As per Institute of Internal Audits (USA), Internal Audit is defined as ‘an independent assurance and consulting activity which is being conducted with the objective of helping the organizations to achieve their business objectives and improving effectiveness of their Risk Management, Internal Control Environment and Governance Process’.
As it can be inferred from the above mentioned definition that Internal Audit is not only an objective assurance activity but also a consulting activity through which internal auditor guides the business organizations to achieve their goals.
Institute of Chartered Accountants of India has laid down ten basic principles which govern internal audit activity.
Principle # 1: Independence
An internal auditor is supposed to be independent from the day-today affairs and operations of the organizations. An internal auditor is reportable directly to Audit Committee of the company. Many of times, an internal auditor also reported operationally to Head of Finance however, functional reporting is always to Audit Committee or Board of Directors.
An internal audit should not be indulged in any activity which jeopardize its basic principle of independence. The auditor should make regular reporting to the management and present its audit findings in an independent manner.
Principle # 2: Integrity and Objectivity
Integrity is first and foremost behavior of any auditor, and an internal auditor is also required to follow this basic trait of any auditor. This principle directs an internal auditor to be objective in his reporting to management any audit matters as per the scope of work. The audit findings should not be diluted by the auditor based on his relationship or friendship with the auditee or any other token of gifts. Internal auditor should never accept any gift or present from the auditee which diluted its objective of clear and objective reporting of audit issues.
Principle # 3: Due Professional Care
An internal auditor is required to possess certain basic skills of auditing along with additional technical skills which are required to conduct the audits in the best efficient manner. Technical skills such as IT skills, Accounting skills, Taxation knowledge etc are important for any internal auditor as they are required in some or the other assignment. In addition to technical skills, soft skills are also important for an internal auditor. An internal audit activity requires an auditor to communicate with many stakeholders during the assignment which includes person from junior to senior level staff in the organization. Communication is not only verbal, whereas written as well through audit reports and power-point presentations. The auditor should be well versed with all the requisite soft skills.
Principle # 4: Confidentiality
An internal auditor is required to have access to many important and confidential information and data from the client. Maintaining confidentiality of the information gathered during the professional work is utmost important for any auditor as any breach in the confidentiality clause may lead to leak, loss of critical client’s information. Companies sign Non-Disclosure Agreement (NDA) with the internal auditors before commencing the engagements. NDA governs the auditor and make legally binding to comply with the confidentiality principle. Any leakage of client’s information, intentional or non-intentional may call for any legal action by the client on the auditor.
Principle # 5: Skills & Competence
An internal auditor is required to possess requisite skills and competence for conducting an internal audit. Any person having requisite skills and competence can be appointed as internal auditor by the company, and need not be any professional having any particular degree. Basic skills required to be possessed by an internal auditor are analytics skills, communication skills, IT skills, accounting and taxation knowledge, process understanding etc.
Principle # 6: Risk Based Audit
Internal Auditor should follow Risk Based Audit approach while conducting internal audits. This principle guides internal auditor to focus on risks prevailing in any process and to focus on the corresponding mitigating controls. Process risks should be covered by checking adequacy and effectiveness of the controls implemented by the organization. Internal auditor should check the adequacy of the Risk Management System adopted by the organization and comment on the internal control governance process.
Principle # 7: System and Process Focus
An internal auditor should be well versed with the IT infrastructure and ERP at the client side. Processes followed by the client should be known to the internal auditor. Understanding the processes in detail and to have thorough knowledge of the ERP system gives an additional edge to the internal auditor to check the process risks and corresponding internal controls along with focusing on the necessary system related and automated process required.
Principle # 8: Participation in Decision Making
An internal auditor is required to give practical and feasible recommendations to the clients which shall help the clients in achieving their business objectives. Clients rely on internal auditors for identification of business risks and implementation of requisite internal controls. Thus, an internal auditor should be aware about the industry best practices based on which practical suggestions should be given to the clients for implementation.
Principle # 9: Sensitive to Multiple Stakeholders
An internal audit report is presented to multiple stakeholders such as audit committee, board of directors, senior management, statutory auditors, process owners etc. Internal audit report should be well written in clear, easy and understandable language. Issues noted during the internal audit should be well articulated in the audit report which can be presented to concerned stakeholders. In additional audit reports, there are regular communications by internal auditor with multiple stakeholders, thus, internal audit should ensure that required information should be communicated clearly.
Principle # 10: Quality and Continuous Improvement
An internal auditor is required to upgrade his skills regularly by various means such as attending seminars, regular study, brain storming sessions with the team etc. Amendment and updates in other areas such as taxation, accounting, information technology should be known to the internal auditors as these subject matters also impacts the level of checking during an audit and suggestions to be given to the client.
Comments