UNDERSTANDING THE WORK OF AN INTERNAL AUDITOR A Developing Countrys perspective Presented by Daniel Bart - Plange 1

90% or more do not know the difference between the Internal Auditor and the External Auditor. All they know is Auditor 90% or more think that the work of the internal auditor involves only money 90% of people think that the work of Auditors is to check whether somebody has embezzled money Most auditors have the pre conceived idea that colleague staff are thieves or ignorant of what they are doing and that is why they should be checked Presented by Daniel Bart - Plange 2

Most people think that the auditor has powers to dismiss anybody who is found to have embezzled money For one reason or the other most staff in an organization fear auditors Some auditors think they are the most powerful group of staff in an organization and therefore must be feared Using of words like Reporting and checking These are all misconception about audit created from history which has to be corrected Presented by Daniel Bart - Plange 3

Unfortunately current circumstances feed into some of these misconception. They include: Types of jobs that are performed by the Internal Audit in an organisation How some audit staff approach their jobs in various organisations etc Presented by Daniel Bart - Plange 4

The Internal Auditing profession evolved steadily with the progress of management science after World War II. It is conceptually similar in many ways to financial auditing by public accounting firms, quality assurance and banking compliance activities Presented by Daniel Bart - Plange 5

The shift to a war economy further expanded organizations' responsibilities for scheduling, availability of materials and labourers, compliance with government regulations, and an increased emphasis on cost finding. In seeking ways to deal with these new problems, management appointed special staff people to review and report on what was happening and to probe for the why. Presented by Daniel Bart - Plange 6

These people came to be known as Internal Auditors." I n some organizations, internal auditors were used to check on routine financial and operational activities with a heavy emphasis on compliance, security, and detection of fraud. In others, internal auditors were given higher levels of status and were asked to analyze and appraise more substantive financial and operational activities. milestones/ Presented by Daniel Bart - Plange 7

From the background information, Internal Audit activities would differ from organizations. Presented by Daniel Bart - Plange 8

Share Holders Board Of Directors Managing Director / Chief Executive Officer (CEO) Senior Management Middle Level Management Other staff Presented by Daniel Bart - Plange 9

Each of these levels in a business entity structure will need an Independent person to give them a report on the performance of their subordinates. Shareholders employ the services of External Auditors Board of Directors (custodian of policies and Procedures) would need the Internal Auditors to review whether the polices and procedures are being followed Managing Director / CEO would want to have an overall picture of what is happening in various departments, and it is the Internal Auditor who can give this overview. Presented by Daniel Bart - Plange 10

ShareholderDirector CEO and Operations Manager If the entity structure is not the efficient one and the Shareholder is the same as the Director (Husband and wife being directors of the company) and the Directors are the same as the CEO and Operations Manager (Husband is the CEO and the wife is the Operations Manager) Please dont take your Internal Audit principle to such an organisation, you will face a serious challenge. Presented by Daniel Bart - Plange 11

Risk Management & Corporate Governance Presented by Daniel Bart - Plange 12

Presented by Daniel Bart - Plange 13

Enron Corporation was an American energy company based in Texas Before its bankruptcy in late 2001, Enron employed approximately 22,000 staffenergyTexasbankruptcy At the end of 2001, it was revealed that its reported financial condition was sustained substantially by institutionalized, systematic, and creatively planned accounting fraud,accounting fraud Presented by Daniel Bart - Plange 14

Enron had created offshore entities These entities made Enron look more profitable than it actually was Corporate officers perform more and more contorted financial deception to create the illusion of billions in profits while the company was actually losing money Executives began to work on insider information and trade millions of dollars worth of Enron stockinsider information Presented by Daniel Bart - Plange 15

pennies As the scandal unravelled, Enron shares dropped from over US$90.00 to just cents / pennies. Enron had been considered a blue chip stock, so this was an unprecedented and disastrous event in the financial worldblue chip It is believed that if attention had been given to compliance of policies & procedures in the organization these scandals would not have occurred. Presented by Daniel Bart - Plange 16

It is believed that strengthening the Internal Audit would help reduce some of these anomalies, because they have all the time they need to monitor the policies & procedures Hence the passing of the law - SOX, Section 404 requires every Public Company in U.S to report on their compliance or otherwise of their Internal Controls Presented by Daniel Bart - Plange 17

The Sarbanes–Oxley Act of 2002 (Pub.L , 116 Stat. 745, enacted July 30, 2002) Paul Sarbanes Michael G. Oxley It is named after sponsors U.S. Senator Paul Sarbanes (D-MD) and U.S. Representative Michael G. Oxley (R-OH).DMDROH Presented by Daniel Bart - Plange 18

Presented by Daniel Bart - Plange 19

Risk Defined The possibility that an event will occur and adversely affect the achievement of objectives. (COSO ERM) Risk appetite The broad-based amount of risk a company or other entity is willing to accept in pursuit of its mission or vision. (COSO ERM) Presented by Daniel Bart - Plange 20

Assessment EvaluationMonitoring Risk management involves 3 things. Assessment, Evaluation and Monitoring Risk assessment Risk assessment is the process of identifying and analyzing relevant risks to the achievement of the entitys objectives and determining the appropriate response Risk evaluation Means estimating the significance of a risk and assessing the likelihood of the risk occurrence Monitor Making sure expectation agrees with actual Presented by Daniel Bart - Plange 21

Define Define: Corporate governance is a term that refers broadly to the rules, processes, or laws by which businesses are operated, regulated, and controlled The modern definition calls it the framework of rules and practices by which a board of directors ensures accountability, fairness, and transparency in the firm's relationship with its all stakeholders (financiers, customers, management, employees, government, and the community)ensures accountability Presented by Daniel Bart - Plange 22

independentassurance The Institute of Internal Auditors define internal auditing as: "… an independent, objective, assurance and consulting activity The Institute of Internal Auditors designed to add value improve an organization's operations designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve effectiveness of risk management, control, and governance processes." Presented by Daniel Bart - Plange 23

The main aim of internal auditing is to assist the organization to achieve its objectives. If your objective is to go to the moon, Internal Audit has to help to achieve it Presented by Daniel Bart - Plange 24

We help businesses to achieve its objectives by assisting all management in the effective discharge of their responsibilities, We do this by furnishing them with: analyses, appraisals, recommendations and pertinent comments concerning the activities reviewed Presented by Daniel Bart - Plange 25

Give assurance to the Chief Executive and other Department Heads about their section Help improve cost reduction Help Improve communication Help improve continuity of activities Making recommendation for best practices Confirming accounting records for the preparation of Financial statement End result is for the organization achieve its objective Presented by Daniel Bart - Plange 26

Financial Audit Financial Audit – Aims to assess reliability of the accounting system, Information and Financial Reports Compliance Audit Compliance Audit – Aims to assess quality & appropriateness of established systems to ensure compliance with laws, regulations, policies & procedures 27 Presented by Daniel Bart - Plange

Operational Audit Operational Audit – Assess quality and appropriateness of other systems & procedures eg. Organizational structures, Methods and Resources Management Audit Management Audit – Asses the quality of management approach to risk and control in the framework of the Universitys controls 28 Presented by Daniel Bart - Plange

Q & A Presented by Daniel Bart - Plange 29