Internal Auditing for beginners

8/12/2019 Internal Auditing for beginners

http://slidepdf.com/reader/full/internal-auditing-for-beginners 1/72

Governance, Risk

Management & Compliance



Governance, Risk


Our Vision

To be the lead advocate, trainer

and practitioner in internal

auditing in Africa by providing

superior internal audit solutionsto the private and public sectors

as well as the third sector .



Governance, Risk


Our Mission

To engage internal audit leaders

and their customers; government

officials, corporate executives and

senior management in a constantdialogue on the position, role and

value of the internal audit

activity.



Governance, Risk






Governance, Risk


Course Overview

• Day One – Modern Internal Auditing – The Audit Process

– Risk Management and Risk Assessment

– Audit Planning

• Day Two – Process Documentation

– Audit Programs

– Audit Fieldwork

– Audit Reports

– Soft Skills



Governance, Risk


Module One

Modern Internal Auditing



Governance, Risk


Modern Internal Auditing

• Internal Auditing Defined

• Code of Ethics

• The Value Proposition of IA

• The Role of Internal Auditor

• The IIA Competency Framework

• Components of the Audit Model



Governance, Risk


Internal Auditing Defined

• “independent, objective assurance

and consulting activity designed to1add value and improve an

organization’s operations. It 2helps

an organization accomplish itsobjectives by bringing a systematic,disciplined approach to 3evaluate

and improve the effectiveness ofrisk management, control, and

governance processes”



Governance, Risk



Thewhat

The

how

The

why



Governance, Risk


What are we doing?

•1adding value and improving on

organisations operations –

• Making things better than whenwe met it.

Systems | Processes | Procedures



Governance, Risk


Why are we doing it?

•2helping the organization

accomplish its objectives

• How do you determineorganisational objectives?

• Gain a seat at the table



Governance, Risk


How are you doing it?

•3evaluating and improving the

effectiveness of risk

management, control, and

governance processes

• The triple magic wand



Governance, Risk


IIA Definition Logic

Helps the organizationaccomplish its objectives

Adding value and improving onorganisations operations

Evaluating and improving on the effectivenessof GRC processes



Governance, Risk



• “independent, objective assurance

and consulting activity designed to1add value and improve an

organization’s operations. It 2helps

an organization accomplish itsobjectives by bringing a systematic,disciplined approach to 3evaluate

and improve the effectiveness ofrisk management, control, and

governance processes”



Governance, Risk


Code of Ethics

• Principles and Rules

– Integrity

– Objectivity

– Confidentiality

– Competency



Governance, Risk


Code of Ethics – Principles

• Integrity

– The integrity of internal auditors

establishes trust and thus provides

the basis for reliance on their

judgment



Governance, Risk


Integrity Rules

• Shall perform their work with honesty,

diligence, and responsibility• Shall observe the law and make

disclosures expected by the law and the

profession• Shall not knowingly be a party to any

illegal activity, or engage in acts that are

discreditable to the profession of internal

auditing or to the organization

• Shall respect and contribute to the

legitimate and ethical objectives of the

organization



Governance, Risk



• Objectivity

–Internal auditors exhibit the

highest level of professional

objectivity in gathering,

evaluating, and communicating

information about the activity or

process being examined.



Governance, Risk


Objectivity Rules

• Shall not participate in any activity or

relationship that may impair or be presumed to impair their unbiased

assessment.

•

Shall not accept anything that mayimpair or be presumed to impair their

professional judgment.

• Shall disclose all material facts known

to them that, if not disclosed, may

distort the reporting of activities

under review.



Governance, Risk



• Confidentiality

– Internal auditors respect the value

and ownership of information they

receive and do not disclose

information without appropriateauthority unless there is a legal or

professional obligation to do so.



Governance, Risk


Confidentiality Rules

• Shall be prudent in the use and

protection of information acquiredin the course of their duties.

• Shall not use information for any

personal gain or in any manner

that would be contrary to the law

or detrimental to the legitimateand ethical objectives of the

organization.



Governance, Risk



• Competency

– Internal auditors apply the

knowledge, skills, and experience

needed in the performance of internal

audit services.



Governance, Risk


Competency Rules

• Shall engage only in those services

for which they have the necessaryknowledge, skills, and experience.

• Shall perform internal audit services

in accordance with the InternationalStandards for the ProfessionalPractice of Internal Auditing.

•

Shall continually improve their proficiency and the effectiveness andquality of their services



Governance, Risk


Internal Auditing is the

cornerstone for sustainable

organisational success

The IIA Value Proposition



Governance, Risk


Role of Internal Auditors

• Re- Corporate Governance

• Re- Risk Management

• Re- Fraud

• Re- Corporate Ethics

• Re- Internal Controls

• Re- Information Technology• Re- Financial Reporting

Th IIA Gl b l I t l A dit



Governance, Risk


The IIA Global Internal Audit

Competency Framework - 2013



Governance, Risk


Module Two

The Audit Process



Governance, Risk


The Audit Process

h d



Governance, Risk


The Audit Process

h l d



Governance, Risk


The Internal Audit Process



Governance, Risk


H di i d d



Governance, Risk


How an audit is conducted

Pl i



Governance, Risk


Planning• Distribute Audit Notification

•Conduct Pre-Audit Meeting

• Interview Department Personnel

• Review Policies and Procedures

•

Understand and Document theBusiness Processes

• Perform Risk Assessment

• Prepare a Detailed Audit Program

• Prepare audit budget (in hours)

• Select items to be Audited (samples,not 100%)

Fi ld k



Governance, Risk


Fieldwork• Review Supporting Documentation

•Interview department personnel

• Perform analyses

• Identify Exceptions

•

Identify Recommendations forImprovement

• Prepare Written Audit Comments (i.e.,findings)

• Department Provides WrittenResponse and Corrective Action Planfor findings

R ti



Governance, Risk


Reporting

• Issue a draft report

• Discuss draft report with unit

management

• Issue final report• Report is factual, clear, concise,

with an appropriate tone



Governance, Risk


Module Three

Risk Management/Assessment



Governance, Risk


A f thi b t Ri k



Governance, Risk


A few things about Risk

• What is Risk?

– The effect of uncertainty on an

objective

– Could be positive or negative

A f thi b t Ri k



Governance, Risk



• What is Risk Management?

– Coordinated activities to direct and

control an organisation with regard to

risk

Th Ri k M P



Governance, Risk


The Risk Management Process

A f thi b t Ri k



Governance, Risk



• What is Risk Management

Process? – Systematic application of management

policies, procedures and practices to

the activities of communicating,consulting, establishing the context,

and identifying, analyzing, evaluating,

treating, monitoring and reviewingrisk.

C t f Ri k A t



Governance, Risk


Components of Risk Assessment

• Risk Identification

• Risk Analysis

• Risk Evaluation

2013 COSO Internal Control



Governance, Risk


2013 COSO Internal Control

• Definition

• Pillars | Components | Standards

• Principles

The ORC Relationship



Governance, RiskManagement & Compliance

The ORC Relationship

• Group Work




Module Four

Audit Planning

Audit Planning




Audit Planning

• Annual Audit Planning

• Components of the Audit Project

Plan

Annual Audit Planning




Annual Audit Planning

• Risk Based Audit Planning

– Overview

Components of the Audit Project Plan




Components of the Audit Project Plan

• Audit Objectives

• Audit Scope

• Audit Methodology

• Audit Program

• Audit Time Budget

•Audit milestone dates

Audit Objectives




Audit Objectives

• General audit objectives

• Specific audit objectives

Audit Objectives




Audit Objectives

• Select one functional area in

your organisation and formulatea general audit objective and the

appropriate specific objectives

for that function




Module Five

Audit Programs

Audit Programs




Audit Programs

• Components of the Audit

Program

• Audit Objectives and Lines of

Enquiry

Components of the Audit Program




Components of the Audit Program

• the audit objective(s);

• the relevant line(s) of inquiry,

criteria, and audit questions;

• the information to be requestedfrom entities

• how the evidence will be

analyzed;

Example of Audit Program




Example of Audit Program

• Cash at Bank and on Hand

– Cash and bank.doc

http://localhost/var/www/apps/conversion/Course%20Materials/IInternal%20Audit%20101/I%20-%20Cash%20and%20bank.doc

http://localhost/var/www/apps/conversion/Course%20Materials/IInternal%20Audit%20101/I%20-%20Cash%20and%20bank.doc




Module Six

Process Documentation






• Process Flow charts

• Tools for Process Mapping

• System Narratives

• Interviewing Skills

Process Flow charts




Process Flow charts

• A Flowchart is a diagram that

uses graphic symbols to depictthe nature and flow of the steps

in a process

• This is very helpful in identifying

the risks embedded within the

process

Drawing a flow chart




Drawing a flow chart

• Start with the big picture

• Observe the current process

• Record process steps

• Arrange the sequence of steps

• Draw the Flowchart




Example – Washing of Hands




Example Washing of Hands




Module Seven

Audit Fieldwork

Audit Fieldwork




Audit Fieldwork

• Testing Controls – design and

operating effectiveness

• Techniques for gathering audit

evidence• Working paper preparation

Testing Controls – design and




Testing Controls – design and

operating effectiveness

• Group work.

• Design procurement (G1) and

recruitment and selection G2)

systems with requisite controls

for review by the audit team.




Module Eight

Audit Reporting

Why write internal audit reports?




Why write internal audit reports?

• Required by Standards.

• Inform- (Tell what auditorsfound)

• Persuade – (Convincemanagement of worth andvalidity of findings)

•

Get Results – (Movemanagement towards changeand improvement.)

Audit Reports




Audit Reports

• From issues to findings

• The Five Cs

• Reporting Formats

• Other Reports

From issues to findings




From issues to findings

• Findings are issues which are

fully developed to add value – Improve the current condition

The 5 Cs




The 5 Cs

Criterion

Consequence

Corrective action

condition

Cause

In a nutshell




In a nutshell

• What should be?

• What is?• Why the deviation from the “what

should be” occurred?

• What happened or could happenbecause the “what is” differed from

the “what should be”?

• What is needed to correct thecondition and improve operations?

Soft Skills




Soft Skills

• Team work

• Communication

• Discussion with delegates – Importance of teamwork and

communication

– Improving teamwork and

comunication

The End



The End

• Thank you for your time

Documents

Internal Auditing for beginners