AUDIT OF INTERNAL CONTROL

AUDIT OF INTERNALCONTROL

Day V

Sessions I & II

Session Overview

•Periodical audit of existence of internalcontrol in order to examine its effectivenessis necessary.

•Management may provide internal audit butexternal auditor must look at existence ofinternal control

•Existence of internal control reduces therisk of internal auditor.

Learning objective

•After this session participants willunderstand how to see the existence ofinternal control.

•Participants will also understand how toconduct the audit of various components ofinternal control.

Audit of control environment

•By looking and consulting organisationalchart see that organisation has vertical andlateral channels of communication.

•Auditor should examine the documentationregarding delegation of authority and plansof succession.

•Auditor also should see the span of control.

Audit of control environment.

•Auditor should examine the number ofvacancies in organisation’s managementand how many persons are in actingcapacity

•It should also be seen that whether anyarrangements for ensuring continuity ofoperations in case of temporary absence oftop management.

Continued from last slide.

•To examine integrity and ethical valuesdemonstrated by management see that it isfree from any pressure

•Adherence to the conduct rules may be seen

•Previous reports may be examined to seeabove

•Auditor may also see the kind of valuesreflected in the behaviour.

Continued from last slide

•Management’s commitment to competenceas well as its philosophy and operating stylemay examine with the help of managementsapproach towards human resource issues,way of decision making, way of problemsolving and their active application.

•For this purpose auditor may examinehuman resource policies.

Continued..

•Following issues are also to be examined..

•Turnover in organisation

•Succession planning

•Procedsure of decision making

•Use of inputs received from subordinate

•Process of problem solving (Whether it isparticipative or directive or mixture of both)

Audit of Risk Assessment

•See the information supplied by branchoffices of the organisation is reliable.

•Also see whether the coordinating unitsevaluate data supplied

•Examine the procedure for data verification.See whether procedures been adhered to

•Also see whether procedures adopted forremedy if the data tuened to be inaccurate.

Audit of risk continued..

•See the factors which has impact on theprogram.

•Examine the funding and see if the fundshave been cut and what has been the impacton internal control.

•See the risk factor in respect of funding.

•See the controls instituted to ensure theappropriate use of funds.

Audit of information

•See that information available regardingmanagement decision making is relevant, reliableand timely.

•Is it reliable for external reporting purposes.

•Examine the data use for decisions

•Examine whether crosschecks of data was carriedout.

•See the documentary evidence for use of correctdata and to see how it is used.

Audit of communication.

•See that effective and reliable internalcommunication beteeb management andstakeholder is available.

•See that staff is available for carrying outinternal control.

•See whether organisation allow for easyflow of information back or forth.

Continued…

•See what is a process for notifying themanagement of the problems.Examine theprocedure. Examine documents to see ifstated procedure adhered to .

•Examine documentary evidence to see if theproblem reported are considered and actedupon.

Auditing internal controlactivities.

•Examine design and implementation ofpolicies and procedures for managing theprogramme.

•See whether indices have been establishedto monitor performance of organisation.

•See that performance measures werereviewed. See the performance measuresrelated to mission goals and objective.

Continued..

•See that performance data are continuallymonitored and analyzed.

•Examine whether policies to safeguardassets are known to all

•Examine whether the organisation hasidentified and ensured adequate protectionfor its critical issue.

Continued..

•Are assets like cash, assets of vulnerablelosses theft are adequately guarded.

•See that stock verification proceduresadequate and are they adhered to.

•See that police to safeguard programmeresources and funds exists.

•Has the organisation has adequateprotection to funds.,

Continued..

•See whether organisation establishedcriteria foe identifying the grantees for aid,See the criteria.

•See whether risk assessments performedand documented when system are changed.

•See whether data sensitivity and integrityconsidered in risk assessments

Continued..

•See whether wide security programme is exists.

•See whether access to information software codesuitable restricted.

•See whether contingency plan for ensuringcontinuity of service exists.

•See whether transactions are properly andpromptly classified. Supporting records properlymaintained.