Internal Audit Process from A-Z: Internal Audit Process from A-Z By : Sherif Shahin By the end of this session we will be able to determine the following :: By the end of this session we will be able to determine the following : What is the definition of Internal Audit Who perform the audit work What are the types of audits conducted How often the Audit conducted Departments In which internal audit interact Conducted Audit Documents & Reports Definition of internal Audit : Definition of internal Audit Internal auditing is an independent , objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management , control , and governance processes . Who perform the audit work: Who perform the audit work Performed by professionals with an in-depth understanding of the business culture, systems, and processes, the internal audit activity provides assurance that internal controls in place are adequate to mitigate the risks, governance processes are effective and efficient, and organizational goals and objectives are met. Types of internal audit work: Types of internal audit work Financial Audits Operational Audits Compliance A udits Internal control review Fraud Audits Information System Audits Financial Audits: Financial Audits A financial audit, or more accurately, an audit of financial statements, is the verification of the financial statements of a legal entity, with a view to express an audit opinion. The audit opinion is intended to provide reasonable assurance that the financial statements are presented fairly, in all material respects, and/or give a true and fair view in accordance with the financial reporting framework. The purpose of an audit is to enhance the degree of confidence of intended users in the financial statements. Operational Audits: Operational Audits A review of how an organization's management and its operating procedures are functioning with respect to their effectiveness and efficiency in meeting stated objectives. Compliance audits : Compliance audits A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines. Independent accounting, security or IT consultants evaluate the strength and thoroughness of compliance preparations. Auditors review security polices, user access controls and risk management procedures over the course of a compliance audit. Internal control review: Internal control review Internal controls reviews , focus on the component of the business unit activity “ Areas” and their physical security and grants and financial reporting process. In other words , internal control review is an audit conducted on the process of driving figures of financial reporting. Fraud Audits: Fraud Audits Fraud audit is conducted where a fraudulent activity is presented or suspected . It is a specialized audit activity assist the management in detecting and confirming the presence of fraud and providing evidences for legal activity. Information System Audits: Information System Audits An audit conducted over the automated environment of processing the information systems. And how the people users use those systems. An audit conducted to evaluate the system inputs, outputs, processing controls and backups ,recovery plans and security systems Frequently Audits Conducted: Frequently Audits Conducted Audit frequency is determined by the risk associated with the audit area. A formal risk assessment is maintained for each audit area The annual plan will include the following : Annual audits Cyclical audits * The cyclical audits should be selected based on “risk” and “time lapse” from the last audit. The interacted departments: The interacted departments Through the definition of internal audit and the types of audits that could be performed. Internal audit department interact with: Board of Directors and Audit Committee The financial and accounting department The financial and accounting department The operation department The legal and HR department Conducted Audit Documents & Reports : Conducted Audit Documents & Reports Audit Acknowledgement Memorandum. Audit requirement Memorandum. Draft Exit Memorandum Exit Conference Report Audit Report Executive Summary Report Follow Up Report PowerPoint Presentation: Audit Acknowledgement :is a memo sent to the concerned managers of the audited unit to inform them about the scope and timetable of the audit and the number of staff that will be conducting the audit Audit requirement : is a memo sent stating the required documents to conduct the audit and the time table to receive these documents and the format of these documents , soft copies or hard copies. Draft Exit Memo :on the last date of the audit field work , a conference meeting conducted included the concerned manager and the audit team to discuss the findings and observations raised up during the audit PowerPoint Presentation: Exit Conference Report : based on the discussion managed on the findings and observations a formal report sent to the audited unit , giving opportunity to concerned managers to formally respond on the findings and observations and how they will redeem these points and the time table needed for that. The auditee may request changes to the wording, in which the Internal Audit will try to accommodate the request as long as the finding and recommendation’s objective is not altered. Exit conference memo sent after the 5 days from the last working day in the field work. The draft report will be stamped “DRAFT” and sent to the audited department head Audit Report : Upon receiving the auditee’s corrective action plan; the Internal Audit staff will incorporate the response into the report.. The audit report issued within 10 days of the field work. The final report will be stamped “CONFIDENTIAL” and sent to the audited department head PowerPoint Presentation: Executive Summary Report : internal audit will prepare a summary for the audit findings and report them to the audit committee Follow Up Report : Internal Audit will perform a follow up review within three months from audit report issuance to determine if department management has implemented the recommendation. The timing of the follow up audit will be partly determined by management’s targeted completion date Finding log : Internal Audit will prepare a finding log file for all the findings and recommendations within six months to highlight the pending findings that were not redeemed.