Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
Apr 25, 2015 1
Preeti Cherian
Senior Manager – Audit & Advisory
CNK & Associates LLP
Apr 25, 2015 2
Why does one go to a doctor?
For health certification
For treatment of disease
For surgery
For health check up
For vaccination
For a cup of tea…
Apr 25, 2015 3
Why does one go to adoctor?
For health certification
For treatment of disease
For surgery
For health check up
For vaccination
For a cup of tea…
Why does an organization seek IA?
For compliance with law
For solving known problems
For drastic action-emergency
For assurance & early alerts
For prevention For a cup of tea…
Apr 25, 2015 5
Back to the Basics: Definition of Internal Audit
“Internal auditing is an independent, objective
assurance and consulting activity that adds
value to and improves an organization’s
operations. It helps an organization accomplish
its objectives by bringing a systematic,
disciplined approach to evaluate and improve
the effectiveness of risk management, control
and governance processes.”
Apr 25, 2015 6
Compliances –
external and
internal
Risks and controls
Optimization of
resources, costs
and processes
Governance
processes and
ethical practices
Apr 25, 2015 7
External Compliances
Understanding the regulatory framework
Identifying critical compliances that pose
significant risks
Ensuring adequacy of processes to confirm
compliances in normal course
Reporting on compliances
Apr 25, 2015 8
Internal Compliances
Presupposes documented policies and
procedures (SOPs)
IA reviews compliances with internal policies
for key processes
IA identifies design deficiency in documented
policies
Deviation identification, root cause analysis,
preventive and corrective action
Apr 25, 2015 9
Controls are the heart of IA:
Understanding of the risk framework must precede evaluation of controls
Controls must be established and working,i.e., designed, implemented and internalized
Controls must be re-evaluated for efficiencyand cost-effectiveness
Controls must be understood – both by the IA and the users
Apr 25, 2015 10
IA must enable the organization to answer:
Am I making the best use of my resources?
Am I creating products/services at the optimumfinancial cost?
Am I ensuring that I am not creating a socialcost or an environmental damage through myprocesses?
Am I getting the best effort-to-yield ratio?
Apr 25, 2015 11
At the pinnacle, IA reviews and reinforces the ethical codeand the governance processes by ensuring that:
All organizational initiatives are backed by the values andprinciples that the organization believes in
Organization promotes socially and ethically responsiblebehavior
Governance processes are well defined and effective
Participation in initiatives such as insider trading policy,whistleblower’s policy, employee enrichment programmesand CSR initiatives
Apr 25, 2015 12
Assurance on compliances
Risk Mitigation
Resource optimization
Controls
Governance
Let’s have an IA sign-off to be sure
Let IA check whether we are OK on risk control measures
Let’s hear out IA on what other companies are doing
Please tell us if we have missed out on anything?
Are we working for a Company which can boast of the best governance standards?
Apr 25, 2015 13
Well defined organization structure and authority-
responsibility structure
Business plan and objectives
Risk Management Policy and assessment of risks
Documented, updated internal policies for all key
operational areas
Comprehensive system documentation indicating
control points
Apr 25, 2015 14
Organizational awareness of compliances, controls
and risks
Clearly defined internal audit charter outlining
authority, responsibility and expectations of IA
Commitment from the top management,
acceptance at the operational level.
Apr 25, 2015 15
Apr 25, 2015 16
Policies and procedures adopted to ensure:
Orderly and efficient conduct of its business,
Adherence to company’s policies,
Safeguarding of its assets,
Prevention and detection of frauds and errors,
Accuracy and completeness of accounting
records, and
Timely preparation of reliable financial information
Apr 25, 2015 17
Apr 25, 2015 18
Senior Management-
Operations & Business Units
Risk Control and
Compliance Functions
Independent Assurance
(Internal Audit)
Regulator
Statutory Auditor
Apr 25, 2015 19
IA is one on of the 4 pillars on which thesuperstructure of Corporate Governance isbuilt….
Apr 25, 2015 20
Prevention is not as glamorous as
rescue operations… but perhaps more relevant!
Apr 25, 2015 21
Apr 25, 2015 22
Apr 25, 2015 23
Apr 25, 2015 24
SURESH KALMADI - Sir u made lakhs!
Apr 25, 2015 25
Apr 25, 2015 26
Apr 25, 2015 27
"We are drowning in information but starved for knowledge."-- John Naisbitt
Apr 25, 2015 28
Apr 25, 2015 29
Apr 25, 2015 30
Apr 25, 2015 31
Apr 25, 2015 32
Apr 25, 2015 33
Apr 25, 2015 34
Apr 25, 2015 35
Internal auditor is a parent, when correcting
Internal auditor is a teacher, when educating
Internal auditor is a friend, when suggesting
Internal auditor is a lover, when provoking
Internal auditor is your own identity, when it is aconscience keeper….
….. And don’t you need all of these to achieveyour goals?
Apr 25, 2015 36
Missing Invoice/
SupportingUnauthorized
Unsatisfactory Explanation
Non Compliant
Control Weaknesses
Apr 25, 2015 37
Thank you