Assurance Services
Assurance on risk exposures in dynamic contexts is the expectation of Boards today. It therefore demands a superior understanding of business environment and business management practices including people dynamics. The Institute of Internal Auditors, Inc., Florida USA has released the Standards for Professional Practice of Internal Auditing for guidance of Internal Auditors globally. We adopt the same in our work methodology at all times and remain at the cutting edge of technology in the field of Internal Audit. Risk based Internal Auditing is implemented at client locations within the respective organization contexts. ISO 31000 is taken as a guiding framework towards structuring Risk Assessments for Audit Planning and Control Evaluation. The audit process includes implementation of latest techniques like Control Self Assessment and productivity enhancement CAATs.
Objective, Scope and Methodology for an IA assignment
OBJECTIVEConduct Internal Audit combining a Strategic Business Approach and a Transactional Audit Approach with a view:
- Effectiveness and efficiency of operations
- ascertain areas of cost savings and profit improvement
- ascertain areas for process improvements – elimination of duplication, elimination or reduction of non value added activities
- Compliance of laws, rules and regulations – particularly the accuracy of returns filed under VAT and Excise
- Reliability of financial reporting
- Safeguarding of assets
SCOPEThe scope of work will cover audit areas as given below. The audit period for each area covered will be till the end of previous month relative to the month in which the audit will be done. The audit will be done as per an Annual Audit Plan which will outline the audit areas to be undertaken during the period. The areas selected will be in a way that all audit areas are covered over a period of 3 years.
APPROACH & METHODOLOGYThe key phases of the audit process will be planning, fieldwork, reporting and feedback. Throughout these phases we will emphasize on:
- Continuous co-ordination with operational and top management
- A combination of awareness, business knowledge and professional judgement ensuring relevance of activities
- “Leaving things a little better than we found them” attitude
- Obtain copies of SOP’s and Policy Circulars as they relate to the location where available. Have a discussion on practices with the management and functional heads at the location for the area of audit.
- Conduct a Pre Audit Meeting with the audit location management to –
- Inform the Audit Scope and Coverage
- Understand the existing Organisation Structure particularly the key personnel in various departments
- Obtain the operating performance of the property vis a vis business objectives as they relate to the areas under audit or affect the areas under audit. Interact with the audit location management for an understanding of the operational realities within which the activities are being performed.
- Define Checklists for audit covering the audit areas including sampling plan for transactional audit based on the SOP’s, Policy circulars and information received during Pre Audit Meeting. Discuss the risk profile for each area considering the overall risk assessment of the management for the organisation. At this stage a general identification of areas for use of Data Analytics will be done. In addition analysis would be done as the need arises during the reviews.
- Establish the audit schedule for each audit area and intimate the audit coordinator at the audit location.
- Conduct documentation, data analytics, transaction reviews and vouching as per the defined sampling plan
- For Data Analytics, IDEA – Data Analysis Software will be used for detailed reviews
- Identify deviations from established policy norms and any other opportunities for improvement or cost savings
- Discuss the deviations with officials to identify reasons for the same
- Analyse the reasons for identifying improvements related to policy changes, human resources training matters, changes in reporting or improvement in software application used
- Discuss the avenues for cost savings or issues having revenue implications and other improvement opportunities
- Reporting to management will be a continuous process throughout the audit. Matters will be brought to the management’s attention with the urgency they require
- Draft Report will be prepared after all audit issues have been discussed and circulated for review of the auditee and discussion at the Closing Meeting in 5 days time. This report will highlight the weaknesses and gaps in the existing systems and recommendation for improvement thereon on exception basis
- In the Exit meeting, the draft report observations, recommendations and management response will be discussed and draft finalised. Based on acceptability of the recommendations clearly identify person responsible for implementation with specified time frames
- The final draft will be circulated to all concerned for their final comments, if any to be submitted within 5 days. In case no comments are received within 5 days, the report will be considered as final and distributed to the Management
- Report sign off by Auditees
-
Deliverable
'Audit Report' containing- Title Sheet – Providing the audit details
- Executive Summary
- Introduction – Context of review
- Control Weaknesses and gaps – Main Report
- Recommendations on exception basis – Main Report
- Auditee Comments – Main Report
- Task Sheet – Action plan for Compliance monitoring
- Information Section – Matters that require highlighting
- Annexures – Data explaining observations in main report
We also conduct training programmes for Internal Audit and IS Auditing personnel and preparation of Framework for efficient and effective Internal Audit after studying the needs of the organisation. Please refer section on IA Training.
The guiding philosophy of Sama is to render specialised and tailor made services with a down to earth approach. Do give us a call to understand how we can be of help to your organisation in providing or strengthening assurance.