The Internal Audit Standard Board of the ICAI has, with other pronouncements, issued five Standards on Internal Audit (SIAs) in November 2018. The SIAs are a set of minimum requirements that apply to all members of the ICAI while performing an internal audit of any entity or body corporate. However, these are not mandatory to be undertaken by other professional bodies such as Cost Management Accountants and Company Secretaries.
Need for Standards on Internal Audit
The Standards on Internal Audit (SIAs) establish uniform evaluation criteria, methods, processes, and practices. The Standards are pronouncements which form the basis for conducting all internal audit activity. These pronouncements are designed to help the internal auditor to discharge his responsibilities.
The following internal audit related pronouncements have been issued:
Preface to the Framework and Standards on Internal Audit
Framework Governing Internal Audits
Basic Principles of Internal Audit
Standard on Internal Audit (SIA) 210, Managing the Internal Audit Function
Standard on Internal Audit (SIA) 220, Conducting Overall Internal Audit Planning
Standard on Internal Audit (SIA) 310, Planning the Internal Audit Assignment
Standard on Internal Audit (SIA) 320, Internal Audit Evidence
Standard on Internal Audit (SIA) 330, Internal Audit Documentation
As per Framework Governing Internal Audits issued by ICAI, Internal Audit is defined as follows:
“Internal Audit provides independent assurance on the effectiveness of internal controls and risk management processes to enhance governance and achieve organisational objectives”
Key terms used above
Basic Principles of Internal Audit
Standard on Internal Audit (SIA) 2, Basic Principles Governing Internal Audit was, originally, issued by the Board in August 2007 which was recommendatory in nature. The revised Basic Principles of Internal Audit is being issued as an overarching document for all the Standards on Internal Audit and shall become mandatory from such date as notified by the Council.
The Basic Principles of Internal Audit are a set of core principles fundamental to the function and activity of the internal audit. The Basic Principles are critical to achieving the desired objectives as set out in the Definition of the Internal Audit, and therefore, apply to all internal audits.
All internal audits shall be performed based on these basic principles, and departures from these principles shall be appropriately disclosed in an internal audit report or other similar communication.
The principles can be summarised as follows:
The Internal Auditor shall be free from any undue influences which force him to deviate from the truth.
This independence shall be not only in mind but also in appearance.
Integrity and Objectivity
The Internal Auditor shall be honest, truthful and be a person of high integrity.
He shall avoid all conflicts of interest and not seek to derive any undue personal benefit or advantage from his position.
Due Professional Care
“Due professional care” signifies that the Internal Auditor exercises reasonable care in carrying out the work to ensure the achievement of planned objectives.
He shall not disclose any such information to a party outside the internal audit function and any disclosure shall be on a “need to know basis”.
Under no circumstance, any confidential information shall be shared with third parties outside the company, without the specific approval of the Management or Client or unless there is a legal or professional responsibility to do so (e.g., to share information with Statutory Auditors)
Skills and Competence
The Internal Auditor shall have sound knowledge, strong interpersonal skills, practical experience and professional expertise in certain areas and other competence required to conduct a quality audit. In addition to the basic technical skills, the Internal Auditor shall have the softer skills (such as interpersonal and communication skills) required to engage with a multitude of stakeholders
The Internal Auditor shall identify the important audit areas through a risk assessment exercise and tailor the audit activities such that the detailed audit procedures are prioritized and conducted over high-risk areas and issues, while less time is devoted to low-risk areas through curtailed audit procedures
Systems and Process Focus
It requires a root cause analysis to be conducted on deviations to identify opportunities for system improvement or automation, to strengthen the process and prevent a repetition of such errors.
Participation in Decision Making
The Internal Auditor shall avoid passing any judgment or render an opinion on past management decisions. As part of his advisory role, the Internal Auditor shall avoid participation in operational decision making which may be subject of a subsequent audit
Sensitive to Multiple Stakeholder Interests
The Internal Auditor shall evaluate the implications of his observations and recommendations on multiple stakeholders, especially where diverse interests may be conflicting in nature
Quality and Continuous Improvement
The Internal Auditor shall ensure that a self-assessment mechanism is in place to monitor his own performance and also that of his subordinates and external experts on whom he is relying to complete some part of the audit work.
SIA 210 MANAGING THE INTERNAL AUDIT FUNCTION
The Chief Internal Auditor of the company has to perform a number of activities which includes the following-
Planning- Define the overall plan, scope, and methodology of the Internal Audit Function on a periodic basis.
Monitoring- Oversee and monitor various audit assignments, their proper planning, execution, reporting of findings and subsequent closure of reported observations
Performance- Plan, acquire, engage and review the performance, training, and development of professional staff, talent, and other resources to achieve its objectives.
External Experts- Identify, source, engage and manage external experts and technical solutions, if required.
Communication- Communicate and engage with all key stakeholders regarding progress and achievement of objectives
Improvement Programme- Develop and maintain a quality evaluation and improvement program.
SIA 220 CONDUCTING OVERALL INTERNAL AUDIT PLANNING
The overall Internal Audit Planning process is done in 2 phases depicted as follows-
SIA 220 deals with the connotations of the Overall Planning of the Internal Audit function for the whole entity. As per Rule 13(2) of the Companies Act 2013, it is mandatory for the Audit Committee of the Board to formulate overall Internal Audit Plan.
As per Sec 13(2) of the Companies Act 2013
“The Audit Committee of the company or the Board shall, in consultation with the Internal Auditor, formulate the scope, functioning, periodicity, and methodology for conducting the internal audit.”
Conducting the Overall Internal Audit Planning involves the following key elements-
undertaken prior to the beginning of the plan period
directional in nature and considers all the Auditable Units
prepared by the Chief Internal Auditor
The Planning Process
Knowledge of the Business and its Environment
Discussion with Management and Stakeholders
Audit Universe and Scope of Coverage
SIA 310PLANNING THE INTERNAL AUDIT ASSIGNMENT
As mentioned above, the planning is done in two phases, this standard deals with the requirement of the audit plan to be made periodically.
Conducting the Internal Audit Assignment involves the following key elements-
sub-set of the Overall Internal Audit Plan
undertaken prior to the beginning of a particular assignment during the plan period
covers the manner in which a particular audit assignment will be conducted
prepared by the Internal Auditor responsible for the assignment
Alignment with the objectives of the Overall Internal Audit
Scope, coverage, and methodology of the audit procedures will form a sound basis for providing reasonable assurance.
Allocate adequate time and resources
Assign appropriate skills to complex areas and issues.
Efficient and effective manner in conducting audit procedures
In line with the various pronouncements of ICAI
SIA 320INTERNAL AUDIT EVIDENCE
As per the definition given in the standard, Internal Audit Evidence refers to all the information used by the Internal Auditor in arriving at the conclusion on which the auditor’s opinion is based.
The Internal Audit evidence includes the following-
information collected from underlying entity records and processes
information from the performance of various audit activities and testing procedures
To allow the Internal Auditor to form an opinion on the outcome of the audit procedures completed.
Nature of Evidence
either from the underlying company’s books, records, systems, and processes or through the performance of audit activities and testing procedures
Reliability and Consistency of Evidence
Evaluate how the audit procedures need to be modified or expanded to resolve the doubt or conflict.
Evidence Collection and Recording Process
Meet certain basic standards of quality to achieve internal audit objectives
Written policy and process on audit evidence
Details of the evidence collected, relevance to the audit findings and opinion being formed, cross-referenced to the Internal Audit Program, where appropriate
SIA 330INTERNAL AUDIT DOCUMENTATION
Internal Audit Documentation” refers to the written record (electronic or otherwise) of the internal audit procedures performed, the relevant audit evidence obtained and conclusions reached by the Internal Auditor on the basis of such procedures and evidence
This Standard applies to all internal audit assignments. The nature and content of documentation is covered in a separate implementation guide on the subject.
validate the audit findings
support the basis on which audit observations are made
conclusions reached from those findings
aid in the supervision and review of the internal audit work
establish that work performed is in conformance with the applicable pronouncements of the Institute of Chartered Accountants of India.
Nature of Documentation
includes written records (electronic or otherwise) of various audit activities and procedures conducted, including evidence gathered, information collected, notes taken and meetings held.
Content and sufficiency of Documentation
all significant matters which require the exercise of judgment, together with the Internal Auditor’s conclusion
Collated and arranged logically in files as audit work papers and retained to support the performance of the internal audits as per a written process
Timely Completion of Documentation
compiled into internal audit files soon after the completion of all audit procedures, while pending matters may be closed during the draft stage of audit reporting
Confirmation of Compliance
Written documentation policy
Process of audit work papers
Work paper files for each audit assignment
Note-Preface to the Standards on Internal Audit was, originally, issued in November 2004, revised in July 2007, and was recommendatory in nature. The revised Preface to the Framework and Standards on Internal Audit shall become mandatory from such date as notified by the Council.
The Preface to the Framework and Standards on Internal Audit are applicable for all internal audits beginning on or after a date to be notified by the Council of the Institute. In the case of SIAs issued by the ICAI for which a Guidance Note is already in existence, the Guidance Note will stand withdrawn from the date on which the Standard comes into effect. https://www.icai.org/new_post.html?post_id=597
Standards will come in force from the date to be notified by ICAI
(with inputs from Standards of Internal Audit issued by ICAI)
The entire contents of this article are solely for information purpose and have been prepared on the basis of relevant provisions and as per the information existing at the time of the preparation by the Author. Compliance Calendar LLP and the Author of this Article do not constitute any sort of professional advice or a formal recommendation. The author has undertaken utmost care to disseminate the true and correct view and doesn’t accept liability for any errors or omissions. You are kindly requested to verify and confirm the updates from the genuine sources before acting on any of the information’s provided hereinabove. Compliance Calendar LLP shall not be responsible for any loss or damage in any circumstances whatsoever.