THE FIVE ‘I’ APPROACH FOR RISK ADVISORY & INTERNAL AUDIT
1. Innovation – Change is the only constant.
2. Interaction – For good ideas and true innovation, you need human interaction, disagreement,
argument and debate.
3. Impact -The only limit to your impact is your creativity and commitment.
4. Information – Data will talk to you only if you’re willing to listen.
5. Insight – Be led not by sight, but by insight.
Introduction of SIA:
- The Internal Audit Standard Board with other pronouncements, issued Standards on Internal Audit.
- The Standards on Internal Audit (SIAs) establish uniform evaluation criteria, methods, processes, and practices.
- The Standards are pronouncements which form the basis for conducting all internal audit activity.
- These pronouncements are designed to help the internal auditor to discharge his responsibilities.
- As of today, the standards are only recommendatory and none of the standards are notified.
- Standards on Internal Audits is applicable for all internal audits beginning on or after a date to be notified by the Council of the Institute.
- In case of SIAs issued by the ICAI for which a Guidance Note is already in existence, the Guidance Note shall stand withdrawn from the date on which the Standard comes into effect.
Standard on Internal audit Attribute:
- Purpose, Authority and Responsibility
- Independence and objectivity
- Proficiency and Due Professional Care
- Quality Assurance and Improvement Program
Bird’s eye view of the SIAs are classified, and numbered in a series format, as follows:
- 100 Series: Standards on Key Concepts (New)
- 200 Series: Standards on Internal Audit Management (New)
- 300–400 Series: Standards on the Conduct of Audit Assignments (New)
- Standards issued up to July 1, 2013 (Old)
100 Series: Standards on Key Concepts | ||
SIA 110 | Nature of Assurance | – Deals with those assignments performed by internal auditors where an opinion is required, and it clarifies the minimum requirements to be in place before an audit opinion report can be issued.
– Having accepted an assurance assignment, an Internal Auditor may not change that assignment to a non-assurance assignment, or from a reasonable assurance assignment to a limited assurance assignment without reasonable justification. |
SIA 120 | Internal Controls | – Define Internal Controls, how they mitigate risk, and how they are viewed from a legal perspective
– Explain the responsibilities of management and auditors – Specify certain requirements which need to be satisfied to be able to provide assurance on Internal Controls. |
200 Series: Standards on Internal Audit Management | ||
SIA 210 | Managing the Internal Audit Function | – Internal Audit Charter or Engagement Letter outline overall objectives of internal audit
– Ensuring adequate skilled resources and expertise are in place and deployed well, to provide the required level of assurance. – Quality of the work performed forms a sound basis for reporting and is supported by evidence and documentation. – Work is conducted in conformance with the Standards on Internal Audit and other related pronouncements issued by the ICAI. |
SIA 220 | Conducting Overall Internal Audit Planning | – Ensure that the planned internal audits are in line with the objectives of the internal audit function, as per the internal audit charter of the entity
– Align the organisation’s risk assessment with the effectiveness of the risk mitigation implemented through internal controls – Confirm and agree with those charged with governance the broad scope, methodology and depth of coverage of the internal audit work to be undertaken in the defined time-period. |
SIA 230 | Objectives of Internal Audit | – The Objectives of Internal Audit and other terms of engagement of the external service provider are documented in a formal agreement referred to as the Engagement Letter.
– The Engagement Letter is signed by the Engagement Partner along with the appointing authority of the Company. An indicative list of terms of engagement, covered in an Engagement Letter is provided in this SIA |
SIA 240 | Using the Work of an Expert | – Where the findings of the Expert will form part of the assurance report to be issued by the Internal Auditor, the Internal Auditor shall participate in defining the scope, approach, and work to be conducted by the Expert. Otherwise, the Internal Auditor shall not incorporate the finding of the Expert in his Internal Audit report |
300–400 Series: Standards on the Conduct of Audit Assignments | ||
SIA 310 | Planning the Internal Audit Assignment | – Ensure its alignment with the objectives of the Overall Internal Audit (Engagement) Plan and in line with stakeholder expectations.
– Ensure that the scope, coverage, and methodology of the audit procedures will form a sound basis for providing reasonable assurance. – Allocate adequate time and resources to important aspects of the assignment and assign appropriate skills to complex areas and issues. |
SIA 320 | Internal Audit Evidence | – All audit evidence shall be recorded in such a manner that it can be reproduced (if in digital form) and reviewed independently of the Internal Auditor. Details of these quality standards, the manner in which audit evidence shall be gathered, reviewed for sufficiency and appropriateness, validated for authenticity and reliability and stored as part of internal audit documentation, shall be written in the form of an internal audit process (as part of the Internal Audit Manual) |
SIA 330 | Internal Audit Documentation | – The ownership and custody of the internal audit work papers shall remain with the Internal Auditor.
– The internal audit work paper files shall be completed prior to the issuance of the final internal audit report. Any pending administrative matters shall also be completed within sixty days of the release of the final report. |
SIA 350 | Review and Supervision of Audit Assignments | – The periodicity and extent of the review shall be planned and documented at the audit planning stage considering the overall audit objectives, time, and budget constraints, as per the professional judgement of the Chief Internal Auditor or Engagement Partner.
– The documentation shall record the evidence of the supervision and review conducted, including the performance of any audit procedures subsequent to the review. |
SIA 360 | Communication with Management | – It explains the importance of two-way communication, both while managing IA function & while conducting an IA assignment.
– The Internal Auditor shall establish a written communication process and protocol with management including essential exchange of information, cross reference to the internal audit program, where appropriate, and the same is shared and agreed with them. |
SIA 370 | Reporting Results | On completion of work, IA shall issue a clear, well documented Internal audit report which includes following key elements,
– Overview of objective, scope, and approach of the audit assignment – The fact that an internal audit has been conducted in accordance the Standards of Internal Audit, – An executive summary of key observations covering all important aspects, and specific to the scope of the assignment, – A summary of the corrective actions required (or agreed by management) for each observation, – Nature of assurance, if any, which can be derived from the observations |
SIA 390 | Monitoring and Reporting of Prior Audit issues | The specific objectives of this standard are to ensure:
(a) Proper monitoring and closure of open issues from prior audits. (b) Independent validation of corrective actions taken by the auditee. (c) Escalation of any concerns in case of delays in closure of issues (d) Timely reporting of status to those charged with governance. The overall objective of this Standard is to ensure that the auditee mitigate the risks highlighted in the audit observations through timely corrective actions or that a conscious decision is taken to accept the risks, in case recommendations are delayed or not implemented. |
Standards issued up to July 1, 2013 | ||
SIA 5 | Sampling | When designing an audit sample, the internal auditor should consider the specific audit objectives, the population from which the internal auditor wishes to sample, and the sample size. The sample size can be determined by the application of a statistically based formula or through exercise of professional judgment applied objectively to the circumstances of the particular internal audit engagement. When determining the sample size, the internal auditor should consider sampling risk, the tolerable error, and the expected error. |
SIA 6 | Analytical Procedures | When analytical procedures identify significant fluctuations or relationships that are inconsistent with other relevant information or that deviate from predicted amounts, the internal auditor should investigate and obtain adequate explanations and appropriate corroborative evidence.
The internal auditor may recommend appropriate courses of action, depending on the circumstances. |
SIA 7 | Quality Assurance in Internal Audit | The internal quality review should be done by the person entrusted with the responsibility for the quality in internal audit and/ or other experienced member(s) of the internal audit function.
The internal quality reviews should be undertaken on an ongoing basis. |
SIA 11 | Consideration of Fraud in an Internal Audit | The internal auditor should document fraud risk factors identified as being present during the internal auditor’s assessment process and document the internal auditor’s response to any other factors. If during the performance of the internal audit fraud risk factors are identified that cause the internal auditor to believe that additional internal audit procedures are necessary, the internal auditor should document the same. |
SIA 13 | Enterprise Risk Management | The internal auditor should submit his report to the Board or its relevant Committee, delineating the following information:
– Assurance rating (segregated into High, Medium, Low) as a result of the review – Tests conducted – Samples covered; and – Observations and recommendations. |
SIA 14 | Internal Audit in an Information Technology Environment | The internal auditor should review the robustness of the IT environment and consider any weakness or deficiency in the design and operation of any IT control within the entity, by reviewing. If the internal auditor is not able to rely on the effectiveness of the IT environment as a result of the review, he may perform such substantive testing or test of IT controls, as deemed fit in the circumstances. The internal auditor should document the internal audit plan, nature, timing and extent of audit procedures performed and the conclusions drawn from the evidence obtained |
SIA 17 | Consideration of Laws and Regulations in an Internal Audit | The Internal Auditor’s Consideration of Compliance with Laws and Regulations:
– Obtaining an understanding of the legal and regulatory framework – Laws and regulations generally recognised to have a direct effect on the determination of material amounts and disclosures in the financial statements – Procedures to identify instances of non-compliance – other laws and regulations – Non-compliance brought to the internal auditor’s attention through other audit procedures – Written representations |
SIA 18 | Related Parties | Should obtain sufficient appropriate audit evidence about management’s assertion that a related party transaction was conducted on terms equivalent to those prevailing in an arm’s length transaction The internal auditor should consider the impact on the internal audit report if it is not possible to obtain sufficient appropriate audit evidence concerning related parties and transactions, and should suitably disclose it in the internal audit report, based on its materiality. |
Refer ICAI website or directly click on the link attached below for detailed review of the SIAs https://www.icai.org/new_post.html?post_id=597&c_id=145