Why does one go to a doctor? For health certification For treatment of disease For surgery For health check up For vaccination For a cup of tea…
Apr 25, 2015 2
Why does one go to a Why does an doctor? organization seek IA? For health For compliance with certification law For solving known For treatment of problems disease For drastic action- For surgery emergency For assurance & early For health check up alerts For prevention For vaccination For a cup of tea… For a cup of tea… Apr 25, 2015 3 Apr 25, 2015 4 Back to the Basics: Definition of Internal Audit “Internal auditing is an independent, objective assurance and consulting activity that adds value to and improves an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.”
Apr 25, 2015 5
Compliances – Risks and controls external and internal
Optimization of Governance resources, costs processes and and processes ethical practices
Apr 25, 2015 6
External Compliances Understanding the regulatory framework
Identifying critical compliances that pose
significant risks Ensuring adequacy of processes to confirm compliances in normal course Reporting on compliances
Apr 25, 2015 7
Internal Compliances Presupposes documented policies and procedures (SOPs) IA reviews compliances with internal policies for key processes IA identifies design deficiency in documented policies Deviation identification, root cause analysis, preventive and corrective action
Apr 25, 2015 8
Controls are the heart of IA: Understanding of the risk framework must precede evaluation of controls Controls must be established and working, i.e., designed, implemented and internalized Controls must be re-evaluated for efficiency and cost-effectiveness Controls must be understood – both by the IA and the users
Apr 25, 2015 9
IA must enable the organization to answer: Am I making the best use of my resources? Am I creating products/services at the optimum financial cost? Am I ensuring that I am not creating a social cost or an environmental damage through my processes? Am I getting the best effort-to-yield ratio?
Apr 25, 2015 10
At the pinnacle, IA reviews and reinforces the ethical code and the governance processes by ensuring that:
All organizational initiatives are backed by the values and
principles that the organization believes in
Organization promotes socially and ethically responsible
behavior
Governance processes are well defined and effective
Participation in initiatives such as insider trading policy,
whistleblower’s policy, employee enrichment programmes and CSR initiatives
Apr 25, 2015 11
Assurance on Let’s have an IA sign-off to compliances be sure
Risk Mitigation Let IA check whether we are
OK on risk control measures Resource Let’s hear out IA on what optimization other companies are doing
Controls Please tell us if we have
missed out on anything?
Governance Are we working for a
Company which can boast of the best governance standards?
Apr 25, 2015 12
Well defined organization structure and authority- responsibility structure
Business plan and objectives
Risk Management Policy and assessment of risks
Documented, updated internal policies for all key
operational areas
Comprehensive system documentation indicating
control points
Apr 25, 2015 13
Organizational awareness of compliances, controls and risks
Clearly defined internal audit charter outlining
authority, responsibility and expectations of IA
Commitment from the top management,
acceptance at the operational level.
Apr 25, 2015 14
Apr 25, 2015 15 Policies and procedures adopted to ensure: Orderly and efficient conduct of its business,
Adherence to company’s policies,
Safeguarding of its assets,
Prevention and detection of frauds and errors,
Accuracy and completeness of accounting
records, and
Timely preparation of reliable financial information
Apr 25, 2015 16
Apr 25, 2015 17 Senior Risk Control Statutory Independent Management- and Assurance Auditor Operations & Compliance (Internal Audit) Business Units Functions
Regulator
Apr 25, 2015 18
IA is one on of the 4 pillars on which the superstructure of Corporate Governance is built….
Apr 25, 2015 19
Prevention is not as glamorous as rescue operations… but perhaps more relevant!
Apr 25, 2015 20
Apr 25, 2015 21 Apr 25, 2015 22 Apr 25, 2015 23 SURESH KALMADI - Sir u made lakhs!
Apr 25, 2015 24
Apr 25, 2015 25 Apr 25, 2015 26 "We are drowning in information but starved for knowledge." -- John Naisbitt