enterprise, project or product. The term most commonly refers to audits in accounting, internal auditing and government auditing, but similar concepts also exist in project management, quality management, water management and energy conservation. Auditing is defined as a systematic and independent examination of data, statements, records, operations and performances (financial or otherwise) of an enterprise for a stated purpose. In any auditing the auditor perceives and recognizes the propositions before him for examination, collects evidence, evaluates the same and on this basis formulates his judgment which is communicated through his audit report. The types of audit are:1. EXTERNAL AUDIT:- independent of the organisation. 2. INTERNAL AUDIT:- an organization auditing its own systems, a self-assessment. Here, we will study about internal audit and how it helps to control cost. INTERNAL AUDIT is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Internal audit is a catalyst for improving an organization's governance, risk management and management controls by providing insight and recommendations based on analyses and assessments of data and business processes. With commitment to integrity and accountability, internal audit provides value to governing bodies and senior management as an objective source of independent advice. Professionals called internal auditors are employed by organizations to perform the internal auditing activity. The scope of internal audit within an organization is broad and may involve topics such as an organization's governance, risk management and management controls over:efficiency/effectiveness of operations (including safeguarding of assets), the reliability of financial and management reporting and compliance with laws and regulations. Internal 6
  7. 7. audit may also involve conducting proactive fraud audits to identify potentially fraudulent acts; participating in fraud investigations under the direction of fraud investigation professionals, and conducting post investigation fraud audits to identify control breakdowns and establish financial loss. Internal audit is an audit conducted by an internal auditor appointed by the management of the enterprises with a view to highlighting the weak areas of the organizations. It includes examination and evaluation of various organizational activities and to produce the helping hand to the management complete their responsibilities efficiently and effectively. The institute of internal auditor has defined internal auditing as follows: “ Internal auditing is the independent appraisal activity within an organization for the review of the accounting, financial and other operation as a basis for protective and constructive service to the management. It is a type of control, which functions by measuring and evaluating the effectiveness of other types of control. It deals primarily with accounting and financial matters but it may also properly deal with matters of an operating nature.” The internal auditor audits the accounts and other relevant records daily, regularly or on periodical basis to accomplish the following requirements:1. Internal audit may be conducted to ascertain whether all rules, regulations, policies, procedures and principles have been followed by the company or not. 2. To check whether the existing internal control system is adequate and effective and according to the size of the organization. 3. To ensure that all the assets of organization are properly safeguarded, if not, he reports the management about the drawback with suggestions. 4. To highlight the weak areas of the organization and give suggestion to strengthen them. 5. To check whether working of the organization is smooth, effective, efficient and economical. 7
  8. 8. HISTORY OF INTERNAL AUDIT:The Internal Auditing profession evolved steadily with the progress of management science after World War II. It is conceptually similar in many ways to financial auditing by public accounting firms, quality assurance and banking compliance activities. While some of the audit technique underlying internal auditing is derived from management consulting and public accounting professions, the theory of internal auditing was conceived primarily by Lawrence Sawyer (1911-2002), often referred to as "the father of modern internal auditing"; and the current philosophy, theory and practice of modern internal auditing as defined by the International Professional Practices Framework (IPPF) of the Institute of Internal Auditors owes much to Sawyer's vision. With the implementation in the United States of the Sarbanes-Oxley Act of 2002, the profession's exposure and value was enhanced, as many internal auditors possessed the skills required to help companies meet the requirements of the law. However, the focus by internal audit departments of publicly traded companies on SOX related financial policy and procedures derailed progress made by the profession in the late 20th century toward Larry Sawyer's vision for internal audit. Beginning in about 2010, the IIA once again began advocating for the broader role internal auditing should play in the corporate arena, in keeping with the IPPF's philosophy. MISSION OF INTERNAL AUDIT:The internal audit supports effective and efficient discharging of the guiding and monitoring duties of the organization’s management by producing assurance services for its internal customers relating to governance, control and risk management processes. The internal audit brings added value and promotes achievement of the set goals by giving improvement recommendations, producing objective and independent information and by training supervisors and employees in understanding and application of monitoring processes and self-assessment of business and other activities within the organization. The internal audit sets its own objectives and performs its duties so that the values of the 8
  9. 9. organization are included in them and that these values also guide the work of the auditors. The internal auditors function as partners of the other organizational parts and work as experts in different teams (especially development teams) if they do not endanger their independence. PURPOSE OF INTERNAL AUDIT:The internal audit is one of the management’s control tools who through its operations assist the entire organization by examining and evaluating the adequacy and efficiency of internal control, risk management, quality of operations and governance processes. The internal audit furnishes the organization with analyses, appraisals, recommendations, counsel and information. The purpose is to ascertain that the internal control system, by taking into account also the information produced by the external auditors, functions so that the management can be reasonably sure that the set objectives and goals will be achieved, the operations are effective, reporting is reliable and safeguarding of assets and compliance with the laws and regulations is done. OBJECTIVES OF INTERNAL AUDIT:1. To determine the reliability and integrity of information; (i.e. evaluating the internal control systems and the integrity of financial and operating information produced by those systems). 2. To determine whether compliance exists with policies, procedures, laws and regulations. 3. To establish that there is a proper authority for every acquisition, retirement and disposal of assets. 4. To confirm that liabilities have been incurred only for legitimate activities of the organization. 5. To appraise the economy and efficiency of resource utilization (i.e. physical, monetary and most importantly staff). 9
  10. 10. 6. To review operations or programs for consistency with established management goals and objectives. 7. To assist members of the organization in the effective and successful performance of their responsibilities by providing them with analyses, appraisals, recommendations and other pertinent information concerning the activities being reviewed. 8. To analyze and improve the system of internal check, in particular to see that it is:a) working, b) sound, and c) economical. 9. To facilitate the prevention and detection of frauds. 10. To review the operation of the overall internal control system and to bring material departures and non-compliances to the notice of the appropriate level of management, to locate unnecessary and weak control system effective and economical. PRINCIPLES OF ESTABLISHING INTERNAL AUDIT:The basic principles of establishing internal audit in a business concern are:1. Independence:- The internal audit department should have an independent status in the organization. The internal auditor must have sufficiently high status in the organization. He may be required to report directly to the board of directors. 2. Objectives:- The objectives of the internal audit function should be made very clear and unambiguous. The objective should be properly communicated so that internal audit is not viewed as “ over the shoulder check” by other departments. 3. Clarity In Scope:- The scope of internal audit department must be specified in a comprehensive manner. The department must at all times, have authority 10
  11. 11. to investigate from the financial angle, every phase of organizational activity under any circumstance. 4. Definition Of Duties:- The internal audit department’s duty is to review operations as part of the internal control system. It should not be involved in performance of executive actions. 5. Internal Audit Department:- The size and qualification of staff of the internal audit department should be commensurate with the size of the business. The cost of internal audit department should not exceed the benefits expected to be derived from it. 6. Reporting:- The programme of internal audit should be time-bound. There should be provisions for periodic reporting on various operational and other aspects. 7. Follow-up and review:- There should be sufficient scope for the follow-up action on the various points raised in internal audit report. Top management should take active part in ensuring compliance with action points raised in the report. 8. Relationship with Statutory Auditor:- The copy of the internal audit report should be made available to the statutory auditor, who can deal with the same in the manner as he deems fit. AREAS in which INTERNAL AUDIT OPERATES:Internal audit covers the following areas1) Review of Accounting System and Related Internal Controls:- The establishment of an adequate accounting system and related controls is the responsibility of management which demands proper attention on a continuous basis. The internal audit function is often assigned specific responsibility by management for reviewing the accounting system and related internal controls, monitoring their operation and recommending improvements thereto. 11
  12. 12. 2) Examination for Management of Financial and Operating Information:- This may include review of the means used to identify, measure, classify and report such information and specific inquiry into individual items including detailed testing of transactions, balances and procedures. 3) Examination of the Economy, Efficiency and Effectiveness of Operations including Non-Financial Controls of an Organization:- Generally, the external auditor is interested in the results of such audit work only when it has important bearing on the reliability of the financial records. 4) Physical Examination and Verification of Tangible Assets ESSENTIALS OF INTERNAL AUDITING:The essentials for effective internal auditing are:- I. Independence:- The internal auditor should have the independence in terms of organizational status and personal objectivity which permits the proper performance of his duties. II. Staffing and Training:- The internal audit unit should be appropriately staffed in terms of numbers, grades, qualifications and experience, having regard to its responsibilities and objectives. The internal auditor should be properly trained to fulfill all his responsibilities. The effectiveness of internal audit depends substantially on the quality, training and experience of its staff. The aim should be to appoint staff with the appropriate background, personal qualities and potential. Thereafter, steps should be taken to provide the necessary experience, training and continuing professional education. STAFFING The internal audit unit should be managed by a head of internal audit who should be suitably qualified and should possess wide experience in internal audit and its management. He should plan, direct, control and motivate the resources available to ensure that the responsibilities of the internal audit unit are met. The full range of duties may require internal audit staff to be drawn from a variety of 12
  13. 13. disciplines. The effectiveness of internal audit may be enhanced by the use of specialist staff, particularly in the internal audit of activities of a technical nature. The internal audit unit should employ staff with varying types and levels of skills, qualifications and experience in order to satisfy the requirements of each internal audit task. TRAINING The organization has a responsibility to ensure that the internal auditor receives the training necessary for the performance of the full range of duties. Training should be tailored to the needs of the individual. It should include both theoretical knowledge and its practical application under the supervision of suitably competent and experienced internal auditors. Account should be taken of:a) internal audit objectives and priorities; b) the type of internal audit work; c) previous training, experience and qualifications; and d) personal development in the light of the needs of the organization and the internal audit unit. The internal auditor should keep abreast of current developments, improvements, new techniques and practices in auditing. The head of internal audit should coordinate, and keep under review, the training requirements of internal auditors. He should be responsible for preparing training profiles which identify the training requirement for different grades of internal auditors, and should maintain personal training records for each individual. In large organizations this may be performed by a designated training officer. III. Relationships:- The internal auditor should seek to foster constructive working relationship and mutual understanding with management, with external auditors, with any other review agencies and, where one exist, the audit committee. In order that the internal auditor may properly perform all his tasks, it is necessary for all those with whom he has contact to have confidence in him. Constructive working relationships make it more likely that internal audit work will be accepted and acted upon, but the internal auditor should not allow his objectivity to be impaired. 13
  14. 14. Organizational Relationships The head of internal audit should prepare the internal audit plan in consultation with senior management. The internal auditor should arrange the timing of internal audit assignments in consultation with the management concerned, except on those rare occasions where an unannounced visit is a necessary part of the audit approach. Consultation can lead to the identification of areas of concern or of other interest to management. Matters which arise in the course of the audit are confidential and discussion should be restricted to management directly responsible for the area being audited unless they have given express agreement to broaden the discussion. Discussions with management are necessary when preparing the audit report. This is an essential feature of the good relationship between the auditor and the management. Relationship with External Audit The relationship between internal and external audit needs to take account of their differing roles and responsibilities. Internal audit is an independent appraisal function within the organization and internal auditors are direct employees. The external auditor usually has a statutory responsibility to express an independent opinion on the financial statements and stewardship of the organization. The aim should be to achieve mutual recognition and respect, leading to a joint improvement in performance and the avoidance of unnecessary over-lapping of work. It should be possible for the external and internal auditors to rely on each other's work, subject to limits determined by their different responsibilities, respective strengths and special abilities. Consultations should be held and consideration given to whether any work of either auditor is adequate for the purpose of the other. The internal auditor does not automatically have a right of access to the records of the external auditor. However, the relationship between the internal and external auditor will usually be such that the external auditor will be able to allow access to the necessary records. Since internal audit evaluates an organization's internal control system the external auditor may need to be satisfied that the internal audit function is being planned and performed effectively. This review needs to be seen by both parties as a necessary part of the working 14
  15. 15. relationship (Institute's International Auditing Guideline No: 10 on "Using the work of an Internal Auditor"). Regular meetings should be held between internal and external auditors at which joint audit planning, priorities, scope and audit findings are discussed and information exchanged. The benefits of joint training programmes and joint audit work should also be considered. Review Agencies and Specialists Certain information obtained during an internal audit assignment may assist a review agency, such as management services or consultants, which are seeking to secure improvements in the organization's performance. Management's formal approval should be obtained before releasing any audit report or other information to the review agencies. The internal auditor should establish a regular dialogue with review agencies and obtain their reports for information, review and comment where proposals may affect internal control arrangements. Where it is necessary for the internal auditor to have contact with other specialists the same basic principles about information apply as in the case of review agencies. IV. Due Care:- The internal auditor should exercise due care in fulfilling his responsibilities. The internal auditor cannot be expected to give total assurance that control weaknesses or irregularities do not exist. In order to demonstrate that due care has been exercised the internal auditor should be able to show that his work has been performed in a way which is consistent with this guideline. The internal auditor should possess a thorough knowledge of the aims of the organization and the internal control system. He should also be aware of the relevant laws and the requirements of relevant professional and regulatory bodies. The internal auditor must be impartial in discharging all responsibilities; bias, prejudice or undue influence must not be allowed to limit or over-ride objectivity. At all times, the integrity and conduct of the internal auditor must be above reproach. He should not place himself in a position where responsibilities and private interests conflict and any personal interests should be declared. The internal auditor should not improperly disclose any information obtained during the course of his work. 15
  16. 16. V. Planning, Controlling And Recording:- The internal auditor should adequately plan, control and record his work. The main purposes of internal audit planning are:a) To determine priorities and to establish the most cost-effective means of achieving audit objectives; b) To assist in the direction and control of audit work; c) To help ensure that attention is devoted to critical aspects of audit work; and d) To help ensure that work is completed in accordance with pre-determined targets. Control of the internal audit unit and of individual assignments is needed to ensure that internal audit objectives are achieved and work is performed effectively. The most important elements of control are the direction and supervision of the internal audit staff and review of their work. This will be assisted by an established audit approach and standard documentation. The degree of control and supervision required depends on the complexity of assignments and the experience and proficiency of the internal audit staff. Internal audit work should be properly recorded because:a) The head of internal audit needs to be able to ensure that work delegated to staff has been properly performed. He can generally do this only by reference to detailed working papers prepared by the internal audit staff who performed the work; b) Working papers provide, for future reference, evidence of work performed, details of problems encountered and conclusions drawn; and c) The preparation of working papers encourages each internal auditor to adopt a methodical approach to his work. VI. Evaluation of the Internal Control System:- The internal auditor should identify and evaluate the organization's internal control system as a basis for reporting upon its adequacy and effectiveness. VII. Evidence:- The internal auditor should obtain sufficient, relevant and reliable evidence on which to base reasonable conclusions and recommendations. Internal audit evidence is information obtained by an internal auditor which enables 16
  17. 17. conclusions to be formed on which recommendations can be based. The internal auditor should determine what evidence will be necessary by exercising judgement in the light of the objectives of the internal audit assignment. This judgement will be influenced by the scope of the assignment, the significance of the matters under review, the relevance and the reliability of available evidence and the cost and time involved in obtaining it. The collection and assessment of internal audit evidence should be recorded and reviewed to provide reasonable assurance that conclusions are soundly based and internal audit objectives achieved. VIII. Reporting and Follow-Up:- The internal auditor should ensure that findings, conclusions and recommendations arising from each internal audit assignment are communicated promptly to the appropriate level of management and he should actively seek a response. He should ensure that arrangements are made to follow up audit recommendations to monitor what action has been taken on them. Internal audit reports provide a formal means of communicating to management the results arising from audits undertaken. Such reports should include audit findings, recommendations and conclusions relating to the adequacy of and compliance with the system of internal control and the efficiency, effectiveness and economy of operations in the area covered by the audit. From the point of view of completeness, management response to the audit findings should preferably also be included in the report. The aim of every internal audit report should be:a) To prompt management action to implement recommendations for change leading to improvement in performance and control; and b) To provide a formal record of points arising from the internal audit assignment and, where appropriate, of agreements reached with management. 17
  18. 18. DIFFERENT ROLES of INTERNAL AUDIT:1. Role in Internal Control:- Internal auditing activity is primarily directed at improving internal control. Internal control is broadly defined as a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following internal control categories:a) Effectiveness and efficiency of operations. b) Reliability of financial reporting. c) Compliance with laws and regulations. Management is responsible for internal control. Managers establish policies and processes to help the organization achieve specific objectives in each of these categories. Internal auditors perform audits to evaluate whether the policies and processes are designed and operating effectively and provide recommendations for improvement. 2. Role in Risk Management:- Internal auditing professional standards require the function to monitor and evaluate the effectiveness of the organization's risk management processes. Risk management relates to how an organization sets objectives, then identifies, analyzes, and responds to those risks that could potentially impact its ability to realize its objectives. Risks fall under strategic, operational, financial reporting, and legal/regulatory categories. Management performs risk assessment activities as part of the ordinary course of business in each of these categories. Examples include:- strategic planning, marketing planning, capital planning, budgeting, hedging, incentive pay out structure, and credit/lending practices. Internal auditors may evaluate each of these activities, or focus on the processes used by management to report and monitor the risks identified. For example, internal auditors can advise management regarding the reporting of forward looking operating measures to the Board, to help identify emerging risks. In larger organizations, major strategic initiatives are implemented to achieve objectives and drive changes. As a member of senior management, the Chief Audit Executive (CAE) may participate in status updates on these major 18
  19. 19. initiatives. This places the CAE in the position to report on many of the major risks the organization faces to the Audit Committee, or ensure management's reporting is effective for that purpose. Internal auditors may help companies establish and maintain Enterprise Risk Management processes. 3. Role in Corporate Governance:- Internal auditing activity as it relates to corporate governance is generally informal, accomplished primarily through participation in meetings and discussions with members of the Board of Directors. Corporate governance is a combination of processes and organizational structures implemented by the Board of Directors to inform, direct, manage and monitor the organization's resources, strategies and policies towards the achievement of the organizations objectives. The internal auditor is often considered one of the "four pillars" of corporate governance, the other pillars being the Board of Directors, management, and the external auditor. A primary focus area of internal auditing as it relates to corporate governance is helping the Audit Committee of the Board of Directors (or equivalent) perform its responsibilities effectively. This may include reporting critical internal control problems, informing the Committee privately on the capabilities of key managers, suggesting questions or topics for the Audit Committee's meeting agendas, and coordinating carefully with the external auditor and management to ensure the Committee receives effective information. 19
  20. 20. CATEGORIES of INTERNAL AUDIT:1. System Based Audit:- It refers to an in-depth evaluation of the internal control system with the objective to assess to extent to which the controls are functioning effectively. It is designed to assess the accuracy and completeness of financial statements, the legality and regularity of underlying transactions and the economy, efficiency and effectiveness of operations. A systems based audit should be followed-up through substantive testing of a number of transactions, account balances, etc. to determine whether the financial statements of the auditee are accurate and complete, the underlying transactions legal and regular and/or the criteria for economy, efficiency and effectiveness have been achieved. 2. Performance Audit or Operational Audit:- It assesses whether the activity, programme or body has been managed economically and/or efficiently and/or effectively. A particular performance audit will not necessarily seek to reach conclusions about all three aspects above:- it should be clear from the audit objectives, which need to be examined. When carrying out audits of economy or efficiency, however, the auditor does need to make a general consideration of the effectiveness of the audited entity:- it may be better that the entity does the right thing badly rather than doing the wrong thing well. 3. Financial or Accounting Audit:- It evaluates the accuracy of the accounting and related procedures and practices. It assesses the accuracy and completeness of the financial statements of the activity, programme or body being audited; and/or evaluates whether the transactions underlying the financial statements are legal and regular. However, according to the definition of internal auditing, internal auditors are mainly evaluating the system of internal control. Therefore internal auditors primary interest is not the accounting as such, but rather the controls which ensures the quality of accounting information and financial reporting. 4. Compliance Audit:- It evaluates the how well the organization conforms and adherences with relevant policies, plans, procedures, laws, regulations, and contracts. Usually all audits include the compliance element, because the auditor uses the laws, policies and regulations as a yardstick to measure the performance 20
  21. 21. of the organization. Therefore these guidelines do not contain separate section for compliance audit, but the aspect is included in all audit instructions later in these guidelines. STANDARDS RELATED to INTERNAL AUDIT:1. Standard on Internal Audit 1 - Planning an Internal Audit a) Internal audit plan should cover areas such as obtaining knowledge of legal and regulatory framework within which the entity operates, obtaining knowledge of the entity’s accounting and internal control systems and policies, determining the effectiveness of internal control procedures adopted by the entity, determining the nature, timing and extent of procedures to be performed, identifying activities warranting special focus based on materiality and criticality of such activities, and their overall effect on operations of the entity, identifying and allocating staff to different activities to be undertaken. b) Planning process includes obtaining knowledge of business, establishing the audit universe, establishing the objectives of engagement, establishing scope of the engagement, deciding resource allocation, preparation of audit programed. c) Plan to be finalised in consultation with the appropriate authority before commencement of the work. 2. Standard on Internal Audit 2 - Basic Principles Governing Internal Audit a) Internal auditor should adhere to the basic principles governing an internal audit. b) These principles are integrity, objectivity and independence, confidentiality, skills and competence, work performed by others, documentation, planning, internal audit evidence, accounting system and internal control, and internal audit conclusions and reporting. 21
  22. 22. 3. Standard on Internal Audit 3 - Documentation a) Internal audit documentation should be designed and properly organized to meet the requirements and circumstances of each audit. To formulate policies for standardization of internal audit documentation. b) It should be sufficiently complete and detailed for an internal auditor to obtain an overall understanding of the audit. c) It should cover engagement all the acceptance, assessment of internal important engagement controls, aspects of planning, evidence an engagement viz., risk assessment and obtained and examination / evaluation carried out, review of the findings, communication and reporting and follow up. 4. Standard on Internal Audit 4 - Reporting a) To review and assess the analysis drawn from internal audit evidence obtained as the basis for his conclusion on the efficiency and effectiveness of systems, processes and controls including items of financial statements. b) Report clearly expressing significant observations, suggestion / recommendations based on the policies, processes, risks, controls and transaction processing taken as a whole and managements responses. c) Report includes basic elements such as title, addressee, report distribution list, period of coverage of the report, opening or introductory paragraph, objectives paragraph, scope paragraph (describing the nature of an internal audit), executive summary (highlighting key material issues, observations, control weaknesses and exceptions), observations, findings and recommendations made by the internal auditor, comments from the local management, action taken report – action taken / not taken pursuant to the observations made in the previous internal audit reports, date of the report, place of signature and Internal auditor’s signature with membership number. 22
  23. 23. 5. Standard on Internal Audit 5 - Sampling a) Design and select an audit sample, perform audit procedures thereon, and evaluate sample results so as to provide sufficient appropriate audit evidence to meet the objectives of internal audit engagement unless otherwise specified by the client. b) When designing an audit sample, internal auditor should consider specific audit objectives, the population from which internal auditor wishes to sample, and the sample size. c) When determining the sample size, internal auditor should consider sampling risk, tolerable error and the expected error. 6. Standard on Internal Audit 6 - Analytical Procedures a) To apply analytical procedures as the risk assessment procedures at the planning and overall review stages of internal audit. b) Analytical procedures are analysis of significant ratios and trends including resulting investigation of fluctuations and relationships that are inconsistent with other relevant information or which deviate from predicted amounts. c) Factors to be considered for analytical procedures are significance of the area being examined, adequacy of the system of internal control, availability and reliability of financial and non–financial information, the precision with which results of analytical procedures can be predicted, availability and comparability of information regarding the industry in which the organization operates, the extent to which other auditing procedures provide support for audit results. After evaluating the aforementioned factors, internal auditor should consider and use additional auditing procedures, as necessary, to achieve the audit objective. 7. Standard on Internal Audit 7 - Quality Assurance in Internal Audit a) A system for assuring quality in internal audit should provide reasonable assurance that the internal auditors comply with professional standards, regulatory and legal requirements, so that the reports issued by them are 23
  24. 24. appropriate in the circumstance. In order to ensure compliance with the professional standards, regulatory and legal requirements, and to achieve the desired objective of internal audit, a person within the organization should be entrusted with the responsibility for the quality in the internal audit, whether done in–house or by an external agency. b) In case of in–house internal audit or a firm carrying out internal audit, the person entrusted with the responsibility for the quality in internal audit should ensure that the system of quality assurance includes policies and procedures addressing leadership responsibilities for quality in internal audit, ethical requirements, acceptance and continuance of client relationship and specific engagement, as may be applicable, human resources, engagement performance, monitoring. The quality assurance framework should cover all the elements of internal audit activity. 8. Standard on Internal Audit 8 - Terms of Internal Audit Engagement a) Internal auditor and the auditee should agree on the terms of engagement before commencement. Terms should be approved by the Board of Directors or a relevant Committee thereof such as the Audit Committee or such other person(s) as may be authorized by the Board in this regard. b) It should contain a statement in respect of the scope of internal audit engagement. c) It should clearly mention that internal auditor would not be involved in the preparation of auditee’s financial statements. It should also be made clear that the internal audit would not result in the expression of an opinion or any other form of assurance on the auditee’s financial statements or any part thereof. d) The terms of engagement should clearly mention the responsibility of the auditee vis-a-vis the internal auditor. 24
  25. 25. 9. Standard on Internal Audit 9 - Communication with Management a) Internal auditor while performing audit should communicate clearly the responsibilities of internal auditor and an overview of the planned scope and timing of audit with the management. b) Communication regarding the planned scope and timing of internal audit may assist the management to understand better the objectives of internal auditor’s work, to discuss issues of risk and materiality with internal auditor and to identify any areas in which they may request the internal auditor to undertake additional procedures, assist the internal auditor to understand the entity and its environment better. c) Different stages of communication and discussion should be:- discussion of draft; exit meeting; formal draft; and final report. 10. Standard on Internal Audit 10 - Internal Audit Evidence a) To obtain sufficient appropriate evidence to enable him to draw reasonable conclusions there from on which to base his opinion or findings. b) Scope of an internal audit is much broader in comparison to that of statutory audit. The depth of coverage of internal audit, being a management function, would also be much wider. An internal audit function normally is spread beyond checking of financial transactions and is expected to cover comments on internal control systems, risk management, propriety aspect of transactions. c) To evaluate sufficiency of appropriate audit evidence before conclusions there from. The internal audit evidence should enable internal auditor to form an opinion on the scope of the terms of engagement. 11. Standard on Internal Audit 11 - Consideration of Fraud in an Internal Audit a) An internal auditor is not expected to possess skills and knowledge of a person expert in detecting and investigating frauds, he should, however, have reasonable knowledge of factors that might increase the risk of 25
  26. 26. opportunities for frauds in an entity and exercise reasonable care and professional skepticism while carrying out internal audit. b) A system of internal control comprise of following five elements namely control environment, entity’s risk assessment process, information system and communication, control activities and monitoring of controls. It is essential for internal auditor to gain an understanding of the components of system of internal control. c) The primary responsibility for prevention and detection of frauds is that of the management of the entity. The internal auditor should, however, help the management fulfill its responsibilities relating to fraud prevention and detection. 12. Standard on Internal Audit 12 - Internal Control Evaluation a) The system of internal control must be under continuous supervision by management to determine that it is functioning as prescribed and is modified, as appropriate, for changes in environment. Internal control system extends beyond those matters which relate directly to the functions of accounting system and comprises of control environment and control activities. b) To examine the continued effectiveness of internal control system through evaluation and make recommendations, if any, for improving that effectiveness. To focus towards improving internal control structure and promoting better corporate governance. c) To obtain an understanding of significant processes and internal control systems sufficient to plan the internal audit engagement and develop an effective audit approach, assess and evaluate the maturity of entity’s internal control, assess management’s attitudes, awareness and actions regarding internal controls and their importance in the entity. 26
  27. 27. 13. Standard on Internal Audit 13 - Enterprise Risk Management a) Risk is an event which can prevent, hinder, fail to further or otherwise obstruct the enterprise in achieving its objectives. Risk may be broadly classified into Strategic, Operational, Financial and Knowledge. b) ERM is a structured, consistent and continuous process of measuring or assessing risk and developing strategies to manage risk within the risk appetite. It involves identification, assessment, mitigation, planning and implementation of risk and developing an appropriate risk response policy. Management is responsible for establishing and operating the risk management framework. c) ERM process consists of Risk identification, prioritization and reporting, Risk mitigation, Risk monitoring and assurance. The corporate risk function establishes the policies and procedures, and the assurance phase is accomplished by internal audit. The role of internal auditor is to provide assurance to management on the effectiveness of risk management. 14. Standard on Internal Audit 14 - Internal Audit in an Information Technology Environment a) The overall objective and scope of an internal audit does not change in an IT environment. However, the use of a computer changes the processing, storage, retrieval and communication of financial information and the interplay of processes, systems and control procedures. This may affect the internal control systems employed by the entity. Accordingly, and IT environment may affect the procedures followed by the internal auditor in obtaining a sufficient understanding of the processes, systems and internal control system and the auditor’s review of the entity’s risk management and continuity systems. b) To consider the effect of an IT environment on internal audit engagement, inter alia the extent to which IT environment is used to record, compile, process and analyse information and the system of internal control in existence in the entity with regard to flow of authorised, correct and 27
  28. 28. complete data to the processing centre, the processing, analysis and reporting tasks undertaken in the installation and the impact of computer– based accounting system on the audit trail that could otherwise be expected to exist in an entirely manual system. c) To have sufficient knowledge of information technology systems to plan, direct, supervise, control and review the work performed. The sufficiency of knowledge would depend on the nature and extent of the IT environment. 15. Standard on Internal Audit 15 - Knowledge of the Entity and its Environment a) To obtain knowledge of the economy, entity’s business and its operating environment, including its regulatory environment and the industry in which it operates, sufficient to enable him to review the key risks and entity– wide processes, systems, procedures and controls. To identify sufficient, appropriate, reliable and useful information to achieve the objectives of the engagement. b) Prior to accepting an engagement, the internal auditor should obtain a preliminary knowledge of the industry and of the nature of ownership, management, regulatory environment and operations of the entity subjected to internal audit, and should consider whether a level of knowledge of the entity’s business adequate to perform the internal audit can be obtained. c) Following the acceptance of the engagement, further and more detailed information should be obtained. 16. Standard on Internal Audit 16 - Using the Work of an Expert a) To obtain technical advice and assistance from competent experts if the internal audit team does not possess necessary knowledge, skills, expertise or experience needed to perform all or part of the internal audit engagement. b) When the internal auditor uses the work of an expert, he should satisfy himself about the competence, objectivity and independence of such expert and consider the impact of such assistance or advice on the overall result 28
  29. 29. of internal audit engagement, especially in cases where the outside expert is engaged by senior management or those charged with governance. c) When determining whether to use the work of an expert or not, internal auditor should consider the materiality of the item being examined, the nature and complexity of the item including the risk of error therein, the other internal audit evidence available with respect to the item. 17. Standard on Internal Audit 17 - Consideration of Laws and Regulations in an Internal Audit a) It is the primary responsibility of management, with the oversight of those charged with governance, to ensure that the entity’s operations are conducted in accordance with the provisions of laws and regulations, including compliance with the provisions of laws and regulations that determine the reported amounts and disclosures in an entity’s financial statements. b) The objectives of the internal auditor are to obtain sufficient appropriate audit evidence regarding compliance with the provisions of those laws and regulations determination generally of recognised material to amounts have and a direct disclosures effect in the on the financial statements, to perform specified audit procedures to help identify instances of non-compliance with other laws and regulations that may have a significant impact on the functioning of the entity and to respond appropriately to non-compliance or suspected non-compliance with laws and regulations identified during the internal audit. 29
  30. 30. COST CONTROL:Cost control and reduction refers to the efforts business managers make to monitor, evaluate, and trim expenditures. These efforts might be part of a formal, company-wide program or might be informal in nature and limited to a single individual or department. In either case, however, cost control is a particularly important area of focus for small businesses, which often have limited amounts of time and money. In a small business the focus is often on selling and servicing the customer. This leaves the task of purchasing slightly sidetracked. Even seemingly insignificant expenditures - for items like office supplies, telephone bills, or overnight delivery services - can add up for small businesses. On the plus side, these minor expenditures can often provide sources of cost savings. Cost control refers to management's effort to influence the actions of individuals who are responsible for performing tasks, incurring costs, and generating revenues. First managers plan the way they want people to perform, then they implement procedures to determine whether actual performance complies with these plans. Cost control is a continuous process that begins with the annual budget. As the fiscal year progresses, management compares actual results to those projected in the budget and incorporates into the new plan the lessons learned from its evaluation of current operations. Through the budget process and accounting controls, management establishes overall company objectives, defines the centers of responsibility, and determines specific objectives for each responsibility center, and designs procedures and standards for reporting and evaluation. Cost control is the practice of managing and/or reducing business expenses. Cost controls starts by the businesses identifying what their costs are and evaluate whether those costs are reasonable and affordable. Then, if necessary, they can look for ways to cut costs through methods such as cutting back, moving to a less expensive plan or changing service providers. The cost control process seeks to manage expenses ranging from phone, internet and utility bills to employee payroll and outside professional services. To be profitable, companies must not only earn revenues, but also control costs. If costs are too high, profit margins will be too low, making it difficult for a company to succeed against its competitors. In the case of a public company, if costs are too high, the 30
  31. 31. company's may find that its share price is depressed and that it is difficult to attract investors. The following are some simple successful cost control methods:1. Review and Modify Business Model:- There is a great, economically and commercially successful business model, that is used to lay down the foundations of any company. The business model must be however subject to small and big changes. It means as a manager, you should subject the business model to changes according to your competitors actions and markets status. By the term change, I also mean that you should be upgrading and improving all possible business operations. You need to come up with new process and procedures to reduce costs. 2. Daily Updates:- One of the best ways to start controlling costs it to have daily updates of production, all possible long and short term expenditures. Divide all these expenditures, even the ones such cost of machinery or insurance, and sales, by the number of working days. This will give you a concrete figure of the total amount that has been spent. Similarly after sales of your goods or services, you may also divide the total amount of sales by the number of working days. This will give you a micro figure about the daily expenditure and sales. It will definitely help you to zero down on all possible cost problems that you incur. 3. Uniformity:- Cost control management is all about deriving the best outputs in a least cost. Hence, set up a highly efficient and specialized stores department which will oversee all purchases. You may also take a risk and make long term agreements regarding the quality and quantity of materials that are being supplied to your manufacturing process. This uniformity will ensure a timely, cheap and assured supply of raw materials. 4. Time Planning:- Time is money! Well divide the amount of wages that you give out with the number of work hours per month. Explain to the employees per hour expenditures that you incur, and hence the necessity for time management. You may also install good cost control systems, in order to help your employees to manage their work hours well. A cost control software will also work wonders in the finance and accounting department. 31
  32. 32. 5. Renegotiate all Contracts Annually:- For whatever reason, businesses presume that multiple year contracts will result in lower costs. Maybe sometimes, but not always. A smart company policy is not to have the life of a contract exceed one year. This forces annual bidding or at least renewal discussions with the current suppliers. Almost always these discussions will result in lower cost of goods. A multi-year contract will usually favor the vendor. Of course this is a lot of work, but it sure pays out. 6. Ask your Customers:- Annual planning sessions with customers have many benefits. Naturally these discussions primarily should focus on ways to grow the business. But too often these discussions fail to address costs. By discussing costs holistically up and down the combined supply chains, customers often can recommend ways to reduce costs. For example, how to take wasted steps out of the process, or how to plan jointly to smooth production, or maybe even how to change the product mix to get rid of costly items and replace them with some that are more profitable. Talking to the customer is never a bad thing. But talking about how to jointly improve business deepens the relationship, shows them you care, and helps reduce costs for both parties. 7. Match terms with turns:- Each item in your inventory moves at a different rate, and yet suppliers normally apply a one size fits all approach to payment terms. You can reduce your working capital to zero if payment terms were matched with the inventory turns of each item. By negotiating this into your contracts it incents the suppliers only to sell the best moving items and to work with you to improve inventory productivity. The results will free up cash that can be deployed elsewhere in the business and improve profits. 8. Ask Vendors to own their Inventory:- Better even than matching terms with turns is to have the vendors keep title to their inventory until sold. Normally inventory acquired from a vendor is held in your warehouse for use in manufacturing conversion or resale to your customers. But why think of it as your inventory, it hasn’t been used yet so why isn’t it their inventory. Best planning results in “just-in-time” delivery so there is no inventory. But this isn’t always possible, for instance, in industries like retail where that inventory is 32
  33. 33. necessary for your own customers. But again, why are you paying them and then sitting on their inventory. They need to own the inventory until time of sale. This is commonly referred to as “scan based trading” or “just-in-time trading.” INTERNAL AUDIT and COST CONTROL:Many organizations focus their cost reduction efforts around the numbers. This is the reason why cost reduction initiatives are regarded as the sole domain of the financial community. Cost cutting is often no more than a review of the budget, the introduction of a saving against each line item, and then monitoring actual versus planned spend. There is no problem with this approach if it is short-term cuts that are wanted. It is easy to reduce costs by a small amount on each line item by delaying expenditure into a future period. However, these are not real savings and the organization loses the opportunity to review underlying business practices during difficult economic periods that have the potential to create sustainable cost savings. Once the pressure is off, these “so called” cost savings quickly come back into the budgets and management are none the wiser. This is the tactical response to cost cutting. It can be done and it does have benefits but these are mainly short term in nature. On the other hand, organizations that approach their cost reduction efforts in a strategic manner have the opportunity to significantly strengthen their competitive position from a cost perspective rather than just survive the current economic downturn. Activity-based cost reduction is a strategic response to cost cutting that provides sustainable benefits. This means the focus shifts from the individual line items on the income statement or balance sheet toward the underlying activities that drive the expenditure. Once these underlying activities are understood, it is relatively easy to identify and prioritize improvements that will have a larger and longer-term impact on the business. The biggest risk for any major initiative is the ability of the organization to sustain the benefits. In a survey of 115 multinationals taken from the Financial Times Stock Exchange’s top 350 companies, it was found that 70% could not sustain the benefits of their cost reduction efforts beyond two years. Often this is due to the fact that the 33
  34. 34. changes introduced are not continuously re-enforced through regular, visible reporting of the key measures that determined success in the beginning. The organization loses sight of those aspects that were considered essential when the program was first introduced. This is where the internal audit function can play a significant role. The internal audit function should be an integral part of any strategic cost reduction program because it can ensure the redesigned business processes, activities and structures (if any) remain responsive to the risks, and are embedded in the business methods and practices. The value that can be achieved by the inclusion of the internal audit function is immense, as it can support a number of strategic objectives, including the following: 1. Achieving buy-in to the cost reduction program from a broader group of stakeholders. 2. Improving visibility at management, executive and board levels by ensuring internal audit reports include commentary on the cost cutting initiatives. 3. Identifying the risks and implications of cost reduction initiatives. 4. Providing valuable input and insight into the key processes and activities that drive certain costs. 5. Identifying critical improvement drivers to keep the business focused on priority areas. 6. Bringing a process and control capability to the overall program. 7. Monitoring and evaluating key performance indicators on a continuous basis. 8. Developing regular reviews as part of the annual internal audit plan to support sustainability. 9. Providing an objective view point on the proposed initiatives prior to, during and after the introduction of the cost cutting program. 10. Reporting on the benefits realized by the program. As an example, overtime cost was considered to be excessive in one very large organization. Certain employees were actually earning more by way of overtime pay than from their regular salaries. Management decided to cut this cost, especially as difficult economic circumstances were resulting in lower business activity levels. As a result of the increased focus on overtime pay together with more regular reporting, the cost began 34
  35. 35. to show a reducing trend. However, as often happens, the moment the emphasis changed to other significant areas and the level of scrutiny reduced, the cost of overtime began to increase. This example highlights the need for much more effort in understanding and changing the underlying reasons for a particular cost rather than simply focusing on the cost itself. For example, travel expenditure may be under review and the finance manager might request a saving of 20% in the following year’s budget. One approach would simply be to cut the number of trips by an average of 20%, and the target would be achieved with no difficulty. Except during the following year, when the pressure is off, the costs will creep back into the system and the benefits of the saving will be short lived. An alternative approach, in addition to the above action (which is a very good starting point), would be to review and redesign the underlying activities that drive travel expenditure in order to change the way the organization operates. This would have the effect of sustaining the saving over a much longer term and ultimately gain the organization competitive advantage. The following questions in relation to travel expenses should also be asked:1. What is the breakdown of the travel expense ? (In order to understand the makeup of the cost and where to focus improvement efforts.) 2. What activities are performed that result in these costs being incurred ? 3. Why do these activities need to be performed and do they add value to the business ? And how can the benefit or value of the activity be determined ? 4. What are the interdependencies and risks of changing these activities ? 5. Is there a better way to achieve the same or even a better result, e.g., scenario or option planning ? 6. What should the targeted cost be, taking into account potential improvements ? 7. What needs to be done to redesign the approach to travel to enhance the process and reduce the cost ? 8. What controls or performance measures need to be introduced to ensure sustainable success ? 9. How will the performance of the activities be reported to ensure that the costs don’t creep back into the system ? 10. Who will sponsor the change program ? 35
  36. 36. This simple example demonstrates how cost cutting is much more than just the elimination of expenses from a budget. It is a strategic adjustment that may well have a material impact on how an organization does business. Working through this approach in a meticulous way, organizations are more likely to achieve substantial benefits over the longer term by identifying significant improvement areas. After an exercise similar to that described is performed, it is possible to prepare a much more informed budget for the next period, which will recognize the embedded savings derived. All too often budgets are simply a derivative of the previous period plus an adjustment for perceived economic and market changes. In fact, it is recommended that three year rolling budgets be introduced, showing the expenditure trends and the benefits derived from any cost saving initiatives over a longer term. Unfortunately, many organizations leave the cost reduction program in the hands of the financial community which also has many other priorities. This results in a number of quick wins and short-term benefits but often fails to achieve the longer-term sustainable impact that could make a strategic difference to the entity. Organizations that view cost reduction initiatives as a strategic imperative that could potentially result in a competitive advantage, and that approach the overall effort in an inclusive and methodical manner, will be much stronger when the economic cycle turns. No one yet knows who will survive, who will thrive, and who will disappear during the current downturn - only time will tell. Nonetheless, those organizations that approach cost reduction with the right mindset have a better chance of success than those which simply tamper on the periphery. 36
  37. 37. CONCLUSION:The internal auditor should check whether proper operating standards and norms have been established for cost control and reduction. They should be detailed enough to be identifiable with specific operating responsibilities and should be capable of being used by operating personnel for monitoring and evaluating their performance. The internal auditor should review the methods of establishing the operating standards and norms. He should carefully examine the assumptions made while setting the standards to ensure that they are appropriate and necessary. The variances should be examined to evaluate whether or not the standards and norms are practical. Where there is a wide divergence between actual performance and the corresponding standards, reasons may be looked into. The system of identification and analysis of deviations from standards should be examined. The internal auditor should examine whether analysis of variances is communicated to those concerned in time. He should also examine whether in communicating the variances serious matters are highlighted and whether exceptional variances are communicated more expeditiously than is done in the normal course. As a part of evaluating resources utilization, identifying the facilities which are under-utilized is an important function of the internal auditor. Such instances may consist of underutilized machines, unoccupied storage space, huge cash or bank balances, idle man power etc. The internal auditor may also identify understaffing and overstaffing in various areas as these prevent optimum use of resources. While commenting on staffing, the internal auditor should pay special attention to nonproductive work being performed. This would require an enquiry into the job descriptions of employees combined with an intelligent observation of the work being done. Finally the internal auditor should review all procedures with reference to their costs and benefits. One of the factors resulting in inefficiency is that in many cases procedures become hindrance to operations. 37
  38. 38. BIBLOGRAPHY:1) AUDITING books of ICAI. 2) COSTING books of ICWAI. 3) 4) 5) 6) 38