Needed, risk-centric internal auditing
K. P. SHASHIDHARAN
Share · print · T+
K. P. SHASHIDHARAN Business landscape is rapidly changing, requiring
internal audit (IA) to play a proactive, catalytic role, enlarging its
scope and transforming into a value adding, strategic aid to
management. IA should be capable of contributing towards achieving the
core business objectives and governance by being the eyes, ears and
mouth piece to senior management, audit committee and board of
directors.
Besides ensuring reasonable assurance to integrity of financial
reporting, conforming to applicable rules, regulations, accounting
standards and principles; IA should assist the organisation in risk
management, preparation of sustainability reporting; establishing
reliable MIS and its alignment with business objectives and processes.
In cases of company's mergers and acquisitions, IA should come with
valuable suggestions, based on in-depth study, data mining and data
analytics.
IA must facilitate safeguarding entity's assets and help mitigation of
fraud, leakage and waste of resources.
competent internal auditors
The change in scope of IA demands placement of competent personnel for
conducting internal auditing, having relevant experience in different
domains of the business processes, including manufacturing,
engineering, marketing, and change management. The auditors have to
keep abreast with business dynamics, fill skill gaps and use advanced
computer-aided auditing techniques (CAATs), data mining, drilling,
extraction and analytics software to extend entire business activities
and conduct audit efficiently and expeditiously.
The IA professionals need to establish effective communication with
business units, external auditors and support audit committee and
board of directors in undertaking continuous review, monitoring and
initiating appropriate, timely detective, corrective and preventive
actions, bringing in quality governance and continuous improvement. It
is the indispensable responsibility of audit committee and board to
make certain that IA has clear mandate, scope, functional independence
and autonomy.
IA enables the company to avoid recurring product delays, cost
overruns, establishes regulatory compliance and avoidance of criminal
penalties, compensation and loss of image.
It enables crisis management and business continuity process; conducts
due diligence, detailed audit of outside contractors and actually
becomes a profit centre. IA may help reducing corruption, kickbacks
and enhance its value to business.
Standards for Internal Auditing (SIAs)
The institute of Internal Auditors (IIA) prescribes an external
quality assessment or peer review for internal auditing in every five
years. ICAI issued 17 Standards on Internal Audit (SIAs) for
undertaking effective internal auditing.
These SIAs cover entire gamut of IA including planning, documentation,
reporting, sampling, analytical procedures, quality assurance,
evidence, fraud and risk management. SIA 14 elaborates the procedure
to be followed while conducting internal audit in an IT environment
focussing on essential controls to be reviewed.
The audit committee and board expect IA to prepare a comprehensive
risk-based audit plan, inform directors about the tone of the
organisation, control processes, and provide insight, advice, and
assurance on enterprise risks.
External auditors, regulators, and others expect IA to develop and
regularly update a formal strategic plan, aligned with key
enterprise-wide objectives and stakeholder expectations.
IA should apply technology to conduct real-time reviews, escalate
issues, ensure compliance with standards and adopt formal
knowledge-management plan.
Internal auditing needs to adopt risk-centric approach and conduct an
annual enterprise-wide risk assessment to place robust controls.
Annual audit plan should be drawn on the basis of risk assessment in
consultation with audit committee, who will continually monitor,
review and track IA performance using management tools like balanced
scorecards.
IA should report directly to audit committee and board and able to
discuss issues without the presence of the management.
Number of audits conducted, key findings, recommendations accepted by
management along with average cycle time for engagements, average
reporting cycle time, and client satisfaction demonstrate the
effectiveness of internal auditing.
----------------------------------------------------------
The audit committee and board are responsible to make certain that
internal audit has a clear mandate, scope, functional independence and
autonomy.
----------------------------------------------------------
(This article was published in the Business Line print edition dated
December 5, 2011)
K. P. SHASHIDHARAN
Share · print · T+
K. P. SHASHIDHARAN Business landscape is rapidly changing, requiring
internal audit (IA) to play a proactive, catalytic role, enlarging its
scope and transforming into a value adding, strategic aid to
management. IA should be capable of contributing towards achieving the
core business objectives and governance by being the eyes, ears and
mouth piece to senior management, audit committee and board of
directors.
Besides ensuring reasonable assurance to integrity of financial
reporting, conforming to applicable rules, regulations, accounting
standards and principles; IA should assist the organisation in risk
management, preparation of sustainability reporting; establishing
reliable MIS and its alignment with business objectives and processes.
In cases of company's mergers and acquisitions, IA should come with
valuable suggestions, based on in-depth study, data mining and data
analytics.
IA must facilitate safeguarding entity's assets and help mitigation of
fraud, leakage and waste of resources.
competent internal auditors
The change in scope of IA demands placement of competent personnel for
conducting internal auditing, having relevant experience in different
domains of the business processes, including manufacturing,
engineering, marketing, and change management. The auditors have to
keep abreast with business dynamics, fill skill gaps and use advanced
computer-aided auditing techniques (CAATs), data mining, drilling,
extraction and analytics software to extend entire business activities
and conduct audit efficiently and expeditiously.
The IA professionals need to establish effective communication with
business units, external auditors and support audit committee and
board of directors in undertaking continuous review, monitoring and
initiating appropriate, timely detective, corrective and preventive
actions, bringing in quality governance and continuous improvement. It
is the indispensable responsibility of audit committee and board to
make certain that IA has clear mandate, scope, functional independence
and autonomy.
IA enables the company to avoid recurring product delays, cost
overruns, establishes regulatory compliance and avoidance of criminal
penalties, compensation and loss of image.
It enables crisis management and business continuity process; conducts
due diligence, detailed audit of outside contractors and actually
becomes a profit centre. IA may help reducing corruption, kickbacks
and enhance its value to business.
Standards for Internal Auditing (SIAs)
The institute of Internal Auditors (IIA) prescribes an external
quality assessment or peer review for internal auditing in every five
years. ICAI issued 17 Standards on Internal Audit (SIAs) for
undertaking effective internal auditing.
These SIAs cover entire gamut of IA including planning, documentation,
reporting, sampling, analytical procedures, quality assurance,
evidence, fraud and risk management. SIA 14 elaborates the procedure
to be followed while conducting internal audit in an IT environment
focussing on essential controls to be reviewed.
The audit committee and board expect IA to prepare a comprehensive
risk-based audit plan, inform directors about the tone of the
organisation, control processes, and provide insight, advice, and
assurance on enterprise risks.
External auditors, regulators, and others expect IA to develop and
regularly update a formal strategic plan, aligned with key
enterprise-wide objectives and stakeholder expectations.
IA should apply technology to conduct real-time reviews, escalate
issues, ensure compliance with standards and adopt formal
knowledge-management plan.
Internal auditing needs to adopt risk-centric approach and conduct an
annual enterprise-wide risk assessment to place robust controls.
Annual audit plan should be drawn on the basis of risk assessment in
consultation with audit committee, who will continually monitor,
review and track IA performance using management tools like balanced
scorecards.
IA should report directly to audit committee and board and able to
discuss issues without the presence of the management.
Number of audits conducted, key findings, recommendations accepted by
management along with average cycle time for engagements, average
reporting cycle time, and client satisfaction demonstrate the
effectiveness of internal auditing.
----------------------------------------------------------
The audit committee and board are responsible to make certain that
internal audit has a clear mandate, scope, functional independence and
autonomy.
----------------------------------------------------------
(This article was published in the Business Line print edition dated
December 5, 2011)
No comments:
Post a Comment