Professional Documents
Culture Documents
My Topic Today - : Internal Audit Is A Business Decision Making Tool
My Topic Today - : Internal Audit Is A Business Decision Making Tool
not
Internal Audit is a business decision making tool.
Trust None
Gujarat
CA Sandesh Mundra
Statutory Warning
• All the characters in this audit presentation are
fictional. If they in any way relate to your
professional lives, its only a matter of
coincidence, and the presenter shall be in no
way liable for any of his acts / verbal utterances
during this brief presentation.
CA Sandesh Mundra
To elaborate – Lets read a story….
• M/s ABC is a growing concern in the
construction sector which has very weak internal
control systems at present, and so a need is felt
for an external agency for better controls.
CA Sandesh Mundra
• A firm M/s CA is appointed as internal auditor
after a lot of deliberations and negotiations.
Idiot
CA Sandesh Mundra
• Management is not in a position to give a proper
scope for audit and ask CA to frame its scope on
its own.
• CA starts the review of the existing scenarios by
visiting the construction sites of the entity.
• In its audit plan it lays down various audit
procedures so as to cover all the aspects.
CA Sandesh Mundra
• It ensures that the company staff is also verbally
communicated about the audit procedures, since
the audit procedures are not documented
properly, they are not shared in black and white.
• It deploys 3-4 articled assitants for carrying out
the audits with immense focus on transactional
audit
CA Sandesh Mundra
Verbal Communication Problems in an organisation
Telephone Call :-
CA Sandesh Mundra
The CA then commences the audit and finds a lot
of audit errors in all aspects be it accounts, stores
management, HR, vehicle and admin controls.
CA Sandesh Mundra
• Prepares a very big and exhaustive
report (to the immense satisfaction of CA) and
submits to the management and related
staff by email.
CA Sandesh Mundra
• He keeps doing the same thing for the next one
year, and finds that the management response
to the queries is very poor and starts loosing
interest in audit but pursues the audit due to
monetary reasons. – Level of Perfection
CA Sandesh Mundra
• Two years go by and the management starts
feeling the need to cut down overheads
b’coz of business losses.
CA Sandesh Mundra
• Meeting is called and Immediate question to
auditor is "Was he able to detect any major
problem at Site X". Auditor asks mgmt to read
the report already submitted remains speechless
after that.
o Figuring out what went wrong in the audit procedures! – Non shrink
CA Sandesh Mundra
• He goes back and checks his internal audit
report submitted for Site - "X" and finds out that
their report contains a lot of documentation
related issues for this business.
• Upon reviewing the complete report he makes
various observations
o Most of the overtime payments carry only the signature of Mr Z.
o For Purchases from two local parties no qty check is carried by stores.
o Lot of delay observed in preparation of sub-contractor billing.
o Site shows a lot of sales bills which have not been accepted by the
client
CA Sandesh Mundra
He presents the same report again to the
management in a summarised format, to give
a feeling that there was no lapse in audit
procedures adopted for Site - "X".
CA Sandesh Mundra
• After few months, the management in a bid to
cut down the overheads, significantly reduces
the fees and scope of internal auditor.
CA Sandesh Mundra
Auditor is very unhappy!
CA Sandesh Mundra
How does the Auditor feel?
CA Sandesh Mundra
How does the Auditor feel? (cont……)
CA Sandesh Mundra
• Lets now look what the other side feels ?
o If there is someone from the management side, do
you have any points for the stand of fees reduction?
CA Sandesh Mundra
MANAGEMENT's VIEW :-
CA Sandesh Mundra
MANAGEMENT's VIEW (cont….):-
• Instead of always pointing out the
documentation related issues, the auditor should
have been the first to point out some possible
wrong doing at Site - "X".
• Adopting a passive mode of emails to
communicate the reports was not appropriate for
this kind of organisation, as all employees were
not equipped to handle the emails.
• The focus should have been more on the
quality, rather than quantity in terms of reporting.
• Post-Mortem Approach does not quite fit the
requirements.
CA Sandesh Mundra
• At this stage are we all left pondering about the
value that we are adding to the client
• Are we approached by the client when any
major business decisions are to be taken?
o If No, then its very serious, as Internal Audit is
considered as the “Nose” of the organisation
CA Sandesh Mundra
Thief and Police
CA Sandesh Mundra
So we see after this GAP analysis that there are lot
of lessons to be drawn from this story
CA Sandesh Mundra
Lessons (cont…..)
CA Sandesh Mundra
CA Sandesh Mundra
Lessons (cont…..)
• Whatever may be client's opinion about the
scope, the auditor needs to take a stand on the
basis of his own understanding.
o Focus may be more on implementation of internal
controls rather than documentation for a given client
depending on actual situation.
o In the initial years, the role is more like management.
o Importance of audit points to be explained till the last
mile.
o Ego creates a lot of practical issues
CA Sandesh Mundra
Lessons (cont…..)
• Communication Strategy should also change
depending on the nature of client.
o Flow from the top
o Medium may be different at different levels within the same organisation
o Delegation of responsibility within the organisation
o Follow up (Immense amount of Patience)
CA Sandesh Mundra
Telecom Call Centre
CA Sandesh Mundra
Lessons (cont…..)
CA Sandesh Mundra
Think long Term
• Baba Ramdev Model
CA Sandesh Mundra
The Audit Process Model
INPUTS PROCESSES OUTPUTS OUTCOMES
Internal Audit
Knowledge
and Skills
Analyses,
Appraisals,
Computers, Recommendations,
Software and Counsel and
IIA Standards Information Supporting the
Internal Audit
Organization in
Practices and
the Discharge of
Procedures
their
Responsibilities
Time and Promote the
Money Effective use of
Internal Control
Reputation
for Integrity
and Fairness
CA Sandesh Mundra
Audit Interaction with Auditee
Competition Cooperation Collaboration
Auditor Manager
CA Sandesh Mundra
• After this brief story lets focus on the other side
of the topic
- Zia
CA Sandesh Mundra
• Internal Audit as a Business Decision Making
Tool
CA Sandesh Mundra
Domain of Decision Making
Strategic Planning
Operations
CA Sandesh Mundra
Vision and Mission
• Understanding the Promoter’s thought process about
the organisation’s future
• Whether the overall controls within the organisation are
in sync with the vision statement
• Whether the employee mindset is in sync
• Uniformity of systems across the organisation
• Parliament - Planning
CA Sandesh Mundra
Organisational Hierarchy
• Management is struck up in various
areas:-
o Bifurcation of the organisation into various
departments
o Deciding the designation and authority
level posts in various deparments
o Role, Responsibility and Authority Structure
for all the posts
o Built in mechanism to get the best out of
the team
• Senior Joinee
CA Sandesh Mundra
Corporate Governance
• Transperancy
• Legal Framework
CA Sandesh Mundra
CA Sandesh Mundra
Enterprise Risk Management
CA Sandesh Mundra
Role auditors can play in risk management domain:-
Core Internal Audit Roles with regard to ERM:-
• Giving assurance on risk management process.
• Giving assurance that the risks are correctly evaluated.
• Evaluating risk management process
CA Sandesh Mundra
CA Sandesh Mundra
Is risk management really new?
• Yes and no
• Understanding risks is not new at all - most of us
have an inherent understanding of risk ; e.g.
health and safety risk assessments are well
established; audit and others use it
• However, risk management in a corporate
governance sense is new. It promotes ownership
of the RM process at a high level
Value of Risk-Based Audit Planning
• Yields disciplined analytical approach to evaluating the
audit universe
H
Target audit
resources
where risk is
greatest!
Impact
L H
Probability
Source: A Guide to the Use of Risk Management Within the Internal Audit Process
©
2002 – The IIA – Australia
A Risk Assessment Process for
Annual Audit Planning
PROBABILITY
MATERIALITY
Risk Factors
Materiality Points
• Audit Area over Rs. 100 Lacs 8-10
• Audit Area Rs. 25 Las to Rs. 100 Lacs 4-7
• Audit Area less than Rs. 25 Lacs 1-3
Risk Assessment in Annual Planning:
Risk Factors
Risk Factors
Probability Factors
Probability of Risk
Points
High probability of significant issues 0.8-1.0
Moderate probability of significant
issues and high probability of
improvement needed 0.4-0.7
Low probability of significant issues
and moderate to low probability of
improvement needed 0.1-0.3
CA Sandesh Mundra
Risk Assessment in Annual Planning:
e
ty
ty
cor
bili
ia li
tal
ity
ct
kS
ba
ib il
bto
ter
pa
Potential Audit Subject
Pro
Ris
Vis
Ma
Su
Im
Security of Office Equipment 1 7 5 16 0.5 8.0
Environmental Compliance 2 7 8 22 0.6 13.2
Executive Compensation 3 5 9 17 0.3 5.1
The basic process steps are:
Next
• Some of the risks pertaining to the construction
site are :-
CA Sandesh Mundra
S.No. Particulars
CA Sandesh Mundra
New Developments – Dynamic Business
CA Sandesh Mundra
Capital Expenditure
• Expenditure on Immovables
CA Sandesh Mundra
Financial Decision Making
1. MIS - Management Information System -
a) Checking the correctness as MIS is the basis for decision making.
b) Continuous improvisation of MIS.
3. Overhead Analysis
a) Should be prepared in such a manner that cost cutting becomes
easy at any point in time.
CA Sandesh Mundra
Rules of Politics
• Think
• Speak
• Write
• Sign
• Follow
CA Sandesh Mundra
Lets take a break …… Independence of
Internal Auditor
Some examples
• Out of Pocket Expenses purely as per company policies.
• Not using any facilities of the company for one's own personal
purposes.
• Maintaining distance with the clients on a personal level.
• If the fees is less, pls professional put across your viewpoint in
front of the client.
These policies might affect you in short term, but would help you
achieve the long term goal.
CA Sandesh Mundra
Hierarchy within the audit organisation
CA Sandesh Mundra
• Transaction audit
- Can be pre, concurrent or post
- Necessary evil
- Help discipline in the organization
- Systems cannot totally replace this
• Systems audit
- Backbone to the process/operations
- Vital for efficiency & control
- Necessary for survival
CA Sandesh Mundra
• Management audit
- Judgmental
- Hence controversial
•Requires
- In-depth knowledge
- Technical capabilities
- Credibility
CA Sandesh Mundra
Auditor’s Motto –
We’re Here to Help!
• Identify Risks
• Find Better Ways and Best Practices
• Partner to Find Solutions
• Prevent Problems
- CA’s are smart
CA Sandesh Mundra
• Thanks for a patient hearing…..
CA Sandesh Mundra