View
118
Download
5
Category
Preview:
Citation preview
Internal Audit, IS Audit, Risk Assessment & Internal Controls Review
Approach note
Olives & Berries Consulting | December 2018
2
Internal Audit
3
Internal Audit – Strategic Foundation
Internal Audit can deliver the greatest value to an organization when its mission, vision and
strategies are aligned with expectation of its stakeholders. Potential areas of values
provided by Internal Audit are:
Consulting Services
Risk and Performance metric assessments
Strategic Initiative Reviews
IT Pre-Implementation Reviews
Governance, Risk and compliance Initiatives
Assurance Services
Governance, Risk Management
Internal Controls
Systems & Processes, Compliance Programs
Enterprise Talent Development
Leadership
Management
Staff
4
Risk Based Audit Approach & ScopeWhile Internal Audit often has to support non negotiable areas like SOX and other regulatory compliance it has an
opportunity to increase risk coverage and performing audits across company’s value chain. The risk sensitive cockpit chart
depicts risk by functional area of business and our scope of audit engagement to provide assurance over these emerging
risks related to function
Fraud &
Corruption
Tax
Sustainability
Accounting
Finance
Procurement,
Facilities &
Library
SOD/Access
Mgt./Policy
Implementation
IT Risk
Management
Student
Registration,
Academics,
Student
Engagement
Human
Resources
Information
Security
Social Media &
reputation
Mgt.
5
What do we deliver making Audit Impactful
Accounting• Accounting Policy Review
• Statutory Risk Assessment
• Compliance to Accounting Standards
Global Benchmark Perspectives
of Impactful Audit
Scope O&B Internal Audit Evaluates
• Defined accounting policies of Entity
• Changes required for accounting policies to
incorporate IFRS updates
• Order to Cash Cycle (Billing, AR)
• Assurance on revenue recognition
• Process on Expenses booking
• Inherent risks of Statutory
reporting requirements
• Lease Accounting
• Approval matrix compliance
• GL Reconciliations
• Disclosures in Financial
Finance
• Analysis of FP&A process
• Capital Allocation Review
• Costing Review
• Treasury Process Review
• Finance process Benchmarking
• Accuracy of Budgeting Process
• Controls for accuracy and completeness of
budgeting process
• Capital allocation process, investment
appraisals
• Controls related to Margin analysis
• Opportunities for automation of finance
process. Benchmarking with peers in
industry
• Profitability of courses, project,
recipe
• Accuracy of cash forecasting
• Controls in place to assess
treasury process
• Process of MIS and control in
place for accurate Mgt.
reporting & MIS review
effectiveness
Tax
• Transfer Pricing Audit
• Tax Data Assessment
• Tax Compliance Audit
• Indirect Taxes
• Data needed for transfer price profitability
is accurate and complete
• Are controls in place within the business to
monitor TP compliance
• Is MOF valuation rules for TP is in
consistent with Entity way of arriving at TP
• Process efficiency to compile data for direct
taxes for effective compliance
• Process to compile tax deduction at source
for foreign service vendors
• Data needed for indirect taxes
is captured accurately
• Controls to check if indirect
taxes are being calculated
accurately on transaction basis
• Gaps in efficiency of controls
for both direct and indirect
taxes in assessments and
accounting
6
What do we deliver making Audit Impactful
Sustainability• Energy Management Review
• Corporate Responsibility Review
• Conflicts of Interest Review
Global Benchmark Perspectives
of Impactful Audit
Scope O&B Internal Audit Evaluates
• Key performance and indicators for
corporate social responsibility
• Is CSR in line with company mission and
compliance guidelines
• Does entity have defined usage/reduction
goals and key metrics to measure
• Role of individuals in energy conservation
• Organization’s Quality metrics,
KPI review
• Process in place for conflicts of
Interest disclosures by
employees, Directors, vendors.
Customer,
Student
Registrations
• Product, Courses, Programmes Innovation
• Marketing Effectiveness
• Sales Performance Mgt.
• Pricing Compliance and Strategy
• Marketing activities in line with company
policies and process
• Are advertising, promotional vendors
delivering based on contractual terms
• Effectiveness of discounts, commissions to
sales network partners and associates
• ROI on marketing spends
• Accuracy of calculation of Incentives,
commissions to staff, dealers, network
partners
• Success of failures of products,
Projects, recipes is measured
continuously
• Information availability for
pricing decisions
• Controls in place for pricing
approvals, rebates, discounts
and incentives
• Course profitability &
sustenance on new courses
Fraud &
Corruption
• Supplier Management Review
• Whistleblower Audit
• Fraud Prevention Assessment
• Process of accepting new vendors
• Controls in place in evaluation of new
vendors
• Regulatory requirements in terms of Anti
corruption and Bribery
• Fraud control and Prevention Assessments
• Process of whistle blower to provide
feedback to entity
• Review of Conflicts of Interest and
opportunities for Quid pro Quo
• Process of following up on
complaints received from
whistleblowers
• Persons responsible for Entity’s
compliance program
• Protection and sensitivity of
data and person reporting as
whistleblower.
7
What do we deliver making Audit Impactful
Procurement,
Facilities &
Library
• Contract Management
• Operations Planning
• Supplier Risk Management Review
• Wastages Review
Global Benchmark Perspectives
of Impactful Audit
Scope O&B Internal Audit Evaluates
Human
Resources
• Incentives & Compensation Audit
• Employee Mobility review
• Talent Management & Succession Planning
• Who all participate in purchasing other
than procurement?
• Basis of selection of a vendor, competency,
price, previous experience
• Process and controls to ensure contracts
are reviewed and approved
• Is procurement buying optimal as per the
sales and academics program and Plan?
• Is Food wastages are as per normal yield?
• Is organization getting
benefits of volume discounts
• How are conditions in contract
complied and monitored?
• Process for continuous
negotiation for better prices
from vendors and service
providers
• Procure to Pay Audit Cycle
SOD/Access
Mgt. & Policy
Implementation
• Segregation of Duties (SOD) Review
• Role Based Access
• Policy and Approval Matrix Audit
• Hiring to Payroll Audit Cycle
• Process of Performance rating & Employee
evaluation
• Objectiveness of KRA setting for employees
• Entity in compliance with immigration laws
• Employee Attendance
Management reviews
• Process of employee
background check
• Succession strategy for
addressing skill shortages
• Whether organization design roles that
creates inherent SOD issues?
• Actions taken when SOD conflicts are
identified?
• Does IT has implemented role based access
to SIS, Navision, Banking and other IT
applications?
• Compliance to Authority and
approval matrix
• Compliance to Academic and
commercial policies
8
What do we deliver making Audit Impactful
IT Risk
Management
• IT Governance Audit
• IT risk management & Assessment
Global Benchmark Perspectives
of Impactful Audit
Scope O&B Internal Audit Evaluates
Information
Security
• Vulnerability assessment
• Threat and Vulnerability Mgt.
• Information Security assessment
• BCP & Disaster Recover Audit
• Process of Identification of IT Risks
• Risks identified being remediated or
accepted
• Maturity of Entity for using GRC software
• How often IS Audit is conducted?
• Roles of data administrator, data architect
,data programmer & data analyst are
clearly defined and all have need to know
access to Information
• Formalized Process to Govern
IT exists
• Review of IT policies and
procedures
• Opportunities to increase
business confidence on IT
Governance and process
• IT contract management
Review
Social Media &
Brand
Reputation Mgt.
• Social Media Risk Assessment
• Social Media Governance Audit
• Organization's response time in terms of
intrusion detection
• Assessment of vulnerabilities and how the
same are exploited
• Methods to diffuse Info. Security attack on
organization
• Comprehensive Threat and Vulnerability
management Program
• How well Entity assess and mitigate
threats?
• Software codes and programs in
production and testing environment
• Disaster Recovery Plans (DRP)
are aligned with BCP and
tested
• Is Critical systems defined and
included in BCP and DRP?
• Is Business Continuity Plan
(BCP) in place and tested?
• Does BCP, DRP and crisis
mgmt. involved right functions
and people?
• IT security policies known to
employees
• Risks related to social media and
management of the same
• Social media activities are aligned to
Entity’s policy
• Risk Gaps resulting in existing activities
affecting brand and reputation
• Governance process exists
within organization for Social
Media
• Policies known to employees
9
O&B – How to do we deliver it rightInternal Audit Methodology
Standards & Frameworks
• International Professional Practices
Framework by IIA
• COBIT 5.0 by ISACA
• COSO
Infrastructure
• ACL, Excel, Visio, R , Python, SQL
• Computer Assisted Audit
Techniques (CAAT’s)
Audit Programs,
controls testing
templates, peer
reviews
Internal Audit
Structure,
Organization &
People
Internal Audit
Charters &
Policies
CAAT’s, Data
Analytics,
Technology
enabled Audit
Performing the Audit
• Risk Based Audit Plan
• Best of standard Audit program,
SOX controls testing templates,
Actionable Reports
Establish
Planned Scope
of Audit
Assess Risk
Maturity of
Entity
Update Audit
Planning &
Program
Process Walk
through, Testing
of controls
Analytical
procedures &
verification of
evidences
Assess and
evaluate
residual risks
Conclusions on
Mgt. responses
Audit Report to
Mgt. and Audit
committee
10
O&B – How to do we deliver it rightHow are we different
• Our Audits are concentrated over entire processes and value chain of our clients and is
Quality, Efficiency , Value and Effectiveness focused
• We use Industry standard control frameworks, methodologies and follow Knowledge
leaders like IIA and ISACA and base our professional practices
• Extensive use of Data analytics and technology in our Audits which enables synthesizing of
data and thereby interpreting trend and risk patterns & behaviors
• Highly skilled, Professional and Ethical Team of Practice leads and Associates
11
Illustrative outputs
12
Illustrative outputs
13
OnB
14
Our team has worked on these clients
ABBAgni
PropertiesAircel -Maxis
American Express
ANZ Ascendas Axa Axiata
Bharti Airtel Blue DartDelphi Diesel
SystemsDLF DST
EconetZimbabwe
Etisalat Fidelity
Financial Training Institute
FlipKartGATI
KintetsuGeneral Motors
Hewlett Packard
IBM IMI MobileIndian
School of Business
KennametalLN Bangur
GroupMarutiSuzuki
Microsoft MTN GroupMTS
(Systema)Neotel
South AfricaNestle
NetAppNokia
Siemens Networks
NowFloats OpenText Ola Rane Group Reliance JioRockwell Collins
Saudi Telecom Company
SLK SnapDeal SonySri
ChaitanyaVarsity
TanlaMobile
Solutions
Tata (TTSL & Tata Sky)
Tata Motors
Telkom South Africa
Toyota TVS groupUninor
(Telenor)Vedanta Vodafone Xiaomi Yatra
15
Vikram R Sreedhar: Partner
EXPERTISE SUMMARY
Designed, implemented & Managed Financial Planning and Analysis and MIS
across Manufacturing, Health Care, Retail, IT & Engineering sectors
Designed ,implemented & Managed Activity Based costing & Standard Costing
Systems in Manufacturing, Engineering & Health care sectors.
Conceptualized, Implemented & Managed new Enterprise Resource Systems in
manufacturing, retail and health care Sectors in India.
Developed Business Valuation models in Retail, Engineering & health care sectors.
Designed and developed statistical data analytics to seek optimizations in factors
underlying price, cost considerations & efficiency in operations across
manufacturing, retail & health care sectors.
Designed and developed Fraud investigative tools to address inherent business
and transactional risks. Experience of Investigating more than 60 fraud across
manufacturing, Engineering, Retail and Health care sectors
Conceptualized and implemented GST Solutions for health care sector.
Managed Tax Audits and Indirect Taxation Compliance
Optimized lead times in production & operational parameters in Manufacturing &
Engineering sectors through Value Chain Analysis, Transportation algorithms 6
Sigma tools & Linear Programming.
Managed Internal Audit & IS Audit Assignments across industries
Developed Data Visualization applications for Educational Services organization.
Developed and Managed Predictive Analysis and Machine learning Algorithms to
solve operational issues in disease prediction, customer churn & Maintenance
management. Developed credit score for credit card customers in Banking &
Financial Sector
AREAS OF EXPERTISE
Financial planning & MIS
Direct, Indirect Taxation
Financial & Business Modelling
Financial & Corporate Valuations
Internal Audit , IS Audit and Risk Management
Forensic Services and Fraud Risk Management
Data Analytics, Machine Learning, Predictive Analytics
INDUSTRY EXPERTISE
Manufacturing, IT / ITES, Engineering, Retail,
Healthcare, Educational Services, F&B
EDUCATION & PROFESSIONAL QUALIFICATIONS
Certified Chartered Accountant (ACCA)
Associate Cost & Mgt. Accountant (ACMA)
Certified Internal Auditor
Certified Information Systems Auditor
Certified Fraud Examiner
PG Diploma in Data Analytics (IIIT-B)
PG Diploma in Business Administration
16
Ritesh Agrawal: Partner
EXPERTISE SUMMARY
Managed Budgeting and Financial Planning for one of the largest corporate groups
in Africa in the communications sector
Delivered compliance management for one of the largest agri based business
houses in India. Engagement involved reviewing business processes and operations
and streamlining related compliances
Managed an Analytics based Revenue Stream review (end-to-end) for the largest
telecom services operator in Africa. This worked on offshore data handling
capabilities, and required root cause analysis for every exception noted, on a
continuous basis.
Managed Business Unit wise separation of financials of the largest telecom operator
in Middle-East. This involved bifurcation of revenues into Business Units using
Analytics and formulation of a tool to enable accounting separation by the Company.
Leader for analytics solution at a Big4 accounting firm in India – for Internal Audit
and Risk reviews. During this, Ritesh formulated, designed, set-up and
operationalized the analytics tool and function for Internal Audit
Managed review of deferred revenue accounting process for prepaid business in
South Africa’s largest fixedline operator. The scope of this engagement included
forensic investigation of the perpetrators that have effected change in voucher
status
Managed a analytical review of telecom MIS for one of the largest telecom operators
in Africa and middle-east. The assignment involved understanding the key MIS
parameters, identifying relevant sources for MIS compilation, understanding the
systems used by the operator and ensuring accuracy of the MIS prepared. It also
involved data analysis and trend analysis of the MIS data and its source data to
facilitate in concluding upon the accuracy and relevance of the various KPIs
reported
AREAS OF EXPERTISE
Financial planning & MIS
Compliance Management
Analytics, Automation and IoT
Internal Audit and Risk Management
Cyber Security and Information Risk Management
Forensic Services and Fraud Risk Management
INDUSTRY EXPERTISE
Manufacturing, E-commerce and Agri-based sectors
Technology , IT / ITeS
EDUCATION & PROFESSIONAL QUALIFICATIONS
Chartered Accountant (ICAI)
Certified Internal Auditor
Certified Information Systems Auditor
ISO27001: Lead Auditor
17
Thank You
Ritesh AgrawalPartnerOlives & Berries Consulting
+91 9886709583ritesh@onbconsulting.com
Vikram R SreedharPartnerOlives & Berries Consulting
+91 9986633794vikram@onbconsulting.com
Office:
Olives & Berries ConsultingLorven Co Works#756, 2nd Floor, 10th Main, Jayanagar, 4th BlockBangalore 560011
Recommended