SlideShare a Scribd company logo

Introduction to internal auditing

Download as PPTX, PDF
David Griffiths
David Griffiths

What is the purpose of internal auditing? How important is it to the business? How are internal audits planned and carried out? These slides show the relevance of internal audit to the business, how internal audits relate to the objectives and risks of the business, how they are planned and the work involved in an internal audit. Further advice is available from www.internalaudit.biz

Business
1 of 25
An introduction to internal auditing
An introduction to internal auditing • This slide is not to be shown • The slide show aims to provide an introduction to internal auditing. • The notes give more information on each slide. • The slides and the notes will need changing for your organization. • The slide presentation is not automatic, you will need to click through it. • There are 25 slides, which should take around 25 minutes to show (excluding questions). • Some slides have animations. • For more details about the internal audit processes see the free books available from www.internalaudit.biz. 08/06/2019 2
An introduction to internal auditing From www.internalaudit.biz
Contents • The organization • The objectives and risks • The responses to risks • The purpose of internal auditing • Internal audit’s opinions • Audit planning • The individual audit • The periodic summary report 08/06/2019 4
Internal Auditing 08/06/2019 5
The organization It has ‘stakeholders’ – people who are interested in what it delivers. They may be investors, owners, suppliers, customers, employees. 08/06/2019 6
The organization It has a governing board – people who are responsible for delivering what the stakeholders want. They may be directors, trustees, partners. 08/06/2019 7
The organization So stakeholders have objectives which they expect the governing board to deliver. These objectives may be to increase profits, deliver food to famine areas or recruit more students. 08/06/2019 8
The objectives Unfortunately the achievement of these objectives is threatened by circumstances called risks. These risks may be: competitors launching new products, floods destroying roads or poor exam results. 08/06/2019 9
The objectives These risks require responses to mitigate them to a level which should enable the objectives to be achieved. This risk level is known as the ‘risk appetite’ of the organization. 08/06/2019 10
The responses The responses (controls) to mitigate risks are: • Terminate the operation causing the risk (stop manufacturing a dangerous product). • Transfer the risk (insure against the risk, such as a fire). • Treat the risk by having processes to reduce them (known as ‘internal controls’) • Tolerate the risk if it is too expensive to use one of the above responses - but have a contingency plan. 08/06/2019 11
The responsibilities Who has the responsibility for: • Objectives? The stakeholders and governing board specify the objectives. • Risks? The governing board and management identify the risks hindering the achievement of the objectives. • Responses? The governing board and management decide on the responses to be taken to reduce the risks to a level they consider acceptable. We can refer to the above processes as the internal control framework. 08/06/2019 12
The worries How do the stakeholders and governing board know that their objectives will be achieved because the responses are sufficient and operating? 08/06/2019 13
Internal audit Their worries are much reduced because the organization has an 08/06/2019 14
Internal auditing So what is the purpose of internal auditing? Internal auditing provides an independent and rational opinion to an organization as to whether it is likely to achieve its objectives, based on the management of opportunities and risks. This can be called, ‘Objective focused internal auditing’. 08/06/2019 15
Internal auditing The main aim of internal auditing is to assist the organization to achieve its objectives The management of an organization have Objectives An internal control is a process which manages a risk Internal auditing provides an independent and rational opinion to an organization as to whether it is likely to achieve its objectives, based on the management of opportunities and risks. . A risk is a set of circumstances that hinder the achievement of an objective 08/06/2019 16
The opinion What opinion does the internal audit department provide? It provides an answer to the question: Will the organization achieve its objectives because risks are being managed to acceptable levels? What does it need to answer this question?... 08/06/2019 17
The opinion In order to come to its opinion about the management of risks, internal audit needs to be sure that management: – Have implemented controls to bring the risks to below the risk appetite. – Have therefore identified the risks which require controls. – Have specified the objectives which are threatened by the risks. 08/06/2019 18
The opinions • Internal audit has therefore to assess the organization’s internal control framework: – Has the governing body and management established clear objectives? – Have managers been trained to identify and assess risks? – Have controls been implemented to reduce these risks to a level considered acceptable by the governing body? • Based on the answers to these, and other, questions internal audit can decide on whether to plan audits based on the organization’s risk assessment. • If it can’t plan audits because risks have not been identified and assessed, it needs to consult the governing body for guidance. 08/06/2019 19
The audit plan • If internal audit can plan, it will identify audits required based on the assessed risks and discuss this plan with management. • This plan will be updated when management identify emerging risks. • The audits in the plan should provide the governing body with the overall opinion they need to report on the adequacy of risk management to their stakeholders. • The internal audit plan will therefore cover all functions within an organization. 08/06/2019 20
The individual audit • The plan consists of individual audits which will: – Deliver an opinion on whether particular objectives are likely to be achieved. – Be based on work to examine whether • Management has established a proper internal control framework in the functions delivering the objectives. • Controls mitigating the risks which threaten the objective(s) are sufficient and operating. – Check that action is being taken to ensure the objectives will be achieved. • Audit work will: – Check that objectives have been specified and risks identified and assessed. – Check that controls are sufficient and operating to bring these risks to within the organization’s risk appetite. 08/06/2019 21
The individual audit • The stages of the audit will be: – Planning the audit. – Obtaining information about the functions/departments involved. – Agreeing the scope of the audit with management. – Introducing the audit to all the staff likely to be involved. – Checking the internal control framework established by management. – Documenting the objectives, risks and controls, using the internal control framework as a basis. – Testing that the internal controls are sufficient and operating. – Discussing the findings with management. – Issuing a draft report for discussion which gives an opinion as to whether the objective(s) of the functions/departments being audited are likely to be achieved. (if the objectives are not likely to be achieved because some risks are above the risk appetite, the opinions on the next slide will be given). – Issuing the final report to management and senior management, as appropriate. 08/06/2019 22
The individual audit If the objectives are not likely to be achieved because some risks are above the risk appetite the individual audit opinion will answer the questions: • Has management established a proper internal control framework? That is: – specified their objectives? – identified the risks threatening these objectives? – established controls which should reduce the risks to acceptable levels? • Are these controls sufficient and operating to bring the risks to below the risk appetite and ensure the achievement of the related objective? • Where necessary, is action being taken which will bring the risks to below the risk appetite and ensure the achievement of the objective? 08/06/2019 23
Periodic summary report The internal audit department will issue summary reports from individual audits giving opinions on whether: • Objectives are being achieved. • The risks above the board's risk appetite (‘significant’ risks) have been identified, evaluated and managed. • The internal control framework has been effective in managing the significant risks, having regard, in particular, to any major deficiencies in internal control that have been reported. • Necessary actions are being taken promptly to remedy any major deficiencies. • Whether the audit plan, agreed with the audit committee at the start of the year, has been achieved. If it has not, why not. (If the report is an interim one, the progress towards achieving the plan). 08/06/2019 24
Internal auditing (Further information from www.internalaudit.biz) 08/06/2019 25

Recommended

Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit ppt
Ibrahim Jimalle
 
Basic Internal Auditing Presentation
Basic Internal Auditing PresentationBasic Internal Auditing Presentation
Basic Internal Auditing Presentation
Vernon Benjamin
 
Basic Internal Auditing Presentation
Basic Internal Auditing PresentationBasic Internal Auditing Presentation
Basic Internal Auditing Presentation
Vernon Benjamin
 
The role of internal audit department
The role of internal audit departmentThe role of internal audit department
The role of internal audit department
Salih Islam
 
Internal Audit Methodology
Internal Audit MethodologyInternal Audit Methodology
Internal Audit Methodology
Manoj Agarwal
 
Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit ppt
Letzconsult.com
 
Internal Auditor Roles
Internal Auditor RolesInternal Auditor Roles
Internal Auditor Roles
Iyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP
 
The Internal Audit Framework
The Internal Audit FrameworkThe Internal Audit Framework
The Internal Audit Framework
Ahmad Tariq Bhatti
 

Recommended

Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit ppt
Ibrahim Jimalle
 
Basic Internal Auditing Presentation
Basic Internal Auditing PresentationBasic Internal Auditing Presentation
Basic Internal Auditing Presentation
Vernon Benjamin
 
Basic Internal Auditing Presentation
Basic Internal Auditing PresentationBasic Internal Auditing Presentation
Basic Internal Auditing Presentation
Vernon Benjamin
 
The role of internal audit department
The role of internal audit departmentThe role of internal audit department
The role of internal audit department
Salih Islam
 
Internal Audit Methodology
Internal Audit MethodologyInternal Audit Methodology
Internal Audit Methodology
Manoj Agarwal
 
Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit ppt
Letzconsult.com
 
Internal Auditor Roles
Internal Auditor RolesInternal Auditor Roles
Internal Auditor Roles
Iyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP
 
The Internal Audit Framework
The Internal Audit FrameworkThe Internal Audit Framework
The Internal Audit Framework
Ahmad Tariq Bhatti
 
Internal Audit Reporting
Internal Audit ReportingInternal Audit Reporting
Internal Audit Reporting
SALIH AHMED ISLAM
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
Ahmad Tariq Bhatti
 
Common internal audit findings & how to avoid them
Common internal audit findings & how to avoid themCommon internal audit findings & how to avoid them
Common internal audit findings & how to avoid them
Surajit Datta
 
Ia training
Ia trainingIa training
Ia training
Superior University
 
Internal Audit Manual
Internal Audit ManualInternal Audit Manual
Internal Audit Manual
David Griffiths
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
Jami Martin
 
MEASURING INTERNAL AUDIT PERFORMANCE
MEASURING INTERNAL AUDIT PERFORMANCEMEASURING INTERNAL AUDIT PERFORMANCE
MEASURING INTERNAL AUDIT PERFORMANCE
bbongio
 
An introduction to internal auditing
An introduction to internal auditingAn introduction to internal auditing
An introduction to internal auditing
grifff
 
Internal audit
Internal auditInternal audit
Internal audit
Rahul Mithia
 
Risk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling TechniquesRisk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling Techniques
Manoj Agarwal
 
Risk based internal auditing
Risk based internal auditing Risk based internal auditing
Risk based internal auditing
Frederick Altum Pokoo-Aikins
 
Standards of Internal Audit
Standards of Internal AuditStandards of Internal Audit
Standards of Internal Audit
Karan Puri
 
Internal audit report writing
Internal audit report writingInternal audit report writing
Internal audit report writing
Neha Kothari
 
Process Audit and ISO
Process Audit and ISOProcess Audit and ISO
Process Audit and ISO
Sadafhazel
 
Basic internal auditing
Basic internal auditingBasic internal auditing
Basic internal auditing
Khalid Aziz
 
Internal audit
Internal auditInternal audit
Internal audit
Shoab Malek (Certified Quality Auditor)
 
Ch 9. Internal Audit
Ch 9. Internal AuditCh 9. Internal Audit
Ch 9. Internal Audit
Sazzad Hossain, ITP, MBA, CSCA™
 
Internal audit
Internal auditInternal audit
Internal audit
iPleaders - Re-engineering Legal education, New Delhi
 
Proposal risk based internal audit 2013
Proposal risk based internal audit 2013Proposal risk based internal audit 2013
Proposal risk based internal audit 2013
Nidhi Gupta
 
Presentation on Audit Findings
Presentation on Audit FindingsPresentation on Audit Findings
Presentation on Audit Findings
Deshapriya Senanayake
 
The Role of Internal Audit
The Role of Internal AuditThe Role of Internal Audit
The Role of Internal Audit
ArmeniaFED
 
For model i 4a - 11 - risk assessment in the internal audit department
For model i 4a - 11 - risk assessment in the internal audit departmentFor model i 4a - 11 - risk assessment in the internal audit department
For model i 4a - 11 - risk assessment in the internal audit department
Rajeswaran Muthu Venkatachalam
 

More Related Content

What's hot

Common internal audit findings & how to avoid them
Common internal audit findings & how to avoid themCommon internal audit findings & how to avoid them
Common internal audit findings & how to avoid them
Surajit Datta
 
MEASURING INTERNAL AUDIT PERFORMANCE
MEASURING INTERNAL AUDIT PERFORMANCEMEASURING INTERNAL AUDIT PERFORMANCE
MEASURING INTERNAL AUDIT PERFORMANCE
bbongio
 
Risk based internal auditing
Risk based internal auditing Risk based internal auditing
Risk based internal auditing
Frederick Altum Pokoo-Aikins
 
Proposal risk based internal audit 2013
Proposal risk based internal audit 2013Proposal risk based internal audit 2013
Proposal risk based internal audit 2013
Nidhi Gupta
 

What's hot (20)

Internal Audit Reporting
Internal Audit ReportingInternal Audit Reporting
Internal Audit Reporting
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
 
Common internal audit findings & how to avoid them
Common internal audit findings & how to avoid themCommon internal audit findings & how to avoid them
Common internal audit findings & how to avoid them
 
Ia training
Ia trainingIa training
Ia training
 
Internal Audit Manual
Internal Audit ManualInternal Audit Manual
Internal Audit Manual
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
 
MEASURING INTERNAL AUDIT PERFORMANCE
MEASURING INTERNAL AUDIT PERFORMANCEMEASURING INTERNAL AUDIT PERFORMANCE
MEASURING INTERNAL AUDIT PERFORMANCE
 
An introduction to internal auditing
An introduction to internal auditingAn introduction to internal auditing
An introduction to internal auditing
 
Internal audit
Internal auditInternal audit
Internal audit
 
Risk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling TechniquesRisk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling Techniques
 
Risk based internal auditing
Risk based internal auditing Risk based internal auditing
Risk based internal auditing
 
Standards of Internal Audit
Standards of Internal AuditStandards of Internal Audit
Standards of Internal Audit
 
Internal audit report writing
Internal audit report writingInternal audit report writing
Internal audit report writing
 
Process Audit and ISO
Process Audit and ISOProcess Audit and ISO
Process Audit and ISO
 
Basic internal auditing
Basic internal auditingBasic internal auditing
Basic internal auditing
 
Internal audit
Internal auditInternal audit
Internal audit
 
Ch 9. Internal Audit
Ch 9. Internal AuditCh 9. Internal Audit
Ch 9. Internal Audit
 
Internal audit
Internal auditInternal audit
Internal audit
 
Proposal risk based internal audit 2013
Proposal risk based internal audit 2013Proposal risk based internal audit 2013
Proposal risk based internal audit 2013
 
Presentation on Audit Findings
Presentation on Audit FindingsPresentation on Audit Findings
Presentation on Audit Findings
 

Similar to Introduction to internal auditing

For model i 4a - 11 - risk assessment in the internal audit department
For model i 4a - 11 - risk assessment in the internal audit departmentFor model i 4a - 11 - risk assessment in the internal audit department
For model i 4a - 11 - risk assessment in the internal audit department
Rajeswaran Muthu Venkatachalam
 
Measuring the impact of Internal Audit
Measuring the impact of Internal Audit Measuring the impact of Internal Audit
Measuring the impact of Internal Audit
Huzeifa Unwala
 
IACON Internal Audit Obligations under Solvency II June 2013
IACON Internal Audit Obligations under Solvency II June 2013IACON Internal Audit Obligations under Solvency II June 2013
IACON Internal Audit Obligations under Solvency II June 2013
Susan Young
 
Kaneshiro Slides and enterprise ris managent
Kaneshiro Slides and enterprise ris managentKaneshiro Slides and enterprise ris managent
Kaneshiro Slides and enterprise ris managent
avinashchauhan70462
 
Risk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches WebinarRisk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches Webinar
Aviva Spectrum™
 
Stress Testing Conference - FinRep 6.23.15
Stress Testing Conference - FinRep 6.23.15Stress Testing Conference - FinRep 6.23.15
Stress Testing Conference - FinRep 6.23.15
Robert Fournier
 

Similar to Introduction to internal auditing (20)

The Role of Internal Audit
The Role of Internal AuditThe Role of Internal Audit
The Role of Internal Audit
 
For model i 4a - 11 - risk assessment in the internal audit department
For model i 4a - 11 - risk assessment in the internal audit departmentFor model i 4a - 11 - risk assessment in the internal audit department
For model i 4a - 11 - risk assessment in the internal audit department
 
Measuring the impact of Internal Audit
Measuring the impact of Internal Audit Measuring the impact of Internal Audit
Measuring the impact of Internal Audit
 
IACON Internal Audit Obligations under Solvency II June 2013
IACON Internal Audit Obligations under Solvency II June 2013IACON Internal Audit Obligations under Solvency II June 2013
IACON Internal Audit Obligations under Solvency II June 2013
 
Understanding and Managing Risks in Management Systems Auditing
Understanding and Managing Risks in Management Systems AuditingUnderstanding and Managing Risks in Management Systems Auditing
Understanding and Managing Risks in Management Systems Auditing
 
Kaneshiro Slides and enterprise ris managent
Kaneshiro Slides and enterprise ris managentKaneshiro Slides and enterprise ris managent
Kaneshiro Slides and enterprise ris managent
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated framework
 
Risk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches WebinarRisk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches Webinar
 
Audit And Assurance Company On A Budget.pdf
Audit And Assurance Company On A Budget.pdfAudit And Assurance Company On A Budget.pdf
Audit And Assurance Company On A Budget.pdf
 
Advanced auditing lecture lecture 3 Audit planning.pptx
Advanced auditing lecture lecture 3 Audit planning.pptxAdvanced auditing lecture lecture 3 Audit planning.pptx
Advanced auditing lecture lecture 3 Audit planning.pptx
 
Isa 200&240 ppt
Isa 200&240 pptIsa 200&240 ppt
Isa 200&240 ppt
 
financial statements and audit
financial statements and auditfinancial statements and audit
financial statements and audit
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal Audit
 
Stress Testing Conference - FinRep 6.23.15
Stress Testing Conference - FinRep 6.23.15Stress Testing Conference - FinRep 6.23.15
Stress Testing Conference - FinRep 6.23.15
 
Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)
 
PPA - Unit 8 - Auditing Standards and Procedures
PPA - Unit 8 - Auditing Standards and ProceduresPPA - Unit 8 - Auditing Standards and Procedures
PPA - Unit 8 - Auditing Standards and Procedures
 
Acc 640 final project guidelines and rubric
Acc 640 final project guidelines and rubricAcc 640 final project guidelines and rubric
Acc 640 final project guidelines and rubric
 
Wiley section.pptx
Wiley section.pptxWiley section.pptx
Wiley section.pptx
 
CMA Part 1: Planning, Budgeting and Forecasting
CMA Part 1: Planning, Budgeting and Forecasting CMA Part 1: Planning, Budgeting and Forecasting
CMA Part 1: Planning, Budgeting and Forecasting
 
Auditing activities of microfinance institutions
Auditing activities of microfinance institutionsAuditing activities of microfinance institutions
Auditing activities of microfinance institutions
 

Recently uploaded

obat aborsi bandung wa 081336238223 jual obat aborsi cytotec asli di bandung9...
obat aborsi bandung wa 081336238223 jual obat aborsi cytotec asli di bandung9...obat aborsi bandung wa 081336238223 jual obat aborsi cytotec asli di bandung9...
obat aborsi bandung wa 081336238223 jual obat aborsi cytotec asli di bandung9...
yulianti213969
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
daisycvs
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
uneakwhite
 
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Puja Sharma
 
KOTA 💋 Call Girl 9827461493 Call Girls in Escort service book now
KOTA 💋 Call Girl 9827461493 Call Girls in Escort service book nowKOTA 💋 Call Girl 9827461493 Call Girls in Escort service book now
KOTA 💋 Call Girl 9827461493 Call Girls in Escort service book now
kapoorjyoti4444
 
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan CytotecJual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
ZurliaSoop
 
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book nowPARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
kapoorjyoti4444
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
daisycvs
 

Recently uploaded (20)

obat aborsi bandung wa 081336238223 jual obat aborsi cytotec asli di bandung9...
obat aborsi bandung wa 081336238223 jual obat aborsi cytotec asli di bandung9...obat aborsi bandung wa 081336238223 jual obat aborsi cytotec asli di bandung9...
obat aborsi bandung wa 081336238223 jual obat aborsi cytotec asli di bandung9...
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
 
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptxQSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1
 
WheelTug Short Pitch Deck 2024 | Byond Insights
WheelTug Short Pitch Deck 2024 | Byond InsightsWheelTug Short Pitch Deck 2024 | Byond Insights
WheelTug Short Pitch Deck 2024 | Byond Insights
 
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
 
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
 
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 MonthsSEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
 
KOTA 💋 Call Girl 9827461493 Call Girls in Escort service book now
KOTA 💋 Call Girl 9827461493 Call Girls in Escort service book nowKOTA 💋 Call Girl 9827461493 Call Girls in Escort service book now
KOTA 💋 Call Girl 9827461493 Call Girls in Escort service book now
 
Puri CALL GIRL ❤️8084732287❤️ CALL GIRLS IN ESCORT SERVICE WE ARW PROVIDING
Puri CALL GIRL ❤️8084732287❤️ CALL GIRLS IN ESCORT SERVICE WE ARW PROVIDINGPuri CALL GIRL ❤️8084732287❤️ CALL GIRLS IN ESCORT SERVICE WE ARW PROVIDING
Puri CALL GIRL ❤️8084732287❤️ CALL GIRLS IN ESCORT SERVICE WE ARW PROVIDING
 
Berhampur Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Berhampur Call Girl Just Call 8084732287 Top Class Call Girl Service AvailableBerhampur Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Berhampur Call Girl Just Call 8084732287 Top Class Call Girl Service Available
 
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAIGetting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
 
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTSJAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
 
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan CytotecJual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
 
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book nowPARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
 
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTS
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTSDurg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTS
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTS
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
Buy gmail accounts.pdf buy Old Gmail Accounts
Buy gmail accounts.pdf buy Old Gmail AccountsBuy gmail accounts.pdf buy Old Gmail Accounts
Buy gmail accounts.pdf buy Old Gmail Accounts
 

Introduction to internal auditing

  • 1. An introduction to internal auditing
  • 2. An introduction to internal auditing • This slide is not to be shown • The slide show aims to provide an introduction to internal auditing. • The notes give more information on each slide. • The slides and the notes will need changing for your organization. • The slide presentation is not automatic, you will need to click through it. • There are 25 slides, which should take around 25 minutes to show (excluding questions). • Some slides have animations. • For more details about the internal audit processes see the free books available from www.internalaudit.biz. 08/06/2019 2
  • 3. An introduction to internal auditing From www.internalaudit.biz
  • 4. Contents • The organization • The objectives and risks • The responses to risks • The purpose of internal auditing • Internal audit’s opinions • Audit planning • The individual audit • The periodic summary report 08/06/2019 4
  • 6. The organization It has ‘stakeholders’ – people who are interested in what it delivers. They may be investors, owners, suppliers, customers, employees. 08/06/2019 6
  • 7. The organization It has a governing board – people who are responsible for delivering what the stakeholders want. They may be directors, trustees, partners. 08/06/2019 7
  • 8. The organization So stakeholders have objectives which they expect the governing board to deliver. These objectives may be to increase profits, deliver food to famine areas or recruit more students. 08/06/2019 8
  • 9. The objectives Unfortunately the achievement of these objectives is threatened by circumstances called risks. These risks may be: competitors launching new products, floods destroying roads or poor exam results. 08/06/2019 9
  • 10. The objectives These risks require responses to mitigate them to a level which should enable the objectives to be achieved. This risk level is known as the ‘risk appetite’ of the organization. 08/06/2019 10
  • 11. The responses The responses (controls) to mitigate risks are: • Terminate the operation causing the risk (stop manufacturing a dangerous product). • Transfer the risk (insure against the risk, such as a fire). • Treat the risk by having processes to reduce them (known as ‘internal controls’) • Tolerate the risk if it is too expensive to use one of the above responses - but have a contingency plan. 08/06/2019 11
  • 12. The responsibilities Who has the responsibility for: • Objectives? The stakeholders and governing board specify the objectives. • Risks? The governing board and management identify the risks hindering the achievement of the objectives. • Responses? The governing board and management decide on the responses to be taken to reduce the risks to a level they consider acceptable. We can refer to the above processes as the internal control framework. 08/06/2019 12
  • 13. The worries How do the stakeholders and governing board know that their objectives will be achieved because the responses are sufficient and operating? 08/06/2019 13
  • 14. Internal audit Their worries are much reduced because the organization has an 08/06/2019 14
  • 15. Internal auditing So what is the purpose of internal auditing? Internal auditing provides an independent and rational opinion to an organization as to whether it is likely to achieve its objectives, based on the management of opportunities and risks. This can be called, ‘Objective focused internal auditing’. 08/06/2019 15
  • 16. Internal auditing The main aim of internal auditing is to assist the organization to achieve its objectives The management of an organization have Objectives An internal control is a process which manages a risk Internal auditing provides an independent and rational opinion to an organization as to whether it is likely to achieve its objectives, based on the management of opportunities and risks. . A risk is a set of circumstances that hinder the achievement of an objective 08/06/2019 16
  • 17. The opinion What opinion does the internal audit department provide? It provides an answer to the question: Will the organization achieve its objectives because risks are being managed to acceptable levels? What does it need to answer this question?... 08/06/2019 17
  • 18. The opinion In order to come to its opinion about the management of risks, internal audit needs to be sure that management: – Have implemented controls to bring the risks to below the risk appetite. – Have therefore identified the risks which require controls. – Have specified the objectives which are threatened by the risks. 08/06/2019 18
  • 19. The opinions • Internal audit has therefore to assess the organization’s internal control framework: – Has the governing body and management established clear objectives? – Have managers been trained to identify and assess risks? – Have controls been implemented to reduce these risks to a level considered acceptable by the governing body? • Based on the answers to these, and other, questions internal audit can decide on whether to plan audits based on the organization’s risk assessment. • If it can’t plan audits because risks have not been identified and assessed, it needs to consult the governing body for guidance. 08/06/2019 19
  • 20. The audit plan • If internal audit can plan, it will identify audits required based on the assessed risks and discuss this plan with management. • This plan will be updated when management identify emerging risks. • The audits in the plan should provide the governing body with the overall opinion they need to report on the adequacy of risk management to their stakeholders. • The internal audit plan will therefore cover all functions within an organization. 08/06/2019 20
  • 21. The individual audit • The plan consists of individual audits which will: – Deliver an opinion on whether particular objectives are likely to be achieved. – Be based on work to examine whether • Management has established a proper internal control framework in the functions delivering the objectives. • Controls mitigating the risks which threaten the objective(s) are sufficient and operating. – Check that action is being taken to ensure the objectives will be achieved. • Audit work will: – Check that objectives have been specified and risks identified and assessed. – Check that controls are sufficient and operating to bring these risks to within the organization’s risk appetite. 08/06/2019 21
  • 22. The individual audit • The stages of the audit will be: – Planning the audit. – Obtaining information about the functions/departments involved. – Agreeing the scope of the audit with management. – Introducing the audit to all the staff likely to be involved. – Checking the internal control framework established by management. – Documenting the objectives, risks and controls, using the internal control framework as a basis. – Testing that the internal controls are sufficient and operating. – Discussing the findings with management. – Issuing a draft report for discussion which gives an opinion as to whether the objective(s) of the functions/departments being audited are likely to be achieved. (if the objectives are not likely to be achieved because some risks are above the risk appetite, the opinions on the next slide will be given). – Issuing the final report to management and senior management, as appropriate. 08/06/2019 22
  • 23. The individual audit If the objectives are not likely to be achieved because some risks are above the risk appetite the individual audit opinion will answer the questions: • Has management established a proper internal control framework? That is: – specified their objectives? – identified the risks threatening these objectives? – established controls which should reduce the risks to acceptable levels? • Are these controls sufficient and operating to bring the risks to below the risk appetite and ensure the achievement of the related objective? • Where necessary, is action being taken which will bring the risks to below the risk appetite and ensure the achievement of the objective? 08/06/2019 23
  • 24. Periodic summary report The internal audit department will issue summary reports from individual audits giving opinions on whether: • Objectives are being achieved. • The risks above the board's risk appetite (‘significant’ risks) have been identified, evaluated and managed. • The internal control framework has been effective in managing the significant risks, having regard, in particular, to any major deficiencies in internal control that have been reported. • Necessary actions are being taken promptly to remedy any major deficiencies. • Whether the audit plan, agreed with the audit committee at the start of the year, has been achieved. If it has not, why not. (If the report is an interim one, the progress towards achieving the plan). 08/06/2019 24
  • 25. Internal auditing (Further information from www.internalaudit.biz) 08/06/2019 25

Editor's Notes

  1. View towards Hayling Island from Emsworth shore, Hampshire, UK at sunset.
  2. This slide is to make the presenter aware of what is available on these slides.
  3. These slides aim to provide an introduction to the process of internal auditing and how the internal audit department carries out its work. The slides are based on the free books available from www.internalaudit.biz Hello and thanks for coming!
  4. The introduction begins by looking at the organization which has/needs internal auditing. Next, the presentation describes how internal auditing can be a business advantage to an organization. It then considers what methods the internal audit department uses to provide this advantage.
  5. So let’s start by looking at your organization...
  6. Your organization has groups of people interested in how it performs – the stakeholders. They may have a direct financial stake (investors, owners), indirect financial stake (suppliers, employees, students, tax authorities) or potential financial stake (customers)
  7. Your organization has a governing board, such as directors, trustees (for a charity), senate (for a University) or partners (accountants, lawyers). This governing board is ultimately responsible to the stakeholders for delivering their objectives. In many organizations, an audit committee will carry out some of the responsibilities of the governing board. These responsibilities may involve monitoring the establishment of the risk framework and receiving internal audit reports. Internal audit should have a reporting line to the audit committee.
  8. The governing board will have to deliver the stakeholders’ objectives, and will therefore have to understand and clearly specify them. The governing board may also add their own objectives or make the stakeholders’ objectives more specific, for example specifying by how much profits should increase.
  9. A risk is a set of circumstances which hinders the achievement of an objective.
  10. Responses are actions which reduce the impact and/or probability of a risk. They may be generally referred to as ‘controls’. Ideally the impact and probability of the risk should be reduced to a level below that considered acceptable by the governing board – the ‘risk appetite’. Thus the board needs to define how the magnitude of any risk is to be measured, and specify what is acceptable in terms of the measurement system adopted.
  11. There are generally considered to be four types of possible responses to risks. Responses may generally be referred to as ‘controls’. Terminating the operation giving rise to the risk removes the risk. Transferring or treating the risk should make it acceptable (but may not do so). If the above options are not cost effective, the risk may have to be tolerated. The governing board should be made aware of these risks and contingency plans drawn up and tested in case the risk happens.
  12. Management, at the appropriate levels, have the responsibility for specifying objectives, identifying and assessing risks and implementing controls to reduce their impact/likelihood. When complete this work establishes the internal control framework Why management? Because they know their part of the business. Internal Audit may be able to help them, by running risk workshops for example and maintaining the Objectives, Risks and Controls Register, but management own the risks and are responsible for the controls managing them. Internal audit may also be available to provide specialist help, for example with financial and IT controls, as part of a consultancy role.
  13. So, at this stage we should know the Objectives Risks threatening these objectives Responses bringing these risks to an acceptable level So how do the stakeholders and board sleep well at night, knowing the responses (controls) are sufficient and are actually being operated properly?
  14. That’s the responsibility of an internal audit department!
  15. This is my ‘mission statement’ for internal auditing. The Institute of Internal Auditors has a slightly different statement: To enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight I dislike the word ‘assurance’ in this statement. Although an ‘opinion’ can be positive or negative, assurance has to be positive. This gives an expectation that internal audit will not criticise – not a good idea! Giving a opinion is completely consistent with the IIA standards (2410.A1 - Final communication of engagement results must, where appropriate, contain the internal auditors’ opinion and/or conclusions...) .
  16. So to sum up so far: The management of an organization have objectives The achievement of these objectives is hindered by risks Internal controls manage these risks The main aim of internal audit is the same as any function – to assist the organization in achieving its objectives It does this by providing an opinion about the effectiveness of controls managing risks to acceptable levels
  17. The opinion internal audit provides reflects its mission statement. ‘Managing’ of risks is a short way of expressing, ‘reducing risks by applying one of the four responses’.
  18. Internal audit cannot start planning if it does not have confidence in the internal control framework established by management, since it will not know that the controls it is to test are complete.
  19. Therefore the first task of internal audit is to assess the quality of the organization’s internal control framework. This framework can only be complete if: All objectives have been specified All risks have been identified and assessed All controls have been implemented In practice there are many questions to answer in order to assess the organization’s risk maturity. If the answers show that the controls implemented are likely to be complete, planning of audits can commence. If the answers show that controls may be missing, this opinion must be reported to the governing body/audit committee. It is possible (probable) that internal audit will be asked to facilitate the establishment of a proper internal control framework.
  20. ‘Management’ includes the audit committee and governing body. So the plan is driven out of management’s identification and assessment of risks, probably recorded in some sort of objective and risk register. IA may identify emerging risks and these should be discussed with the appropriate management and the plan changed accordingly. Local requirements might include COSO and stock exchange regulations. Internal audit will not be restricted to financial audits but will cover the entire organization. It may need specialized resources to do this and will be involved with management at all levels. It will need to be constantly aware of the organization’s development and the new objectives and risks resulting from this. It will become an essential participant in the running of the running of the organization.
  21. The individual audit provides opinions consistent with the overall opinion given to the governing board (see slide 17) Has management established a proper internal control framework? That is, has management: specified their objectives, identified the risks threatening these objectives and established controls which should reduce the risks to acceptable levels? Are these controls sufficient and operating to bring the risks to below the risk appetite and ensure the achievement of the related objective? Is action being taken which will bring the risks to below the risk appetite and ensure the achievement of the objective? The initial audit work will check that the management of the departments concerned have established a proper risk framework. Even if a good risk framework has been established by the organization, it may not have been implemented properly by all managers. If there is no proper risk framework , internal audit may have to assist management with establishing one. Once a risk framework is in place, the controls designed to mitigate the risks can be checked to ensure they are sufficient and are working.
  22. Each stage of the audit should require close cooperation with management and staff, so that they are kept informed at all times. Where risks are above the risk appetite it is likely that a ‘major deficiency’ exists. In this case further questions have to be answered - see the next slide.
  23. These questions will each have an answer: YES NO YES WITH EXCEPTIONS – this opinion means that the objective should be achieved but that cost-effective improvements could be made to the control framework.
  24. Regulations often require an ‘annual report to the board (or Board Audit Committee)' from management on the effectiveness of internal controls. The frequency and contents of the report to the audit committee will depend on internal audit's charter but will normally include the contents of the slide. This summary is very important, since it is one of the main methods that the audit committee will use to judge the competence and worth of internal audit. The CAE should ensure that the audit committee have been consulted on its format and should obtain feedback from each meeting that he/she attends. That’s the end of the presentation, which is only an introduction to internal auditing. There is much more, which can be found in the four free books on www.internalaudit.biz
  25. Time for the audience to ask any questions. Any feedback from the audience? Do they feel they have learnt something? Has their view towards internal changed? Do they considerer it more of a partner and less of a subsidiary function? Goodbye and thanks for your time!