What are the Factors to be considered in Internal Audit Planning
Definition of Auditing:
The word ‘Audit’ is originated from the Latin word ‘audire’ which means ‘to hear’. In the earlier days, whenever there is suspected fraud in a business organization, the owner of the business would appoint a person to check the accounts and hear the explanations given by the person responsible for keeping the account and funds.
According to Montgomery, a well-known author, “auditing is a systematic examination of the books and records of a business or the organization in order to ascertain or verify and to report upon the facts regarding the financial operation and the result thereof.”
Factors to be considered in internal audit planning
- Audit objectives: The detailed audit plan largely depends upon the specific objectives to be achieved by the audit. Normally, an internal audit has the following objectives:
a) Examination of the correctness of the financial and accounting records and reports.
b) Verifying the safekeeping and valuation of the assets of the enterprise.
- Internal audit framework: The framework for the internal audit programme cannot be the same for every organization, and the details are substantially different from company to company.
- Audit procedures: Audit procedures are the specific sets of actions to be performed to ensure the quality of the audit is in line with benchmark auditing standards. It is important to plan, as far as practicable, the precise scheduling and timing of each audit procedure, both to give advance information to the function being audited and to utilize audit staff efficiently and without overlap or wastage of time.
- Staffing: Determining the staff strength required for the audit programme is an important aspect of planning an internal audit. This is to be done both at the overall department strength level and at the level of teams for individual audits.
- Reporting: The internal audit reporting structure is an important aspect of the programme and has to be planned in some detail, with respect to the following questions:
a) What types of internal audit reports are to be issued and to whom should they be issued?
b) What should be the timing and the frequency of the reports?
c) How should the reporting be revamped every year to guarantee value addition?
The importance of internal audit planning
Planning the internal audit programme is the key to an effective and efficient internal audit. Effectiveness means attainment of the internal audit objectives and efficiency means conduct of the audit with the maximum utilization of the internal audit resources. Thus planning results in high returns from the exercise, and the low cost of resources deployed.
An appropriate internal audit plan enables:
- Fine-tuning the specific methods to be adopted for different segments of the audit
• Selecting staff that would ideally suit each segment
• Coordinating the programme with that of the statutory auditors
• Establishing clear and realistic timelines
• Identifying and giving priority in the audit programme for critical areas to be audited
• Using computer resources and statistical sampling techniques appropriately.
List of qualifications for internal auditor
Following are the required qualifications of an internal auditor:
- Education/Training – An internal auditor should have some type of training, whether held internally or through a company that offers this type of training. If you have an experienced auditor on staff, he or she may be able to conduct the training for you.
- Skills – Auditing skills are usually acquired through experience.
- Experience – Once an internal auditor has completed training, it is a good idea for him/her to conduct audits under the guidance of a more experienced auditor for a period of time before doing audits on their own.
- The person must be competent in their own job function (and if they weren’t they would no longer be employed here). the Second qualification, be able to read and understand the audit checklist/instructions which are prepared by people who are knowledgeable about audits.
- The Technical Specification ISO/TS 16949:2009 and related core tools (e.g. APQP, SPC, MSA, FMEA, PPAP).
- The automotive process approach to auditing.
- Core tools and customer specifics can be taught by the company or industry-recognized experts/specialists.
- Must be gone through Internal auditor training Course certification by 3rd Party Certified Lead Auditor for TS16949:2009.
Role of internal auditor
Following are the role of Internal Auditors:
- Evaluating controls and advising managers at all levels: The Internal Auditor’s work includes assessing the tone and risk management culture of the organization as well as evaluating and reporting on the effectiveness and efficiency of the implementation of management policies.
- Evaluating risks: Internal Auditors identify key activities and relevant risk factors and assess their significance. Changing trends and business/economic conditions impact the way the internal auditor assesses risk. The techniques of internal auditing have changed from a reactive and control-based form to a more proactive and risk-based approach. This enables the internal auditor to anticipate possible future concerns and opportunities as well as identifying current issues.
- Analyzing operations and confirming information: Internal Auditors work closely with line managers to review operations then report their findings. The internal auditor must be well versed in the strategic objectives of the organization so that they have a clear understanding of how the operations of any given part of the organization fit into the bigger picture.
- Reviewing compliance: Compliance review ensures that the organization is adhering to rules, regulations, laws, codes of practice, guidelines, and principles as they apply individually and collectively to all parts of their organization.
The different stages in internal audit planning
The internal auditing process is essentially comprised of three main stages, namely:
1) Planning: Internal Audit planning is based on an annual cycle that runs in line with each academic year. Each Internal Audit will cover all key activities of the institution at least once and some areas that are considered to be high risk or high priority are often covered more than once. Each summer the Internal Auditors meet with Strategic Planning to plan the internal audit schedule for the academic year identifying the areas for review. Strategic Planning then notifies Colleges and Services about audits involving them in order to try and schedule a time during the year that is most convenient for the audit to take place.
2) Fieldwork: The auditors’ fieldwork concentrates on determining how well a unit is managing the risks identified at the planning stage and what controls are operating to help them do this. This can take a variety of forms that includes interviews and detailed testing/analysis of documents or transactions. When the fieldwork stage is completed, the auditors usually have a list of significant findings that are used to prepare a draft audit report.
However, prior to this, the auditors will usually have arranged to discuss any key issues with the nominated audit contact before completion of the fieldwork (see above). We encourage this aspect of the audit as the nominated contact can offer insights and work with the auditors to determine the best method of resolving any issues that arise.
3) Reporting: When the fieldwork is finished, the auditors draft a report. A feedback meeting may be held with the unit to discuss the audit findings, conclusions, and recommendations – the unit can give comments on the findings and reach an agreement on any recommendations identified – before the formal draft report is produced.
The formal draft is then sent to Strategic Planning, who coordinates the response to the audit findings prior to the final report being published. Included in the draft is an action plan that identifies the recommendations made in the report and as part of any response, it will be necessary to complete the action plan. This involves explaining how the recommendations will be implemented, by whom, and within what time scale.
Dissimilarities between external audit and internal audit
|Key points||Internal auditor||External auditor|
|Appointment||The internal auditor is appointed by the management of the company.||The external auditor is appointed by the shareholders of the company.|
|Legal Position||Legally internal audit is not compulsory.||The external audit is compulsory by law.|
|Status Of Auditor||The internal auditor is an employee of the company.||An external auditor is an independent person.|
|Qualification||For internal auditors, any specific qualification is not compulsory.||For external auditor specific qualification is compulsory.|
|Submission of Report||The internal auditor has not to submit any report.||External auditor submits report to the shareholders.|
|Fixation of Remuneration||Internal auditor remuneration is fixed by the management of the company.||External auditor remuneration is fixed by the shareholders of the company.|
|Name of Remuneration||The internal auditor receives a salary.||The external auditor receives the audit fee.|
|Nature Of Checking||The internal auditor checks all the transactions.||The external auditor may apply a test check.|
|Right of Attending Meeting||The internal auditor has no right to attend the meetings of the company’s shareholders.||The external auditor has a right to attend the meetings.|
|Kinds of Audit||An internal audit is a kind of continuous audit.||The external audit is conducted after the preparation of final accounts.|
|Guidance||The internal auditor gives suggestions to the management for the betterment of the business.||The external auditor has no need to give suggestions unless he is asked.|