1.

Introduction

1.2 Scope and purpose of the Manual

The Internal Audit Manual (the Manual) is for the use of IAD staff and provides the policies,
principles, standards and code of ethics governing the professional practice of internal auditing at
the Maldives Transport and Contracting Company Plc. The Manual describes the audit
management process of IAD, from planning the audit to conducting the fieldwork, reporting results
and following up on recommendations.

The purpose of the Manual is to:

 Provide guidance on all aspects of the audit process.

 Explain the context of the work of IAD to audit staff; and

 Promote the highest level of professional competence in IAD.

The Manual includes references to standard operating procedures and practice guides. These
documents provide detailed instructions and useful information on processes, procedures, tools and
techniques, which IAD staff are:

(a) either required to comply with; or

(b) adopt as recommended good practices.

The Manual is not designed to be all-inclusive or unduly restrictive. Its provisions are intended to
supplement the experience, competencies, skills and judgement of internal auditors in planning,
conducting and reporting on audits.

The available resources are invaluable and should be utilized consistently. However, IAD
auditors/assistants should be sensitive to their work environment, use good judgement throughout
the audit process and ensure that stakeholder is aware of and in agreement with the intentions,
objectives and practices of their respective audits.
2. Internal Audit Function

2.2 Overview

Internal audit function of MTCC is an independent, objective assurance and consulting activity
designed to add value and improve MTCC operations. IAD also help MTCC to accomplish its
objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness
of risk management, control, and governance processes. IAD functionally report to the Audit and
Risk Committee of the Board and administratively to CEO.

2.3 Purpose

To be a high-performing internal audit activity that meets the expectation of MTCC PLC
stakeholders; be a trusted advisor; recognized as a driving force behind a culture of governance,
accountability, compliance; and execution that helps in the achievement of MTCC PLC’s
objectives.
Deliver an independent assessment of financial, regulatory, and operational risks and control
effectiveness to the MTCC PLC’s management and the Board. Internal audit function will provide
control expertise to minimize risks, improve process quality, and enhance operational effectiveness
in furtherance of company’s corporate objectives.

2.4 Authority and responsibility

The Chief Internal Auditor and staff of Internal Audit Function are authorized to:
 Have unrestricted access at any time to all the records, personnel, property and
operations of MTCC.
 Allowed to take statements from each employee in recording or in writing regarding
any audit engagement.
 Have full and free access to the Audit and Risk Committee and the Board.
 Allocate resources, set frequencies, select subjects, determine scope of work and
apply the techniques required to accomplish audit objectives.
 Obtain the necessary assistance of personnel in units of the organization where they
perform audits, as well as other specialized services from within or outside the
organization.
 Have other Authority defined by IPPF.
2.5 Internal Audit Function Structure
The organization structure of IAD is shown below.
2.6 The role and responsibility of the IAD staffs

Chief Internal Auditor

The chief audit executive is ultimately responsible for the performance of the audit activity. The
CAE is obligated to the audit committee to lead the internal audit activity in accomplishing internal
audit’s goals. The internal audit tactical and strategic objectives should establish goal congruence
with the organization’s objectives. These objectives may be measurable; for example, budgetary
considerations and other performance metrics are readily quantified and straightforwardly observed.
They may also be more intangible in nature, as in providing the assurance that the control
environment of the organization is strong.

Audit Manager
An Audit Manager is responsible for organizing and managing internal audits according to audit
plans. The scope of works includes reviewing the audit plan, field work and reports prepared by the
auditors and assist auditors. Additionally, is responsible to manage and supervise audit staffs timely.
Also, involve in preparation of annual audit plan, budget, business plans and department
performance reports.

Auditor
The key works of an auditors includes preparing Memorandum of Audit Plans for audit
engagements, conducting field and desk works of audits, and write audit report under supervision of
Audit Manager.

Internal Audit Officer

The key works of an assistant auditor includes preparing Memorandum of Audit Plans for audit
engagements, conducting field and desk works of audits, and write audit report under supervision of
Audit Manager.
2.7 Standards followed by Audit Function

IPPF Standard
Activities of the Department are conducted in accordance with the Institute of Internal Auditors'
International Standards for the Professional Practice of Internal Auditing (IIA Standards) and other
auditing standards, as applicable.

Quality assessment on IIA standards compliance

IAD will maintain a quality assurance and improvement program that covers all aspects of the
internal audit function. The program will include an evaluation of the internal audit function's
conformance with the Definition of Internal Auditing and the Standards and an evaluation of
whether internal auditors apply the Code of Ethics. The program also assesses the efficiency and
effectiveness of the internal audit function and identifies opportunities for improvement.

The Chief Internal Auditor will communicate to the Board on the internal audit function's quality
assurance and improvement program, including results of ongoing internal assessments and
external assessments conducted at least every five years.

Quality Assurance and Improvement Program

The purpose of the Quality Assurance and Improvement Program (quality assurance) is to provide
verification that the work performed by the Department meets IIA Standards. In addition to the
ongoing Engagement Quality Assessments performed at the completion of each engagement, a
formal quality assurance self-assessment of the Department’s conformance with the IIA Standards
should be performed.

IIA Training
It is proposed to provide technical and professional trainings to audit staffs endorsed by IIA. This
enable overall compliance to IPPF standard and best practice. Furthermore, in-house training
session and presentation skill develop program are also scheduled to be conducted in the audit
function.