Philippine Government Internal Audit Manual

1 I PREFACE Internal Audit , a component of the Internal control system, is a strategic function in ensuring good governance throughout the bureaucracy. This Manual is being issued to assist Departments, Government -Owned and/or -Controlled Corporations, State Universities and Colleges, Local Government Units and other agencies of Government in establishing , and thereafter strengthening, the Internal Audit function in their institutions. The Internal Auditor in the Philippine Government has the fundamental role of assisting the Department Secretary or the Governing Body/ Audit Committee of the Governing Board in promoting effective , efficient, ethical and economical operations by appraising the adequacy of Internal controls, consistent with the National Guidelines on Internal Control Systems (NGICS). The findings on the appraisal of Internal controls are provided to said officials/bodies to institute corrective and preventive measures and achieve the agency objectives.

2 The role of the Internal Auditor is not about fault-finding. Neither is it investigative nor punitive. As one of the accountability mechanisms in public service organizations, the Internal Auditor reviews the extent of compliance with laws and policies under the authority of the Department Secretary or the Governing Body/ Audit Committee. As a component of the performance management framework of Departments/ Agencies/ Government -Owned and/or -Controlled Corporations/ Government Financial Institutions, the Internal Auditor assesses the levels of performance against agreed measures, targets and objectives. The Internal Audit function is separate from, but complementary to, the day-to-day monitoring of Internal controls and the conduct of continual management improvement, which are within the responsibility of operating units. The Philippine Government Internal Audit Manual (PGIAM) was developed to empower Internal Auditors in performing their roles.

3 It is divided into two parts: Part I Guidelines outlines the basic concepts and principles of Internal Audit , and the policies and standards that will guide Government agencies in organizing, managing, and conducting an effective Internal Audit . Part II Practices contains user-friendly tools, techniques, and approaches in appraising the Internal control systems against strategic objectives, and in conducting management and operations audits. To complement the PGIAM and facilitate the roll-out of the NGICS, Generic Manuals on Controls in the Human Resource Management System, Quality Management System, and Risk Management System will also be issued. An overview of these generic manuals is provided in Appendix A. The Department of Budget and Management, in conjunction with the Office of the President Internal Audit Office, the Commission on Audit , and the Reference Panel will regularly review these manuals to ensure that these remain updated, relevant and attuned to the developments in the bureaucracy and best practices abroad.

4 Ii TABLE OF CONTENTS .. i TABLE OF CONTENTS .. ii LIST OF BOXES .. vii LIST OF FIGURES .. vii LIST OF TABLES .. vii LIST OF APPENDICES .. viii LIST OF ACRONYMS .. x PART I - GUIDELINES .. 1 INTRODUCTION .. 2 CHAPTER I - CONCEPTS AND PRINCIPLES OF Internal Audit .. 4 1. Definition of Internal Audit .. 5 2. Legal Bases for Internal Audit .. 5 3. Scope of Internal Audit .. 7 Scope .. 7 functions of IAS/IAU .. 8 4. Types of Audits .. 9 Compliance Audit .. 9 Management Audit .. 9 Control Effectiveness .. 10 Management Review and Management Audit .. 11 Operations Audit .. 12 Workback Approach .. 13 The 4 Es of Operations Audit .. 20 5. Principles and Standards of Internal Audit .. 23 Conflict of Interest .. 23 Objectivity and Impartiality .. 23 Professional Competence .. 24 Authority and Confidentiality .. 24 Code of Conduct and Ethics .. 25 Hierarchy of Applicable Internal Auditing Standards and Practice .. 25 IAS functions vis- -vis Activities and Operations of Other Units.

5 26 Internal Audit in Government not an Assurance and Consulting Activity .. 28 Consulting Activity is Non- Government Service .. 28 Consulting Activity is Non- Audit 28 Internal Audit in Government Not an Assurance Service .. 29 IAS/IAU Does Not Undertake Process or Systems Improvement .. 30 Internal Audit Studies, Services and Other Seminars by Private Persons or Firms .. 32 iii CHAPTER II - Internal CONTROL SYSTEM AND INSTITUTIONAL ARRANGEMENTS .. 33 1. Internal Control Framework .. 34 Objectives of Internal Control .. 34 Components of Internal Control .. 35 Control Environment .. 35 Plan of 35 Coordinated Methods and Measures .. 36 Integral Process .. 36 Risk Assessment .. 37 Risk Identification .. 37 Risk Analysis .. 38 Risk Evaluation .. 38 Control Activities .. 41 Risk Response .. 41 Performance Review and Improvement of Operations, Processes and Activities .. 42 Compliance Review and Improvement of Operations, Processes and Activities.

6 42 Information and 42 Information .. 43 Communication .. 44 Accountability for Transparency .. 45 Monitoring .. 46 Ongoing Monitoring .. 46 Separate Evaluation .. 47 Combination of Ongoing Monitoring and Separate Evaluation .. 47 Distinction Between Monitoring, Performance Review and Compliance Review .. 49 2. Administrative Relationships .. 49 Supervision and Control .. 50 Administrative Supervision .. 50 Attachment .. 50 CHAPTER III - ORGANIZING THE Internal Audit .. 51 1. Establishment of Internal Audit Service/Unit .. 52 2. Reporting Lines .. 52 3. Roles and Responsibilities .. 52 4. Relationships with Principals and Key Stakeholders .. 53 Internal Audit Service/ Internal Audit Unit and the Department Secretary .. 54 Internal Audit Service/ Internal Audit Unit and the Governing Body .. 54 Internal Audit Service/ Internal Audit Unit and the Audit Committee in GOCCs/GFIs .. 55 Internal Audit Service/ Internal Audit Unit and Management.

7 55 Internal Audit Service/ Internal Audit Unit and the Commission on Audit .. 55 Internal Audit Service/ Internal Audit Unit and Oversight, Regulatory and Other External Bodies .. 56 Internal Audit Service/ Internal Audit Unit and Professional Bodies .. 56 iv 5. Organizational Structure .. 57 Management Audit Division .. 59 Operations Audit Division .. 60 6. Head of Internal Audit .. 62 Status .. 62 Qualifications .. 63 64 Skills .. 64 7. Staffing the Internal Audit Service/ Internal Audit Unit .. 65 Temporary Personnel Movements to Supplement Internal Audit Resources .. 66 .. 66 Secondment .. 66 Other Arrangements .. 67 8. Internal Audit Budget .. 68 CHAPTER IV - PERFORMANCE MONITORING AND EVALUATION .. 69 1. Performance Evaluation .. 70 Measuring Internal Audit 70 Measurement 71 Internal Audit Annual Performance Report .. 72 PART II - PRACTICES .. 73 INTRODUCTION .. 74 CHAPTER I - STRATEGIC AND ANNUAL WORK PLANNING .. 76 1.

8 Strategic Planning .. 77 Conduct Baseline Assessment of Internal Control System .. 78 Familiarization with the Organization s Operations .. 78 Flowchart/Narrative Notes and Walkthrough .. 92 Test of Controls .. 95 Interim Report .. 96 Defining Control Universe .. 97 Review of Oversight Bodies and International Development Partners .. 97 Preparation of the Baseline Assessment Report .. 97 Consider Control Significance and Materiality and Control Risk of Key Processes .. 98 Control Significance and Materiality Level .. 99 Control Risk Level .. 99 Assess Internal Audit Risks .. 100 IAS/IAU Audit Objectives .. 101 Steps in the Assessment of Internal Audit Risks .. 101 Formulate Strategic Plan .. 102 Steps in the Formulation of Strategic Plan .. 102 Components of Strategic Plan .. 102 v 2. Prepare the Annual Work Plan .. 107 Prioritize Potential Audit Areas .. 108 Validate Previous Audit Follow-up Report.

9 110 Discuss with the DS/HoA or GB/AuditCom .. 110 3. Summary .. 110 CHAPTER II - Audit PROCESS .. 112 1. The Audit Process .. 113 Audit Engagement Planning .. 113 Document Understanding of the Program and Project .. 114 Determine the Audit Objective, Scope, Criteria and Evidence .. 116 Determine the Resource Required for the Audit and the Target Milestones/Dates .. 119 Develop the Audit Plan and Audit Program .. 119 Determine Key Performance Indicators of the Audit Engagement .. 121 Approval of the Audit Plan, Audit Work Program and KPIs .. 121 Audit 122 Entry Conference .. 123 Conduct Compliance 123 Conduct System/Process 124 Exit 125 Audit Reporting .. 126 Develop Audit Findings .. 126 2 Develop Audit Recommendations .. 127 Prepare the Draft Audit 128 Update the DS/HoA or GB/AuditCom .. 129 Prepare the Final Audit Report .. 129 Audit Follow-up .. 129 Monitor Implementation of Approved Audit Findings and Recommendations.

10 130 Resolve Non-Implementation/Inadequate Implementation of Audit Recommendations .. 130 Prepare Audit Follow-up Report .. 130 2. Compliance Audit of Statement of Assets and Liabilities and Net Worth, Disclosure of Business Interests and Financial Connections, and Identification and Disclosure of Relatives in Government Service of Public Officials and Employees .. 131 Audit Engagement Planning .. 131 Audit 132 Audit Reporting .. 134 Audit Follow-up .. 135 3. Gathering and Analysis of Evidence .. 136 Sufficiency and Appropriateness of Audit Evidence .. 136 Types of Audit Evidence .. 138 Physical Evidence .. 138 Testimonial Evidence .. 138 Documentary Evidence .. 138 Analytical Evidence .. 139 Electronic Evidence .. 139 vi Audit Approaches and Techniques in Gathering Audit Evidence .. 139 Inquiries and Interviews .. 140 Sampling .. 140 Computer-Assisted Audit Techniques and Tools .. 140 Techniques in the Analysis of Evidence.