Internal Audit 101

Governance, Risk Management & Compliance
Our Vision
To be the lead advocate, trainer and practitioner in internal auditing in Africa by providing superior internal audit solutions to the private and public sectors as well as the third sector .
Our Mission
To engage internal audit leaders and their customers; government officials, corporate executives and senior management in a constant dialogue on the position, role and value of the internal audit activity.
Internal Audit 101: Audit Principles and Techniques
Course Overview
Day One
Modern Internal Auditing The Audit Process Risk Management and Risk Assessment Audit Planning
Day Two
Process Documentation Audit Programs Audit Fieldwork Audit Reports Soft Skills
Module One
Modern Internal Auditing
Modern Internal Auditing

Internal Auditing Defined Code of Ethics The Value Proposition of IA The Role of Internal Auditor The IIA Competency Framework Components of the Audit Model
Internal Auditing Defined

independent, objective assurance and consulting activity designed to 1add value and improve an organizations operations. It 2helps an organization accomplish its objectives by bringing a systematic, disciplined approach to 3evaluate and improve the effectiveness of risk management, control, and governance processes
The what The why

The how
What are we doing?

1adding value and improving on organisations operations Making things better than when we met it.
Systems | Processes | Procedures

Why are we doing it?

2helping the organization accomplish its objectives How do you determine organisational objectives?
Gain a seat at the table

How are you doing it?

3evaluating and improving the effectiveness of risk management, control, and governance processes The triple magic wand
IIA Definition Logic

Helps the organization accomplish its objectives
Adding value and improving on organisations operations
Evaluating and improving on the effectiveness of GRC processes


independent, objective assurance and consulting activity designed to 1add value and improve an organizations operations. It 2helps an organization accomplish its objectives by bringing a systematic, disciplined approach to 3evaluate and improve the effectiveness of risk management, control, and governance processes
Code of Ethics
Principles and Rules
Integrity Objectivity Confidentiality Competency
Code of Ethics Principles

Integrity
The integrity of internal auditors establishes trust and thus provides the basis for reliance on their judgment
Integrity Rules
Shall perform their work with honesty, diligence, and responsibility Shall observe the law and make disclosures expected by the law and the profession Shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or to the organization Shall respect and contribute to the legitimate and ethical objectives of the organization

Objectivity Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined.
Objectivity Rules
Shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. Shall not accept anything that may impair or be presumed to impair their professional judgment. Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review.

Confidentiality
Internal auditors respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so.
Confidentiality Rules
Shall be prudent in the use and protection of information acquired in the course of their duties. Shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization.

Competency
Internal auditors apply the knowledge, skills, and experience needed in the performance of internal audit services.
Competency Rules
Shall engage only in those services for which they have the necessary knowledge, skills, and experience. Shall perform internal audit services in accordance with the International Standards for the Professional Practice of Internal Auditing. Shall continually improve their proficiency and the effectiveness and quality of their services
Internal Auditing is the cornerstone for sustainable organisational success

The IIA Value Proposition
Role of Internal Auditors

Re- Corporate Governance Re- Risk Management Re- Fraud Re- Corporate Ethics Re- Internal Controls Re- Information Technology Re- Financial Reporting
The IIA Global Internal Audit Competency Framework - 2013
Module Two
The Audit Process
The Audit Process
The Audit Process
The Internal Audit Process
How an audit is conducted
Planning

Distribute Audit Notification Conduct Pre-Audit Meeting Interview Department Personnel Review Policies and Procedures Understand and Document the Business Processes Perform Risk Assessment Prepare a Detailed Audit Program Prepare audit budget (in hours) Select items to be Audited (samples, not 100%)
Fieldwork
Review Supporting Documentation Interview department personnel Perform analyses Identify Exceptions Identify Recommendations for Improvement Prepare Written Audit Comments (i.e., findings) Department Provides Written Response and Corrective Action Plan for findings
Reporting
Issue a draft report Discuss draft report with unit management Issue final report Report is factual, clear, concise, with an appropriate tone
Module Three
Risk Management/Assessment
A few things about Risk

What is Risk?
The effect of uncertainty on an objective Could be positive or negative

What is Risk Management?
Coordinated activities to direct and control an organisation with regard to risk
The Risk Management Process

What is Risk Management Process?
Systematic application of management policies, procedures and practices to the activities of communicating, consulting, establishing the context, and identifying, analyzing, evaluating, treating, monitoring and reviewing risk.
Components of Risk Assessment Risk Identification Risk Analysis Risk Evaluation
2013 COSO Internal Control

Definition Pillars | Components | Standards Principles
The ORC Relationship

Group Work
Module Four
Audit Planning
Audit Planning
Annual Audit Planning Components of the Audit Project Plan
Annual Audit Planning

Risk Based Audit Planning
Overview
Components of the Audit Project Plan
Audit Objectives Audit Scope Audit Methodology Audit Program Audit Time Budget Audit milestone dates
Audit Objectives
General audit objectives Specific audit objectives
Audit Objectives
Select one functional area in your organisation and formulate a general audit objective and the appropriate specific objectives for that function
Module Five
Audit Programs
Audit Programs
Components of the Audit Program Audit Objectives and Lines of Enquiry
Components of the Audit Program the audit objective(s); the relevant line(s) of inquiry, criteria, and audit questions; the information to be requested from entities how the evidence will be analyzed;
Example of Audit Program

Cash at Bank and on Hand
Cash and bank.doc
Module Six
Process Documentation
Process Documentation
Process Flow charts Tools for Process Mapping System Narratives Interviewing Skills
Process Flow charts

A Flowchart is a diagram that uses graphic symbols to depict the nature and flow of the steps in a process This is very helpful in identifying the risks embedded within the process
Drawing a flow chart

Start with the big picture Observe the current process Record process steps Arrange the sequence of steps Draw the Flowchart
Example Washing of Hands
Module Seven
Audit Fieldwork
Audit Fieldwork
Testing Controls design and operating effectiveness Techniques for gathering audit evidence Working paper preparation
Testing Controls design and operating effectiveness

Group work. Design procurement (G1) and recruitment and selection G2) systems with requisite controls for review by the audit team.
Module Eight
Audit Reporting
Why write internal audit reports? Required by Standards. Inform- (Tell what auditors found) Persuade (Convince management of worth and validity of findings) Get Results (Move management towards change and improvement.)
Audit Reports
From issues to findings The Five Cs Reporting Formats Other Reports
From issues to findings

Findings are issues which are fully developed to add value
Improve the current condition
The 5 Cs
Cause
Criterion
Corrective action
condition
Consequence
In a nutshell
What should be? What is? Why the deviation from the what should be occurred? What happened or could happen because the what is differed from the what should be? What is needed to correct the condition and improve operations?
Soft Skills
Team work Communication Discussion with delegates
Importance of teamwork and communication Improving teamwork and comunication
The End
Thank you for your time

Internal Audit 101

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Internal Audit 101

Uploaded by

Copyright:

Available Formats

Governance, Risk Management & Compliance

Governance, Risk Management & Compliance

Governance, Risk Management & Compliance

Governance, Risk Management & Compliance