INTERNAL AUDIT MEANING Internal audit is an independent , objective assurance and consulting activity designed to add value and

improve an organizations operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management , control and governance process. The Institute of Internal Auditors (IIA) has developed the globally accepted definition of internal auditing, as follows: Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Thus, Internal audit is an independent appraisal function established by the management of an organization for the review of the internal control system as a service to the organization. It objectively examines, evaluates and reports on the adequacy of internal control as a contribution to the proper, economic and effective use of resources. ASPECTS OF INTERNAL AUDIT Internal audit has two aspects a) Operational Audit b) Management Audit a) Operational audit involves examination of all operations and activities of the entity. It provides an appraisal of whether every department in the entity is operating in conformity with prescribed standards and procedures and whether standards of efficiency and economy are maintained.

It is concerned with 1) formulation of plans ,2) their implementation, and 3) control in respect of production and marketing activities. Internal audit focuses mainly on the accounting operations of the entity where as the operational audit covers all operations such as marketing, manufacturing, etc. Thus, operational audit is an extension of internal auditing. Management audit involves the audit of propriety, authority, compliance with policies, etc. MISSION The internal audit supports effective and efficient discharging of the guiding and monitoring duties of the organizations management by producing assurance services for its internal customers relating to governance, control and risk management processes. The internal audit brings added value and promotes achievement of the set goals by giving improvement recommendations, producing objective and independent information and by training supervisors and employees in understanding and application of monitoring processes and self-assessment of business and other activities within the organization. The internal audit sets its own objectives and performs its duties so that the values of the organization are included in them and that these values also guide the work of the auditors. The internal auditors function as partners of the other organizational parts and work as experts in different teams (especially development teams) if they do not endanger their independence. PURPOSE The internal audit is one of the managements control tools who through its operations assist the entire organisation by examining and evaluating the adequacy and efficiency of internal control, risk management, quality of operations and governance processes. The internal audit furnishes the organisation with analyses, appraisals, recommendations, counsel and information.

The purpose is to ascertain that the internal control system, by taking into account also the information produced by the external auditors, functions so that the management can be reasonably sure that the set objectives and goals will be achieved, the operations are effective, reporting is reliable, and safeguarding of assets and compliance with the laws and regulations is done. THE OBJECTIVES OF INTERNAL AUDIT To determine the reliability and integrity of information; (i.e. evaluating the internal control systems and the integrity of financial and operating information produced by those systems). To determine whether compliance exists with policies, procedures, laws, and regulations. To establish that there is a proper authority for every acquisition, retirement and disposal of assets. To confirm that liabilities have been incurred only for legitimate activities of the organization. To appraise the economy and efficiency of resource utilization (i.e. physical, monetary and most importantly staff). To review operations or programs for consistency with established management goals and objectives. To assist members of the organization in the effective and successful performance of their responsibilities by providing them with analyses, appraisals, recommendations, and other pertinent information concerning the activities being reviewed. To analyze and improve the system of internal check , in particular to see that it is a) working, b) sound, and c) economical. To facilitate the prevention and detection of frauds. To review the operation of the overall internal control system and to bring material departures and non compliances to the notice of the appropriate level of management, to locate unnecessary and weak control system effective and economical.

PRINCIPLES OF ESTABLISHING INTERNAL AUDIT The basic principles of establishing internal audit in a business concern are 1) Independence- The internal audit department should have an independent status in the organization. The internal auditor must have sufficiently high status in the organization. He may be required to report directly to the board of directors. 2) Objectives The objectives of the internal audit function should be made very clear and unambiguous. The objective should be properly communicated so that internal audit is not viewed as over-the-shoulder check by other departments. 3) Clarity In Scope The scope of internal audit department must be specified in a comprehensive manner. The department must at all times, have authority to investigate from the financial angle, every phase of organizational activity under any circumstance. 4) Definition Of Duties The internal audit department s duty is to review operations as part of the internal control system. It should not be involved in performance of executive actions. 5) Internal Audit Department The size and qualification of staff of the internal audit department should be commensurate with the size of the business. The cost of internal audit department should not exceed the benefits expected to be derived from it. 6) Reporting The Programme of internal audit should be time bound. There should be provisions for periodic reporting on various operational and other aspects. 7) Follow up and review- There should be sufficient scope for the follow-up action on the various points raised in internal audit report. Top management should take active part in ensuring compliance with action points raised in the report. 8) Relationship With Statutory Auditor The copy of the internal audit report should be made available to the statutory auditor, who can deal with the same in the manner as he deems fit.

AREAS IN WHICH INTERNAL AUDIT OPERATES Internal audit covers the following areas1) Review Of Accounting System And Related Internal Controls: The establishment of an adequate accounting system and related controls is the responsibility of management which demands proper attention on a continuous basis. The internal audit function is often assigned specific responsibility by management for reviewing the accounting system and related internal controls, monitoring their operation and recommending improvements thereto. 2) Examination For Management Of Financial And Operating Information :This may include review of the means used to identify, measure, classify and report such information and specific inquiry into individual items including detailed testing of transactions, balances and procedures. 3) Examination Of The Economy, Efficiency, And Effectiveness Of Operations Including Non Financial Controls Of An Organization: Generally , the external auditor is interested in the results of such audit work only when it has important bearing on the reliability of the financial records. 4) Physical Examination And Verification Of Tangible Assets.

ESSENTIALS OF INTERNAL AUDITING The essentials for effective internal auditing are: (A) Independence The internal auditor should have the independence in terms of organisational status and personal objectivity which permits the proper performance of his duties

(B) Staffing And Training The internal audit unit should be appropriately staffed in terms of numbers, grades, qualifications and experience, having regard to its responsibilities and objectives. The internal auditor should be properly trained to fulfil all his responsibilities . The effectiveness of internal audit depends substantially on the quality, training and experience of its staff. The aim should be to appoint staff with the appropriate background, personal qualities and potential. Thereafter, steps should be taken to provide the necessary experience, training and continuing professional education. Staffing The internal audit unit should be managed by a head of internal audit who should be suitably qualified and should possess wide experience in internal audit and its management. He should plan, direct, control and motivate the resources available to ensure that the responsibilities of the internal audit unit are met. The full range of duties may require internal audit staff to be drawn from a variety of disciplines. The effectiveness of internal audit may be enhanced by the use of specialist staff, particularly in the internal audit of activities of a technical nature. The internal audit unit should employ staff with varying types and levels of skills, qualifications and experience in order to satisfy the requirements of each internal audit task. Training The organisation has a responsibility to ensure that the internal auditor receives the training necessary for the performance of the full range of duties. Training should be tailored to the needs of the individual. It should include both theoretical knowledge and its practical application under the supervision of suitably competent and experienced internal auditors. Account should be taken of: (a) internal audit objectives and priorities; (b) the type of internal audit work; (c) previous training, experience and qualifications; and (d) personal development in the light of the needs of the organisation and the internal audit unit.

The internal auditor should keep abreast of current developments, improvements, new techniques and practices in auditing. The head of internal audit should co-ordinate, and keep under review, the training requirements of internal auditors. He should be responsible for preparing training profiles which identify the training requirement for different grades of internal auditors, and should maintain personal training records for each individual. In large organisations this may be performed by a designated training officer. (C) Relationships The internal auditor should seek to foster constructive working relationship and mutual understanding with management, with external auditors, with any other review agencies and, where one exist, the audit committee. In order that the internal auditor may properly perform all his tasks, it is necessary for all those with whom he has contact to have confidence in him. Constructive working relationships make it more likely that internal audit work will be accepted and acted upon, but the internal auditor should not allow his objectivity to be impaired. Organisational relationships The head of internal audit should prepare the internal audit plan in consultation with senior management. The internal auditor should arrange the timing of internal audit assignments in consultation with the management concerned, except on those rare occasions where an unannounced visit is a necessary part of the audit approach. Consultation can lead to the identification of areas of concern or of other interest to management. Matters which arise in the course of the audit are confidential and discussion should be restricted to management directly responsible for the area being audited unless they have given express agreement to broaden the discussion. Discussions with management are necessary when preparing the audit report. This is an essential feature of the good relationship between the auditor and the management. Relationship with external audit The relationship between internal and external audit needs to take account of their differing roles and responsibilities. Internal audit is an independent appraisal

function within the organisation and internal auditors are direct employees. The external auditor usually has a statutory responsibility to express an independent opinion on the financial statements and stewardship of the organisation. The aim should be to achieve mutual recognition and respect, leading to a joint improvement in performance and the avoidance of unnecessary over-lapping of work. It should be possible for the external and internal auditors to rely on each other's work, subject to limits determined by their different responsibilities, respective strengths and special abilities. Consultations should be held and consideration given to whether any work of either auditor is adequate for the purpose of the other. The internal auditor does not automatically have a right of access to the records of the external auditor. However, the relationship between the internal and external auditor will usually be such that the external auditor will be able to allow access to the necessary records. Since internal audit evaluates an organisation's internal control system the external auditor may need to be satisfied that the internal audit function is being planned and performed effectively. This review needs to be seen by both parties as a necessary part of the working relationship (see the Institute's International Auditing Guideline No: 10 on "Using the work of an Internal Auditor"). Regular meetings should be held between internal and external auditors at which joint audit planning, priorities, scope and audit findings are discussed and information exchanged. The benefits of joint training programmes and joint audit work should also be considered. Review agencies and specialists Certain information obtained during an internal audit assignment may assist a review agency, such as management services or consultants, which are seeking to secure improvements in the organisation's performance. Management's formal approval should be obtained before releasing any audit report or other information to the review agencies. The internal auditor should establish a regular dialogue with review agencies and obtain their reports for information, review and comment where proposals may affect internal control arrangements.

Where it is necessary for the internal auditor to have contact with other specialists the same basic principles about information apply as in the case of review agencies. (D) Due Care The internal auditor should exercise due care in fulfilling his responsibilities. The internal auditor cannot be expected to give total assurance that control weaknesses or irregularities do not exist. In order to demonstrate that due care has been exercised the internal auditor should be able to show that his work has been performed in a way which is consistent with this guideline. The internal auditor should possess a thorough knowledge of the aims of the organisation and the internal control system. He should also be aware of the relevant laws and the requirements of relevant professional and regulatory bodies. The internal auditor must be impartial in discharging all responsibilities; bias, prejudice or undue influence must not be allowed to limit or over-ride objectivity. At all times, the integrity and conduct of the internal auditor must be above reproach. He should not place himself in a position where responsibilities and private interests conflict and any personal interests should be declared. The internal auditor should not improperly disclose any information obtained during the course of his work. (E) Planning, Controlling And Recording The internal auditor should adequately plan, control and record his work. The main purposes of internal audit planning are: a) to determine priorities and to establish the most cost-effective means of achieving audit objectives; b) to assist in the direction and control of audit work; c) to help ensure that attention is devoted to critical aspects of audit work; and d) to help ensure that work is completed in accordance with predetermined targets.

Control of the internal audit unit and of individual assignments is needed to ensure that internal audit objectives are achieved and work is performed effectively. The most important elements of control are the direction and supervision of the internal audit staff and review of their work. This will be assisted by an established audit approach and standard documentation. The degree of control and supervision required depends on the complexity of assignments and the experience and proficiency of the internal audit staff. Internal audit work should be properly recorded because: 1) The head of internal audit needs to be able to ensure that work delegated to staff has been properly performed. He can generally do this only by reference to detailed working papers prepared by the internal audit staff who performed the work; 2) Working papers provide, for future reference, evidence of work performed, details of problems encountered and conclusions drawn; and 3) The preparation of working papers encourages each internal auditor to adopt a methodical approach to his work (F) Evaluation Of The Internal Control System The internal auditor should identify and evaluate the organisation's internal control system as a basis for reporting upon its adequacy and effectiveness. (G) Evidence The internal auditor should obtain sufficient, relevant and reliable evidence on which to base reasonable conclusions and recommendations. Internal audit evidence is information obtained by an internal auditor which enables conclusions to be formed on which recommendations can be based. The internal auditor should determine what evidence will be necessary by exercising judgement in the light of the objectives of the internal audit assignment. This judgement will be influenced by the scope of the assignment, the significance of the matters under review, the relevance and the reliability of available evidence and the cost and time involved in obtaining it. The collection and assessment of internal audit evidence should be recorded and reviewed to provide reasonable assurance that conclusions are soundly based and internal audit objectives achieved.

(H) Reporting And Follow-Up The internal auditor should ensure that findings, conclusions and recommendations arising from each internal audit assignment are communicated promptly to the appropriate level of management and he should actively seek a response. He should ensure that arrangements are made to follow up audit recommendations to monitor what action has been taken on them. Internal audit reports provide a formal means of communicating to management the results arising from audits undertaken. Such reports should include audit findings, recommendations and conclusions relating to the adequacy of and compliance with the system of internal control and the efficiency, effectiveness and economy of operations in the area covered by the audit. From the point of view of completeness, management response to the audit findings should preferably also be included in the report. The aim of every internal audit report should be: To prompt management action to implement recommendations for change leading to improvement in performance and control; and To provide a formal record of points arising from the internal audit assignment and, where appropriate, of agreements reached with management. CATEGORIES OF INTERNAL AUDIT Internal audit can be divided at least into the following categories based on the audit technique or objective: Systems based audit It refers to an in-depth evaluation of the internal control system with the objective to assess to extent to which the controls are functioning effectively. It is designed to assess the accuracy and completeness of financial statements, the legality and regularity of underlying transactions and the economy, efficiency and effectiveness of operations. A systems based audit should be followed-up through substantive testing of a number of transactions, account balances, etc. to determine whether the financial statements of the auditee are accurate and complete, the underlying transactions legal and regular and/or the criteria for economy, efficiency and effectiveness have been achieved.

Performance audit or Operational audit, It assesses whether the activity, programme or body has been managed economically and/or efficiently and/or effectively. A particular performance audit will not necessarily seek to reach conclusions about all three aspects above: it should be clear from the audit objectives, which need to be examined. When carrying out audits of economy or efficiency, however, the auditor does need to make a general consideration of the effectiveness of the audited entity: it may be better that the entity does the right thing badly rather than doing the wrong thing well. Financial or accounting audit, It evaluates the accuracy of the accounting and related procedures and practices. It assesses the accuracy and completeness of the financial statements of the activity, programme or body being audited; and/or evaluates whether the transactions underlying the financial statements are legal and regular. However, according to the definition of internal auditing, internal auditors are mainly evaluating the system of internal control. Therefore internal auditors primary interest is not the accounting as such, but rather the controls which ensures the quality of accounting information and financial reporting. Compliance audit, It evaluates the how well the organization conforms and adherences with relevant policies, plans, procedures, laws, regulations, and contracts. Usually all audits include the compliance element, because the auditor uses the laws, policies and regulations as a yardstick to measure the performance of the organization. Therefore these guidelines do not contain separate section for compliance audit, but the aspect is included in all audit instructions later in these guidelines. SKILLS OF INTERNAL AUDITORS Personal requirements The auditor: Has to understand the business, at least the basics Has to have good communication and negotiation skills Has to have guts to disagree with authorities

Has to have imaginations Needs to be able to sell Has to understand human behavior and its differences Has to be able to be diplomatic Needs to have technical audit skills Needs to have analytical skills Needs to be able to find solutions and solve problems Needs to be able to report clearly Is absolutely unbiased.

Business requirements The requirements depends upon the different kind of business and other sectors there are in any modern organization. The internal audit unit in an organization has to be able to audit at least: Management Administration Organisational Issues Security Information Systems (Pcs, LANS, Payment Systems, Systems Development, Operation Systems, Applications, Continuity, Information Security,)

The auditors should specialize on their own business sectors and improve their understanding and abilities by continuous education, training and participation in business activities Planning, executing and reporting abilities Every auditor obviously has to be able to conduct the entire audit. This means that he/she has to have thorough understanding on all of the audit phases and their significance and standard requirements. Special emphasis has to be placed on the audit reporting, because it is the visual outcome of the audit, it affects the image ,not only of the auditor, but the whole audit unit. Technical audit abilities There are numerous tools and audit techniques that an auditor can employ. This list is not exhaustive, but rather an indication on how complicated issues we are dealing with.

An auditor can use the following techniques: Risk assessment, this is a must to everyone, because the risk is the most important factor on deciding the audit objects. Flowcharting for analyzing operations for efficiency and control Internal control questionnaires as means of revealing information about the function to be surveyed and ultimately audited. Different kind of statistical methods, like sampling Using information systems to analyze the data files Using technical tools to analyze the information systems, i.e. performing IS audits.