part 2 main features of the internal audit...

41
1 Part 2 Main features of the internal audit function The institutional framework (slides 3 to 18): 1. Legal basis 2. Auditing Standards and Code of ethics 3. Audit charter 4. Audit manual The basic methodology for performing the internal audit function (slides 20 to 40)

Upload: lekien

Post on 03-May-2019

220 views

Category:

Documents


0 download

TRANSCRIPT

1

Part 2 Main features of the internal

audit function

• The institutional framework (slides 3 to 18):

1. Legal basis

2. Auditing Standards and Code of ethics

3. Audit charter

4. Audit manual

• The basic methodology for performing

the internal audit function (slides 20 to 40)

The institutional framework

3

Legal basis

• The position of the audit function in the management shall be defined by law

• In particular the law shall outline the institutional arrangements, define auditors’ authority and competence, and entitle them to have access to any register, document or file

4

Auditing standards and rules of

ethics

Internal audit shall be performed

• based on standards, which are usuallybeen set up in accordance withinternationally recognised Standards

• and according to rules of ethics.

5

What are standards?

The purpose of Standards is:

• to delineate basic principles that represent the practice as it should be,

• provide a framework for performing and promoting activities,

• establish the basis for measuring performance, and foster improved organizational processes and operations.

6

Internationaly Recognised Auditing

Standards

The most largely disseminated auditingstandards are those issued by the Instituteof Internal Auditors (IIA): the « International Standards for the practice of internal audit »

The IIA is a widely recognised standards setter; at the outset created for the private sector, its guidance has been extended to the public sector.

7

Internationaly recognised auditing

standards

According to the IIA, Auditing Standards consist of:

• Attribute Standards,

• Performance Standards,

• Implementation Standards.

8

Attribute Standards

Attribute Standards address the characteristics of units performing internal audit activities. They mainly cover:

1) independence and objectivity and

2) professional proficiency

9

Attribute Standards

• Independence and objectivity

Internal auditing is an independent and objective assessment: the internal audit unit is not involved in the internal control process which it is required to assess. On the contrary it acts independently from the managerial structure. It directly reports to the head of the entity.

• Professional proficiency

The internal audit activity shall possess or obtain the knowledge and skills needed to perform its responsibilities and apply due professional care.

10

Performance Standards

• Performance Standards describe the nature of internal audit activities and provide quality criteria against which the performance of audit services can be evaluated. They mainly cover:

• scope of work,

• performance of audit work and

• management of the internal audit activity

11

Performance Standards

• Scope of work

• No activity is excluded from the audit scope; any process or operation may be considered for review following the risk assessment ; the auditor shall have unrestricted access to all files and documents

12

Performance Standards

• Performance of audit work

• The internal audit carefully examines the risk

assessment performed by the management and

produces its own risk assessment

• All stages of audit work (planning, testing,

reviewing, reporting) shall be performed with

due professional care, in accordance with

appropriate professional auditing practices, as

described in the Audit Manual.

13

Performance Standards

• Management of the internal audit activity

Adequate resources shall be given to the audit units.

Hiring and training an adequate number of auditors shall endeavour to create an audit structure with a critical mass.

14

Implementation Standards

• Implementation Standards apply to specific types of audit engagements

There are multiple sets of Implementation Standards: a set for each of the major types of internal audit activity

15

Code of Ethics

The purpose of the Code of Ethics is to promote an ethical culture in the internal auditing profession .

The IIA also has issued a Code of Ethics: This code contains:

• Principles relevant to the profession and practice of internal auditing,

• Rules of Conduct that describe behaviourexpected of internal auditors.

16

Code of ethics

• A code of ethics applies both to the audit

entities and to the individuals.

• It defines principles:

1. Integrity

2. Objectivity

3. Confidentiality

4. Competency

• It describes rules for applying these principles

17

Audit charter

The audit charter is approved by the Head of the agency

It addresses:

• Objectives

• Scope

• Authority and responsibility, (including provisions on the audit network)

of Internal Audit

It is a used as a framework for the relations between the auditor and the audited party

18

Audit manual

The key function of the audit manual is to give practical guidance on good audit practices

• It sets out audit requirements and procedures

• It describes the methodology in accordance with the auditing standards

• It outlines the main issues faced in performing audit

The basic methodology for

performing

the internal audit function

20

The basic methodology for

performing

the internal audit function

• Organisational features

• Internal audit annual planning

• Internal audit process

• Internal audit reporting, supervision andfollow-up

21

Organisational features (1)

Position of the Internal Audit in the organisational

structure :

According to the International Standards the

internal audit function within an administrative

entity is directly placed under the authority of

the head of the entity:

• Minister

• Head of the agency

• Head of the regional body

22

Organisational features (2)

Why this position ?

To ensure:

• An independent view on the control system

• An assurance given to the head of the entity (the manager)

• A set of recommendations for improvingthe internal control

• A dialog with the head of the entity

23

Organisational features (3)

• Usually a network is established,

- linking the agencies auditors to the line Ministry audit unit

- and the line Ministry Audit unit to a central body in the Ministry of Finance

(This important point will be addressed later in the part 3 of the presentation )

24

The annual audit plan

• The audit unit prepares an annual audit plan, which shall be endorsed by the Head of the Agency

• This plan is established according to the risk assessment performed by the audit unit itself (this assessment may be different form the assessment performed by the management)

• The Head of the Agency may supplement this audit plan. This plan may also be adapted during the year according to circumstances

25

The three main types

of internal auditThe three main types of internal audit are:.

• Compliance audit: assesses compliance in relation to applicable laws, rules, regulations and also standards and good practices.

• System-based audit: examines the soundness of internal controls put in place by the management.

• Performance audit: assesses the result of management action against the objectives of the management and the resources placed at its disposal

26

The main stages of the internal audit process

• The opening meeting

• The understandig of the business (analysis of

the objectives and riks of the management)

• The identification of the internal control process

• The testing, core audit process

• The closing meeting

• The final report

• The follow up of the recommendations

27

The opening meeting

The auditor and the audited party shouldagree in a opening statement

on the main features of the internal control system to be audited

• on the risks to be analysed

• On the objectives of the audit

• On the date of the production of the draftreport

28

Understanding the internal control system

• The auditor needs to have a comprehensive and pertinent understanding of the business (control environment, control objectives, risks)

• He shall have a thorough insight of the audit trail

• For theses purposes he shalldevelop a good collaboration with the auditee

29

The identification of the internal

control system

• No appropriate testing without a preliminary assesment of the audit trailbuilt by the manager

• Who (is responsible for….)

• What (….which operation…)

• Why (…for achieving which objectives …)

• Where ( with which risk in mind….)

• How (with which procedures, controls, systems....)

30

Evaluation of controls

5 Final evaluation

Including draft recommendations

4 Testing3 Initial evaluation of the controls

2 Existing controls

1 Risks to the objectives of the system

31

The tests, core process of audit (1)

• A total independance in preparing andperforming tests

The auditor

– has a free access to

– and performs an independant evaluation of

all files, documents, tables and any kind of

information he requests from the

management

32

The tests, core process of audit (2)

• A field work (tests), performed in close contact with the management

• A reasonable scope of the tests (commensurate to the nature andimportance of the risks) for giving a reasonable assurance.

• A basis for recommendations for improvement of the internal control system

33

Sampling for performing tests

• As it is too cost effective ant time consuming to check all transactions, statistical sampling is a standard method for auditing

• Size of the sample and method of sampling shall be determined according to the nature of risks and various circumstances

• In any sample, it is advisable to include the largest transactions

• In case of risk of fraud, every transaction may be included

34

The closing meeting

A key phase in the audit process ; why?

1. The first presentation of allrecommendations to the manager in a structured way in the DRAFT REPORT

2. An opportunity for the manager to challenge the conclusions of the auditor

After this meeting the audit team producesits FINAL REPORT

35

The working papers

• Why : because evidence shall be provided for supporting all findings of the report

They include in particular

• Background documentation

• Audit planning information

• Control analysis

• Testing and audit evidence

36

Audit reporting, supervision and

follow-up

• FINAL REPORT includes, with the opinion, recommendations agreed on by the manager (facts from which recommendations are derivedand timetable for the implementation ofrecommendations should also be agreed on)

• It should be a milestone in the road of the management towards a more efficient andeffective management

• It is the reference document for the next audit of the same or a similar topic

37

Audit supervision

The auditor (or the team of auditors) performs the audit under his own responsibility)

Supervision is needed

• for maintaining the quality of work

• for ensuring that conclusions are relevant and adequately evidenced

38

The follow up of the recommendations

• Management is responsible for ensuringthat corrective action is taken

• Plans of implementation and follow upof recommendations are critical for monitoring the implementation of internalaudit recommendations

39

Relations with the inspection

function in case of fraud

• Fight against fraud is vital for the proper management of public finance

• Various arrangements can take place according to the institutional framework. However some key principles shall be applied:

Next presentation

Challenges and achievements in responding to International

Standards:some national experiences and their

lessons

41

Relations with the inspection

function in case of fraud

1. Auditors help to detect and limit the opportunity for fraud. However they are not well equipped for combating fraud

2. Where they encounter fraud, they must refer to the head of the entity and eventually to the inspection function

3. Relations between the internal audit function and the inspection shall be confident. However they shall be governed by procedural rules considering the specific remit of both functions