Name: - Shivendra singh

Rollno-1208005653

MF0013 INTERNAL AUDIT AND CONTROL

1-Define and explain the term auditing. Personal qualities of an auditor are important for the successful conduct of audit. Comment A more comprehensive definition of auditing given by the Institute of Chartered Accountants of India is as follows: Auditing is a systematic and independent examination of data, statements, records, operations and performance (financial or otherwise) of an enterprise for a stated purpose. In any auditing situation, the auditor perceives and recognizes the propositions before him for examination, collects evidence, evaluates the same and on this basis, formulates their judgment which is communicated through the audit report. This definition has described Auditing comprehensively and covers the following essential features: 1. Auditing is a systematic examination of data (financial or otherwise) by an independent expert called an auditor. 2. The stated objective of the auditor is to express an opinion on the truth and fairness of the financial statements. 3. Before expressing their opinion, the auditor has to collect necessary evidence on the proposition placed before him and evaluate it on the basis of his professional knowledge and skill. 4. The auditor expresses their opinion through a report called the auditors report primarily addressed to the owners of the business. Qualities of an Auditor Apart from the professional qualification required of an auditor by law, he must have certain personal qualities without which he may not be able to perform his duties satisfactorily. These are: 1. Common sense: According to Spicer and Pegler the auditor should have a full share of that most valuable assetcommon sense. The Satyam case demonstrates this aspect vividly, because application of common sense would have raised the question: why was the company sitting on such a huge pile of cash year after year? 2. Independence: An influenced or biased person cannot form an independent opinion. Thus, a direct or indirect interest in the results of the company under his audit may prevent an auditor from functioning independently. 3. Honesty and Integrity: An auditor is answerable to owners of a business who have no say in its management, and so must have unimpeachable integrity. For example, the auditor of XYZ Company believes that closing stock has not been properly valued but accepts a certificate from the management as to its valuation. This is plain dishonesty. 4. Objectivity: An auditor should not allow subjective judgment to cloud his opinion, which should as far as possible be based on facts. 5. Communication: He should be able to communicate effectively, both orally and in writing. Particularly in the matter of report writing, he should be able to convey his message clearly and unambiguously.

2-Write the key objectives of a good internal audit system. Narrate the points of dissimilarities between external audit and internal audit. The key objectives of a good internal audit system are: 1. Evaluation of accounting controls: Ensuring that the checks and balances in the accounting processes are effective and provide the required accounting controls. 2. Compliance with policies and procedures: Verifying compliance with the policies and procedures laid down for key activities and reporting acts of omission and commission. 3. Protection and optimal utilization of business assets: Ensuring physical availability and usefulness of fixed assets as per companys records, and checking utilization of major assets vis-vis plan. 4. Testing the reliability of Management Information Systems (MIS): Reviewing the management reporting structure and the utility of reports flowing out of the system. Points of dissimilarity 1. Statutory status: External audit is usually mandated by law. But internal audit is not mandatory expect for companies to which Companies (Auditors Report) Order, 2003 applies. 2. Independence: The statutory auditor is independent of the organization which appoints him. But the internal auditor is an employee of the organization reporting to a Divisional or Functional Head (usually Finance) and so his freedom might be limited. Even if an outside firm or person is appointed as an internal auditor, independence may not be assured as he is appointed by the management and has no legal authority. 3. Scope: The scope of an external audit is well-defined by the statute that mandates the audit. A limited amount of interpretative changes may be possible, but mostly it is the beaten track. The scope of internal audit is determined by the management and may be expanded or restricted depending upon the peculiarities of the particular situation being audited. 4. For example, statutory audit must compulsorily comment on physical verification of inventories being done once a year, close to the year-end. But internal audit may choose continuous verification as the appropriate method for the company. 5. Responsibility: The responsibility of external auditor is mainly towards the shareholders who have appointed him, and other external stakeholders of the company. The internal auditor is responsible directly to the internal management and to the board. He is also answerable to the external auditor and must share his audit findings with him. 6. Powers: The external auditor has statutory powers under the Companies Act and related statutes. The internal auditor is given his terms of reference and powers by the management. His powers depend upon the requirements of the management. 3-Give the role of internal auditor in the Companys Management. List down the duties of auditor Under Section 581ZG. The specific contributions that an internal auditor can make include: 1. Review of internal control systems: The internal auditor should review the internal control systems of the organization. He should determine whether the existing control systems are appropriate and commensurate with the objectives, size, etc. of the organization. For example a small company cannot afford a separate credit control department and so it will need strong controls in the sales accounting process to minimize customer payment default. 2. Review of safeguards for assets: The auditor should regularly review the adequacy of insurance covers for fixed assets and complete accounting of all transactions relating to fixed assets, etc.

3. Review of compliance with policies, plans, procedures and regulations: The internal auditor should include a regular checklist of compliances by different functions of laid down procedural requirements. When a non-observance is spotted, he should inquire and ascertain the reason for the deviation, and report the event together with the proposed solution. 4. Review of organization structure: A well-designed organization structure is the basic requirement for the smooth functioning of any organization. Organization structure defines the authorities and responsibilities of executives. The internal auditor should evaluate the organization structure from the following dimensions: a. Simplicity and lack of ambiguity. b. Clear definition of authority and responsibility at each level. c. Balance of power, to ensure there is no undue dominance of any function. d. Balance of responsibility, to ensure proper unity of command and span of control. e. Effective communication of the organization chart to all concerned. 5. Review of deployment of resources: The internal auditor reviews utilization of resources deployed for the business men, machines, money, materials and management to identify deviations both by way of excessive use of resources and resources that are under-utilized. He would be able to do this vis--vis the planned capacities and resources, and should include in his report significant trends and happenings. 6. Review of reliability of information: The Management Reporting and Information System (MRIS) of the company is an important aspect to be reviewed by the internal auditor. The content, format, frequency and timeliness of key management reports should be evaluated by discussions with the functional mangers receiving the reports as well as with the finance manager who is usually the provider of the reports. The objective of this review is to see to what extent the information flow has helped in taking good decisions. 7. Review of achievement of company objectives: While the reviews in the foregoing paragraphs are centered on the management processes, the managers are essentially hired to deliver results and achieve the targets set for them. The internal auditor therefore reviews the final results achieved vis--vis planned results. As they say, the proof of the pudding is in the eating, and if for instance the company has underperformed, audit can make it clear whether the failure to achieve was for internal reasons or external factors beyond managements control. Duties of auditor under Sec. 581ZG Without prejudice to the provisional contained in Section 227, the intern auditor shall report on the following additional matters relating to the producer company, namely: 1. The amount of due along with particulars of bad debts if any. 2. The verification of cash balance and securities. 3. The details of assets and liabilities. 4. All transactions which appear to be contrary to the provisions of this part. 5. The loans given by the producer company to the directors. 6. The donations or subscription given by the producer company. 7. Any other matter as may be considered necessary by the auditor. 4.-The effectiveness of the internal control system can be ensured if the important aspects of the companys operations are kept in mind. Explain the characteristics of an effective internal control system. Write the elements of internal control. Characteristics of an Effective Internal Control System The effectiveness of the internal control system can be ensured if the following aspects of the companys operations are kept in mind and done properly: 1. How the organization structure is planned: For strong internal controls, the organization structure should have the following features:

o Freedom of operation at every level of the hierarchy, subject to overall company guidelines and achievement of companys overall objectives. o Clear demarcation between the performance of the activity and its recording, especially in matters involving money handling and fixed assets. o Clarity of authority and responsibility levels and monetary limits for decisions. o Proper distribution of work to avoid overlap or duplication. 2. Authorization, record and control procedures: The authorization process for decisions and the record-keeping of activities resulting from decisions should have the following features: Clear knowledge of the approval system and recording procedures of every item of expenditure and income, by the concerned departments and functions. Up-to-date recording and accounting of monetary transactions and all activities related to fixed assets. Complete documentation of transactions with proper authentication. Existence of a Procedures Manual that sets out the procedural steps involved in each activity from its conception till it is duly accounted. 3. Sound practices: An effective internal control system must build in safeguards, which are fully practiced. For example the work of one person should get checked automatically by another person in the transaction flow. 4. Quality of personnel: The competence of executives who implement the controls is a basic prerequisite of an effective internal control system. The competence has to extend to all the persons in the chain. This will require proper selection and training of the personnel, backed by effective direction and supervision and quick corrective action in case of lax performance, or violation of prescribed procedures. Elements of Internal Control An entitys internal control system is much more than the entitys recordkeeping procedure.

E L E M

E N T S 1. Control environment: Control environment is the basis of an internal control system. It includes and reflects the factors that influence the control consciousness of its people. SA400: Risk Assessment and Internal Control issued by the ICAI mentions the following aspects of the control environment:

Internal Control System Control Environment Risk Assessment Control Activities Information and Communication Monitoring and Supervision

E L E M E N T S

Factors a. Organization structure b. Board of Directors and their committees c. Managements philosophy and operating style

a. b.

c.

d. Management control system d.

Examples Segregation of incompatible functions helps in fixing A board which is independent of accountability management or an effective audit committee indicates strong internal control environment Management should not adopt policies that encourage company personnel to manipulate data A competent internal audit department and clear-cut hiring, training, promoting and compensating policies for employees show strong control environment

2. Risk assessment: Assessing control risk is the process of evaluating the effectiveness of an entitys accounting and internal control systems in preventing or detecting material mistakes in financial statements. After understanding the accounting and internal control system, the auditor makes a preliminary assessment of control risk for the relevant assertions in the financial statements. An entitys ability to properly record, process, summaries and report financial data may be affected by the following risks: (a) Changes in the operating environment (e.g. increased competition) (b) New personnel (c) New Information Systems (d) Rapid growth (e) New technology 3. Control activities: The following actions can help address the risks listed above: P Performance reviews (review of actual against plan) I Information processing (checks of accuracy, completeness, authorization) P Physical control (physical security) S Segregation of duties 4. Information and communication: The accounting system should record, process, summaries and report transactions and in order to maintain correctness of related assets and liabilities, it must identify and record all transactions at proper values and with least delay. It must communicate the disclosures required by law in respect of the financial report. 5. Monitoring and supervision: Monitoring and supervision involves continuously assessing the quality of internal control performance over time. Management should ensure that internal control system, as planned, functions properly and modifications needed, if any, are done on a timely basis.

5- Describe general EDP controls. Explain the appraisal of accounting system and related internal control. General EDP Control (a) Organizational and operational controls

functions within the EDP department. (b) System development and documentation control are designed to monitor, design, and test and document the system and programmers constituting each application; include: (I) Participation by user groups and accounting and internal auditing staff in system design; (ii) Joint system testing and approval by user department and EDP personnel; and (iii) Documentation creation and maintenance. (c) Hardware controls are built into computer equipment by the manufacturer to detect equipment failure. Some key hardware controls are echo check, parity check, and dual read and read after write. (d) Access controls to prevent unauthorized use of data files, programmers and their support documentation and computer hardware, access must be limited to authorized individuals. some types of control are use of passwords, locked doors, appointment of librarian etc. Appraisal of Accounting Systems and Related Internal Control Though the scope, objectives and approach to auditing do not change in a computerized environment, the extent of audit procedures and nature of audit programmed definitely get affected. Hence an auditor must have a clear understanding of the clients accounting system and related internal control. An appraisal of accounting system and in-depth study of internal control surrounding accounting system will guide him to form an opinion about the extent of audit. The auditor should specially focus on EDP organization structure. He should verify whether the structure is in line with the following guidelines: Clear and adequate separation of duties within the EDP function is vital. EDP should be separate from user departments. EDP personnel should not initiate transactions. EDP function should include at least the following employees: 1. EDP Manager: in overall charge of the data processing activity. 2. Systems Analysts: to design new systems and modify existing systems according to the information needs of the users. 3. Programmers: to write and test programs based on the system design and/or modification. 4. Computer Operators: to process transactions through the system in accordance with the operator instructions for the application being updated. 5. Input Preparation Group: to convert input data to machine-readable form. 6. Librarian: to maintain custody over master files and programs and control access based on proper authority. 6-Explain the internal control systems in insurance companies. Write down about the reporting internal control weaknesses. Internal control system in insurance companies Insurance companies pay special attention to internal control procedures with regard to receipts and payments, acceptance of policy covers, calculation of premiums, granting of loans, buying

and selling of investments, payment of commission to agents, and expenses of management. An effective internal control system of an insurance company should ensure the following: a) Cash and cherubs received are deposited in the account of the insurance company without delay. Normally, the internal control procedures provide that each branch maintains two separate bank accounts one for collection of premiums and the other for disbursement of expenses. b) Cash and cherub payments are made under proper authority and are adequately documented. c) Policy covers are accepted only on the basis of a proper evaluation of the circumstances involved as per set norms, and exceptions are duly authorized. d) Premiums are calculated according to the degree of risk and the conditions specified in the policy. e) Cover notes are issued in respect of all risks assumed and all cover notes are properly accounted for. All cover notes should have preprinted running serial numbers for each class of business and there should be adequate control over the issue of stationery comprising cover notes, policy documents, stamps, etc. Reporting Internal Control Weaknesses The inadequacies and weaknesses in the internal control system are communicated by a letter commonly referred to as management letter. Points of inadequacies and weaknesses are noted first on a study of the control system itself. Then in the course of audit, points of deviation from the prescribed system and non-implementation of procedures are also noted. The management letter is compiled and issued, incorporating these points. The management letter is in three sections: 1. executive summary 2. points to be addressed from the current internal control review, and 3. points from previous reviews that have not been attended to. The format has 4 columns: 1. activity/function 2. point to be addressed 3. response by concerned manager, and 4. action to be taken as agreed The major points that have serious repercussions are normally presented in the Executive summary and help top management to focus on the big issues. It should be appreciated that issuing the management letter does not absolve the auditor from his duty to mention the shortcomings in the auditors report by way of qualification where the defects are material and their impact on the result significant. It should also be clarified by the auditor that the points brought up in the management letter are only weaknesses, etc. found by the auditor and there could be other defects too, which were not discovered. The practice of the issue of management letter relieves the auditor from liability in case serious frauds or losses occur later, which probably would not have taken place had the client taken due note of the auditors points in the management letter.