Latest Blogs from SBS and Company LLP

    SIA 220 - Conducting an Overall Internal Audit Planning

    Introduction 

    • As discussed in my previous article, currently there are 18 Standards on Internal Audit (SIA’s) issued by Institute of Chartered Accountants of India (ICAI). One among these standards is SIA 220 “Conducting overall Internal Audit Planning”. It is rightly said that “By failing to prepare, you are preparing to fail”, hence planning plays an important role in accomplishing the audit. 
    • SIA 220 is not yet notified by Institute of Chartered Accountants of India (ICAI), hence it is voluntary in nature. 
    • Before going into SIA 220 let’s learn the definition of Internal Audit which forms the crux of the standard. The definition is defined by ICAI in framework governing internal Audit. 
    • “Internal Audit” provides independent assurance on the effectiveness of internal controls and risk management processes to enhance governance and achieve organizational objectives. 
    • Institute of Internal Auditors (IIA) also defined Internal Audit”. According to IIA Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. 
    • To conduct an Internal Audit, a plan is to be formulated. Internal audit planning is conducted at two levels:
      • An overall internal audit plan for the entire entity is prepared for a given period (usually a year) and presented to the highest governing body responsible for internal audits, normally, the Board of Directors, or the Audit Committee.
      • Several specific internal audit plans are prepared for individual assignments to be undertaken covering some part of the entity and presented to the Chief Internal Auditor. Planning of the same is covered under SIA 310.
    • In the case of Companies under Companies Act, 2013, which are subject to internal Audit as per section 138. it is a legal requirement for the Audit Committee or its Board of Directors to formulate the overall internal audit plan of the company. 

    SCOPE

    This SIA deals with the Internal Auditor’s responsibility to prepare the Overall Internal Audit Plan, also referred to as the Annual Internal Audit (Engagement) Plan. 

    Objectives

    • Ensure that the planned internal audits are in line with the objectives of the organization.
    • Confirm and agree with Those Charged with Governance (TCWG) the broad scope, methodology and depth of coverage of the internal audit work to be undertaken in the defined time-period.
    • Ensure that overall resources are adequate, skilled and deployed with focus in areas of importance, complexity and sensitivity.

    Always ensure that the audits undertaken conform with the applicable pronouncements of the Institute of Chartered Accountants of India (ICAI). 

    Planning Process

    The Internal Auditor conducting the overall internal audit planning shall use professional judgement for the process to be followed in completing all essential planning activities.

    The following aspects are to be addressed at the time of conducting the overall internal audit planning.

    Knowledge of the Business:

    • The internal auditor should obtain a level of knowledge of the entity that is sufficient to enable him to identify events, transactions, policies and practices that may have a significant effect on the financial information. Following are some of the sources where from the internal auditor can obtain such knowledge:
    • Previous experience, if any, with the entity or the industry;
    • Legislation and regulations that significantly affect the entity;
    • Discussion with client’s management and staff;
    • Visits to entity’s plant facilities etc., to obtain preliminary information regarding the production processes of the entity;
    • Visits to the entity’s department where the accounting and other documents are generated, maintained, and the administrative procedures are followed.

    Establishing the Audit Universe:

    • The next step in audit planning is establishment of the audit universe or the audit territory;
    • Audit Universe comprises the Activities, Operations, Units etc., to be subjected to audit during the planning period;
    • The Audit Universe should be reviewed periodically and make amendments, wherever necessary;
    • In few cases the Audit Universe entirely changes depending on the scope given by the client.

    Establishing the Scope of the Engagement 

    • The next stage in planning an internal audit is establishing the scope of the engagement.
    • The internal audit objectives and the nature of assurance to be provided will also help to establish the scope of internal audit.
    • In case of outsourced engagements, the management may define or mandate the scope and may even restrict the coverage of certain areas or transactions.
    • When finalizing the scope, it is important to clearly highlight any scope limitations in the internal audit plan as part of the communication to approving body, such as, the Audit Committee.

    Risk Assessment

    • The internal auditor shall undertake an independent risk assessment of all the Auditable Units identified in the Audit Universe and align this with the risk assessment conducted by the management and the statutory auditor.

    Technology Deployment

    A key element of the overall internal audit planning exercise, involves understanding the extent to which:

    • The entity has deployed information technology (IT) in its business, operations and transaction processing, and
    • The auditor needs to deploy IT tools, data mining and analytic procedures, and the expertise required for conducting the audit activities and testing procedures. This helps to design and plan the audit more efficiently and effectively.

    Deciding the Resource Allocation

    • Once the scope of the internal audit procedures is established, the next phase is that of deciding upon the resource allocation. 
    • For this purpose, the internal auditor should prepare an audit work schedule, detailing aspects such as:
      • activities/ procedures to be performed;
      • Engagement team responsible for performing these activities/ procedures; and
      • Time allocated to each of these activities/ procedures.

    Documentation

    • To confirm compliance of audit procedures with the SIA, all key steps undertaken in the planning process shall be adequately documented to confirm their proper completion. 

    Conclusion 

    • Adequate planning ensures that appropriate attention is devoted to significant areas of audit, potential problems are identified, and that the skills and time of the staff are effectively utilized. 

    The internal audit plan should be comprehensive enough to ensure that it helps in achieving the overall objectives of an Internal Audit.

    Subscribe SBS AND COMPANY LLP updates via Email!