May-2015
May-2015
May-2015
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
AUDITING<br />
Internal audit objectives and scope<br />
Legal Provision<br />
Internal audit has emerged as an important function<br />
that supports corporate governance. Perhaps that is the<br />
reason why the Companies Act 2013 (Act) has mandated<br />
appointment of internal auditor in certain classes<br />
of companies. Section 138 of the Act and Rules<br />
framed there under requires the following classes of<br />
companies to appoint an internal auditor or a firm of<br />
internal auditors:<br />
• Every listed company;<br />
• Every unlisted public company having paid up share<br />
capital of fifty crore rupees or more; or turnover of two<br />
hundred crore rupees or more; or outstanding loans or<br />
borrowings from banks or public financial institutions<br />
exceeding one hundred crore rupees; or outstanding<br />
deposit of twenty five crore rupees; and<br />
• Every private company having turnover of two hundred<br />
crore rupees or more; or outstanding loans or<br />
borrowings from banks or public financial institutions<br />
exceeding one hundred crore rupees<br />
The Act stipulates that the internal auditor shall either<br />
be a chartered accountant or a cost accountant,<br />
or such other professional as the Board may decide. It<br />
further stipulates that the internal auditor may or may<br />
not be an employee of the company. It requires that<br />
the Audit Committee or the Board shall, in consultation<br />
with the internal auditor, formulate the scope,<br />
functioning, periodicity and methodology for conducting<br />
the internal audit.<br />
Nature of Internal Audit<br />
Internal audit, like any other audit, is primarily an assurance<br />
service. It is unique, as it has a component<br />
of consulting, which no other audit has. It is internal<br />
in the sense that it aims to support the management<br />
and the Board achieving the company’s purpose and<br />
strategic objectives. The main differences between the<br />
external financial audit (often referred as ‘statutory audit’<br />
as the law mandates the audit) and internal audit is<br />
that the financial auditor reports to shareholders, while<br />
the internal auditor reports to either the management<br />
or the Board; and while the scope of the external audit<br />
is defined by the statute (Companies Act 2013),<br />
the scope of internal audit is decided by the Audit<br />
Committee, a sub-committee of the Board. Another<br />
difference, which is not as evident as the above two<br />
differences, is that some of the procedures and techniques<br />
that the internal auditor uses are additional and<br />
different from the those that are being used by the<br />
external financial auditor.<br />
Internal Audit Objectives<br />
In a competitive environment all companies cannot be<br />
the leaders. There would be laggards as well. However,<br />
a company that develops appropriate strategy, executes<br />
it well, and re-invents itself on the face of changing environment<br />
survives and achieves its purpose and strategic<br />
objectives 1 , if not fully, to a great extent. Strategic<br />
objectives cascade into operational objectives 2 , compliance<br />
objectives 3 and reporting objectives 4 . Internal<br />
audit helps the management and the Board achieving<br />
the company’s purpose, strategic objectives and other<br />
subordinate objectives. Therefore, the scope of internal<br />
audit is much wider than the external financial audit,<br />
which aims to provide reasonable assurance to shareholders<br />
that the financial statements provides a true<br />
and fair view of the financial position at the balance<br />
sheet date, and profit or loss and cash flows for the<br />
reporting period.<br />
Internal Audit Scope<br />
Internal audit is often said to be ‘control of controls’<br />
because it provides a reasonable assurance that the controls<br />
established by the management are adequate and<br />
operating effectively. Management establishes control<br />
to mitigate risks that are retained by the firm, as a strategy<br />
or because those risks could not be avoided. The<br />
internal auditor evaluates controls in the context of<br />
changing internal and external environment to provide<br />
an assurance that controls are adequate. Assessing<br />
the adequacy of controls also involves evaluating the<br />
enterprise risk management (ERM) process to provide<br />
an assurance that risks have been identified properly,<br />
their impact has been assessed correctly and that risk<br />
responses have been designed based on the risk-appetite<br />
(acceptable risk level) established by the Board<br />
and to support the current strategy of the company.<br />
Ensuring that the controls are operating effectively<br />
is the responsibility of concerned managers. Internal<br />
audit monitors effectiveness of controls from an outsider’s<br />
perspective to provide an objective appraisal of<br />
1 Strategic objectives are high-level goals, aligning with and supporting the<br />
mission of the firm. Mission defines the core purpose of the firm.<br />
2 Operational objectives are specific targets for effective and efficient use of<br />
resources to achieve strategic objectives.<br />
3 Compliance objectives refer to goals for achieving compliance with applicable,<br />
laws, regulations and internal policies.<br />
4 Reporting objectives refer to goals for achieving reliability of internal and external<br />
reporting.<br />
64 the MANAGEMENT ACCOUNTANT MAY <strong>2015</strong><br />
www.icmai.in