CA Sameer Thakur


1. DEFINITION OF INTERNAL AUDIT :- Internal auditing is an independent objective assurance and consulting activity designed to add value and improve organizational operations. It helps an organisation to accomplish its objectives by bringing a systematic approach to evaluate and improve the risk management, control & compliance process. (Institute of internal auditors Florida).

2. INTERNAL AUDITING STANDARDS :-The profession is having following 2 types of standards which internal audit entity and all internal auditors must follow.



a) Attribute standard :-  (From 1000 to 1340) :- These relate to traits of entities and individuals providing internal audit services. The following is the brief of such standards :-

Sr. No Standard Name & Type Contents
1. Attribute Standard no:- 1000 Purpose Authority & Responsibility of Internal Audit activity.
2. Standard no:-  1110 Organizational Independence
3. Standard no:-  1120 Individual objectivity
4. Standard no:  1130 Impairment to independence or objectivity.
5. Standard no:- 1210 Proficiency of  Internal auditors.
6. Standard no:- 1220 Due professional care
7. Standard no :-1230 Continuing Professional Development
8. Standard no:-  1300 Quality Programme Assessments :- CAE should develop and maintain a quality assurance and improvement programme.
9. Standard no:- 1310 Quality programme assessments :- IAA should adopt a process to monitor and assess the overall effectiveness of the Quality programme.
10. Standard no:- 1311 Internal Assessments :- Periodic internal reviews of IAA is an on going process.
11. Standard no:- 1312 External Assessments :- Quality assurance review of IAA activity needs to  be done once in 5 years from an independent outside agency.
11. Standard no:- 1320 Reporting on Quality programme :- CAE should communicate the results of external assessments to the Board.
12. Standard no:- 1330 Use of words ,”Conducted in accordance with the standards” :- IAA needs to use such words while reporting.
13. Standard no:- 1340 Disclosure of non – compliance :- CAE to disclose the non-compliance to senior management and the Board.

b)        PERFORMANCE STANDARDS :- (From 2000 – 2600) – These standards related to Internal audit activities and criteria for evaluation of performance. The following is the brief of such standards :-

Sr. No Standard Name & Type Contents
1. 2000 – Performance Standard Managing the Internal Audit activity
2. 2010 Planning :- CAE to establish risk based plans to determine priorities.
3. 2020 Communication & approval of planning from Board & senior management.
4. 2030 Resource Management :- CAE to ensure suffice of resources available for IAA.
5. 2040 Policies & Procedures :- CAE to establish policies & procedures for IAA.
6. 2050 Co ordination :- IAA to share information with Internal & External sources.
7. 2060 Reporting to Board & Senior Management :- CAE to report periodically to Board & Senior management on IAA ‘s purpose, authority & responsibility.
8. 2100 Nature of work :- To improve risk management control & Governance.
9. 2110 Risk Management :- IAA should evaluate significant exposures to Risk.
10 2120 Control :- IAA should assist in maintaining effective control.
11 2130 Governance Process :-IAA should provide compliance of Governance process.
12. 2200 Engagement planning :- IAA to develop a record plan for carrying out engagement activities.
13. 2201 Planning considerations :- IAA to consider the risks, objectives & resources etc.
14. 2210 Engagement objectives :- The objectives should address risk control & governance process.
15. 2220 Engagement Objectives :-The objectives of IAA is to establish.
16. 2230 Engagement resource allocation
17. 2240 Engagement work programme
18. 2300 Performing the engagement
19. 2310 Identifying the Information to be used in carrying out engagement activity.
20. 2320 Analysis & evaluation of the information.
21. 2330 Recording information
22. 2340 Engagement supervision
23. 2400 Communication results
24. 2410 Criteria for communication.
25. 2420 Quality of communication
26. 2421 Errors and omissions
27. 2430 Engagement disclosure of non compliance with standards.
28. 2440 Disseminating results.
29. 2500 Monitoring Progress
30. 2600 Management acceptance of risks :- The CAE & senior Management should report to Board for matters of residual risks.



The auditor should be straightforward, honest and sincere in his approach to his professional work. He must be fair and must not allow prejudice or bias to override his objectivity. He should maintain an impartial attitude and both be and appear to be free of any interest which might be regarded, whatever its actual effect, as being incompatible with integrity and objectivity.

3.2         CONFIDENTIALITY :-

The auditor should respect the confidentiality of information acquired in the course of his work and should not disclose any such information to a third party without specific authority or unless there is a legal or professional duty to disclose.


The audit should be performed and the report prepared with due professional care by persons who have adequate training, experience and competence in auditing.

The auditor requires specialised skills and competence which are acquired through a combination of general education, technical knowledge obtained through study and formal courses concluded by a qualifying examination recognised for this purpose and practical experience under proper supervision. In addition, the auditor requires a continuing awareness of developments including pronouncements of IIA Florida (Institute of internal auditors Florida) on auditing matters, and relevant regulations and statutory requirements.


When the auditor delegates work to assistants or uses work performed by other auditors and experts, he will continue to be responsible for forming and expressing his opinion on the financial information. However, he will be entitled to rely on work performed by others, provided he exercises adequate skill and care and is not aware of any reason to believe that he should not have so relied.

The auditor should carefully direct, supervise and review work delegated to assistants. The auditor should obtain reasonable assurance that work performed by other auditors or experts is adequate for his purpose.

3.4         AUDIT PROCEDURES :-

The auditor, in forming his opinion on financial information, needs reasonable assurance that transactions are properly authorised and recorded in the accounting records and that transactions have not been omitted. Internal controls, even if fairly simple, may contribute to the reasonable assurance the auditor seeks. The auditor’s objective in studying and evaluating internal controls is to establish the reliance he can place thereon in determining the nature, timing and extent of his substantive auditing procedures.

The auditor obtains an understanding of the accounting system to identify points in the processing of transactions and handling of assets where errors or fraud may occur. It is at these points that the auditor must be satisfied that internal control procedures applied by the enterprise are effective for his purposes.

Compliance procedures are tests designed to obtain reasonable assurance that those internal controls on which audit reliance is to be placed are in effect. These procedures include tests requiring inspection of documents supporting transactions to gain evidence that controls have operated properly (for example, verifying that the document has been authorised) and enquiries about the observation of controls which leave no audit trail (for example, determining who actually performs each function not merely who is supposed to perform it).

Substantive procedures are designed to obtain evidence as to the completeness, accuracy and validity of the data produced by the accounting system. These procedures comprise tests of details of transactions and balances, and analysis of significant ratios and trends including the resulting investigation of unusual fluctuations and items.

While compliance procedures and substantive procedures are distinguishable as to their purpose, the results of either type of procedure may contribute to the purpose of the other. Errors discovered in conducting substantive procedures may cause the auditor to modify his evaluation based on compliance procedures that controls were adequate for his purposes.

The auditor’s compliance procedures normally should be applied to transactions selected from those of the entire period under examination. When, however, a shorter period is initially tested, the auditor needs to consider what is necessary to provide reasonable assurance as to the reliability of the accounting records for the whole period. The auditor’s judgement as to the nature, timing and extent of compliance or substantive procedures to be applied to transactions occurring in the remaining period will be affected by such factors as the following:

  • The results of the procedures already conducted;
  • The responses to enquiries as to whether the internal control system is still operating in the same manner as when studied and evaluated;
  • The length of the remaining period;
  • The nature and amount of the transactions or balances involved;
  • The auditor’s evaluation of the internal control environment, especially supervisory controls; and
  • The substantive procedures which the auditor intends to carry out irrespective of the adequacy of internal controls.



The objective of an audit is to review internal controls, assessment of the risk involved in carrying out the routine business activities and providing reasonable assurance to the top management within a framework of recognised accounting policies and practices and relevant statutory requirements.


The scope of an audit is to check each & every system, to compare any data with other units engaged in similar line, the requirements of relevant legislation, to analyse and interpret the same at macro level.

The auditor assesses the reliability and sufficiency of the information contained in the underlying accounting records and other source data by:

(a)       making a study and evaluation of accounting systems and internal controls on which he wishes to rely and testing those internal controls to determine the nature, extent and timing of other auditing procedures; and

(b)       carrying out such other tests, enquiries and other verification procedures of accounting transactions and account balances as he considers appropriate in the particular circumstances.

The auditor is also to determine whether the relevant information is properly disclosed to the top management by :

comparing the financial statements with the underlying accounting records and other source data to see whether they properly summarise the transactions and events recorded therein; and

considering the judgements that the department  has made in preparing the financial statements; accordingly, the auditor assesses the selection and consistent application of accounting policies, the manner in which the information has been classified, and the adequacy of disclosure.

In forming his opinion in the final report, the auditor follows procedures designed to satisfy himself that the financial statements reflect a true and fair view of the financial position and operating results of the enterprise. The auditor recognises that because of the test nature and other inherent limitations of an audit, together with the inherent limitations of any system of internal control, there is an unavoidable risk that some material misstatement may remain undiscovered.

The auditor is  expected to perform duties also  which fall outside the scope of his competence with the help of other departments. For example, the professional skill required of an auditor does not include that of a technical expert for determining physical condition of certain assets but opinion can be framed after taking the help of Maintenance department of the Corporate office or from some unit.


The auditor should document matters which are important in providing evidence that the audit was carried out in accordance with the basic principles.

The auditor should plan his work to enable him to conduct an effective audit in an efficient and timely manner. Plans should be based on a knowledge of the business which must be acquired before hand.

Plans should be made to cover, among other things:

(a)       Acquiring knowledge of the  accounting system, policies and internal control procedures;

(b)      establishing the expected degree of reliance to be placed on internal control;

(c)        determining and programming the nature, timing, and extent of the audit procedures to be performed; and

(d)       coordinating the work to be performed.

Plans should be further developed and revised as necessary during the course of a audit.


Documentation, here, refers to the working papers prepared or obtained by the auditor and retained by him, in connection with the performance of his audit.   Working papers includes :

aid in the planning and performance of the audit; aid in the supervision and review of the audit work; and provide evidence of the audit work performed to support the auditor’s opinion.

5.2         FORM AND CONTENT :-

Working papers should record the audit plan, the nature, timing and extent of auditing procedures performed, and the conclusions drawn from the evidence obtained.

The form and content of working papers are affected by matters such as:

  • The form of the auditor’s report.
  • The nature and complexity of the business.
  • The nature and condition of the  records and degree of reliance on internal controls.
  • The needs in particular circumstances for direction, supervision and review of work performed by assistants.

 Working papers should be designed and properly organised to meet the circumstances of each audit and the auditor’s needs in respect thereof. The standardisation of working papers (for example checklists, specimen letters, standard of working papers) improves the efficiency with which they are prepared and reviewed. It also facilitates the delegation of work while providing a means to control its quality.

 Working papers should be sufficiently complete and detailed for an auditor to obtain an overall understanding of the audit.

All significant matters, which require the exercise of judgement, together with the auditor’s conclusion thereon, should be included in the working papers.

To improve audit efficiency, the auditor normally obtains and utilises schedules, analyses and other working papers prepared by the auditee. In such circumstances, the auditor should satisfy himself that these working papers have been properly prepared.

A permanent audit file normally includes:

  • Audit reports alongwith all annexures of the earlier period.
  • Documents related to certain statutory requirements which are unique in nature for that particular Unit.
  • Notes regarding significant accounting policies of the unit.
  • Significant audit observations of earlier years.
  • Synopsis reports given to the top management.
  • Replies / action taken by the Unit on such observations.


Working papers are the property of the auditor. The auditor may, at his discretion, make portions of or extracts from his working papers available to the auditee

The auditor should adopt reasonable procedures for custody and confidentiality of his working papers and should retain them for a period of time sufficient to meet the needs of his practice and satisfy any pertinent legal or professional requirements of record retention.


The auditor should obtain sufficient appropriate audit evidence through the performance of compliance and substantive procedures to enable him to draw reasonable conclusions therefrom on which to base his opinion on the financial information & systems.

Compliance procedures are tests designed to obtain reasonable assurance that those internal controls on which audit reliance is to be placed are in effect.

Substantive procedures are designed to obtain evidence as to the completeness, accuracy and validity of the data produced by the accounting system.


Certain types of audit evidence obtained by the auditor are more reliable than others. Ordinarily, the auditor’s observation provides more reliable audit evidence than merely making inquiries, for example, the auditor might obtain audit evidence about the proper segregation of duties by observing the individual who applies a control procedure or by making inquiries of appropriate personnel. However, audit evidence obtained by some tests of control, such as observation, pertains only to the point in time at which the procedure was applied. The auditor may decide, therefore, to supplement these procedures with other tests of control capable of providing audit evidence about other periods of time.

In determining the appropriate audit evidence to support a conclusion about control risk, the auditor may consider the audit evidence obtained in prior audits. In a continuing engagement, the auditor will be aware of the accounting and internal control systems through work carried out previously but will need to update the knowledge gained and consider the need to obtain further audit evidence of any changes in control. Before relying on procedures performed in prior audits, the auditor should obtain audit evidence, which supports this reliance. The auditor would obtain audit evidence as to the nature, timing and extent of any changes in the entity’s accounting and internal control systems since such procedures were performed and assess their impact on the auditor’s intended reliance. The longer the time elapsed since the performance of such procedures the less assurance that may result.

The auditor should consider whether the internal controls were in use throughout the period. If substantially different controls were used at different times during the period, the auditor would consider each separately. A breakdown in internal controls for a specific portion of the period requires separate consideration of the nature, timing and extent of the audit procedures to be applied to the transactions and other events of that period.

The auditor may decide to perform some tests of control during an interim visit in advance of the period end. However, the auditor cannot rely on the results of such tests without considering the need to obtain further audit evidence relating to the remainder of the period. Factors to be considered include :

  • The results of the interim tests.
  • The length of the remaining period.
  • Whether any changes have occurred in the accounting and internal control systems during the remaining period.
  • The nature and amount of the transactions and other events and the balances involved.
  • The control environment, especially supervisory controls.
  • The nature, timing and extent of substantive procedures which the auditor plans to carry out.


Management is responsible for maintaining an adequate accounting system incorporating various internal controls to the extent appropriate to the size and nature of the business. The auditor should reasonably assure himself that the accounting system is adequate and that all the accounting information which should be recorded has in fact been recorded. Internal controls normally contribute to such assurance.

The auditor should gain an understanding of the accounting system and related internal controls and should study and evaluate the operation of those internal controls upon which he wishes to rely in determining the nature, timing and extent of other audit procedures.

Where the auditor concludes that he can rely on certain internal controls, his substantive procedures would normally be less extensive than would otherwise be required and may also differ as to their nature and timing.

6.1 Objectives of Internal Controls Relating to Accounting System


Internal controls relating to the accounting system are concerned with achieving the following objectives:

Transactions are executed in accordance with management’s general or specific authorisation;

All transactions are promptly recorded in the correct amount in the appropriate accounts and in the accounting period in which executed so as to permit preparation of financial information within a framework of recognised accounting policies and practices and relevant statutory requirements, if any, and to maintain accountability for assets; assets are safeguarded from unauthorised access, use or disposition; the recorded assets are compared with the existing assets at reasonable intervals and appropriate action is taken with regard to any differences.


The auditor should gain an understanding of the accounting system and related internal controls and should study and evaluate the operation of those internal controls upon which he wishes to rely in determining the nature, timing and extent of other audit procedures. Where the auditor concludes that he can rely on certain internal controls, his substantive procedures would normally be less extensive than would otherwise be required and may also differ as to their nature and timing.”


The auditor should obtain an understanding of the control environment sufficient assess management’s attitudes, awareness and actions regarding internal controls and their importance in the entity. Such an understanding would also help the auditor to make a preliminary assessment of the adequacy of the accounting and internal control systems as a basis of the preparation of the financial statements, and of the likely nature, timing and extent of audit procedures.

The auditor should obtain an understanding of the control procedures sufficient of develop the audit plan. In obtaining this understanding, the auditor would consider knowledge about the presence or absence of control procedures obtained from the understanding of the control environment and accounting system in determining whether any additional understanding of control procedures is necessary. Because control procedures are integrated with the control environment and the accounting system, as the auditor obtains an understanding of the control environment and the accounting system, some knowledge about control procedures is also likely to be obtained, for example, in obtaining an understanding of the accounting system pertaining to cash, the auditor ordinarily, development of the overall audit plan does not require an understanding of control procedures for every financial statement assertion in each account balance and transaction class.


As a result of his study and evaluation of internal control and other auditing procedures, the auditor may become aware of weaknesses in internal control. For the benefit of the entity, the auditor should make management aware, on a timely basis, of material weaknesses which have come to his attention. Such weaknesses are usually communicated  in writing. It is important to indicate in such communication that it discusses only weaknesses which have come to the attention of the auditor as a result of his audit, and that his examination has not been designed to determine the adequacy of internal control for management purposes.


The auditor should review and assess the conclusions drawn from the audit evidence obtained and from his knowledge of business of the entity as the basis for the expression of his opinion on the financial information. This review and assessment involves forming an overall conclusion as to whether:

(a)       the financial information has been prepared using acceptable accounting policies, which have been consistently applied;

(b)       the financial information complies with relevant regulations and statutory requirements;

(c)        there is adequate disclosure of all material matters relevant to the proper presentation of the financial information, subject to statutory requirements, where applicable.

The audit report should contain a clear written expression of opinion on the financial information and if the form or content of the report is laid down in or prescribed under any agreement or statute or regulation, the audit report should comply with such requirements..

When a qualified opinion, adverse opinion or a disclaimer of opinion is to be given or reservation of opinion on any matter is to be made, the audit report should state the reasons therefor.


The term “fraud” refers to intentional misrepresentations of financial information by one or more individuals. Fraud may involve:

manipulation, falsification or alteration of records or documents. For example, in a period of rising prices, sales contract documents may be ante-dated to record sales at prices lower than the prices at which sales have actually taken place;

misappropriation of assets. For example, cash sales may not be fully accounted for improper utilisation of DEPB lisence.

Suppression or omission of the effects of transactions from records or documents. For example, goods sold may not be recorded as sales but included in inventories caused increased in outstanding at one end but also creating dummy increase in stock which may compensate actual intentionally created shortage in stock.

The term “error” refers to unintentional mistakes in financial information such as:

mathematical or clerical mistakes in the underlying records and accounting data;

oversight or misinterpretation of facts; or

misapplication of accounting policies.

An auditor must be analytical enough to make a clear cut demarcation in a fraud or error. All errors must be reported as errors and any error in nature of fraud needs to be reported immediately (with conclusive evidence) to the head office and senior management.


The auditor, should so plan his audit that he has a reasonable expectation of detecting material misstatements in the financial and other records  resulting from fraud or error. The auditor should use all information which is relevant, reliable &  useful  while conducting an engagement. The degree of assurance of detecting errors would normally be higher than that of detecting fraud, since fraud is usually accompanied by acts specifically designed to conceal its existence.


In planning and performing his examination the auditor should take into consideration the risk of material misstatement of the financial information caused by fraud or error. He should consult with the  management as to any fraud or significant error which has occurred in the reporting period and modify his audit procedures, if necessary. For example, in a fraud involving removal of stocks from the company’s godowns without the same being accounted for, the auditor should enlarge the coverage of his substantive tests regarding dispatches of stocks, review of acknowledgements and correlation of such dispatches with invoices raised. This would be further supplemented by surprise physical verifications and stock reconciliations.

Weaknesses in the design of the internal control system and non-compliance with identified control procedures increase the risk of fraud or error. Other conditions or events which increase the risk of fraud or error include:

  • unusual transactions;
  • problems in obtaining sufficient appropriate audit evidence.
  • Inadequate records, for example, incomplete files, excessive adjustments to books and accounts, transactions not recorded in accordance with normal procedures and out of balance control accounts.
  • Inadequate documentation of transactions, such as lack of proper authorisation, supporting documents not available and alteration to documents (any of these documentation problems assume greater significance when they relate to large or unusual transactions).
  • An excessive number of differences between accounting records and third party confirmations, conflicting audit evidence and unexplainable changes in operating ratios.
  • Evasive or unreasonable responses by auditee to audit inquiries.


If circumstances indicate the possible existence of fraud or error, the auditor should immediately consult with his head office along with a Flash report clearly indicating the nature of fraud, persons responsible and probable amount included in it.

Unless circumstances clearly indicate otherwise, the auditor should not assume that an instance of fraud or error is an isolated occurrence. If the fraud or error should have been prevented or detected by the system of internal control, the auditor should reconsider his prior evaluation of that system and, if necessary, adjust the nature, timing and extent of his substantive procedures.


The test nature of an audit of all  information involves judgement as to the areas to be tested and the number of transactions to be examined. Furthermore, much audit evidence is persuasive rather than conclusive in nature; for example, confirmation of a debt by a customer is not conclusive evidence that the debt is good and recoverable. Therefore, it should be recognised that the auditor’s examination is subject to the inherent limitation that some material misstatements of the financial information resulting from fraud or error, if either exists, may not be detected.

The risk of not detecting material misstatement resulting from fraud is greater than the risk of not detecting a material misstatement resulting from error, because fraud usually involves acts designed to conceal it, such as collusion, forgery, deliberate failure to record transactions, or intentional misrepresentations being made. Unless the auditor’s examination reveals evidence to the contrary, he is entitled to accept representations as truthful and records and documents as genuine. However, the auditor should plan and perform his audit recognising that he may encounter conditions or events during his examination that would lead him to question whether fraud or error exists.


The auditor should communicate his findings to management on a timely basis if fraud or significant error is found to exist.

The auditor should also consider the implications of the circumstances on the true and fair view which the financial statements ought to convey and frame his report appropriately.


Internal audit activity is a centralized activity in an organization. The corporate internal audit department conducts internal audit of all units and branch offices. The planning of internal audit assignments to be carried out during the year is done at the start of the year and got approved from Head of Internal audit. The main objective of the planning of Internal audits is to provide coverage to all locations. Generally audit programme is  planned with an objective of conducing the audit twice in a year. After getting approval of the audit plan the same is also placed in the Audit committees meetings also. The audit committees are briefed about the assignments carried out during a particular period and also informed about the assignments which could not be carried out (planned earlier) due to the circumstances beyond control.

Once Internal audit programme is finalised , then planning of each assignment is taken in further detail. The following points are taken mainly while making detailed planning :-

A) Major observations pointed out in previous internal audit report and action taken by  the auditee on these observations.

B) Checklist of previous audit assignment is also referred to get the insight about the areas to be focused  in next assignment.

C) Any new changes / amendments taken place in commercial laws.

D)   Any special area / investigation as instructed by the top management.

E)   Results of various exception reports as run in ERP at head office before start of internal audit assignment.

9.1 MANPOWER PLANNING IN INTERNAL AUDIT :- The manpower is decided as per the work load. The department calculates the budgeted requirement of mandays at the start of the year while planning the audit assignments. The scope of the audit assignments i.e. checklists are referred for each activity and also the time taken for completion of such activity is calculated. The mandays to be spent in each activity also depends on the sample size to be considered while planning the internal audit. As per available checklists and mandays thus calculated, the department requires ideally a strength of 19 employees. The deployment of this manpower is mainly divided into following 5 categories. % of total available manpower Audit of activities.
1. 45 % of total available manpower Audit of Manufacturing Units
2. 15 % of total available manpower Audit of Branches
3. 17 % of total available manpower Audit of corporate offices & special studies to be undertaken.
4. 12 % of total available manpower To be in office for report preparation , discussion of various observations and for running various ERP reports.
5. 7 % of total available manpower On account of leave / holidays taken by the employees.
6. 4 % of total available manpower On account of training like on the job training , training at VTDC and various in house training sessions.

9.2 DEPARTMENTAL COST TO THE ORGANISATION :- The department prepares its annual expense budget also at the start of the year. The exercise is carried out very minutely and overall budget is divided into following 4 categories. Total annual expense budget of the department is approx. Rs. 32 lacs. Particulars % of total budget
1. Salary & other expenses related to salary. 75 % of the total budget
2. Travelling expenses related to audit assignments 15 % of the total budget
3. Training expense and other study material 4 % of the total budget.
4. Other administrative expenses 6 % of the total budget.

Apart from above capital budget is also got approved at the start of the year. The budget includes various expenses to be incurred on the procurement of capital items.

9.3 UPDATION OF CHECKLISTS:- The department is having well defined scope of operations of different area. The same is named as checklists. The updation of these checklists are carried out on regular basis. Any item which is obsolete / less important  in nature it is deleted and new changes / amendments are added immediately. At present the department is having separate checklists for manufacturing units , branch offices , corporate offices , administrative offices & other special activities like process of physical stock verification , process of debtors review & process of other current assets verification etc. The assignments are carried out keeping in view the same.

9.4 CONDUCTING AN ASSIGNMENT :- The team is decided on the basis of past experience for conducting an assignment . The team is briefed about the various aspects of the location to be got audited. The vital data of the location  is also discussed with the team before hand. The team is provided target dates for finalising the audits of different department with in a location . The teams are asked to follow the general code of discipline during the currency of audit and also to flash any observation serious in nature immediately. Apart from above the teams are also informed to email their findings with the replies of the auditee immediately as finalised in the auditee’s location. After the receipt of mail at Head office , the observations are reviewed about its contents .facts , criteria and main points of objection. The replies of the auditee to these observations is also taken care. The observations are discussed with Corporate heads immediately if need arise. The points with remarks of the section head is sent to the team with in a day from receipt of such observations. As a policy matter pre information is not given for commencement of audit activity. However for far away locations the information is sent for guest house booking and other arrangements.

9.5 STEPS FOR CONDUCTING INTERNAL AUDIT.:- The following steps are undertaken for conducting an internal audit assignment with tentative time taken for the same.

1. Previous audit report review along with replies of unit and making notes of the same :-Half day .

2. Running of various ERP reports.:- 2 days

3. Review of updations in various policies , Laws and their impact on auditee unit.:-Half day

4. Review of Vital data & major systems of the Units.:-Half day

5. Discussion with the section head for coverage to be done in the recent audit.:- Half day

6. Interaction with respective section heads:- 1 day

7. Interaction with respective seat heads.:- 3 days

8. Identification of new developments / policy change taken place in auditee unit.:- 2 days

9. Finalising of audit programme at the auditee camp.:- half day

10. Requisition of various records . review of procedures as per audit programme / checklist.:-55 mandays

11. Establishing observations , providing suggestions for improvement , preparing draft report and  allied records in support to observations.

12. Discussion with respective seat head &  section head and sought their replies to the observations.

13. Discussion of observations with detailed replies of section head / seat head  with VP :-  1 day.

14. Preparation of synopsis report and to discuss the same with Unit head  :- 1 day.

15. Discussion with section head.:-1 day

16. Preparing detailed report from the draft report as amended after discussion with section head.:-4 days

17. Discussion of various observations with respective corporate departments.:-2 days

18. Final report after incorporating the remarks of corporate departments with HOD.:-Half day

19. Finalisation of synopsis report after amendments.:- 1 day

20. Dispatch of reports to Unit head / business head & major points to Corporate heads.

21. Updation of Vital data & Checklists in reference to auditee unit.:- Half day.

22. Perseverance of the various working papers related to assignment.:- Half day.

 9.6 MAINTAINENCE OF WORKING PAPERS :-As per normal practice working papers are developed during the period when an assignment is carried out. It may include checklists filled during the currency of audit , list of main areas covered under engagement , various data collected for analysis purposes and also replies of the auditee to the observations.  All such working papers are  very important records for future references .

As per policy ,  we preserve the same for the period upto 2 audits conducted afterwards i.e. working papers for IAR 1 will be preserved till the finalisation of IAR 3. As soon as IAR 3 will be ready then working papers for IAR 1 will be destroyed.

The audit team after conducting the audit shall file all working papers in the proper file. Full details shall be mentioned on the files i.e. working papers  related to the location , Internal audit report number &  names of the team members who had conducted internal audit etc.

9.7 QUARTERLY PROGRESS REPORT :- A report named quarterly progress report is prepared at the end of each quarter. The report includes major audit observations pertaining to the audit conducted during the quarter and reports finalised  .The report contains major observations with impact and replies of the auditee on the same. The report is discussed with CMD. All instructions as provided by CMD in the discussion is noted down and letters for the same is sent to concerned HOD. In the next meeting the upto date status of the earlier observations is also presented to CMD .

9.8 PRESENTATION TO AUDIT COMMITTEES :- In all the companies where share capital is listed , an audit committee comprising Board of directors is formed as per clause 49 of the  listing agreement . The audit committee functions on behalf of Board of Directors.  The audit committee review Internal audit reports , internal audit programme in each meeting and provides its recommendations on various audit observations. The audit committee’s suggestions are sent to various functional heads for implementation of the same. The department follows up with all functional heads and upto date status is provided to audit committees in the next meeting.

9.9 OTHER ACTIVITIES :- The department also carries out other activities related to HR . The employees of Internal audit activity are continuously provided feedback on the communication skills , new changes taken place in the field of audit etc. In department’s quarterly meetings a topic is assigned to one of the audit employee who gives its presentation on that  issue. The basic concept is to hone the communication and presentation skills of the employees.

Join Taxguru’s Network for Latest updates on Income Tax, GST, Company Law, Corporate Laws and other related subjects.

Join us on Whatsapp

taxguru on whatsapp GROUP LINK

Join us on Whatsapp

taxguru on whatsapp GROUP LINK

Join us on Whatsapp

taxguru on whatsapp GROUP LINK

Join us on Whatsapp

taxguru on whatsapp GROUP LINK

Join us on Whatsapp

taxguru on whatsapp GROUP LINK

Join us on Whatsapp

taxguru on whatsapp GROUP LINK

Join us on Whatsapp

taxguru on whatsapp GROUP LINK

Join us on Whatsapp

taxguru on whatsapp GROUP LINK

Join us on Whatsapp

taxguru on whatsapp GROUP LINK

Join us on Whatsapp

taxguru on whatsapp GROUP LINK

Join us on Telegram

taxguru on telegram GROUP LINK

Download our App


More Under Finance


  1. CA. Subhash Chandra Podder says:

    Undoubtedly a good write up. Every Practice Unit should follow the procedure prescribed .
    CA. Subhash Chandra Podder,FCA

  2. Dinesh Naik says:

    Very good note for new professionals who are coming into this Interanal Audit Field.

    Please keep me updated on this subject.

    Dinesh Naik

Leave a Comment

Your email address will not be published. Required fields are marked *

Search Posts by Date

December 2023