INTERNAL AUDIT PROCESS

FOR ALL BUSINESSES

 WHAT?
Internal auditing is an independent, objective assurance
and consulting activity designed to add value and
improve an organization's operations. It helps an
organization accomplish its objectives by bringing a
systematic, disciplined approach to evaluate and
improve the effectiveness of risk management, control,
and governance processes.
[The Institute of Internal Auditors, USA]

Remember,
The definition of I/A provides comprehensive guidelines for the framework of
internal audit. It should always be kept in mind while I/A work is being carried out.
It helps in devising the complete internal audit approach.

Internal Audit Framework 2

 Audit Process
• Staffing the audit team
• Creating an audit project plan
• Laying the groundwork for audit
• Analyzing audit results
• Sharing audit results
• Writing audit results
• Dealing with resistance to audit recommendations
• Building an ongoing audit programs.
 Business Risk - Definition

Business risks are the factors that could prevent or hinder the achievement of
organizational goals and objectives.
• Loss of customers
• Increase in production costs
• Cash flow problems
• Decline in product demand
• Litigations and claims
• Technological obsolescence
• Increase in market competition
• Decrease in profitability
• Political and economic instability
• Over trading
• Inadequate financing
• High financial risk
• Risk of fraud and theft

Internal Audit Framework 4

 Basic steps of an IA Plan?

1) List of audits for fiscal year based on risk

assessment and available human hours.
2) Includes estimated budget hours and
completion date.
3) Approved by Audit Committee.
 What is Risk Based Auditing?

Objective:
Focus on risk of occurrences that could prevent the Organization from
achieving its goals.

What is risk?
Risk is the probability of an event or action having an adverse effect. Risk is
measured in terms of impact and likelihood. Examples of risk include:

•Operations are not effective and/or efficient

•Financial and operating reports are not reliable
•Assets are not adequately safeguarded against loss
•Operations are not in compliance with laws, rules and regulations
•Missions or goals are not being achieved
 What is Risk Based Auditing?
Risk Assessment:
There are many types of risk – fraud, improper reporting, ineffective or inefficient
use of resources, credibility loss, etc.

Focus on areas with high risk and high probability that controls are not in place or
are weak

Risks are identified through discussions with senior management, boards of

directors and other key personnel.

Risks are also identified through Internal Audit’s experiences, the work of external
auditors, and professional organizations such as the IIA.

Additional risks may be identified during the year which require the audit plan to
be adjusted accordingly.
PERFORM AUDIT FIELDWORK
 Carry out fieldwork as indicated in the annual audit
plan.

 Obtain cooperation from the management and the staff

as necessary to identify, obtain documentation
and conduct interviews, etc.

 Conduct fieldwork with minimal disruption to

operations of the company being audited.

 Build friendly environment with the management.

Internal Audit Framework 8