Internal auditing departments are led by a chief audit executive ("CAE") who generally reports to the audit committee of the board of directors, with administrative reporting to the chief executive officer (In the United States this reporting relationship is required by law for publicly traded companies).
An internal audit is designed to review what a company is doing in order to identify potential threats to the organization's financial health and profitability and to make suggestions for mitigating the risk associated with those threats.
Many leaders in today’s business environment have recognized the need for internal audit to play a larger role – one that expands on its historic focus on value preservation to encompass activities related to value creation. Leading integrated internal audit functions will need to stay ahead of the risk curve rather than simply follow the business, whilst preserving the core compliance and assurance activities senior management and the audit committee require. Audit functions that focus their efforts on significant risks are able to concentrate their audit resources on issues that drive the business. This 3-day course has been designed to help internal auditors understand what is needed to make the audit function totally risk based
Internal Audit is a tool of control to measure and evaluate the effectiveness of the working of an organization primarily with accounting, financial and operational matters.
Internal Audit plays a constructive role by rendering service to the management with objective appraisal of systems, procedures, practices, compliance with policies.
LetzConsult presents a smarter ways for companies to find the most relevant Consultant for their business needs. Find the right consultants for your Company on LetzConsult.com
An internal audit is designed to review what a company is doing in order to identify potential threats to the organization's financial health and profitability and to make suggestions for mitigating the risk associated with those threats.
Many leaders in today’s business environment have recognized the need for internal audit to play a larger role – one that expands on its historic focus on value preservation to encompass activities related to value creation. Leading integrated internal audit functions will need to stay ahead of the risk curve rather than simply follow the business, whilst preserving the core compliance and assurance activities senior management and the audit committee require. Audit functions that focus their efforts on significant risks are able to concentrate their audit resources on issues that drive the business. This 3-day course has been designed to help internal auditors understand what is needed to make the audit function totally risk based
Internal Audit is a tool of control to measure and evaluate the effectiveness of the working of an organization primarily with accounting, financial and operational matters.
Internal Audit plays a constructive role by rendering service to the management with objective appraisal of systems, procedures, practices, compliance with policies.
LetzConsult presents a smarter ways for companies to find the most relevant Consultant for their business needs. Find the right consultants for your Company on LetzConsult.com
What is the purpose of internal auditing? How important is it to the business? How are internal audits planned and carried out? These slides show the relevance of internal audit to the business, how internal audits relate to the objectives and risks of the business, how they are planned and the work involved in an internal audit. Further advice is available from www.internalaudit.biz
Firstly, it will be clarify some of the misunderstandings of some of the fundamental audit concepts and principals that are implemented during the audit or planning of the audit program, focusing on audit guidelines, auditor principles, audit process principles and types of audits. Furthermore, gaining understanding of the management and preparation of an ISO 9001 audit through audit program pillars, good audit practices and prepared work documents and checklists. Outline how to conduct and close an ISO 9001 audit in a professional manner with the precise audit review.
Main points covered:
• Fundamental audit concepts and principles
• Managing an ISO 9001 audit program
• Preparation of an ISO 9001 audit
• Conduct of an ISO 9001 audit & Closing the audit
Presenter:
This webinar was presented by Kefah El-Ghobbas, PECB Certified Trainer and Organizational Development expert and operations manager at TURBO CARBO.
Link of the recorded session published on YouTube:https://youtu.be/kK8pAc3QM5E
The most comprehensive definition of internal audit is given by the IIA, USA. It is,
"Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes."
The purpose of the presentation is to provide clarification for a better understanding of what internal audit definition, objectives, functions, stages and reporting are all about? What difference does it make in the presence of an external audit? How different is its scope from that of the external audit? How internal audit standards contribute to better performance of internal audit work and its reporting to the Board or Audit Committee?
What is the purpose of internal auditing? How important is it to the business? How are internal audits planned and carried out? These slides show the relevance of internal audit to the business, how internal audits relate to the objectives and risks of the business, how they are planned and the work involved in an internal audit. Further advice is available from www.internalaudit.biz
Firstly, it will be clarify some of the misunderstandings of some of the fundamental audit concepts and principals that are implemented during the audit or planning of the audit program, focusing on audit guidelines, auditor principles, audit process principles and types of audits. Furthermore, gaining understanding of the management and preparation of an ISO 9001 audit through audit program pillars, good audit practices and prepared work documents and checklists. Outline how to conduct and close an ISO 9001 audit in a professional manner with the precise audit review.
Main points covered:
• Fundamental audit concepts and principles
• Managing an ISO 9001 audit program
• Preparation of an ISO 9001 audit
• Conduct of an ISO 9001 audit & Closing the audit
Presenter:
This webinar was presented by Kefah El-Ghobbas, PECB Certified Trainer and Organizational Development expert and operations manager at TURBO CARBO.
Link of the recorded session published on YouTube:https://youtu.be/kK8pAc3QM5E
The most comprehensive definition of internal audit is given by the IIA, USA. It is,
"Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes."
The purpose of the presentation is to provide clarification for a better understanding of what internal audit definition, objectives, functions, stages and reporting are all about? What difference does it make in the presence of an external audit? How different is its scope from that of the external audit? How internal audit standards contribute to better performance of internal audit work and its reporting to the Board or Audit Committee?
ISO 19001ISO 19001Student’s NameUniversity Name.docxpriestmanmable
ISO 19001
ISO 19001
Student’s Name
University Name
Date
Instructor’s Name
Abstract
ISO 19001 and its Scope
This is an international standard that gives guidelines necessary for management systems auditing. International Organization for Standardization is in charge and controls this mark of quality. The standard gives an organization four resources which includes;
· An elaborate explanation of all basics of management systems auditing.
· Updated information concerning the competence and evaluation of selected auditors.
· Guiding instructions on how to carry out internal and external audits.
· Guiding instructions on management of the available audit programs.
The main idea behind any management system auditing is to gather crucial evidence and this requires competent personnel. Three techniques are usually employed in getting this information. These are visual observations, physical interviews involving staff members and reading the available documents. The auditor used should be competent with the specific areas being audited and have basic training in it (Waddell, D 2005)
Internal audits
Internal audits are a function of an organization operating independently from other departments and usually reports to the appointed audit committee. They are charged with carrying out audits of the organization in all sections of the business as dictated by the annual audit plan. They are in charge of monitoring the financial flow in every department of the business. They focus on the keys issues facing the business and how well the management is working to have the problems solved. They are involved in decision making process regarding issues affecting the business that need to be improved for efficiency and increased returns. They keep the company updated at all times to make sure that finances are well utilized to maximize the returns. They generally help the company to keep going as they combine assurance and consulting services to ascertain that they achieve the very best. (Mock, TJ & Wright)
Internal auditors are professionals who are independent to the areas they carry out the audits. This is meant to reduce cases of fraud and be biasness. They must abide to a code of ethics, a core requirement for this career. They must be compliant with international standards and this increase and assures the quality of their output. They are put on mentoring and upgrading programs on regular basis to sharpen their skills and to keep them updated on upcoming issues and technology necessary for their practice.
External audits
External audits are external functions who work for an organization to carry out and confirm audits. They reside outside the governance of the business but they may at times be shareholders of the organization. Their objective is to add credibility of the financial reports earlier given by internal audits. Their coverage is mainly financial reports and other financial reporting risks. They have no responsibility in mon ...
CHAPTER-1 Information Gathering and Administration.pdfDr. Dinesh Mehta
During the audit, information relevant to the objectives, scope and criteria, including information on interfaces between functions, activities and processes, should be collected by appropriate sampling and should be verified.
The Corruption Perceptions Index (CPI) is an index published annually by Berlin-based Transparency International since 1995 which ranks countries "by their perceived levels of public sector corruption, as determined by expert assessments and opinion surveys."
The Corruption Perceptions Index (CPI) is an index published annually by Berlin-based Transparency International since 1995 which ranks countries "by their perceived levels of public sector corruption, as determined by expert assessments and opinion surveys."
The CPI generally defines corruption as "the misuse of public power for private benefit".
Here is the one for the Whole World 2020
Cpi 2020-western-europe-and-european-union-infographicSALIH AHMED ISLAM
The Corruption Perceptions Index (CPI) is an index published annually by Berlin-based Transparency International since 1995 which ranks countries "by their perceived levels of public sector corruption, as determined by expert assessments and opinion surveys."
The CPI generally defines corruption as "the misuse of public power for private benefit".
Here is the one for the Western Europe 2020
The Corruption Perceptions Index (CPI) is an index published annually by Berlin-based Transparency International since 1995 which ranks countries "by their perceived levels of public sector corruption, as determined by expert assessments and opinion surveys."
The CPI generally defines corruption as "the misuse of public power for private benefit".
Here is the one for the Sub Sahara 2020
The Corruption Perceptions Index (CPI) is an index published annually by Berlin-based Transparency International since 1995 which ranks countries "by their perceived levels of public sector corruption, as determined by expert assessments and opinion surveys."
The CPI generally defines corruption as "the misuse of public power for private benefit".
Here is the one for the Eastern Europe 2020
Cpi 2020-eastern-europe-and-central-asia-infographicSALIH AHMED ISLAM
The Corruption Perceptions Index (CPI) is an index published annually by Berlin-based Transparency International since 1995 which ranks countries "by their perceived levels of public sector corruption, as determined by expert assessments and opinion surveys."
The CPI generally defines corruption as "the misuse of public power for private benefit".
Here is the one for the Eastern Europe 2020
The Corruption Perceptions Index (CPI) is an index published annually by Berlin-based Transparency International since 1995 which ranks countries "by their perceived levels of public sector corruption, as determined by expert assessments and opinion surveys."
The CPI generally defines corruption as "the misuse of public power for private benefit".
Here is the one for the Asia Pasific 2020
The Corruption Perceptions Index (CPI) is an index published annually by Berlin-based Transparency International since 1995 which ranks countries "by their perceived levels of public sector corruption, as determined by expert assessments and opinion surveys."
The CPI generally defines corruption as "the misuse of public power for private benefit".
Here is the one for the Americas 2020
Affordable Stationery Printing Services in Jaipur | Navpack n PrintNavpack & Print
Looking for professional printing services in Jaipur? Navpack n Print offers high-quality and affordable stationery printing for all your business needs. Stand out with custom stationery designs and fast turnaround times. Contact us today for a quote!
Falcon stands out as a top-tier P2P Invoice Discounting platform in India, bridging esteemed blue-chip companies and eager investors. Our goal is to transform the investment landscape in India by establishing a comprehensive destination for borrowers and investors with diverse profiles and needs, all while minimizing risk. What sets Falcon apart is the elimination of intermediaries such as commercial banks and depository institutions, allowing investors to enjoy higher yields.
Attending a job Interview for B1 and B2 Englsih learnersErika906060
It is a sample of an interview for a business english class for pre-intermediate and intermediate english students with emphasis on the speking ability.
Taurus Zodiac Sign_ Personality Traits and Sign Dates.pptxmy Pandit
Explore the world of the Taurus zodiac sign. Learn about their stability, determination, and appreciation for beauty. Discover how Taureans' grounded nature and hardworking mindset define their unique personality.
What is the TDS Return Filing Due Date for FY 2024-25.pdfseoforlegalpillers
It is crucial for the taxpayers to understand about the TDS Return Filing Due Date, so that they can fulfill your TDS obligations efficiently. Taxpayers can avoid penalties by sticking to the deadlines and by accurate filing of TDS. Timely filing of TDS will make sure about the availability of tax credits. You can also seek the professional guidance of experts like Legal Pillers for timely filing of the TDS Return.
Business Valuation Principles for EntrepreneursBen Wann
This insightful presentation is designed to equip entrepreneurs with the essential knowledge and tools needed to accurately value their businesses. Understanding business valuation is crucial for making informed decisions, whether you're seeking investment, planning to sell, or simply want to gauge your company's worth.
Skye Residences | Extended Stay Residences Near Toronto Airportmarketingjdass
Experience unparalleled EXTENDED STAY and comfort at Skye Residences located just minutes from Toronto Airport. Discover sophisticated accommodations tailored for discerning travelers.
Website Link :
https://skyeresidences.com/
https://skyeresidences.com/about-us/
https://skyeresidences.com/gallery/
https://skyeresidences.com/rooms/
https://skyeresidences.com/near-by-attractions/
https://skyeresidences.com/commute/
https://skyeresidences.com/contact/
https://skyeresidences.com/queen-suite-with-sofa-bed/
https://skyeresidences.com/queen-suite-with-sofa-bed-and-balcony/
https://skyeresidences.com/queen-suite-with-sofa-bed-accessible/
https://skyeresidences.com/2-bedroom-deluxe-queen-suite-with-sofa-bed/
https://skyeresidences.com/2-bedroom-deluxe-king-queen-suite-with-sofa-bed/
https://skyeresidences.com/2-bedroom-deluxe-queen-suite-with-sofa-bed-accessible/
#Skye Residences Etobicoke, #Skye Residences Near Toronto Airport, #Skye Residences Toronto, #Skye Hotel Toronto, #Skye Hotel Near Toronto Airport, #Hotel Near Toronto Airport, #Near Toronto Airport Accommodation, #Suites Near Toronto Airport, #Etobicoke Suites Near Airport, #Hotel Near Toronto Pearson International Airport, #Toronto Airport Suite Rentals, #Pearson Airport Hotel Suites
Discover the innovative and creative projects that highlight my journey throu...dylandmeas
Discover the innovative and creative projects that highlight my journey through Full Sail University. Below, you’ll find a collection of my work showcasing my skills and expertise in digital marketing, event planning, and media production.
Accpac to QuickBooks Conversion Navigating the Transition with Online Account...PaulBryant58
This article provides a comprehensive guide on how to
effectively manage the convert Accpac to QuickBooks , with a particular focus on utilizing online accounting services to streamline the process.
Improving profitability for small businessBen Wann
In this comprehensive presentation, we will explore strategies and practical tips for enhancing profitability in small businesses. Tailored to meet the unique challenges faced by small enterprises, this session covers various aspects that directly impact the bottom line. Attendees will learn how to optimize operational efficiency, manage expenses, and increase revenue through innovative marketing and customer engagement techniques.
Cracking the Workplace Discipline Code Main.pptxWorkforce Group
Cultivating and maintaining discipline within teams is a critical differentiator for successful organisations.
Forward-thinking leaders and business managers understand the impact that discipline has on organisational success. A disciplined workforce operates with clarity, focus, and a shared understanding of expectations, ultimately driving better results, optimising productivity, and facilitating seamless collaboration.
Although discipline is not a one-size-fits-all approach, it can help create a work environment that encourages personal growth and accountability rather than solely relying on punitive measures.
In this deck, you will learn the significance of workplace discipline for organisational success. You’ll also learn
• Four (4) workplace discipline methods you should consider
• The best and most practical approach to implementing workplace discipline.
• Three (3) key tips to maintain a disciplined workplace.
Remote sensing and monitoring are changing the mining industry for the better. These are providing innovative solutions to long-standing challenges. Those related to exploration, extraction, and overall environmental management by mining technology companies Odisha. These technologies make use of satellite imaging, aerial photography and sensors to collect data that might be inaccessible or from hazardous locations. With the use of this technology, mining operations are becoming increasingly efficient. Let us gain more insight into the key aspects associated with remote sensing and monitoring when it comes to mining.
5. Introduction
Dissemination of the results of internal audit and reporting the findings to the management, and those charged with governance, is an essential
part of any internal auditreporting.
The internal audit report is the document prepared as an outcome of the internal audit process. It contains a clear written expression of significant
findings and recommendations based on the review of the policies, processes, risks, controls and transaction processing.
Audit findings and recommendations in the audit report are designed to facilitate organization achieve financial, management and regulatory
compliance objectives.
The internal audit report is presented to the process owners, head of the departments, senior management, audit committee, statutory auditors,
and regulatory authorities (if required).
Reporting of results needs to be done with a certain level of uniformity and, both the internal auditor and the recipient of the reports should have
clarity and agreement about the nature of assurance being provided through these reports.
Key Considerations:
The internal audit report is often the main, routine vehicle through which senior management understands the value that internal audit delivers.
Audit report presents the results of an examination or review within the organization and is considered to be the core deliverable of internal audit
services.
Poorly communicated results may completely detract from what may be critical information for senior management and the board.
Well-organized and communicated results are a key indicator of competency andprofessionalism.
Each organization has unique reporting practices and expectations that affect the format, frequency and depth of their communications.
5
7. Share with the auditee, details of all significant findings based on auditprocedures
undertaken
Allow management to understand the issues and take corrective actions in a
methodical and comprehensive manner
Provide a sound basis for any assurance being provided by the InternalAuditor
7
01
02
03
Standard On Internal Audit 370 (Earlier SIA 4) – Reporting Results
Objectives of issuing internal audit reports
8. At the end of a particular assignment
(Internal Audit Report)
On a periodic basis, at the close of a plan period
(Audit Committee Report)
An “Internal Audit Report” covering a specific area, function
or part of the entity is prepared by the Internal Auditor
highlighting key observations arising from those
assignments.
This report is generally issued with details of the manner in
which the assignment was conducted and the key findings
from the audit procedures undertaken.
This report is issued to the auditee, with copies shared with
local and executive management, as agreed during the
planning phase.
A comprehensive report of all the internal audit activities
covering the entity and the plan period is prepared by the
Chief Internal Auditor (or the Engagement Partner, in case
of external service provider).
Such reporting is normally done on a quarterly basis and
submitted to the highest governing authority responsible for
internal audits, generally the Audit Committee.
Some part of the aforementioned Internal Audit Reports
may form part of the periodic (e.g. Quarterly) report shared
with the Audit Committee.
Reporting of internal audit results is generally undertaken in two stages:
Standard On Internal Audit 370 (Earlier SIA 4) – Reporting Results
Basic Elements of
Internal Audit Report
Qualities of Good
Internal Audit Report
Internal Audit Report Formats Audit Committee Report
8
9. There is a clarity and consensus between the InternalAuditor and the management
with regard to the scope, approach, objectives and timing of an internal audit
To help inform, persuade and act on matters important to the conduct of an internal
audit by promoting a continuous dialogue and free flow of information between the
Internal Auditor andmanagement
To help resolve any conflicts in a timely manner
9
01
02
03
Standard On Internal Audit 360 (Earlier SIA 9) – Communication With Management
Objectives
10. Exit Meeting
Discussion Draft
Formal Draft
Final Report
01 02
04 03
Exit Meeting
The internal auditor should discuss with
the management regarding thefindings,
observations recommendations, and
text of the discussion draft.
Formal Draft
The internal auditor should thenprepare
a format draft report, taking intoaccount
any revision or modification resulting
from the exit meeting and other
discussions.
Discussion Draft
At the conclusion of the fieldwork, theinternal
auditor should share the discussiondraft.
Final Report
The internal auditor shouldsubmit the
final internal audit reportto the
appointing authority or management,as
directed.
Standard On Internal Audit 360 (Earlier SIA 9) – Communication With Management
The Internal Auditor is required to have an effective two-way communication with the management, both while managing the internal
audit function, and also while conducting an internal audit assignment.
A continuous dialogue with management, at various stages of the internal audit process, is essential to the achievement of internal
audit objectives.
10
12. 01
12
02
03
04
05
06
07
Identify your stakeholders (who / to whom)
Identify stakeholders expectation (why)
Identify how the message will be communicated (the stakeholder’s preferredmethod)
Identify communication necessary to satisfy stakeholders expectation and keep them informed (what)
Identify and finalize how the report will be communicated (this should be finalized at the design stageitself)
Identify time frame / frequency of communication
Adherence to time frame i.e. avoid last minute rush
Stakeholders Management
14. What Are The Stakeholders Expectations
Process Owner HOD / CFO / CEO / COO / MD
Process understanding Overall risk assessment
Genuine observations Categorization based on risk
Listen to their point of view Summarized findings
Practical suggestions / recommendations Root cause analysis
Cost-effective solution Recommendations
Process owner’s acceptance, agreed action plan, first-person
responsible for implementation and targetdate
Value addition
Audit Committee Statutory Auditor
Overall coverage and risk assessment Overall coverage
Statutory non-compliances
The Summarized finding of key issues
Issues which affects the true and fair view of the accounts/
financial reporting
Preventive controls / automated controls Statutory non-compliances
Management comments, agreed action plan,first-person
responsible for implementation and targetdate
Providing assurance / comment on improvement
Assurance which they can rely on
Comfort which would help them make a proper assessmentand
save their time
Value addition
14
15. HOD
• The internal audit report
• Discussion on observations at
exit meeting and prima facie reply
Statutory Auditor
• Detailed audit report with
annexures providing instances
Process Owners
• Discussion of queries during audit
• The draft internal audit report
• Detailed annexures
CFO / CEO / MD / ACM
• Executive summary
• Dashboard presentation
• Final Internal audit report
1 2
3 4
Stakeholders
15
Different Form Of Communication For Each Stakeholder
16. What The Stakeholders Likes To See……
Value-Adding Processes Fraud Risks Compliances
Revenue / Costs / Savings
Efficiency improvement (Rework,
Complaints, Rejections, Returns,
Inspections, Discounts, etc.)
Supply chain / procurement
Benchmarking
Analytics / Dashboard reporting
Fraud scenarios
Late adjustments
Related parties
Exceptions
Journal entries
New transactions / regions /products
Whistleblowing events
Comprehensive compliance tracking and
monitoring
Self-assessments
Independent reviews
Compliance history and assessments
Board certifications
Delays
Continuing control deficiencies
16
17. The situation in which individuals in leadership positions exercise their authority to achieve a
personal benefit, or to protect an organization, attempt to manipulate the internal audit activity
or internal audit reports.
Such manipulation may result in actions to restrict the scope of audit activities, suppress audit
findings, or undermine the credibility of the Chief Internal Auditor or the Internal Audit
personnel's activity.
Situations Affecting Internal Auditing:
Chief Internal Auditor threatened with the loss of future job opportunities if they continued audit
(examples include stagnation when peers upgraded, re-structured out of the company,
negotiated package to leave the company, eventual termination & personalthreats).
Chief Internal Auditor who ignored executive and reported the issue to the Board, subsequently
excluded from key executive meetings (examples include access to restricted information,
treated as not part of the team, not a team player, silent treatment given).
CEO who refused to meet with the Chief Internal Audit to avoid having direct knowledge of the
issue at hand.
17
Organizational Pressure – Pervasive Threat To The Internal Audit Objectivity/Reporting
18. Illustration – Extent of Pressure
Aggravating Factors:
Lack of strong ethical culture fromtop-down
Lack of strong, independent and supportive auditcommittee
The culture that embraces risk and notcontrols
Weak relationship between Chief InternalAudit andAudit Committee Chairperson or Chief InternalAuditor and Key Executives
Chief InternalAuditor who lacks objectivity, integrity, courage, or sound judgment
Internal audit function in an organization that lackscompetence
Organizational Pressure – Pervasive Threat To The Internal Audit Objectivity /Reporting
55%
27%
10
8%
Never
1 or 2 times
3 to 5 times
> 5 times
48%
37%
8%
7%
Never
1 or 2 times
3 to 5 times
> 5 times
Number of times
requested not to
audit high-riskarea
Number of times
asked to suppress
a finding
18
19. Implications on Reporting
Should Make Foundation Strong CIA ‘s Desired Attributes CIA Should Build Relationship
Strong governance, knowledgeable board Integrity and courage
– Know your internal ‘Limitations’
– Stand firm on importantissues
Meet outside of scheduled, formal meetings
Strong reporting relationship andposition
– Direct reporting relationship –CIAand
board/audit committee
– Chief Internal Audit – Recognisedsenior
independent position
Objective and fair Learn about Executives– objectives,
accomplishments, interests
Clear and supportive charter
– Documents showing with clarity-unique
role of InternalAuditor
– Specifies authority and unrestrictedscope
Relationship builder – with theboard,
executives and management
– “We are all after the same objectives.”
Lead outside of Internal Audit role; bevisible
Decision framework – when to take a stand
– Identify alternatives,consequences
Judgement to know what is an important
issue and when to take a stand, How totake
a stand?
Educate on emerging topics/Risks
Strong business knowledge Anticipates and proactively addressesissues
– Discuss protocols in advance
– Know key parties andmotivations
Find mutual areas of interest; do not take
meetings casually but prepare in detail tobe
effective
19
20. Ideally, the Internal Audit function should report
Functionally to the Audit CommitteeChairperson
Administratively to the CEO/Executive director of theorganization
Key measures to ensure the independence of the Internal Auditdepartment:
The Chief InternalAudit should meet privately with the Board/Audit Committee without the presence of the management.
TheAudit Committee should have final authority to review and approve the annual audit plan and all major changes to theAudit plan.
The Audit Committee should review the performance of the Chief Internal Auditor and overall Internal Audit function at least once a
year, as well approve the compensation levels for the Chief InternalAudit.
The Internal Audit charter should clearly articulate both functional and administrative reporting lines for the function as well as its
principal activities.
The reporting line should facilitate open and direct communications with CEO, senior executive group and line management.
The Internal Audit should have unrestricted access to information flows so that it receives adequate and timely information concerning
the activities, plans and business initiatives of theorganization.
Budgetary controls and considerations imposed by the administrative reporting line should not impede internal audit in accomplishing
its objective.
20
Reporting of CIA – Lack of Independence Could Have Impact On Internal Audit Reporting
24. The people who receive internal audit services (audit clients) are becoming more seeking greater value-add from audits.
They are seeking insights gathered from operational audits, rather than a narrow compliance audit approach.
Internal audit is not an isolated technical exercise but it is an integral part of the corporate governance process and the
report which is the culmination of the audit process has far-reaching consequences in changing the way the business is done
and risks are managed.
A report is a reflection of the auditor’s mindset and is only as good as the approach with which the audit has been done. No
amount of add on by way of style and presentation can mask the inadequacy of the auditor’s performance.
The internal auditor has to not only possess adequate knowledge of the business he is auditing but also internalize that he is
part of the management and his audit objective is aligned to the business enterprise objective and goals.
Management is seeking internal audit reports that are easy to read, ‘tell a story’, and get to the point.
Management values internal audit reports that provide a conclusion or opinion on the activity audited.
The success of audit reporting is determined largely by the attitude and approach with which internal auditor carries out his
duties. As auditors, we should aspire to be the agents of positive change in the organization, and strive to be viewed and
accepted as valued insiders.
24
Concluding Thoughts
27. Executive Summary:
Report Rating
Audit Issues
Status of Management RemediationPlan
Table Of Contents
02
03
Audit Issues Highlighting:
Key Finding
Root Cause of Issue
Business Impact/Risk
Issue Severity - Risk Rating
Recommendation
Management Comments
Issue Owner
Target Date ofAction
04
Assurance Limitation Disclaimer
Annexures
05
Title Page
Addressee
Report Distribution List
Period of Audit Covered
01
27
Typical Elements In An Internal Audit Report
28. Opening / introductory paragraph should comprise of thefollowing:
Background of the company / entity
Identification of process and items of financial statementsaudited
Statement of responsibility of the entity’s management and responsibility of the
internal auditor
Opening / Introductory Paragraph And Scope Paragraph
Scope Paragraph should comprise of the following:
Reference to the generally accepted audit procedures in India / overseas as
applicable
Description of the audit engagement background and the methodology of the
internal audit
Description of the population and the sampling technique used
Limitation in scope / exclusions, if any
28
29. 1
5
4
2 3
CorrectiveAction
Action that must be taken to
correct the cause
29
Consequences
Difference between condition and
criteria [impact on the individual,
business unit and company as a
whole, quantify the impact]
Cause
Reason for difference between criteria &
condition [lack of controls, circumvention
of controls or external influences]
Condition
The factual evidence as to what was found
5Cs
Detailed Report – Features Of The Observation
Criteria
What is the standard that was not met?
The standard may be a company policy or other regulatory guideline. expectations used in making an evaluation
30. 30
5 Cs In Report Writing – CaseStudy
Observation To
Contain 5Cs
Observation To Answer
The Following
Example
Criteria What is the standard? Variation in stock on physical verification with the balance as reflected in the stock
register should be NIL.
Condition What is wrong? The stock physically verified was short by 5045 units as against the balance shown
in the stock register.
Cause Why is it wrong? Issues made during the night shift were not recorded.
Consequences What is the risk / impact? The stock position in the books is overstated and the possibility of stock pilferage is
high due to lack of control.
Corrective Action What should be done? /
How to correct?
Night shift stock keeper needs to be appointed.
Alternatively, the requirement of stock for the night shift should be issued at day end
as per the requisition of the production in charge for the night shift.
The consumption during night shift is verified by counting in the morning the
balance stock left out of the lot issued to the floor during the previous days close.
31. 31
RISK RATING
High (H)
Represents critical control weaknesses requiring prompt action to mitigate information systems or business process
vulnerabilities. Adequate compensating controls do not exist to mitigate risk exposure, or may not be sufficient given the
impact of a risk occurrence should it occur. Regulatory non-compliances involving penalties/prosecutions are also included
in this category and having financial impact exceeding say USD 250K.
Medium (M)
Represents moderate control weaknesses requiring near-term management focus to strengthen existing controls. Some
compensating controls are present, but additional controls are necessary to further mitigate risk exposure and having
financial impact between say USD 100K to 250K.
Low (L)
Represents minor control weaknesses requiring management focus to enhance existing controls. Compensating controls
are present to mitigate exposure (or if not, the impact of a risk occurrence is minor), but opportunities exist to enhance
controls or improve operating efficiency and having financial impact say below USD 100K.
CONTROLS RATING
Moderate (M)
Controls are present to mitigate most process/business risk, but management should evaluate opportunities to enhance
existing controls.
Limited (L)
Existing controls may not mitigate process/business risk and management should consider implementing a stronger
control structure.
RISK CATEGORY
Operational (O) Effectiveness and efficiency of operations.
Financial (F) Reliability of financial reporting / financial impact.
Compliance (C) Compliance with applicable laws and regulations.
Process Improvement (PI) Scope of improvement in the business process.
Risk Rating / Risk Category / Controls Rating – Legends
32. Management response should be SMART (Specific, Measurable,
Achievable, Reliable, Time-bound).
Management response should contain thefollowing:
Specific reply to the observation (to the point and not a general reply)
Action verbs like Define, Develop, Implement, Review, Approve,
Perform, Generate, Set-up,etc.
The time frame for taking appropriate correctiveaction
Personnel responsible for taking action
Resource requirements, if any, for ensuring suchcompliance
Management Response
32
33. Reporting issues that don’t matter to the board and top executives
Failing to communicate what matters when it matters
Lengthy cycle times – time taken for formal reportwriting
Consequences of lengthy audit cyclesare
– Audit results are not timely
– Stakeholders dissatisfaction
– Inefficient use of internal auditorstime
Factually incorrect reports
Size of the report and maintaining balance
Implications or risk not being brought outclearly
Focus only on negative aspects or mistakes
Projecting process owners as villains or blowing up things out ofproportion
Lack of practical recommendations
The reader cannot connect with thereport
Audit Reporting Challenges
33
34. Flow of Report Incomplete Information Drafting Errors Use of Technical Jargons
More focus on the
transaction rather than the
process or system failure
Lack of pattern or flow in the
report – this confuses the
reader
Starts with the most low risk
points – can lead to loss of
interest of the reader
Important point gets lost in
the volume of pages
Does not contain proper
examples, sample size,
extent of problem, root
cause
Not quantified for business
impact or risk of the
observations
Recommendations (or
poorly drafted
recommendation)
Spelling mistakes
Wrong English
Incomplete sentences
Long sentences
Incorrect use of
punctuations
Confuses the reader
Makes report reading more
painful
34
Common Mistakes In Internal Audit Reports
35. 35
Accurate Objective Clear Concise Constructive Complete Timely
Free from Fair, impartial, Easily Tothe point, Helpful to the Lacking Opportune
errors and and unbiased understood avoid auditee /client nothing that is and expedient,
distortions and and is a result and logical, unnecessary and the essential to depending on
faithful to the of a fair- avoiding elaboration, organization the target the
underlying minded and unnecessary superfluous and leads to audience and significance of
facts balanced technical detail, improvements includes all the issue,
assessment of language and redundancy, where needed significant and allowing
all relevant providing all repetitiveness relevant management
facts and significant and and wordiness information to take
circumstances relevant and appropriate
information observations corrective
to support action
recommendati
ons and
conclusions
Essentials Of A Good Internal Audit Report
36. Standards on internal audit do not specify any reportformat
Different organizations use different report formats (Word, Excel and PowerPoint)
The format depends on management expectation and requirements
The appropriate format should be used with consistency
Management will feel more comfortable if it becomes accustomed to the report format and
can readily turn to whatever is of interest
Report Format Characteristics
Word Format
Traditional form
Simple to use
Reference to report page / para
Power Point
Presentation
Most commonly used
Facilitates use of risk indicators
Excel Sheet
Effective tool for grouping of various observations - especially
annexures
Simple to use
Internal Audit Report Format
36
37. Executive Summary:
An executive summary is a brief section before the commencement of detailed audit report. It is part of the report that is readfirst.
It summarizes the audit findings and action plan in minimal text. People who read only the executive summary should get the essence
of the document.
An executive summary provides conclusion / auditors opinion on the area under audit.
Need For Executive Summary:
Enables the key personnel to read the report in lesstime.
Macro perspective in short form and quick reference for future use.
Pick and choose – the reader can decide what he wants to read.
Readers judges and decides based on the executive summary to see if the rest of the report is worth reading.
Tips For Executive Summary:
Clear and concise, correct and simple. The executive summary should be 1-2 pages at the max.
Stay away from long sentences and big words in the executive summary.
Verify that the headings used in the summary match the body copy of the document.
Present the sections of the executive summary in the same order as in the main report.
Include all the must-know information in the executive summary and remove unnecessary phrases or unclear content.
Format for readability with plenty of space between points and clear headings that guide the reader.
Verify that the summary stands alone and supports the objective if it is the only portion of the document that will beread.
37
Tips For Writing An Effective Executive Summary
38. Sr.
No.
Audit Observation Action Plan
Risk
Category
Risk
Rating
Control
Rating
Slide
Reference
1
2
3
4
5
6
Control Rating Moderate Limited
Risk Rating High Medium Low
Risk Category Financial Operational Compliance
Executive Summary – Sample 1
38
39. Executive Summary – Sample 2
Issues
39
Due Date
Responsible
Person
Business Impact
42. Content Of Audit Committee Presentation
• Dashboard report on current activities
• Critical findings or emerging trends
• Results of special investigations, status of the annual audit plan
and any changes done
• Internal audit staffing, impact of resourcelimitations
• Department performance metrics / scores
Understanding Board Expectations
• Understanding board expectations is critical when determining
content.
• By reviewing key documents such as the audit committee
charter, internal audit can gain an understanding of the audit
committee’s risks and needs.
• It is recommended to meet separately with the audit committee
(and senior management if deemed appropriate) to determine
reporting framework and expectations upfront.
Typical Contents Of An Audit Committee Presentation
Quarterly Audit Committee Presentation
• Summarize for the committee what they need to know about routine findings in a
logical summary format and report separately on more important matters suchas:
– Matters that might affect the fairness of financial reporting.
– Breaches of the company’s ethics policies.
– Details of any frauds discovered, financial values of suchfrauds.
– Significant delays in management responding to findings and recommendations.
– Monitoring and follow-up activities.
Yearly Audit Committee Presentation
• Annual report is typically a summary of the four quarterly reports. Additional items to
cover may include:
– Details of changes in personnel's in the internal auditdepartment.
– Report on the year in review to include themes or trends identified.
– Update of the risk assessment and audit plan.
– Report on the results of the internal quality assurance and improvement program.
– Discuss the results of the external quality assurance review, timing / frequency of
the external assessment and reviewer’s background.
– Review and approve updates to the internal audit departmentcharter.
– Confirmation of the independence of the internal audit activity.
– Reporting of any impairments of independence or objectivity.
42
43. Sr.
No.
Audit Area / Audit Entity Region Audit Rating
Detailed Issue And Action Plan
Reference
1 Latin America Unsatisfactory Slide no. xx
2 Latin America Unsatisfactory Slide no. xx
3 Asia Improvement Opportunity Slide no. xx
4 Africa Improvement Opportunity Slide no. xx
5 North America Satisfactory -
6 Europe Satisfactory -
7
Middle East
Australia , NZ
Satisfactory -
1) Number of Audits Completed In Q2 (2019-20): XX
Unsatisfactory
• Financial Loss / Fraud > USD 1 million
• Some key controls do not exist, or are not properly implemented, and there are high risk improvementopportunities.
• Control environment is impaired.
Improvement Opportunity
• Financial Loss / Fraud up to USD 1 million
• Adequate control environment in most areas.
• Moderate risk improvement opportunities identified, which require corrective action.
Satisfactory
• Satisfactory overall control environment.
• Small number of lower risk improvement opportunities identified, which require correctiveaction.
Entity Audit Rating / Conclusion
43
Audit Committee Dashboard – Sample 1
44. Sr.
No.
Audit Area /
Audit Entity
Audit Observation Agreed Action Plan Risk Rating * Risk Category * Control Rating *
1 High Financial Moderate
2 Medium Operational Limited
3 Medium Compliance Limited
4 Low
Process
Improvement
Limited
3) Significant Audit Issues Summary
* Legends explained in next slide
Open Audit Issues
( at quarter beginning)
Issue Closed during current quarter
Unresolved / pending issues above
6 months
Global CFO intervention/ support
required
7
For details, please refer slide no. xx to
xx
4
3
(For details, please refer slide no. xx
to xx)
1
(For details, please refer slide no. xx
to xx)
2) Remediation Status Of Past Quarters Key Audit Observations
44
Audit Committee Dashboard – Sample 1
45. The major objective of internal audit review is to understand the key activities and controls in the business processes designed, review design
effectiveness of business processes and controls, assess the operating effectiveness of internal controls and provide recommendations for
business process and internal controlimprovement.
Internal auditors don’t plan and prepare work with the objective of preventing and discovering fraud and gives no assurance that the period
covered by an internal audit would be free of fraud or other irregularities. If during the course of internal audit, we come across any fraudulent
activity, we carry out our review in respect of that business process in detail and report on the same to the management and auditcommittee.
The performance of internal audit work is not and should not be taken as a substitute for management’s responsibilities for the application of sound
management practices. The responsibility for a sound internal control system and the prevention and detection of fraud and other irregularities
rests with management. Work performed by internal audit should not be relied upon to identify all strengths and weaknesses in internal controls,
nor relied upon to identify all circumstances of fraud or irregularity. Our focus is more on walkthroughs of business processes and identification of
internal control gaps so that the control environment can be strengthened further.
Internal audit procedures are designed to focus on areas of greatest risk and significance which are identified and agreed with management in
advance, internal audit scope and approved annual internal audit plan. Since the internal audit is executed by an individual internal auditor on the
basis of their ability to assess risk and situation of control environment of a particular audit area/entity, audit procedures may not disclose/conduct
an audit of all issues and/or other significant matters about the department/company, or reveal all errors, irregularities and frauds in the underlying
information due to limitation of skill set, time spent on an entity for audit and other uncontrollable limitations.
The approach employed during the internal audit work does not constitute a comprehensive review of all the operations and is subject to the level
of bias in the method of sample selection.
Internal auditors rely on management to provide accounting and other records for the purposes of audit work to ensure the authenticity of these
records.
45
Audit Coverage And Assurance Limitation