S G A

Internal Audit - A Comprehensive Risk Management toolUnderstanding Document

2

Impacts

Increasing Capital investments

Global Funding

Strategic initiatives have significant impact on operational and tactical decisions

Effective Project

Management

People

Process

Technology

STRATEGY

Internal Audit function therefore needs to clearly understand the strategic plans of Management and plan assignments around three

broad dimensions - People, Process and Technology

3

Critical areas that need to be focused during such internal audits can be categorized under these three spheres

People Process Technology

• Organization roles and relationship

• Change in job descriptions

• New KPIs and performance measurement systems

• Technology savviness

• Training on new software

• Roles in ERP

• Internal controls in a fully automated environment

• Standard operating procedures

• Customer accounts reconciliation status

• Inter-office transactions

• Employee related transactions like PF, ESI

• IT Strategy vs. Business growth

• Data conversion

• Mapping business processes to IT

• Marrying standard operating procedures to Oracle functionalities

• IT Organization

• IT Controls – authorization

4

Critical areas that need to be focused during such internal audits can be categorized under these three spheres

Process

• Treasury related processes

• Bank reconciliation

• Deposit of customer collection

• Inventory control

• Processes relating to advances – control account vs. subsidiary ledgers

• MIS - Reporting mechanisms, data integrity etc

Process Process

• Control, valuation and effective project management relating to Capital Work in Progress

• Verification of capital work in progress

• Assistance in Royalty and Technical Know-How Payments

• GOs – verification, follow up and analysis of consequential effect on operational transactions

• Taxation related processes such as

• TDS

• Annual taxation

• Income exemption

• Costing systems

5

Internal audit, thus can be positioned as a risk management tool to support top and middle management in their pursuits

Traditional audit focused on

Correctness of recording

information

Completeness

Accounting related controls

Proprietary aspects relating to

delegation of authority

Pre-computerization, business

transactions left behind a trail. This

enabled business managers to track

origination, changes and implication

easily

• Internal audit assumes a “business consulting/ advisory function”

• Stretches into the realm of management audit

• Critical Risk Management Tool • As lower management jobs have been redundant and more “rules-driven”, the portion of management audit has increased

Traditional Audit Management Audit

6

New dimensions add to the complexity of audit and skills required in executing such assignments

Review of Information Technology areas

Human Resources optimization (Time Motion Studies etc)

Cost and Resource Optimization

Review of Project Management systems

Review and redesign of Management Info Systems

Tax management and consulting

Supply chain management

Social responsibility audit

Illustrative audit scope

Review of Corporate Governance Machinery

In order to ensure optimal delivery, the function needs to be resourced with multi-dimensional personnel having exposure in areas such as accounting, business advisory, technology, energy-saving, cost reduction etc

7

Best practices in Internal audit need to be implemented to harness maximum from such assignments

• Sync with the long term business strategy and objectives

• Project management structure and approach– Project Sponsor (Members from Top Management)

– Project Review layer (Partners of the Audit & Consulting firm and Top/Middle Management)

– Project execution layer (Consultants + Employees from Metro Water)

– Quality control layer (Audit & Consulting firm partner)

• Determine scope along with Client team considering – Strategic intent and plans

– Client needs and priorities

– Findings of internal control diagnostics

• Diagnostic phase carrying out internal control review and As-Is mapping

• Continuous communication strategy

• Project Team – a mix of client and consultant members

• Cost benefit analysis

• Agreeing on KPI of exercise and regular monitoring of performance

• Use of special resources – Management Graduates

– Engineers

– Information Systems specialists

8

This template throws light on the broad scope of an ideal Internal Audit assignment

• Internal control review for the following processes

– Purchase to pay cycle

– Order to receive cycle

• Review of IT Systems/ Processes

– Role conflicts in IT

– MIS Functionality used vs. EXCEL reports

– Review of IT Organization/ roles

• Customer satisfaction processes

• Purchase Transaction audit