Posts
Introduction
1. Paragraph 3.1 of the Preface to the Standards on Internal Audit,
describes the internal audit as follows:“Internal audit is an independent management function, which involves a continuous and critical appraisal of the functioning of an entity with a
view to suggest improvements thereto and add value to and strengthen the overall governance mechanism of the entity, including the entity’s strategic risk management and internal control system.Internal audit, therefore, provides assurance that there is transparency
in reporting, as a part of good governance.”
2. Paragraphs 7 and 8 of the Standard on Internal Audit (SIA) 2, Basic
Principles Governing Internal Audit, state as follows:
The internal auditor should either have or obtain such skills and
competence, acquired through general education, technical
knowledge obtained through study and formal courses, as are
necessary for the purpose of discharging his responsibilities.
8. The internal auditor also has a continuing responsibility to maintain
professional knowledge and skills at a level required to ensure that the
client or the employer receives the advantage of competent professional
service based on the latest developments in the profession, the economy,
the relevant industry and legislation.”
Scope
3. This Standard on Internal Audit shall apply whenever an internal audit is
carried out, whether carried out by an in house internal audit department
or by an external firm of professional accountants. For the purpose of this
Standard, the term “firm” means a sole practitioner/ proprietor, partnership
or any such entity of professional accountants as may be permitted by
law1.
Objective
4. The purpose of this Standard on Internal Audit (SIA) is to establish
standards and provide guidance regarding quality assurance in internal
audit.
5. A system for assuring quality in internal audit should provide
reasonable assurance that the internal auditors comply with
professional Standards, regulatory and legal requirements, so that
the reports issued by them are appropriate in the circumstances.
6. In order to ensure compliance with the professional Standards,
regulatory and legal requirements, and to achieve the desired
objective of the internal audit, a person within the organization
should be entrusted with the responsibility for the quality in the
internal audit, whether done in – house or by an external agency.
7. In the case of the in – house internal audit or a firm carrying out
internal audit, the person entrusted with the responsibility for the
quality in internal audit should ensure that the system of quality
assurance include policies and procedures addressing each of the
following elements:
a) Leadership responsibilities for quality in internal audit - The
person entrusted with the responsibility for the quality in
internal audit should take responsibility for the overall quality in
internal audit.
b) Ethical requirements - The person entrusted with the
responsibility for the quality in internal audit should establish
policies and procedures designed to provide it with reasonable
assurance that the personnel comply with relevant ethical
requirements. If matters come to his attention that indicate that
the members of the internal audit engagement team have not
complied with relevant ethical requirements, he should, in
consultation with the appropriate authority in the entity,
determine the appropriate course of action.
c) Acceptance and continuance of client relationship and specific
engagement, as may be applicable– The person entrusted with
the responsibility for the quality in internal audit should
establish policies and procedures for the acceptances andcontinuance of client relationships and specific engagements,
designed to provide reasonable assurance that it will undertake
or continue relationships and engagements.
d) Human resources - The person entrusted with the responsibility
for the quality in internal audit should establish policies and
procedures regarding assessment of the staff’s capabilities and
competence designed to provide it with reasonable assurance
that there are sufficient personnel with the capabilities,
competence, and commitment to ethical principles necessary to:
Perform engagements in accordance with professional
standards and regulatory and legal requirements; and
Enable the firm or engagement partner to issue reports that
are appropriate in the circumstances.
e) Engagement performance- The person entrusted with the
responsibility for the quality in internal audit should establish
policies and procedures designed to provide it with reasonable
assurance that engagements are performed in accordance with
the applicable professional Standards and regulatory and legal
requirements and that the reports issued by the internal auditors
are appropriate in the circumstances.
f) Monitoring - The person entrusted with the responsibility for the
quality in internal audit should establish policies and
procedures designed to provide reasonable assurance that the
policies and procedures relating to the system of quality
assurance are relevant, adequate, operating effectively and
complied with in practice.
8. In order to improve the functionalities of the organisation,
transparency in reporting and good governance, the person
entrusted with responsibility for the quality in internal audit, while
establishing the quality assurance framework, should consider the
following parameters of the internal audit activity:
Terms of engagement and their adequacy.
Professional standards and compliance therewith.
Internal audit goals and the extent to which they are being
achieved.
Recommendations for improving the quality of internal audit
and the extent to which they are being implemented and their
effectiveness.
Skills and technology used in carrying out internal audit.
9. The person entrusted with the responsibility for the quality in internal audit
needs to ensure that the quality assurance framework is embedded in the
internal audit. This can, for example, be achieved in the following manner:
Developing an internal audit manual clearly defining the specific
role and responsibilities, policies and procedures, documentation
requirements, reporting lines and protocols, targets and training
requirements for the staff, internal audit performance measures
and the indicators.
Ensuring that the internal audit staff at all levels is appropriately
trained and adequately supervised and directed on all
assignments.
Identifying the customers of the internal audit activity.
Establishing a formal process of feedback from the users of the
internal audit services, such as the senior management
executives, etc. Some of the attributes on which the feedback may
be sought include quality, timeliness, value addition, efficiency,
innovation, effective communication, audit team, time
management. The responses received from the users of the
internal audit services should also be shared with the
appropriate levels of management and those charged with
governance.
Establishing appropriate performance criteria for measuring
the performance of the internal audit function. In case the
internal audit activity is performed by an external agency, the
contract of the engagement should contain a clause for
establishment of performance measurement criteria and
periodic performance review. These performancemeasurement criteria should be approved by the management.
Identify and benchmark with industry/ peer group performance.
10. The quality assurance framework established by the person
entrusted with the responsibility for the quality in internal audit
should, therefore, cover all the elements of the internal audit activity.
For example,
Development and implementation of the internal audit policies and
procedures.
Maintenance and monitoring of the budget for the internal audit
activity.
Maintenance and updations of the overall internal audit plan.
Identification of the risk areas and the internal audit plan to
address these risks.
Acquisition and deployment of audit tools and use of technology to
enhance the efficiency and effectiveness of the internal audit
activity.
Co-ordination with the external auditors.
Staffing related aspects of internal audit – recruitment, training,
etc.
Planning and implementation of the training and professional
development of the internal audit staff.
Implementation of the performance metrics for the internal audit
activity and periodic monitoring of the same.
Review of the follow up actions taken on the findings of the internal
audit activity.
Internal Quality Reviews
11. The internal quality review framework should be designed with a
view to provide reasonable assurance to that the internal audit is
able to efficiently and effectively achieve its objectives of adding
value and strengthening the overall governance mechanism of theentity, including the entity’s strategic risk management and internal
control system.
Internal Quality Reviewer
12. The internal quality review should be done by the person entrusted
with the responsibility for the quality in internal audit and/ or other
experienced member(s) of the internal audit function.
13. The internal quality reviews should be undertaken on an ongoing
basis. The person entrusted with the responsibility for the quality in
internal audit should ensure that recommendations resulting from
the quality reviews for the improvements in the internal audit activity
are promptly implemented.
Communicating the Results of the Internal Quality Review
14. The person entrusted with the responsibility for the quality in
internal audit should also ensure that the results of the internal
quality reviews are also communicated to the appropriate levels of
management and those charged with governance on a timely basis
along with the proposed plan of action to address issues and
concerns raised in the review report.
External Quality Review
15. External quality review is a critical factor in ensuring and enhancing the
quality of internal audit. The frequency of the external quality review
should be based on a consideration of the factors such as the
maturity level of the internal audit activity in the entity, results of the
earlier internal audit quality reviews, feedbacks as to the usefulness
of the internal audit activity from the customers of the internal audit,
costs vis a vis perceived benefits of the frequent external reviews.
The frequency should not in any case be less than once in three
years.
External Quality Reviewer
16. The external quality review should be done by a professionally
qualified person having an in depth knowledge and experience of,
inter alia, the professional Standards applicable to the internalauditors, the processes and procedures involved in the internal
audit generally and those peculiar to the industry in which the entity
is operating, etc. The external quality reviewer should be appointed
in consultation with the person entrusted with the responsibility for
the quality in internal audit, senior management and those charged
with governance.
Communicating Results of the External Quality Review
17. The external quality reviewer should discuss his findings with the
person entrusted with the responsibility for the quality in internal
audit. His final report should contain his opinion on all the
parameters of the internal audit activity, as discussed in paragraph
10, and should be submitted to the person entrusted with the
responsibility for the quality in internal audit and copies thereof be
also sent to those charged with governance. The person entrusted
with the responsibility for the quality in internal audit should, also
submit to those charged with governance, a plan of action to
address the issues and concerns raised by the external quality
reviewers in his report.
Effective Date
18. This SIA is effective for all quality assessments/ reviews of internal audit
undertaken on or after ……………………………. Earlier application of the
SIA is encouraged.
No comments:
Post a Comment