Preface to the Framework and Standards on Internal Audit

Preface to the Standards on Internal Audit was, originally, issued in November, 2004, revised in July, 2007, and was recommendatory in nature. The revised Preface to the Framework and Standards on Internal Audit shall become mandatory from such date as notified by the Council.

1. Introduction

This Preface to the Framework, Basic Principles and Standards on Internal Audit facilitates understanding of the scope and authority of the pronouncements of the Internal Audit Standards Board, issued under the authority of the Council of the Institute of Chartered Accountants of India.

2. Internal Audit Standards Board

2.1. The Institute of Chartered Accountants of India (hereinafter referred as “ICAI” or “the Institute”) constituted the “Committee for Internal Audit (CIA)” in February 2004, which in November 2005 was renamed as the “Committee on Internal Audit”. In November 2008, the Council renamed this Committee as the “Internal Audit Standards Board (hereinafter referred as the Board)”.

2.2. The objectives and functions of the Board are as follow:

(i) To review existing and emerging internal auditing practices worldwide and identify areas in which Standards on Internal Audit (SIAs) need to be developed.

(ii) To formulate Standards on Internal Audit, which may be issued under the authority of the Council of the Institute.

(iii) To formulate Guidance Notes on issues relating to internal audit, including those arising from the SIAs, or pertaining to any specific industry, which may be issued under the authority of the Council of the Institute.

(iv) To continuously review the existing Standards and Guidance on Internal Audit and to undertake their revision, if necessary.

(v) To formulate and review Implementation Guides, Technical Guides, Practice Manuals, Studies and other papers which may be issued under its own authority for guidance of the members, as felt appropriate by the Board.

(vi) To undertake research and promote knowledge dissemination in the field of internal audit.

3. Framework Governing Internal Audits

3.1. Every standard setting process operates within a pre-defined framework which outlines certain fundamental components inherent to the function or activity of internal audit. This is essential to ensure a consistent application of Basic Principles, Best Practices and Standards to achieve a high level of quality consistent with the objective of internal audit.

3.2. The Framework Governing Internal Audits is an overarching document to be read along with this Preface. It consist of Definition of Internal Audit, Code of Ethics and the following four components of internal audit:

(a) Basic Principles of Internal Audit

(b) Key Concepts

(c) Standards on Internal Audit, and

(d) Guidance

4. Standards on Internal Audit (SIAs)

4.1. The Standards on Internal Audit (SIAs) are a set of minimum requirements that apply to all members1 of the ICAI while performing internal audit of any entity or body corporate.

4.2. As per Section 138 of Companies Act, 2013, the Board of a Company may, besides a Chartered Accountant, appoint a cost accountant or any other professional to conduct Internal Audits. The ICAI recommends the adoption of the SIAs by non-members of the ICAI who are performing internal audits so as to ensure a consistent approach and quality in the discharge of their professional duties.

5. Mandatory Nature of Framework and Standards

5.1. The Council of the ICAI has decided that the Standards will be made mandatory in a phased manner.

5.2. The SIAs shall initially be mandatory for members performing internal audits in all listed companies, as per Section 138 of the Companies Act, 2013, read with Rule 13 of Companies (Accounts) Rules 2014 from the effective date of the SIA, and all other companies from one year thereafter.

5.3. The mandatory status of a SIA implies that while carrying out an internal audit, it shall be the duty of the members of the Institute to ensure that they comply with the SIAs read with the Preface, Framework Governing Internal Audits and Basic Principles of Internal Audit.

5.4. If, for any reason, a member is unable to comply with any of the SIAs requirements, or if there is a conflict between the SIA and other mandates, such as a regulatory requirement, the internal audit report (or such similar communication) should draw attention to the material departures therefrom along with appropriate explanation.

6. Standard Setting Process

6.1. The Board develops and revises SIAs in consultation with Study Groups (if required). Exposure drafts are thereafter released to various interest groups and public at large for their feedback and comments. The Board reviews the comments and thereafter places the SIA before the Council for its deliberation. The SIAs approved by the Council are issued with the final changes.

6.2. The detailed process is explained under Annexure 1.

7. Contents of the Standards

7.1. SIAs shall be principle based and will clearly outline the objective of issuing the particular Standard along with the essential requirements for its compliance.

7.2. Internal Auditors shall apply their best professional judgement in the implementation of SIAs on a “substance over form” basis. Implementation and Technical guides issued by the Board would help to provide the necessary guidance and clarification in this regard.

7.3. The essence of each Standard is captured under the following key sections:

(i) Introduction: To provide a brief background and scope of the Standard and its applicability.

(ii) Objective: Reasons for issuing the Standard and why it is required.

(iii)Requirements: The desired outcome and what is essential to ensure compliance with the Standard.

(iv) Explanatory Comments on Implementation and Application: Certain parts of the Standard which needs to be elaborated, including defining key words and terms.

(v) Effective Date: Date from which the Standard is to be applied and made mandatory.

7.4. The Standards on Internal Audit, as and when issued, will be classified and numbered in a series format, as follows:

(i) 100 Series : Standards on Key Concepts

(ii) 200 Series : Standards on Internal Audit Management

(iii) 300–400 Series : Standards on the Conduct of Audit Assignments

(iv) 500 Series : Standards on Specialised Areas

(v) 600 Series : Standards on Quality Control

(vi) 700 Series : Other/Miscellaneous Matters

8. Guidance

8.1. Guidance Notes on Internal Audit are primarily designed to provide guidance on matters of implementation or clarification on their applicability in certain circumstances.

8.2. The Board may issue the following guides (as appropriate):

(i) Implementation Guide: Best practices, methodologies or approach on how best to apply internal audit procedures in order to achieve the objectives of the SIA.

(ii) Technical Guide: Clarifications as to what extent the SIA applies
in a certain industry or a particular situation, considering the technical or operational uniqueness of the same, and how best to achieve the objectives of the SIA.

8.3. The Implementation and Technical Guides are recommendatory in nature. The Internal Auditor should ordinarily follow these recommendations except where, under particular circumstances, it may not be necessary or appropriate to do so.

9. Effective Date

9.1. The Preface to the Framework and Standards on Internal Audits is applicable for all internal audits beginning on or after a date to be notified by the Council of the Institute.

9.2. In case of SIAs issued by the ICAI for which a Guidance Note is already in existence, the Guidance Note shall stand withdrawn from the date on which the Standard comes into effect.

Annexure 1: Details of the Standard Setting Process

1. Selection of Topics and Time-lines: The Internal Audit Standards Board, on a continuous basis, and in consultation with its key stakeholders, keeps identifying the broad areas in which the SIAs need to be formulated (including the review and revision of prevailing SIAs) and prepares a priority list with time lines for the issuance of the SIAs.

2. Formation of Study Group to Draft Standards: In the preparation and drafting of the SIAs, the Board is assisted by a Study Group (SG) of professionals constituted by the Board. In the formation of the SG, provision is made for the participation of a cross section of members of the Institute. In certain situations the Board may also consider having expert professionals on the SG, who need not necessarily be members of the ICAI. The SG is generally chaired by a member of the Board and convened by the Board. The SG is responsible for preparing and finalising the Exposure Draft of the Standard and make it ready for review and approval of the Board.

3. Review of Exposure Draft of SIA by the Board: The Exposure Draft (ED) of the Standard is put up to the Board for their review, deliberation and approval. On the basis of the deliberations of the Board, changes are made to the draft, and the final ED is made ready for exposure with a wide set of stakeholders.

While formulating the SIAs, the Board takes into consideration the applicable laws, customs, business environment in India. The Board also, where appropriate, takes into consideration the international practices in the area of internal audit, to the extent they are relevant and applicable to the conditions existing in India.

4. Exposure Draft Open for Comments for 30 days: The Exposure Draft of the proposed Standard is issued for comments by the members of the Institute. The ED is also open for comments by non-members, including the regulators and other such bodies as well as general public. The ED is also published in the monthly Journal of the Institute and hosted on the website of the Institute wherefrom it is downloadable free of charge for comments by the professional accountants and the public. The ED is also circulated to all the members of Council of the ICAI, the Institute’s past Presidents, Regional Councils and the branches of the Institute for their comments. The Exposure Draft is also circulated to other external stakeholders as listed in Annexure 2.

The Exposure Draft is normally open for comments for a period of at least 30 (thirty) days from the date of issuance, but this time may be extended if considered necessary.

5. Finalisation and Submission to ICAI Council: After taking into consideration the comments received on the Exposure Draft, the Board will update the draft of the proposed Standard, take inputs of the SG (if appropriate), finalise the Standard for consideration by the Council of the Institute.

6. ICAI Council Deliberates and Approves SIA: The Council of the Institute will consider the final draft of the proposed Standard on Internal Audit and if necessary, modify the same in consultation with the Internal Audit Standards Board.

7. SIA Issued with Final Changes: The SIA will then be issued under the authority of the Council of the Institute.

Annexure 2: List of Stakeholders for Inputs on Exposure Drafts

1. The Ministry of Corporate Affairs

2. The Reserve Bank of India

3. The Securities and Exchange Board of India

4. The Insurance Regulatory and Development Authority

5. The Comptroller and Auditor General of India

6. The Controller General of Accounts

7. The Central Board of Direct Taxes

8. The Central Board of Excise and Customs

9. The Institute of Cost Accountants of India

10. The Institute of Company Secretaries of India

11. Recognised Stock Exchanges in India

12. The Indian Banks’ Association

13. The Standing Conference of Public Enterprises

14. The National Bank for Agricultural and Rural Development

15. The Indian Institute(s) of Management

16. The Telecom Regulatory Authority of India

17. The Central Registrar of Co-operative Societies

18. Various Industry bodies/associations, such as, The Confederation of Indian Industry, The Associated Chambers of Commerce and Industry, The Federation of Indian Chambers of Commerce and Industry, etc.

19. Any other body considered relevant by the Board, keeping in view the nature and requirements of SIAs.

Note:-

* Issued in November, 2018.

1. The current law in India permits internal audit to be performed either by an entity’s own employee (i.e., personnel on the payroll of the organization or its group company) or by a professional who is part of an external agency (e.g., a firm of practicing Chartered Accountants undertaking internal audit engagements). These SIAs apply to ICAI members in both situations, irrespective of whether the internal audit is conducted by them in the capacity of an employee or as a representative of an external agency.

Source- ICAI