1 / 32

Internal Audit in New Era & Role of Cost Accountants

Internal Audit in New Era & Role of Cost Accountants. WIRC – Institute of cost accountants of india FRIDAY, 22 ND FEBRUARY, 2019 Nilesh Likhite. Internal Audit definitions. IIA’s International professional practices framework.

kevincole
Download Presentation

Internal Audit in New Era & Role of Cost Accountants

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internal Audit in New Era & Role of Cost Accountants WIRC – Institute of cost accountants of india FRIDAY, 22ND FEBRUARY, 2019 Nilesh Likhite

  2. Internal Audit definitions.. IIA’s International professional practices framework • Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic,disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. – IIA Internal Audit is defined as follows: • Internal audit provides independent assurance on the effectiveness of internal controls and risk management processes to enhance governance and achieve organisational objectives. - ICAI Internal audit framework by ICAI • Internal auditing is a continuous process of appraisal of an organisation's operations and evaluation and monitoring of risk management, reporting, and control practices. It is an independent and objective oriented assurance and consulting activity designed to add value and improve an organization's operations.- Guidance Note by Institute of Cost Accountants

  3. Why the paradigm shift in IA

  4. What has changed.. regulations • Companies Act, 2013 has mandated the internal audit requirements for certain companies falling within the ambit (Section 138) • Audit Committee’s role has been specified and widened through provisions of Companies Act and SEBI Regulations • Directors’ Responsibility Statement requires to mention about adequacy of Internal controls • Statutory auditors are required to report on IFCR Role of Internal auditors have widened, expectations have increased and higher reliance is achieved only through higher responsibilities

  5. IA Governance – more regulated • International Professional Practices Framework (IPPF) guide • Principles, definition, code of ethics & standards (M) • Implementation & Supplemental Guidance (R) • Standards on Internal Audit • Industry specific internal audit guides • Generic internal audit guides • Guidance Note Issued by ICWA , 2009

  6. What has changed.. Scope • Scope of internal audit has widened from mere review of financial records to indepth review of process in each of the functions • The indepth review starts from initiation of transactions till its reporting / reflection in financial statements Like ERP touches all the aspects of an Organisation, Modern Internal Audit covers all the business processes

  7. What has changed.. stakeholders

  8. Independence & Objectivity Objectivity Independence • The ability of the Internal Audit Function to remain isolated from the operations • No interference on scope restrictions and availability of information • Achieved through dual reporting organization structure • Disclosure to Audit Committee • The ability of the Internal Audit to perform in non-compromise mode • Not to subordinate the judgment on audit matters to others • Maintain an unbiased view at all times • Avoid conflict of interest • Disclosure to Audit Committee

  9. What has changed.. Governance • Audit committee charter outlines the purpose, authority and responsibilities of audit committee members • Covers the responsibilities defined under Regulations • Defines its governance • Internal audit charter defines the roles, responsibilities and authority of Internal Audit Department / Function • Chief Internal Auditor FUNCTIONALLY reports to Chairman of Audit Committee and Administratively to MD/CEO. • Lot of emphasis is given to have independence and objectivity

  10. What has changed.. Positioning • Sitting outside the risk management processes of the first two lines of defense, its main roles are to ensure that the first two lines are operating effectively and advise how they could be improved. • Tasked by, and reporting to the board / audit committee, it provides an evaluation, through a risk-based approach, on the effectiveness of governance, risk management, and internal control to the organisation’s governing body and senior management. Assessment of adequacy of both Controlling & monitoring Operational management

  11. What has changed.. Approach & Methodology Paradigm shift from full audit to risk based audit.. Emphasis on audit in depth of key risk areas

  12. Risk based IA - Methodology

  13. Development of RBIA Plan • Analysis of data, trends • Organizational and process changes • Results of past audits • Business risk Analysis • Regulatory and industry changes • Interview the process owners • Key emphasis on out come of preliminary risk identification • Understanding the control environment affecting risks • Risk classification using methodologies such as matrix, ratings, etc • Alignment of IA risk areas with Business • Listing the audit areas as per risk prioritization • IA plan listing the functions / locations as per risk matrix • Validation with Stake holders • Approval from the Audit Committee • Develop timelines

  14. Internal Audit Execution • Desktop review of the data • Perform process walkthroughs • Review of past audit results • Review of important documents • Risk Interviews • Identify process gaps, opportunity of management overrides, personal discretions • Perform “what can go wrong” analysis • Map the existing controls around the risk areas • Identify residual risks • Select the representative samples • Validation of controls on select transactions • Identify gaps • Identify the root cause • Identify the risks • Frame audit recommendations

  15. Data analytics (DA) – Key tool of the auditors • A definition: The process of inspecting, cleansing, transforming and modeling data with the objective of highlighting meaningful information, suggesting conclusions and supporting decision-making. MORE! • Problem Solving process; • Extracts insights; • Historical, real-time or predictive • Data Analytics (DA) can be: • Risk Focused - i.e., controls effectiveness, fraud, waste, policy/regulatory non-compliance or • Performance Focused – i.e., increased sales, decreased costs, improved profitability etc.

  16. DA tools

  17. Challenges limits DA Deployment • Limited Resources (financial & human) to execute on a sustained basis. • Appetite for investment in time and training needed to develop an effective DA process. • Someone needs to create, run and maintain the queries • Proficiency using analytic software • Proficiency in performing analysis

  18. Reporting • Incorporate the inputs from closing meeting • Release the draft report for validation of operational management • Confirmation in writing • More the discussions, better is the outcome • Formal closing meeting with draft observations and responses • Senior level involvement • Final report after confirmation of draft by the management • Due care about presentation, correctness, aesthetics, etc

  19. More on Reporting..

  20. Detailed observation – How to make it meaningful • Observation with reference to “How” (Policies, processes, legal requirements, best practices) • Details on the gaps with respect to “How” • Support with data • Quantify • Identify the root cause of deviation • Identify the impact of the deviation – Risks • Provide recommendations – meaningful, implementable, etc • Obtain management comments Recommendation by IIA

  21. Management response - SMART Specific, No Stories Measurable Achievable Responsible Person Timelines to implement

  22. Make report more effective.. • Rating assigned to each observation – brings emphasis • Rating assigned to the Internal Audit report – Brings overall conclusion of auditor on effectiveness of the Function audited

  23. Higher level Reporting – ExCo/AC • Understand the requirements.. • Careful selection of audit observations • Alignment with auditee • Details in backups … handy for reference • Management actions with most updated status – can be different than report • Prior circulation and opportunity for providing feedback • Alignment of presentation with allotted time • Present message & not read out the slide… practice, practice and practice…

  24. COSO ERM Framework & IA • Senior leadership and Directors for organizations of all sizes, and from across the world are talking about ERM and how to make it work for them. • This new-found interest in abandoning traditional risk management and embracing an enterprise-wide risk management approach has naturally led to several questions regarding who are supposed to be the architects, implementers, managers and overseers of the entire process. • Internal audit’s use of a risk-based approach easily lends itself to an interest in the ERM process, but there is considerable debate as to the role of the internal audit function in ERM

  25. IA role in COSO ERM Framework • Changing stakeholder expectations and a new view of risk management are prompting an important shift in the role of internal audit in many organizations. • What’s more, as regulatory compliance responsibilities have expanded and regulators and various rating agencies, among others, have adopted evaluation criteria including Enterprise Risk Management (ERM), • In this environment, many leaders have recognised the need for internal audit to play a larger role – one that expands on its historic focus on value presentation (a control focus) to value creation (a performance focus). • Internal audit’s existing organisation-wide perspective and mandate – and its access to all areas of the business, personnel and resources uniquely position it to expand its role.

  26. Other key fields for IA profession • Consulting activity in process designs, special reviews, cost reduction studies, etc • Audit of IT General Controls • IT Security audits (with subject knowledge) • Consulting activity in control designing in major implementations • IA teams assigned with responsibilities of whistleblower management and corporate investigations

  27. Cost Accountants & Internal Audit • Companies Act 2013 Section 138 provides that the Companies are required to appoint a person as an internal auditor who needs to be a professional. The said person can be chartered accountant or a cost accountant, or such other professional as may be decided by the Board

  28. CMA as a internal auditor Basically, CMA can do entire Internal Audit • A CMA having thorough knowledge of each and every aspect of Product cost and Service cost can certainly play a vital role in adding value : • Validation of costs – procurement of materials and services • By identifying and reporting non value adding activities • Validation of product pricing strategies and components of cost • Validation of sales mix w.r.t margin analysis • By identifying the areas where tax benefit can BE availed etc.

  29. Future of internal audit • Research on how to perform internal audit in AI, RPO and Blockchain environment • How these technologies can be deployed in IA and its impact -

  30. Key challenges in managing this future.. • The audit universe may undergo a change • Organisations are impacted by emerging risks, technologies, innovation and disruption • Completely new set of business risks • System based controls evaluation • Emphasis on cyber security • Audit skill sets will be more IT based • Accountants with high end IT knowledge • IT specialists to review high end IT systems controls • Deployment of DA tools with RPA capabilities – Shift to continuous auditing

  31. Internal Audit 3.0 – concept presented by Deloitte • As the saying goes, • “There are those who make things happen, • those who watch things happen, and • those who ask, ‘What happened?’”

  32. Disclaimer Views expressed here in this presentation are my personal views and do not represent any organisation

More Related