Transcription of Presentation On Internal Audit Reporting - WIRC-ICAI
1 Presentation OnInternal Audit Reporting13thSeptember 2020 Agenda0102030405 IntroductionStandards On Internal AuditAudit report WritingStakeholders ManagementConcluding ThoughtsINTRODUCTION Disseminationoftheresultsofinternalaudit andreportingthefindingstothemanagement,a ndthosechargedwithgovernance,isanessenti alpartofanyinternalauditreporting. ,processes,risks,controlsandtransactionp rocessing. Auditfindingsandrecommendationsintheaudi treportaredesignedtofacilitateorganizati onachievefinancial,managementandregulato rycomplianceobjectives. Theinternalauditreportispresentedtothepr ocessowners,headofthedepartments,seniorm anagement,auditcommittee,statutoryaudito rs,andregulatoryauthorities(ifrequired). Reportingofresultsneedstobedonewithacert ainlevelofuniformityand, : Theinternalauditreportisoftenthemain,rou tinevehiclethroughwhichseniormanagementu nderstandsthevaluethatinternalauditdeliv ers. Auditreportpresentstheresultsofanexamina tionorreviewwithintheorganizationandisco nsideredtobethecoredeliverableofinternal auditservices.
2 Poorlycommunicatedresultsmaycompletelyde tractfromwhatmaybecriticalinformationfor seniormanagementandtheboard. Well-organizedandcommunicatedresultsarea keyindicatorofcompetencyandprofessionali sm. Eachorganizationhasuniquereportingpracti cesandexpectationsthataffecttheformat, ON Internal AUDITS hare with the auditee, details of all significant findings based on Audit procedures undertakenAllow management to understand the issues and take corrective actions in a methodical and comprehensive mannerProvide a sound basis for any assurance being provided by the Internal Auditor010203 Standard On Internal Audit 370 (Earlier SIA 4) Reporting Results7 Objectives of issuing Internal Audit reportsAt the end of a particular assignment( Internal Audit report )On a periodic basis, at the close of a plan period( Audit Committee report )An Internal Audit report covering a specific area, function or part of the entity is prepared by the Internal Auditor highlighting key observations arising from those report is generally issued with details of the manner in which the assignment was conducted and the key findings from the Audit procedures report is issued to the auditee, with copies shared with local and executive management, as agreed during the planning comprehensive report of all the Internal Audit activities covering the entity and the plan period is prepared by the Chief Internal Auditor (or the Engagement Partner, in case of external service provider).
3 Such Reporting is normally done on a quarterly basis and submitted to the highest governing authority responsible for Internal audits, generally the Audit part of the aforementioned Internal Audit Reports may form part of the periodic ( Quarterly) report shared with the Audit Reporting of Internal Audit results is generally undertaken in two stages:Standard On Internal Audit 370 (Earlier SIA 4) Reporting ResultsBasic Elements of Internal Audit ReportQualities of Good Internal Audit ReportInternal Audit report FormatsAudit Committee ReportThere is a clarity and consensus between the Internal Auditor and the management with regard to the scope, approach, objectives and timing of an Internal auditTo help inform, persuade and act on matters important to the conduct of an Internal Audit by promoting a continuous dialogue and free flow of information between the Internal Auditor and managementTo help resolve any conflicts in a timely manner010203 Standard On Internal Audit 360 (Earlier SIA 9)
4 Communication With Management9 ObjectivesExit MeetingDiscussion DraftFormal DraftFinal Report01020403 The Internal auditor should discuss with the management regarding the findings, observations recommendations, and text of the discussion MeetingThe Internal auditor should then prepare a format draft report , taking into account any revision or modification resulting from the exit meeting and other DraftAt the conclusion of the fieldwork, the Internal auditor should share the discussion DraftThe Internal auditor should submit the final Internal Audit report to the appointing authority or management, as ReportStandard On Internal Audit 360 (Earlier SIA 9) Communication With Management10 TheInternalAuditorisrequiredtohaveaneffe ctivetwo-waycommunicationwiththemanageme nt,bothwhilemanagingtheinternalauditfunc tion,andalsowhileconductinganinternalaud itassignment. Acontinuousdialoguewithmanagement,atvari ousstagesoftheinternalauditprocess, MANAGEMENT01020304050607 Identify your stakeholders (who / to whom)Identify stakeholders expectation (why)Identify how the message will be communicated (the stakeholder s preferred method)Identify communication necessary to satisfy stakeholders expectation and keep them informed (what)Identify and finalize how the report will be communicated (this should be finalized at the design stage itself)
5 Identify time frame / frequency of communicationAdherence to time frame avoid last minute rushStakeholders Management 12 Process OwnerHODR egulator/ InvestorCFO/CEO/MDStatutory AuditorAudit CommitteeSTAKEHOLDERSWho Are The Stakeholders Of Internal Audit 13 What Are The Stakeholders ExpectationsProcess OwnerHOD / CFO / CEO / COO / MDProcess understandingGenuine observationsListen to their point of viewPractical suggestions / recommendationsCost-effective solutionOverall risk assessmentCategorization based on riskSummarized findingsRoot cause analysisRecommendationsProcess owner s acceptance, agreed action plan, first-person responsible for implementation and target dateValue additionAudit CommitteeStatutory AuditorOverall coverage and risk assessmentStatutory non-compliancesThe Summarized finding of key issuesPreventive controls / automated controls Management comments,agreed action plan, first-person responsible for implementation and target dateProviding assurance / comment on improvement Value additionOverall coverageIssues which affects the true and fair view of the accounts / financial reportingStatutory non-compliancesAssurance which they can rely onComfort which would help them make a proper assessment and save their time14 HOD The Internal Audit report Discussion on observations at exit meeting and prima facie replyStatutory Auditor Detailed Audit report with annexures providing instancesProcess Owners Discussion of queries during Audit The draft Internal Audit report Detailed annexuresCFO / CEO / MD / ACM Executive summary Dashboard Presentation Final Internal Audit report1234 StakeholdersDifferent Form Of Communication For Each Stakeholder15 Value AddingProcesses Revenue/Costs/Savings Efficiencyimprovement (Rework, Complaints, Rejections,Inspections, Returns, Discounts,etc)
6 Supply chain/Procurement Benchmarking Analytics-DashboardReportingFraudRisks Fraudscenarios Lateadjustments RelatedParties Exceptions Journalentries New transactions/ regions/products Whistle blowingevents Delays ContinuingcontroldeficienciesCompliances Comprehensive compliance tracking andmonitoring Self assessments Independentreviews Boardcertifications Compliance historyand assessmentsWhat The Stakeholders Likes To ProcessesFraud RisksCompliancesRevenue / Costs / SavingsEfficiency improvement (Rework, Complaints, Rejections, Returns, Inspections, Discounts,etc.)Supply chain /procurementBenchmarkingAnalytics / DashboardreportingFraudscenariosLateadju stmentsRelatedpartiesExceptionsJournalen triesNew transactions / regions / productsWhistleblowingeventsDelaysContin uing control deficienciesComprehensive compliance tracking andmonitoringSelf-assessmentsIndependent reviewsCompliance history and assessmentsBoardcertifications Thesituationinwhichindividualsinleadersh ippositionsexercisetheirauthoritytoachie veapersonalbenefit,ortoprotectanorganiza tion,attempttomanipulatetheinternalaudit activityorinternalauditreports.
7 Suchmanipulationmayresultinactionstorest rictthescopeofauditactivities,suppressau ditfindings,orunderminethecredibilityoft heChiefInternalAuditorortheInternalAudit personnel' : ChiefInternalAuditorthreatenedwiththelos soffuturejobopportunitiesiftheycontinued Audit (examplesincludestagnationwhenpeers upgraded,re-structuredoutofthecompany,ne gotiatedpackagetoleavethecompany,eventua ltermination&personalthreats). ChiefInternalAuditorwhoignoredexecutivea ndreportedtheissuetotheBoard,subsequentl yexcludedfromkeyexecutivemeetings(exampl esincludeaccesstorestrictedinformation,t reatedasnotpartoftheteam,notateamplayer, silenttreatmentgiven). Pressure Pervasive Threat To The Internal Audit Objectivity/ Reporting 17 Illustration Extent of PressureAggravatingFactors: Lackofstrongethicalculturefromtop-down Lackofstrong,independentandsupportiveaud itcommittee Theculturethatembracesriskandnotcontrols WeakrelationshipbetweenChiefInternalAudi tandAuditCommitteeChairpersonorChiefInte rnalAuditorandKeyExecutives ChiefInternalAuditorwholacksobjectivity, integrity,courage,orsoundjudgment Internalauditfunctioninanorganizationtha tlackscompetenceOrganizational Pressure Pervasive Threat To The Internal Audit Objectivity / Reporting 1855%27%108%Never1 or 2 times3 to 5 times> 5 times48%37%8%7%Never1 or 2 times3 to 5 times> 5 timesNumber of times requested not to Audit high-risk areaNumber of times asked to suppress a findingImplications on Reporting 19 Should Make Foundation StrongCIA s Desired AttributesCIA Should Build RelationshipStrong governance, knowledgeable boardIntegrity and courage Know your Internal Limitations Stand firm on important issuesMeet outside of scheduled.
8 Formal meetingsStrong Reporting relationship and position Direct Reporting relationship CIA and board/auditcommittee Chief Internal Audit Recognised senior independentpositionObjective and fairLearn about Executives objectives, accomplishments, interestsClear and supportive charter Documents showing with clarity-uniquerole of Internal Auditor Specifies authority and unrestrictedscopeRelationship builder with the board, executives and management We are all after the same objectives. Lead outside of Internal Audit role; be visibleDecision framework when to take a stand Identify alternatives, consequencesJudgement to know what is an important issue and when to take a stand, How to take a stand?Educate on emerging topics/RisksStrong business knowledgeAnticipates and proactively addresses issues Discuss protocols in advance Know key parties and motivationsFind mutual areas of interest; do not take meetings casually but prepare in detail to be effectiveIdeally,theInternalAuditfunctio nshouldreport FunctionallytotheAuditCommitteeChairpers on AdministrativelytotheCEO/Executivedirect oroftheorganizationKeymeasurestoensureth eindependenceoftheInternalAuditdepartmen t: TheChiefInternalAuditshouldmeetprivately withtheBoard/AuditCommitteewithoutthepre senceofthemanagement.
9 TheAuditCommitteeshouldhavefinalauthorit ytoreviewandapprovetheannualauditplanand allmajorchangestotheAuditplan. TheAuditCommitteeshouldreviewtheperforma nceoftheChiefInternalAuditorandoverallIn ternalAuditfunctionatleastonceayear,aswe llapprovethecompensationlevelsfortheChie fInternalAudit. TheInternalAuditchartershouldclearlyarti culatebothfunctionalandadministrativerep ortinglinesforthefunctionaswellasitsprin cipalactivities. Thereportinglineshouldfacilitateopenandd irectcommunicationswithCEO,seniorexecuti vegroupandlinemanagement. TheInternalAuditshouldhaveunrestrictedac cesstoinformationflowssothatitreceivesad equateandtimelyinformationconcerningthea ctivities,plansandbusinessinitiativesoft heorganization. of CIA Lack of Independence Could HaveImpact On Internal Audit Reporting 20 CONCLUDING THOUGHTS Thepeoplewhoreceiveinternalauditservices (auditclients) ,ratherthananarrowcomplianceauditapproac h. Internalauditisnotanisolatedtechnicalexe rcisebutitisanintegralpartofthecorporate governanceprocessandthereportwhichisthec ulminationoftheauditprocesshasfar-reachi ngconsequencesinchangingthewaythebusines sisdoneandrisksaremanaged.
10 Areportisareflectionoftheauditor sperformance. Theinternalauditorhastonotonlypossessade quateknowledgeofthebusinessheisauditingb utalsointernalizethatheispartofthemanage mentandhisauditobjectiveisalignedtothebu sinessenterpriseobjectiveandgoals. Managementisseekinginternalauditreportst hatareeasytoread, tellastory ,andgettothepoint. Managementvaluesinternalauditreportsthat provideaconclusionoropinionontheactivity audited. ,weshouldaspiretobetheagentsofpositivech angeintheorganization, Thoughts24 People begin forming an opinion within secondsDifficult to reverse first opinion25 REFERENCE MATERIALE xecutiveSummary:ReportRatingAuditIssuesS tatus of Management RemediationPlanTable Of Contents0203 Audit Issues Highlighting:Key FindingRootCause of IssueBusiness Impact/RiskIssueSeverity -Risk RatingRecommendationManagement CommentsIssueOwnerTarget Date of Action04 Assurance Limitation Disclaimer Annexures05 Title PageAddresseeReport Distribution ListPeriod of Audit Covered01 Typical Elements In An Internal Audit Report27 Opening/introductoryparagraphshouldcompr iseofthefollowing: Backgroundofthecompany/entity Identificationofprocessanditemsoffinanci alstatementsaudited Statementofresponsibilityoftheentity smanagementandresponsibilityoftheinterna lauditorOpening / Introductory Paragraph And Scope ParagraphScopeParagraphshouldcompriseoft hefollowing.
