Preeti Cherian

Senior Manager – Audit & Advisory

CNK & Associates LLP

Apr 25, 2015 1

 Why does one go to
a doctor?
For health
certification
For treatment of
disease
For surgery
For health check up
For vaccination
For a cup of tea…

Apr 25, 2015 2

 Why does one go to a Why does an
doctor? organization seek IA?
 For health  For compliance with
certification law
 For solving known
 For treatment of problems
disease  For drastic action-
 For surgery emergency
 For assurance & early
 For health check up alerts
 For prevention
 For vaccination
 For a cup of tea…
 For a cup of tea…
Apr 25, 2015 3
Apr 25, 2015 4
Back to the Basics: Definition of Internal Audit
“Internal auditing is an independent, objective
assurance and consulting activity that adds
value to and improves an organization’s
operations. It helps an organization accomplish
its objectives by bringing a systematic,
disciplined approach to evaluate and improve
the effectiveness of risk management, control
and governance processes.”

Apr 25, 2015 5

 Compliances –  Risks and controls
external and
internal

 Optimization of  Governance
resources, costs processes and
and processes ethical practices

Apr 25, 2015 6

External Compliances
 Understanding the regulatory framework

 Identifying critical compliances that pose

significant risks
 Ensuring adequacy of processes to confirm
compliances in normal course
 Reporting on compliances

Apr 25, 2015 7

Internal Compliances
 Presupposes documented policies and
procedures (SOPs)
 IA reviews compliances with internal policies
for key processes
 IA identifies design deficiency in documented
policies
 Deviation identification, root cause analysis,
preventive and corrective action

Apr 25, 2015 8

Controls are the heart of IA:
 Understanding of the risk framework must
precede evaluation of controls
 Controls must be established and working,
i.e., designed, implemented and internalized
 Controls must be re-evaluated for efficiency
and cost-effectiveness
 Controls must be understood – both by the IA
and the users

Apr 25, 2015 9

IA must enable the organization to answer:
 Am I making the best use of my resources?
 Am I creating products/services at the optimum
financial cost?
 Am I ensuring that I am not creating a social
cost or an environmental damage through my
processes?
 Am I getting the best effort-to-yield ratio?

Apr 25, 2015 10

 At the pinnacle, IA reviews and reinforces the ethical code
and the governance processes by ensuring that:

 All organizational initiatives are backed by the values and

principles that the organization believes in

 Organization promotes socially and ethically responsible

behavior

 Governance processes are well defined and effective

 Participation in initiatives such as insider trading policy,

whistleblower’s policy, employee enrichment programmes
and CSR initiatives

Apr 25, 2015 11

 Assurance on  Let’s have an IA sign-off to
compliances be sure

 Risk Mitigation  Let IA check whether we are

OK on risk control measures
 Resource  Let’s hear out IA on what
optimization other companies are doing

 Controls  Please tell us if we have

missed out on anything?

 Governance  Are we working for a

Company which can boast
of the best governance
standards?

Apr 25, 2015 12

 Well defined organization structure and authority-
responsibility structure

 Business plan and objectives

 Risk Management Policy and assessment of risks

 Documented, updated internal policies for all key

operational areas

 Comprehensive system documentation indicating

control points

Apr 25, 2015 13

 Organizational awareness of compliances, controls
and risks

 Clearly defined internal audit charter outlining

authority, responsibility and expectations of IA

 Commitment from the top management,

acceptance at the operational level.

Apr 25, 2015 14

Apr 25, 2015 15
 Policies and procedures adopted to ensure:
 Orderly and efficient conduct of its business,

 Adherence to company’s policies,

 Safeguarding of its assets,

 Prevention and detection of frauds and errors,

 Accuracy and completeness of accounting

records, and

 Timely preparation of reliable financial information

Apr 25, 2015 16

Apr 25, 2015 17
 Senior Risk Control Statutory
Independent
Management- and
Assurance
Auditor
Operations & Compliance
(Internal Audit)
Business Units Functions

Regulator

Apr 25, 2015 18

 IA is one on of the 4 pillars on which the
superstructure of Corporate Governance is
built….

Apr 25, 2015 19

 Prevention is not as glamorous as
rescue operations… but perhaps more relevant!

Apr 25, 2015 20

Apr 25, 2015 21
Apr 25, 2015 22
Apr 25, 2015 23
SURESH KALMADI - Sir u made lakhs!

Apr 25, 2015 24

Apr 25, 2015 25
Apr 25, 2015 26
"We are drowning in information but starved for knowledge."
-- John Naisbitt

Apr 25, 2015 27

Apr 25, 2015 28
Apr 25, 2015 29
Apr 25, 2015 30
Apr 25, 2015 31
Apr 25, 2015 32
Apr 25, 2015 33
Apr 25, 2015 34
 Internal auditor is a parent, when correcting

 Internal auditor is a teacher, when educating

 Internal auditor is a friend, when suggesting

 Internal auditor is a lover, when provoking

 Internal auditor is your own identity, when it is a

conscience keeper….

….. And don’t you need all of these to achieve

your goals?
Apr 25, 2015 35
 Missing
Unsatisfactory
Invoice/ Unauthorized
Explanation
Supporting

Non Control
Compliant Weaknesses

Apr 25, 2015 36

Thank you

Apr 25, 2015 37