The Role of Internal Auditor _ Audit Committee - Welcome to ICMAP by abstraks


									                             A ROLE OF INTERNAL AUDITOR & AUDIT
                      Compiled by:
                      Muhammad Faisal Siddiqui
                      Internal Audit Officer
                      Brookes Pharmaceutical Laboratories (Pakistan) Limited
                      Stage: P-I
                      Institute of Cost & Management Accountants of Pakistan

If silence is golden, speech is platinum. It         bears testimony to this fact and for that matter
spreads wisdom, dispels ignorance, ventilates        our own country is a classic example of it.
grievances, stimulates curiosity, lightens the
spirits and lessens the fundamental loneliness       Requirement of             Internal      Auditor
of the soul.                                         according to CCG
                                                     As per CCG ―There shall be an internal audit
       A       ABJECT                                function in every listed company. The head of
       U       ULTERIOR                              internal audit shall have access to the chair of the
       D       DISCREPANCY                           Audit Committee. All listed companies shall
       I       IS                                    ensure that internal audit reports are provided for
       T       THROWN AWAY                           the review of external auditors. The auditors
                                                     shall discuss any major findings in relation to the
With increasing attention to financial reporting -   reports with the Audit Committee, which shall
by legislators, regulators, security analysts,       report matters of significance to the Board of
institutional investors, and others – the roles of   Directors".
boards of directors, audit committees, corporate
management, and external and internal auditors
                                                     Appointment &               Qualification        of
are changing. The relationships between these
entities are being reshaped by legislation and       Internal Audit
regulations. The process of identifying emerging     There is a weakness in CCG that the
principles, practices, and tools for the internal    qualification of Internal Auditor is not
auditor's role in internal controls over financial   mentioned so can any one be Internal Auditor?
reporting is defined by Securities and Exchange      The answer is no. Then who are eligible for this
Commission of Pakistan (SECP) as Code of             post? The eligible ones are the qualified
Corporate Governance (CCG).                          members of ICMAP, IIA, ICAP and other
                                                     accounting bodies’ members.
Code of Corporate Governance (CCG)
Governance is a buzz word today. At times,           Audit Committees
though, it may not precisely be understood. For a    Audit committees and internal auditors have
common understanding, it may be the process          common goals. A good working relationship
which is employed to run government state            with internal auditors can assist the audit
affairs encompassing entire spectrum of              committee in fulfilling its responsibility to the
activities, they may be administrative, legal,       board of directors, shareholders, and other
religious, socio-political, economic or others.      outside parties. This position statement
                                                     summarizes the appropriate relationship between
In the contemporary political thought, it is         audit committees and internal auditing. Audit
governance process which leads to overall            committee responsibilities encompass activities
national development, in particular, economic        which are beyond the scope of this statement,
development. Economic development is                 and in no way intends it to be a comprehensive
unimaginable and cannot even be dreamed off          description of audit committee responsibilities.
without there-being 'good governance' in place.
It is such an essential ingredient that without it   Every public company have an audit committee
even the on-going development process would          organized as a standing committee of the board
get retarded. Contemporary political history         of directors. The establishment of audit
committees in other organizations is encouraged,      Composition of Audit Committee
including not-for-profit and governmental             According to CCG ―The Board of Directors of
bodies.                                               every listed company shall establish an Audit
                                                      Committee, which shall comprise not less than
The primary responsibilities of the audit             three members, including the chairman. Majority
committee should involve assisting the board of       of the members of the Committee shall be from
directors in carrying out its responsibilities as     among the non-executive directors of the listed
they relate to the organization's accounting          company and the chairman of the Audit
policies, internal control, and financial reporting   Committee shall preferably be a non-executive
practices. The audit committee should establish       director. The names of members of the Audit
and maintain lines of communication between           Committee shall be disclosed in each annual
the board and the company's independent               report of the listed company‖.
auditors, internal auditors, and financial
management.                                           Frequency of Meetings
                                                      The Audit Committee of a listed company shall
The audit committee should expect internal            meet at least once every quarter of the financial
auditing to examine and evaluate the adequacy         year. These meetings shall be held prior to the
and effectiveness of the organization's systems       approval of interim results of the listed company
of internal control and the quality of                by its Board of Directors and before and after
performance in carrying out assigned                  completion of external audit. A meeting of the
responsibilities. Internal auditing may be used as    Audit Committee shall also be held, if requested
a source of information to the audit committee        by the external auditors or the head of internal
on major frauds or irregularities as well as          audit.
company compliance with laws and regulations.
                                                      Attendance at Meetings
To ensure that internal auditors carry out their
                                                      As described in CCG ―The CFO, the head of
responsibilities, the audit committee should
                                                      internal audit and a representative of the external
approve and periodically review the internal
                                                      auditors shall attend meetings of the Audit
audit charter, a management-approved document
                                                      Committee at which issues relating to accounts
which states internal audit's purpose, authority,
                                                      and audit are discussed.
and responsibility. The audit committee should
                                                      Provided that at least once a year, the Audit
review annually the internal audit department's
                                                      Committee shall meet the external auditors
objectives and goals, audit schedules, staffing
                                                      without the CFO and the head of internal audit
plans, and financial budgets. The director of
                                                      being present.
internal auditing should inform the audit
                                                      Provided further that at least once a year, the
committee of the results of audits, highlighting
                                                      Audit Committee shall meet the head of internal
significant audit findings and recommendations.
                                                      audit and other members of the internal audit
The audit committee should also determine
                                                      function without the CFO and the external
whether internal audit activities are being carried
                                                      auditors being present‖.
out in accordance with the CCG.

To help assure independence, the director of          Authority
internal    auditing    should    have     direct     The audit committee has authority to conduct or
communication with the audit committee. The           authorize investigations into any matters within
director should attend audit committee meetings       its scope of responsibility. It is empowered to:
and meet privately with the audit committee at
                                                            Appoint, compensate, and oversee the
least annually. Independence is further enhanced
                                                              work of any registered public accounting
when the audit committee concurs in the
                                                              firm employed by the organization.
appointment or removal of the director of
                                                            Resolve any disagreements between
internal auditing.
                                                              management and the auditor regarding
                                                              financial reporting.
                                                            Pre-approve all auditing and non-audit
      Retain independent counsel, accountants,      approach. Where there are gaps, the two
       or others to advise the committee or          approaches should be creatively reconciled.
       assist in the conduct of an investigation.    Perhaps the same audit projects, but with
      Seek any information it requires from         modified tools/techniques, would do the job.
       employees — all of whom are directed to       Perhaps a few lower-risk audits can be replaced.
       cooperate with the committee's requests       Or there may be other options.
       — or external parties.                        -Audits performed in the recent past or planned
      Meet with company officers, external          for the near future can be taken into
       auditors, or outside counsel, as              consideration. Everything does not have to be
       necessary.                                    covered every year, as long as the overall
                                                     assurance is reasonable.
Responsibilities Of IA & AC                          -Some of the categories will be more important
• Consider an Annual Opinion on Internal             than others for a given organization and a given
Control                                              point in time. If the HIA chooses to give an
Internal audit should be the CEO and CFO’s best      opinion on all three Objectives, for example, this
source of assurance about internal control. If       does not mean devoting 1/3 of audit time to
these officers must stand behind an entity-wide      Operations, 1/3 to Finance, and 1/3 to
opinion, it only makes sense that they ask for the   Compliance. It means giving enough coverage to
HIA opinion.                                         each Objective and Component—based on the
HIA who want to form an entity-wide opinion          real-world risks facing the organization—to
might want to consult this study, which goes into    enable the year-end opinion on internal control.
more depth than we can here.                         The audit plan, of course, changes throughout
The first step is to base the annual audit plan on   the year, as risks and audit resources change.
the control model. This should not replace a risk-   • Consider Audits of Specific Financial
based audit plan. The organization’s major risks     Control Processes
should always be the primary driver of internal      The audit department might want to do annual
audit activities. Rather, it should come after the   audits of specific processes that are central to
risk assessment, to ensure that audit coverage       financial reporting and disclosure. What these
will support an opinion on control for the           processes are will vary from organization to
organization as a whole. The basic steps are:        organization. Examples are Inventory, Accounts
1. Use the existing risk assessment process to       Receivable, Accounts Payable, the Closing
identify the organization’s major risks.             Process, Sales, Purchases, and Authorizations.
2. Identify audits and other assurance projects to    Consider the effectiveness of the company's
address the risks.                                       internal     control      system,    including
3. Identify the Objectives and Components that           information technology security and control.
will be covered in these audit projects, and to       Understand the scope of internal and external
what extent each will be covered. Depending on           auditors' review of internal control over
the organization, this might be done informally,         financial reporting, and obtain reports on
or by writing the names of projects, or by coding        significant findings and recommendations,
at a more detailed level.                                together with management's responses.
4. Based on this analysis, estimate the extent of     Review with management and the chief audit
coverage for each cell (e.g., heavy, moderate,           executive the charter, plans, activities,
light, none)                                             staffing, and organizational structure of the
5. Re-think potential assurance projects. Will the       internal audit function.
coverage support an opinion on internal control       Ensure there are no unjustified restrictions or
at the end of the year, with legitimate audit            limitations, and review and concur in the
evidence for each category that falls within the         appointment, replacement, or dismissal of
organization’s chosen scope? If not, how can the         the chief audit executive.
plan be modified to provide the needed                Review the effectiveness of the internal audit
coverage?                                                function.
In performing this analysis, several things should    On a regular basis, meet separately with the
be kept in mind:                                         chief audit executive to discuss any matters
-The approach should not override the risk-based
   that the committee or internal audit believes
   should be discussed privately.                     Corporate Governance
                                                      The responsibility of audit committees in the
As far as Audit Committees are concerned they         area of corporate governance is to provide
generally exercise responsibility in three            assurance that the corporation is in reasonable
important areas:                                      compliance with pertinent laws and regulations,
    Financial reporting.                             is conducting its affairs ethically, and is
    Corporate governance.                            maintaining effective controls against employee
    Corporate control                                conflict of interest and fraud.
                                                      The specific steps involved in carrying out this
Financial Reporting                                   responsibility include:
The responsibility of audit committees in the              Reviewing corporate policies relating to
area of financial reporting is to provide                     compliance with laws and regulations,
assurance that financial disclosures made by                  ethics, conflict of interest, and the
management reasonably portray the company's:                  investigation of misconduct and fraud.
1) financial condition; 2) results of operations;          Reviewing current/pending litigation or
and 3) plans and long-term commitments.                       regulatory proceedings bearing on
The specific steps involved in carrying out this              corporate governance in which the
responsibility include:                                       corporation is a party.
     Recommending           the       independent         Reviewing significant cases of employee
        accountants.                                          conflict of interest, misconduct, or fraud.
     Overseeing the external audit coverage,              Requiring the internal auditor to report in
        including:                                            writing annually the scope of the reviews
             Auditor engagement letters.                     of corporate governance and any
             Estimated fees.                                 significant findings.
             Timing of auditor visits.
             Coordination        with     internal   CORPORATE CONTROL
                auditing.                             The responsibility of audit committees for
             Monitoring of audit results.            corporate control includes an understanding of
                                                      the company's key financial reporting risk area
             Review of auditor performance.
                                                      and system of internal control. The committee
             Review of non audit services.
                                                      should monitor the control process through
             Reviewing accounting policies           internal auditing.
                and policy decisions.
                                                      "The scope of the internal audit should
     Examining the financial statements,             encompass the examination and evaluation of
        including:                                    the adequacy and effectiveness of the
             Interim financial statements.           organization's system of internal control and the
             Annual financial statements,            quality of performance in carrying out assigned
                auditors'      opinion,        and    responsibilities." The internal auditing is
                management letters.                   required to:
             Other reports requiring approval             Review the reliability and integrity of
                by the board of directors prior to            financial and operating information and
                submission to the Securities and              the means used to identify, measure,
                Exchange Commission or other                  classify and report such information.
                government agencies.                       Review the systems established to ensure
With respect to the review of accounting policies             compliance with those policies, plans,
and policy decisions, a useful approach would be              procedures, laws, and regulations which
to require from the chief accounting officer a                could have a significant impact on
concise summary of all significant accounting                 operations and reports.
policies underlying the financial statements. This         Review the means of safeguarding assets
summary should be updated as necessary and                    and, as appropriate, verify the existence
reviewed by both the independent accountants                  of such assets.
and the internal auditor.
      Appraise the economy and efficiency
       with which resources are employed.
      Review operations or programs to
       ascertain whether results are consistent
       with established objectives and goals and
       whether the operations or programs are
       being carried out as planned.

Significant Development in CCG
There are two significant developments in CCG
which made Internal Auditors more Powerful:
    Internal Auditor functionality reports to
       Chairman of Audit Committee - which is
       composed of Board of Directors. Chief
       Executive can not force Internal Auditor
       to pass any thing rather he has to comply
       with Internal Auditor. Now Internal
       Auditor not only has to check Accounts
       but also he has to keep an eagle eye on
       CFO, CEO, Secretary and Board of
       Directors regarding their workings,
       policies and decisions. He also has to
       verify the implementation of the policies.
    The second significant development is
       that now it has become mandatory to
       present the Internal Audit report to the
       External Auditors for review. Then it is
       qualified. If there is any weakness or
       malfunctioning carried on in an
       organization so it will not be concealed
       any more and will be taken in account
       and will be accounted.

The tasks, responsibilities, and goals of audit
committees and internal auditing are closely
intertwined in many ways. Certainly, as the
magnitude of the "corporate accountability"
issue increases, so does the significance of the
internal auditing/audit committee relationship.
The audit committee has a major responsibility
in assuring that the mechanisms for corporate
accountability are in place and functioning.
Clearly, one of these mechanisms is a solid,
well-orchestrated, cooperative relationship with
internal auditing.

To top