Planning an Internal Audit Objectives of Planning Use of Internal Audit Factors affecting Planning Process Scope of Planning Factors affecting scope of Internal Audit Planning process Objective of Planning ID: 410782
Download Presentation The PPT/PDF document "Standard on Internal Audit (SIA) 1" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Standard on Internal Audit (SIA) 1Slide2
Planning an Internal Audit
Objectives of Planning
Use of Internal Audit
Factors affecting Planning Process
Scope of Planning
Factors affecting scope of Internal Audit.
Planning processSlide3
Objective of Planning
Internal audit plan is a document defining the scope, coverage and resources, including time, required for an internal audit over a defined period. Objectives include:
suggest improvements to the functioning of the entity.
strengthen the overall governance mechanism of the entitySlide4
Use of Internal Audit
Understand, assess and evaluate the risks and adequacies of the prevalent internal controls.Identifying areas for systems improvementEnsuring optimum utilization of the resources
Ensuring proper and timely identification of liabilities
Ensuring compliance with internal/ external guidelines
Safeguarding the assets of the entity
Reviewing and ensuring adequacy of information systems security and control.
Reviewing and ensuring adequacy, relevance, reliability and timeliness of management information system.Slide5
Factors affecting Planning Process
Objectives of the activity and significant risks associated with the same.The risk management and internal control system instituted in the organization.Selection of engagement team. Business/Industry developments.
Changes in the financial reporting frameworkSlide6
Scope of Planning
Knowledge of the legal and regulatory frameworkKnowledge of the entity’s accounting, internal control systems and policiesDetermining the effectiveness of the internal control procedures
Determining the nature, timing and extent of procedures to be performed
Identifying the activities warranting special focus
Allocation of staff to different activities.
Setting the time budget for each of the activities
Identifying the reporting responsibilitiesSlide7
Factors affecting scope of Internal Audit
Terms of the engagementNature of accounting system and Accounting policies adopted.Nature of information technology system used by the client
Authorization and delegation of authority in the systems environment
The nature of management information system in vogue and Expected audit coverage
Materiality thresholds established in respect of various areas of audit
Nature and extent of audit evidence to be obtained
Experience and skills of the staff
Requirements of the applicable pronouncements of the ICAI.
Statutory or regulatory framework in which the entity operatesSlide8
Planning Process
Obtaining Knowledge of the BusinessEstablishing the Audit UniverseEstablishing the Objectives of the EngagementEstablishing the Scope of the EngagementDeciding the Resource AllocationPreparation of Audit ProgrammeSlide9
Standard on Internal Audit (SIA) 2Slide10
Basic Principles Governing Internal Audit
Integrity, Objectivity and Independence
Confidentiality
Due Professional Care , Skills and Competence
Work performed by Others and Documentation
Planning
Evidence
Internal Control; and Risk Management System
ReportingSlide11
Integrity, Objectivity and Independence
Straightforward, honest and sincere in his approach to his professional workMaintain an impartial attitude
Immediately bring any actual or apparent conflict of interest to the attention of the appropriate level of management
Confidentiality
Maintain the confidentiality of the information acquired in the course of his work Slide12
Due Professional Care , Skills and Competence
Due professional Care to be applied: In Deciding the extent of work required to achieve the objectives of the engagement.
In assessment of risk management
Control and governance processes and
Cost benefit analysis.
Obtain skills and competence through general education, technical knowledge through study and formal courses.Slide13
Work Performed by Others
Direct, supervise and review the work delegated to assistants.No reasons to believe that he should not have relied on the work of the expertResponsible for forming his opinion on the areas/ processes being subject to internal audit or his findings.
Documentation
Document matters, providing evidence that the audit was carried out in accordance with the Standards on Internal AuditSlide14
Planning
Obtain knowledge of the legal and regulatory framework Obtain knowledge of the entity’s accounting and internal control systems.Determining the effectiveness of the internal control procedures. Identifying the activities warranting special focus
Setting the time budget for each of the activities
Identifying the reporting responsibilities
Benchmark the actual results of the activities.Slide15
Internal Control and Risk Management Systems
Obtain an understanding of the risk management and internal control framework.Perform steps for assessing the adequacy.
Review the adequacy.
Perform risk-based audits on the basis of risk assessment process.
Evidence
: obtain appropriate evidence to draw reasonable conclusions.
Reporting
: Review and assess the conclusions drawn from the evidence obtained and suggest remedial action Slide16
Standard on Internal Audit (SIA) 3Slide17
Documentation
ReviewerUse of documentation
Factors affecting Documentation
Matters to be Documented
Identification of Preparer and Reviewer
Exceptional Circumstances
Document Retention and AccessSlide18
REVIEWER
Reviewer means an Individual who has:reasonable knowledge and experience of internal audit processesreasonable knowledge of SIAs, other relevant pronouncements of the Institute.reasonable understanding of the business environment in which the entity operatesreasonable understanding of internal audit issues relevant to the entity’s industry Slide19
Use of Documentation
Enables an experienced internal auditor, having no previous connection with the internal audit to understand:The nature, timing and extent of the audit procedures performed.
The results of the audit procedures and the audit evidence obtained.
Significant matters arising during the audit and the conclusions reached thereon.
Terms and conditions of an internal audit engagement, scope of work, reporting requirements, any other special conditions, affecting the internal audit. Slide20
Factors affecting Documentation
The nature and extent of the audit procedures to be performedThe identified risks of material misstatementThe extent of judgment required in performing the work.The significance of the audit evidence obtained.The nature and extent of exceptions identified.
The need to document a conclusion or the basis for a conclusion.
The audit methodology and tools used. Slide21
Matters to be Documented
Engagement letter or the internal audit charterInternal audit plan and programme, Chart of the organizational structure and Progress report, MIS report.Analytical procedures performed and results thereofCopies of significant contracts and agreements
Internal review reports
Evaluation questionnaires, checklists, flowcharts
Certification and representations obtained from management
Results of risk and internal control assessmentsSlide22
Identification of Preparer and Reviewer
Who performed that task and the date such work was completed.Who reviewed the task performed and the date and extent of such review.
Reasons for creating particular internal audit documentation.
Source of the information contained in the internal audit documentation and
Any cross referencing to any other internal audit documentation
The preparers and reviewers of the internal audit documentation should also sign the workings.
The internal audit file should be assembled within sixty days after the signing of the internal audit report.Slide23
Exceptional Circumstances
The details of circumstances encountered along with the documentary evidence.The new or additional audit procedures performed, audit evidence obtained, and conclusions reached andWhen and by whom the resulting changes to the audit documentation were made, and reviewed.Slide24
Document Retention and Access
Formulate policies for custody and retention.Ownership of audit documents.Access to Third party.Retention of Documents.Slide25
Standard on Internal Audit (SIA) 4Slide26
Reporting
Contents of the SIAIntroduction
Basic Elements of Internal Audit Report
Communication to Management
Limitation on Scope
Restriction on Usage and Report Circulation Otherwise Than to the List of Intended Recipients Slide27
Introduction and Basic Elements of an Internal
Audit ReportIntroductionTo establish standards on the form and content of the internal auditor’s report.
Basic Elements of an Audit Report
Title
Addressee
Report Distribution List
Period of coverage of the Report
Opening or introductory paragraph, Objectives & scope Paragraph
Executive Summary
Observations, findings and recommendations
Comments from the local management and Action Taken Report
Date, Place, Signature with membership number of the Internal Auditor.Slide28
Communication to Management
Communication with the management to ensure that the recommendations in the final report are practical.The stages of communication and discussion should be as under :
Discussion Draft
Exit Meeting
Formal Draft
Final Report
Slide29
Limitation on scope and Restriction on Usage and Report Circulation
Limitation on ScopeWhen there is a limitation on the scope of the work, the report should describe the limitation.Restriction on Usage and Report Circulation Otherwise Than to the List of Intended Recipients
The Report should contain:
It should be used for intended purpose only as agreed upon.
The circulation of the Report should be limited to the recipients mentioned in the Report Distribution List.Slide30
Standard on Internal Audit (SIA) 5Slide31
Sampling
Contents of the SIAIntroduction
Definitions
Use of Sampling in Risk Assessment Procedures and Tests of Controls
Design of the Sample
Sample Size
Statistical and Non-Statistical Approaches
Selection of the Sample
Evaluation of Sample Results
DocumentationSlide32
Introduction ,Definition and Use of Sampling
Introduction To establish standards on the design and selection of an audit sample and provide guidance on the use of audit sampling.
The SIA defines the following
Audit Sampling
Error
Population
Sampling Risk
Sampling Unit
Statistical Sampling
Tolerable Error
Use of sampling in Risk Assessment and tests of control
To obtain an understanding of the entity, business and its environment, and its internal control.
Sampling of tests of controls is appropriate when application of the control leaves audit evidence of performance
Risk can be reduced by increasing sample size for both tests of controls and tests of details.Slide33
Design and size of the sample and Statistical and non Statistical Approaches
Design of the sampleThe sample should be designed considering the specific audit objectives, the population from which the auditor wishes to sample, and the sample size
Sample Size
Should be determined considering sampling risk, the tolerable error, and the expected error.
Lower the risk, greater the sample size.
Statistical and Non-Statistical Approaches
Decision of using either statistical or non-statistical sampling is a matter of the internal auditor’s professional judgment.
When applying statistical sampling, sample size may be ascertained using either probability theory or professional judgment.Slide34
Selection & Evaluation of Sample
Selection of SampleIt should be selected in such a way that the sample can be expected to be representative of the population.Commonly used sampling methods are:Random selection and use of CAAT’s
Systematic Selection
Haphazard Selection
Evaluation of Sample Results
The auditor should:
Analyse the nature and cause of any errors detected in the sample.
Project the errors found in the sample to the population.
Reassess the sampling risk.
Consider their possible effect on the particular internal audit objective.
Evaluate the sample results to determine if the assessment of the relevant characteristics of the population is confirmed or not.Slide35
Documentation
The documentation includes:Relationship between the design of the sample and specific audit objectives.Assessment of the expected rate of error in the population to be tested.
Assessment of the sampling risk and the tolerable error
Assessment of the nature and cause of errors.
Rationale for using a particular sampling technique and results thereof.
Analysis of the nature an cause of any errors detected in the sample.
Projection of the errors found in the sample to the population
Reassessment of sampling risk, where appropriate
Effect of the sample results on the internal audit’s objective.Slide36
Standard on Internal Audit (SIA) 6Slide37
Analytical Procedures
Contents of the SIA
Introduction.
Nature and Purpose.
Analytical Procedures as Risk Assessment Procedures and in Planning the Internal Audit.
Analytical Procedures as Substantive Procedures.
Analytical Procedures in the Overall Review at the End of the Internal Audit.
Extent of Reliance on Analytical Procedures
Investigating Unusual Items or Trends.Slide38
Introduction, Nature and Purpose
IntroductionTo apply analytical procedures as the risk assessment procedures at the planning and overall review stages of the internal audit.
Nature and Purpose
Analytical procedures include the consideration of comparisons of the entity's financial and non-financial information.
In determining the extent to which the analytical procedures should be used, the following factors have to be considered
Significance of the area being examined.
Adequacy of the system of internal control.
Availability and reliability of financial and non-financial information.
Precision with which the results of analytical procedures can be predicted.
Availability and comparability of information regarding the industry in which the organization operates.
Extent to which other auditing procedures provide support for audit results.Slide39
Analytical Procedures as Risk Assessment Procedures and as Substantive Procedures
Analytical Procedures as Risk Assessment Procedures and in Planning the Internal Audit.To obtain an understanding of the business, the entity and its environment and in identifying areas of potential risk.Planning the internal audit for use both financial and non-financial information
Analytical Procedures as Substantive Procedures
To reduce detection risk relating to specific financial statement assertions and assertions relating to process.
Inquire with the management as to the availability and reliability of information needed to apply analytical procedures.Slide40
Analytical Procedures in the Overall Review at the End of audit, Extent of reliance and
Investigating Unusual Items or Trends
Analytical procedure should be applied at or near the end of the internal audit when forming an overall conclusion.
Extent of Reliance on Analytical Procedures is based on the following factors
Materiality of the items involved.
Internal audit procedures directed toward the same internal audit objectives.
Accuracy with which the expected results of analytical procedures can be predicted.
Assessments of inherent and control risks.
Investigating Unusual Items or Trends
When analytical procedures identify significant fluctuations or
When relationships that are inconsistent with other relevant information or
Data that deviate from predicted amounts.
The internal auditor should investigate and obtain adequate explanations and appropriate corroborative evidence.Slide41
Standard on Internal Audit (SIA) 7Slide42
Quality Assurance in Internal Audit
Introduction
Scope and Objective
In House Internal Audit
Quality ReviewSlide43
Internal Audit
Independent management function.
Continuous and critical appraisal of the entity
Suggest improvements and strengthen the overall governance mechanism of the entity.
Provides assurance that there is transparency in reporting, as a part of good governance.Slide44
Scope and Objective
Scope:Applicable whenever an internal audit is carried. Whether by internal audit department or external firm of Professional accountants.
Objective:
To Establish standards and provide guidance
To Ensure Compliance with professional standards, regulatory and legal requirements.
To Improve functionalities of the organization, Transparency in reporting and good governance.Slide45
In House Internal Audit
Leadership responsibilities for quality in internal audit Ethical requirements Acceptance and continuance of client relationship and specific engagementHuman resources Engagement performance
Monitoring Slide46
Quality Review
Internal Quality ReviewsInternal Quality ReviewerCommunicating the results of Internal Quality Reviews External Quality ReviewsExternal Quality ReviewerCommunicating the results of External Quality Reviews Slide47
Standard on Internal Audit (SIA) 8Slide48
Terms of Internal Audit Engagement
Introduction
Elements of Terms of Engagement
Withdrawal from Engagement
Slide49
Introduction
Agree on the terms of the engagement before commencement of Audit.The agreed terms would need to be recorded in an engagement letter. The responsibility of the internal auditor to prepare the engagement letter.
To be signed both by the internal auditors as well as the auditee.
Approval by Board of Directors/ Audit Committee.
Periodic review and modification of Terms of Engagement.Slide50
Elements of Terms of Engagement
ScopeResponsibilityAuthority ConfidentialityLimitations
Reporting
Compensation
Compliance with StandardsSlide51
Withdrawal from Engagement
If unable to agree to any change in the terms or is not permitted to continue as per the original terms, then auditor should withdraw from the engagement.Consider whether there is an obligation, contractual or otherwise, to report the withdrawal to other parties.Slide52
Standard on Internal Audit (SIA) 9Slide53
Communication with Management
Introduction
Matters to be communicated.
Communication Process
DocumentationSlide54
Introduction
Provides a framework for matters to be communicated with the management. Internal auditor should consider the following:Communicate clearly the responsibilities, scope and timing of Audit.
Obtain relevant Information
Provide timely observations
Promote effective two way communication.Slide55
Matters to be Communicated
Planned scope and Timing of Internal AuditSignificant findings from the Internal Audit Stages of Communication:
Discussion Draft
Exit Meeting
Formal Draft
Final ReportSlide56
Communication Process
Establishing the communication ProcessForms of CommunicationTiming of CommunicationAdequacy of the Communication ProcessSlide57
Documentation
In case of Oral communication the internal auditor shall document, when and to whom they were communicated. In case of Written communication the auditor shall retain a copy of the communication as part of the internal audit documentation. Slide58
Standard on Internal Audit (SIA) 10Slide59
Internal Audit Evidence
Introduction and Objective
Audit Evidence
Categories of Documentary Evidence
Modes of obtaining Audit EvidenceSlide60
Introduction and Objective
Scope and coverage are much broader than Statutory Audit.Covers comments on internal control systems, risk management, propriety aspect of transactions. This Standard deals with the qualitative and quantitative aspects of evidence in internal audit.Slide61
Audit Evidence
Internal audit evidence is persuasive rather than conclusive in natureThe internal auditor may obtain evidence on a selective basis by way of judgmental or statistical sampling procedures The internal auditor’s judgement is usually influenced by:
The materiality of the item.
The type of information available.
Degree of risk of misstatement.Slide62
Categories of Documentary Evidence:
Documentary evidence originating from and held by third parties.Documentary evidence originating from third parties and held by the entity.
Documentary evidence originating from the entity and held by third parties and
Documentary evidence originating from and held by entity.Slide63
Modes of obtaining Audit Evidence
InspectionObservation
Inquiry and confirmation
Computation
Analytical reviewSlide64
Standard on Internal Audit (
sia) 11Slide65
Consideration of Fraud in an Internal Audit
Introduction
Objectives of Internal Control System
Elements of Internal Control System
Responsibilities of Internal AuditorSlide66
Introduction
Fraud is defined as an intentional act by one or more individuals among management, those charged with governance, or third parties, involving the use of deception to obtain unjust or illegal advantage. The primary responsibility for prevention and detection of frauds rests with management and those charged with governanceSlide67
Objectives of Internal Control System
Internal control refers to the process designed, implemented and maintained by the management of the entity to ensure accomplishment of its following objectives:Reliability of financial reporting.
Efficiency and effectiveness in operations.
Compliance with applicable laws and regulations.
Safeguarding of assets.Slide68
Elements of Internal Control System
The control environment.Entity’s risk assessment process.Information system and communication.Control activities.
Monitoring of controls.Slide69
Responsibilities of Internal Auditor
Control EnvironmentRisk AssessmentInformation system and communication Control ActivitiesMonitoring Communication of FraudDocumentationSlide70
Standard on Internal Audit (SIA) 12Slide71
Internal Control Evaluation
Introduction
Factors reflected in the Control Environment
Inherent Limitations of Internal Controls
Role of Internal Auditor
Areas to be Reviewed by Internal Auditor.
Areas of Evaluation
Controls present in a System Driven Environment
Tests of Control
Communication of Internal Control Weakness
DisclosureSlide72
Introduction
Establish Standards and provide guidance on procedures to be followed by Internal AuditorCommunication of weakness in Internal control.Internal control system consists of interrelated components such as Risk assessment, Control (or Operating) environment, Monitoring, etc.Slide73
Control Environment
Factors reflected in the control Environment:Entity organization StructureFunctioning of BOD/ Governing Body.Management's philosophy and operating style
Management's control system.
Integrity and ethical values
Commitment to competence
Human resource policies and practicesSlide74
Inherent Limitations of Internal Controls
Cost benefit AnalysisPotentiality for Human Error
Circumvention of Internal controls by parties within/ outside the entity.
Misuse of Power
Manipulations by Management.Slide75
Role of Internal Auditor
Evaluation of the efficiency and effectiveness of controlsRecommending new controls where needed – or discontinuing unnecessary controlsUsing control frameworks Developing control self-assessmentSlide76
Areas of Review for Internal Auditor
Mission, vision, ethical and organizational value-system of the entityPersonnel allocation, appraisal system, and development policies Accounting and financial reporting policies and compliance with applicable legal and regulatory standards
Objective of measurement and key performance indicators
Documentation standards
Risk management structure
Operational framework
Processes and procedures followed
Degree of management supervision
Information systems, communication channels
Business Continuity and Disaster Recovery ProceduresSlide77
Evaluation of Internal Control
Verify mission statement and written goals and objectives.Assessing risks at the entity level.Assessing risks at the activity (or process) level.Prepare Business Control Worksheet.
Ensure all risks to the entity are identified.
Ascertain those risks for which no controls exist or existing controls are inadequate.Slide78
System Driven Environment
Determine whether the entity uses:Encryption tools, protocols to protect confidential or sensitive information.Back-up and restore features to reduce the risk of permanent loss of data.Virus protection software andPasswords that restrict user access to networks, data and applications.Slide79
Tests of Control
Performed to obtain effectiveness of the: Design of the internal control systems. Operation of the internal controls throughout the period. Cost Benefit analysis.
Includes Inspection of Documents, Inquiries and Observation, Re-performance , Reconciliations and Testing of Internal Controls.Slide80
Communication of Internal Control Weakness
In case of continuing internal control weaknesses, consider whether:Management has increased supervision and monitoring;Additional or compensating controls have been instituted; and/orManagement accepts the risk inherent with the control weakness.Slide81
Disclosure
The internal auditor in his report to the management, should provide: A description of the significant deficiency or material weakness in internal control.His opinion on the possible effect of such weakness on the entity’s control environment.Slide82
Standard on Internal Audit (SIA) 13Slide83
Enterprise Risk Management
Introduction
Process of ERM and Internal Audit
Scope
Maturity of ERM structure
DisclosureSlide84
Introduction
ERM enables management:To effectively deal with riskAssociated uncertainty and enhancing the capacity to build value to the entityTypes of Risks: Strategic
Operational
Financial and
KnowledgeSlide85
Process of ERM
Enterprise Risk Management is a structured, consistent and continuous process of measuring or assessing risk and developing strategies to manage risk within the risk appetite. Process consists of Risk identification, prioritization and reporting, Risk mitigation, Risk monitoring and assurance. Slide86
Scope of Internal Auditor’s Work
Risk maturity levelCompliance with the risk management policy In case of the risks covered by the internal audit plan:Assess the efficiency and effectiveness of the risk response.Assess whether the score of the residual risk is within the risk appetiteSlide87
Maturity of ERM Structure
Protects the enterprise against surprisesStabilizes overall performance with less volatile earningsOperates within established risk appetiteProtects ability of the enterprise to attend to its core business andCreates a system to proactively manage risks.Slide88
Disclosure
Assurance rating (segregated into High, Medium or Low) as a result of the reviewTests conductedSamples covered andObservations and recommendations.Slide89
STANDARD ON INTERNAL AUDIT (SIA) 14Slide90
INTERNAL AUDIT IN AN INFORMATION TECHNOLOGY
ENVIRONMENT
Matters to Consider
Planning
Nature of Risks
Reliability of ICS
Review of IT EnvironmentSlide91
Matters to Consider
The extent to which the IT environment is used The flow of authorised, correct and complete data to the processing centre.The processing, analysis and reporting tasks undertaken in the installation andThe impact of computer-based accounting system on the audit trail.Slide92
Planning
Information Technology Infrastructure Significance and complexity of computerised processing Determination of the organisational structure.Determination of the availability of dataSlide93
Nature of Risks
Lack of transaction trailsUniform processing of transactionsLack of segregation of functionsPotential for errors and irregularitiesInitiation or execution of transactions
Dependence of other controls over computer processing
Potential for increased management supervision
Potential for the use of CAAT.Slide94
Reliability of ICS
Authorised, correct and complete data is made available for processing.Timely detection and correction of errorsInterruption in the working of the IT environment .Accuracy and completeness of output.Adequate data security Unauthorised amendments to the programs
Safe custody of source code of application software and data files.Slide95
Review of IT Environment
System Audit reports Reports of system breachesReports of network failures/ virus attacks and threats to perimeter security.General controls Application controls
Business Continuity Planning, Crisis Management, Disaster Recovery Procedures.Slide96
STANDARD ON INTERNAL AUDIT (SIA) 15Slide97
KNOWLEDGE OF THE ENTITY AND ITS ENVIRONMENT
Introduction
Acquiring Knowledge of the Entity
Source of Information
Using the KnowledgeSlide98
Introduction
What constitutes the knowledge of an entity’s business.Importance to the various phases of an internal audit engagement .Techniques to be adopted in acquiring such knowledge.Identify appropriate, reliable and useful informationSlide99
Acquiring Knowledge of the Entity
Relevant industry, regulatory, and other external factors.Nature of the entity and its Business operations. Investment, Financing activities and Financial reporting.Accounting policies, Business risk, objectives and strategies of the entity.Slide100
Source of Information
Previous engagement experience Business plan/organisational structure and Internal documentation produced by the entity.Incorporation documents and Visits to the entity premises.Discussion with key management persons, statutory auditors, Suppliers, customers and third party agencies.
Publications related to the industry. Slide101
Using the Knowledge
Assessing risks and identifying key focus areas.Planning and performing the internal audit effectively and efficiently.Evaluating audit evidence.Providing better quality of service to the client
The information obtained should be adequately documented.Slide102
STANDARD ON INTERNAL AUDIT (SIA) 16Slide103
USING THE WORK OF AN EXPERT
Introduction
Need to use work of Expert
Skills and Competence of Expert
Evaluating the work of an Expert
DisclosureSlide104
Introduction
An expert is a person, firm or other association of persons possessing special skill, expertise, knowledge and experience in a particular field.Use expert if internal Audit Team does not possess the required knowledge.If Expert is engaged by the senior management or those charged with governance.Slide105
Need to use work of Expert
Factors to be Considered:Materiality of the item being examined.Nature and complexity of the transaction.
Risk of error.
Extent of Internal audit evidence available. Slide106
Skills and Competence of Expert
The expert’s professional qualifications or membership in an appropriate professional body. The reputation of the expert in the relevant discipline.The knowledge and specific experience of the expert in the industry to which the auditee entity operates.Slide107
Evaluating the work of an Expert
The objectives and scope of the workAccess to records, personnel and physical properties.The ownership and custody of engagement documentation and working papers.Confidentiality of the expert's workExpert’s relationship with the auditee
Confidentiality of the auditee’s information used by the expert.
Verify the source data used, assumptions made and methods used in obtaining the result.Slide108
Disclosure
Normally work of an expert is not required to be disclosed.Disclose the work if it is beneficial to the reader after obtaining Prior consent of Expert.Outline the assumptions, broad methodology and conclusions of the expert.Slide109
Standard on Internal Audit (SIA) 17Slide110
Consideration of Laws and Regulations in an Internal Audit
Scope and Objective.
Responsibility of Management
Responsibility of Internal Auditor
Types of Laws and Regulations
Compliance with Laws and Regulations.
Audit procedures in case of Non Compliance identified.
Reporting of non complianceSlide111
Scope
To consider laws and regulations when performing an internal audit. To test and report on compliance with specific laws or regulations.Non compliance- Acts of omission or commission by the entity, either intentional or unintentional, which are contrary to the prevailing laws or regulations.Non-compliance does not include personal misconduct by those charged with governance, management or employees of the entity.Slide112
Objective
To obtain sufficient appropriate audit evidenceTo perform specified audit procedures To respond appropriately to non-compliance or suspected non-complianceSlide113
Responsibility of Management
To ensure compliance with the provisions of laws and regulationsThis can be achieved by assigning appropriate responsibilities to the following: A compliance committee A audit committee.Slide114
Responsibility of Internal Auditor
Should not assume any accountability for risk management decisions taken by the management.Inherent limitations on the internal auditor’s ability to detect non-compliance:To many laws and regulations
Non-compliance may involve conduct designed to conceal it
Legal determination by a court of law.Slide115
Types of Laws and Regulations
Laws and regulations having direct effect on Financial Statements:Obtain sufficient appropriate audit evidence to ensure compliance.
Laws and regulations having no direct effect on Financial Statements:
Undertake specified audit procedures to identify non-compliance.
May have a significant impact on the functioning of the entity.Slide116
Compliance with Laws and Regulations.
Obtaining an Understanding of the Legal and Regulatory FrameworkLaws and Regulations having Direct Effect on Financials.Procedures to Identify Instances of Non-Compliance.
Non-Compliance brought to the Internal Auditor’s Attention through Other Audit Procedures
Written Representations
Internal Audit Procedures When Non-Compliance is Not Identified or
SuspectedSlide117
Internal Audit Procedures When Non Compliance is
Identified Indications of Non-Compliance with Laws and Regulations
Matters Relevant to the Internal Auditor’s Evaluation
Evaluating the Implications of Non-ComplianceSlide118
Reporting of non compliance
Reporting Non-Compliance to those Charged with GovernanceReporting Non-Compliance in the Internal Auditor’s ReportIf precluded from obtaining sufficient appropriate audit evidence then Report the same.If unable to determine whether non-compliance is due to limitations imposed by the circumstances / management then evaluate the observations and findings in accordance with SIA 4.