The Internal Audit Standard Board of the ICAI has, with other pronouncements, issued five Standards on Internal Audit (SIAs) in November 2018. The SIAs are a set of minimum requirements that apply to all members of the ICAI while performing internal audit of any entity or body corporate. However these are not mandatory to be undertaken by other professional bodies such as Cost Management Accountants and Company Secretaries.
The Standards on Internal Audit (SIAs) establish uniform evaluation criteria, methods, processes and practices. The Standards are pronouncements which form the basis for conducting all internal audit activity. These pronouncements are designed to help the internal auditor to discharge his responsibilities.
The following internal audit related pronouncements have been issued:
As per Framework Governing Internal Audits issued by ICAI, Internal Audit is defined as follows:
“Internal Audit provides independent assurance on the effectiveness of internal controls and risk management processes to enhance governance and achieve organisational objectives”
|Key terms used above|
|Independence||Internal Controls||Risk Assessment||Governance||Organisational Objectives|
1. Basic Principles of Internal Audit- Standard on Internal Audit (SIA) 2, Basic Principles Governing Internal Audit was, originally, issued by the Board in August, 2007 which was recommendatory in nature. The revised Basic Principles of Internal Audit is being issued as overarching document for all the Standards on Internal Audit, and shall become mandatory from such date as notified by the Council.
The Basic Principles of Internal Audit are a set of core principles fundamental to the function and activity of internal audit. The Basic Principles are critical to achieve the desired objectives as set out in the Definition of the Internal Audit, and therefore, apply to all internal audits.
All internal audits shall be performed based on these basic principles, and departures from these principles shall be appropriately disclosed in internal audit report or other similar communication.
♦ The principles can be summarised as follows:
|Independence||The Internal Auditor shall be free from any undue influences which force him to deviate from the truth.
This independence shall be not only in mind, but also in appearance.
|Integrity and Objectivity||The Internal Auditor shall be honest, truthful and be a person of high integrity.
He shall avoid all conflicts of interest and not seek to derive any undue personal benefit or advantage from his position.
|Due Professional Care||“Due professional care” signifies that the Internal Auditor exercises reasonable care in carrying out the work to ensure the achievement of planned objectives.|
|Confidentiality||He shall not disclose any such information to a party outside the internal audit function and any disclosure shall be on a “need to know basis”.
Under no circumstance any confidential information shall be shared with third parties outside the company, without the specific approval of the Management or Client or unless there is a legal or a professional responsibility to do so (e.g., to share information with Statutory Auditors)
|Skills and Competence||The Internal Auditor shall have sound knowledge, strong interpersonal skills, practical experience and professional expertise in certain areas and other competence required to conduct a quality audit. In addition to the basic technical skills, the Internal Auditor shall have the softer skills (such as interpersonal and communication skills) required to engage with a multitude of stakeholders|
|Risk Based Audit||The Internal Auditor shall identify the important audit areas through a risk assessment exercise and tailor the audit activities such that the detailed audit procedures are prioritised and conducted over high risk areas and issues, while less time is devoted to low risk areas through curtailed audit procedures|
|Systems and Process Focus||It requires a root cause analysis to be conducted on deviations to identify opportunities for system improvement or automation, to strengthen the process and prevent a repetition of such errors.|
|Participation in Decision Making||The Internal Auditor shall avoid passing any judgement or render an opinion on past management decisions. As part of his advisory role, the Internal Auditor shall avoid participation in operational decision making which may be subject of a subsequent audit|
|Sensitive to Multiple Stakeholder Interests||The Internal Auditor shall evaluate the implications of his observations and recommendations on multiple stakeholders, especially where diverse interests may be conflicting in nature|
|Quality and Continuous Improvement||The Internal Auditor shall ensure that a self-assessment mechanism is in place to monitor his own performance and also that of his subordinates and external experts on whom he is relying to complete some part of the audit work.|
SIA 210 MANAGING THE INTERNAL AUDIT FUNCTION
The Chief Internal Auditor of the company has to perform a number of activities which includes the following-
1. Planning-Define the overall plan, scope and methodology of the Internal Audit Function on a periodic basis.
2. Monitoring-Oversee and monitor various audit assignments, their proper planning, execution, reporting of findings and subsequent closure of reported observations
3. Performance-Plan, acquire, engage and review the performance, training and development of professional staff, talent and other resources to achieve its objectives.
4. External Experts-Identify, source, engage and manage external experts and technical solutions, if required.
5. Communication-Communicate and engage with all key stakeholders regarding progress and achievement of objectives
6. Improvement Programme-Develop and maintain a quality evaluation and improvement program.
SIA 220 CONDUCTING OVERALL INTERNAL AUDIT PLANNING
The overall Internal Audit Planning process is done in 2 phases depicted as follows-
SIA 220 deals with the connotations of the Overall Planning of the Internal Audit function for the whole entity. As per Rule 13(2) of the Companies Act 2013, it is mandatory for the Audit Committee of the Board to formulate overall Internal Audit Plan.
As per Sec 13(2) of the Companies Act 2013,
“The Audit Committee of the company or the Board shall, in consultation with the Internal Auditor, formulate the scope, functioning, periodicity, and methodology for conducting the internal audit.”
Conducting the Overall Internal Audit Planning involves the following key elements-
– undertaken prior to the beginning of the plan period
– directional in nature and considers all the Auditable Units
– prepared by the Chief Internal Auditor
|The Planning Process||Knowledge of the Business and its Environment|
|Discussion with Management and Stakeholders||Audit Universe and Scope of Coverage|
|Risk Assessment||Technology Deployment|
SIA 310 PLANNING THE INTERNAL AUDIT ASSIGNMENT
As mentioned above, the planning is done in two phases, this standard deals with the requirement of the audit plans to be made periodically.
Conducting the Internal Audit Assignment involves the following key elements-
– sub-set of the Overall Internal Audit Plan
– undertaken prior to the beginning of a particular assignment during the plan period
– covers the manner in which a particular audit assignment will be conducted
– prepared by the Internal Auditor responsible for the assignment
|Alignment with the objectives of the Overall Internal Audit||Scope, coverage and methodology of the audit procedures will form a sound basis for providing reasonable assurance.|
|Allocate adequate time and resources||Assign appropriate skills to complex areas and issues.|
|Efficient and effective manner in conducting audit procedures||In line with the various pronouncements of ICAI|
SIA 320 INTERNAL AUDIT EVIDENCE
As per the definition given in the standard, Internal Audit Evidence refers to all the information used by the Internal Auditor in arriving at the conclusion on which the auditor’s opinion is based.
The Internal Audit evidence includes the following-
– information collected from underlying entity records and processes
– information from the performance of various audit activities and testing procedures
To allow the Internal Auditor to form an opinion on the outcome of the audit procedures completed.
|Nature of Evidence
either from the underlying company’s books, records, systems and processes or through the performance of audit activities and testing procedures
|Reliability and Consistency of Evidence
Evaluate how the audit procedures need to be modified or expanded to resolve the doubt or conflict.
|Evidence Collection and Recording Process
Meet certain basic standards of quality to achieve internal audit objectives
Written policy and process on audit evidence
Details of the evidence collected, relevance to the audit findings and opinion being formed, cross referenced to the Internal Audit Program, where appropriate
SIA 330 INTERNAL AUDIT DOCUMENTATION
Internal Audit Documentation” refers to the written record (electronic or otherwise) of the internal audit procedures performed, the relevant audit evidence obtained and conclusions reached by the Internal Auditor on the basis of such procedures and evidence
This Standard applies to all internal audit assignments. The nature and content of documentation is covered in a separate implementation guide on the subject.
– validate the audit findings
– support the basis on which audit observations are made
– conclusions reached from those findings
– aid in the supervision and review of the internal audit work
– establish that work performed is in conformance with the applicable pronouncements of the Institute of Chartered Accountants of India.
|Nature of Documentation
includes written records (electronic or otherwise) of various audit activities and procedures conducted, including evidence gathered, information collected, notes taken and meetings held.
|Content and sufficiency of Documentation
all significant matters which require exercise of judgment, together with the Internal Auditor’s conclusion
Collated and arranged logically in files as audit work papers and retained to support the performance of the internal audits as per a written process
|Timely Completion of Documentation
compiled into internal audit files soon after the completion of all audit procedures, while pending matters may be closed during the draft stage of audit reporting
Confirmation of Compliance
Written documentation policy
process on audit work papers
Work paper files for each audit assignment
Note- Preface to the Standards on Internal Audit was, originally, issued in November, 2004, revised in July, 2007, and was recommendatory in nature. The revised Preface to the Framework and Standards on Internal Audit shall become mandatory from such date as notified by the Council.
The Preface to the Framework and Standards on Internal Audit are applicable for all internal audits beginning on or after a date to be notified by the Council of the Institute. In case of SIAs issued by the ICAI for which a Guidance Note is already in existence, the Guidance Note will stand withdrawn from the date on which the Standard comes into effect. https://www.icai.org/new_post.html?post_id=597
Standards will come in force from the date to be notified by ICAI
(with inputs from Standards of Internal Audit issued by ICAI)