sitemapHome | Registration | Job Portal for CA's | Expert Exchange | Currency Converter | Post Matrimonial Ads | Post Property Ads
News shortcuts: From the Courts | News Headlines | VAT (Value Added Tax) | Placements & Empanelment | Various Acts & Rules | Latest Circulars | New Forms | Forex | Auditing | Direct Tax | Customs and Excise | ICAI | Corporate Law | Markets | Students | General | Mergers and Acquisitions | Continuing Prof. Edu. | Budget Extravaganza | Transfer Pricing | GST - Goods and Services Tax
Latest Expert Exchange
« ICAI »
 High Power Group on Infrastructure Leasing & Financial Services Limited (IL&FS) Matter
 Exposure Draft of Accounting Standard (AS) 40, Investment Property (Comments to be received by November 10, 2018)
 Commencement of the Next Batch of the Certificate Course on Wealth Management and Financial Planning to be commenced on 8th December, 2018 at Pimpri Chinchwad : An initiative of CCBMP, ICAI
 Exposure Draft - ICAI Code of Ethics, 2018
 Launch of Batch of Educational Course by ICAI Registered Valuers Organisation (ICAI RVO) at Centre of Excellence (COE), Hyderabad from 10th November, to 2nd December, 2018.
 Internal Auditor can’t undertake Goods and Service Tax (GST) Audit of same Entity due to Role Conflict: ICAI
 Exposure Draft of Accounting Standard (AS) 38, Intangible Assets (Comments to be received by November 2, 2018)
 CPE Events 1st October - 6th October 2018
 ICAI-President's Message - October 2018
 Announcement - Internal Auditor not to undertake GST Audit simultaneously
  A unique and exclusive Job Portal for Chartered Accountants has launched where no. of companies and vacancies increasing every day. Members can find a best job on this portal that matches their interest.

Exposure Draft of Framework Governing Internal Audits (Comments to be received by January 17, 2018)
December, 29th 2017
                                  EXPOSURE DRAFT


                   (Last date for comments ­ January 17, 2018)
The Internal Audit Standards Board of The Institute of Chartered Accountants of
India (ICAI) invites comments on the proposed Framework Governing Internal

Comments are most helpful if they indicate a clear rationale and, where applicable,
provide a suggestion for alternative wording. Comments can be e-mailed at; Last date for sending comments is January 17, 2018.

  The Framework for the Standards on Internal Audit was originally issued in August 2007 and was
recommendatory in nature. It is now being revised and would be mandatory from its effective date.

Introduction and Scope ....................................................................... 1

Objective .............................................................................................. 2

Definition of Internal Audit ......................... ............................. 3

The Framework ..................................................................................... 4

Components of the Framework ......................................................... 5

Effective Date ........................................................................................ 6


1.1        Internal audits are conducted within a defined framework that lays down the
           boundaries and identifies, in a broad manner, how the internal audit activity is
           performed. This framework provides the required clarity on key components
           of the audit activity and helps aggregate all aspects of the internal audit
           process in a cohesive manner thereby ensuring standardisation of key
           requirements governing internal audit assignments.

1.2        Scope: All activities of an internal audit life cycle are included, such as,
           scoping and planning, gathering & review of evidence, fieldwork testing,
           physical observations, documentation, using the work of other experts,
           evaluating controls and systems, communication and reporting of results.

2.0        OBJECTIVE

2.1        The main objective of a framework is:
           (i) To provide clarity on key components which govern the overall internal
                 audit process and how it's conducted;
           (ii) To ensure that all internal audits are performed by deploying certain
                 basic principles, designed to ensure high quality of outcome;
           (iii) To provide a high degree of comfort to the auditee on the reliability of
                 the assurance provided or advice given; and
           (iv) To provide high credibility to the internal audit reports and other
                 communications issued by the internal auditor.

2.2        The overall objective of the Framework is to promote professionalism in the
           conduct of an internal audit assignment by the internal auditor and to ensure
           basic minimum standards of quality worthy of the qualification of the internal
           auditor and to promote the credibility of the internal audit report issued.


3.1        An Internal Audit is defined as follows:

           "Internal audit provides independent assurance on effectiveness of internal controls,
           risk management processes and contributes to enhancing governance for achieving
           organizational objectives."

3.2        A brief explanation of the key terms used above is as follows:
           (i) Independence: Internal audit should be an independent function,
                achieved through the position, organization structure and reporting of
                the internal auditor.

    This definition is currently in Exposure Draft stage and may get modified prior to finalisation.
      (ii)  Internal controls and risk management are an integral part of
            management function and business operations. An internal auditor is
            expected to evaluate the design and operating effectiveness of internal
            controls and risk management processes (including reporting processes)
            as designed and implemented by the management.
      (iii) Governance is a set of relationships between the company and its various
            stakeholders and provides the structure through which the company's
            objectives are set, and the constant performance monitoring required to
            help attain them.
      (iv) Organizational objectives incorporate the interests of all stakeholders and
            include compliance with internal policies and procedures and laws and
      (v) Advisory role: At certain times, in addition to providing assurance, the
            internal auditor may adopt an advisory role to help an organization
            achieve its objectives, provided this does not compromise the
            independence of the internal auditor.

3.3   This definition forms the basis of all the Standards on Internal Audit (SIA)
      issued by the IASB. Hence, all internal audit activities are conducted applying
      the above definition as a basis.


4.1   The Framework governing Internal Audits comprises four key components,
      all directed at establishing the credibility of the Internal Auditor and the
      manner in which the Internal Audit Process is executed. All the components
      are inherent in the whole internal audit process and implicitly form part of the
      SIAs, even though they may not be mentioned explicitly in the SIAs.

4.2   The key components of the framework are as follows:
      (i) Code of Ethics;
      (ii) Basic Principles governing an Internal Audit:
            Integrity & Objectivity;
            Due professional care;
            Skills and Competence;
            Risk based approach;
            Systems & process focus;
            Participation in decision making;
            Concern for multiple stakeholders; and
            Quality and continuous improvement.

      (iii) Internal Audit Charter; and
      (iv) Compliance with IASB Pronouncements.
Each of these components is fully explained in the next Section.


5.1   The Code of Ethics

      Every internal auditor is bound by a written code of ethics, issued by an
      organisation and/or the institute of his qualification. This commits the internal
      auditor to ethical standards applied with utmost integrity and sincerity.

      A member of the Institute of Chartered Accountants of India, carrying out an
      internal audit activity, is additionally governed by:
      (a) the requirements of the Chartered Accountants Act, 1949;
      (b) the Code of Ethics issued by the Institute of Chartered Accountants of
            India; and
      (c) other relevant pronouncements of the Institute of Chartered Accountants
            of India.
      One of these requirements includes the need to obtain a no objection certificate
      from the previous internal auditor at the time of changeover.

5.2   Basic Principles governing an Internal Audit:

      There are a set of basic fundamental principles which govern internal audit to
      ensure the achievement of desired objectives in the best possible manner.

      These ten basic principles are listed below which are designed to lay out the
      credibility of the internal auditor (first five principles) and the manner in
      which the internal auditor is expected to perform his duties (last five

5.2.1 Independence

      The Internal Auditor should be free from any undue influences which force
      him to deviate from the truth. He should be independent not only in mind but
      also in appearance. Hence he should not undertake any assignment which
      might appear to be in conflict with his independence or jeopardise his
      objectivity. Also, there should be no external pressure or interference on the
      internal auditor in establishing the scope of his assignments, the manner in
      which he conducts his work or reports his findings.

      The independence of the internal audit function as a whole, as placed within
      the organisation also plays a large part in establishing the independence of the
      internal auditor. The overall organisation structure of key personnel, the
      position and reporting of the Chief Internal Auditor within this structure

      along with the powers and authority which he derives from his superiors
      helps to further establish his independence.

      The Internal Audit function should be positioned outside of the functions
      which are subject to internal audit and ideally, the Chief Internal Auditor
      should report directly to the highest governing authority of the Company
      (generally the Chairman of the Board Audit Committee). However, many
      times the Chief Internal Auditor has a dual reporting responsibility, wherein
      he administratively reports to an executive officer (e.g., MD or CEO), but
      functionally into the Chairman of the Audit Committee, which is also

      Sometimes the internal auditor is exposed to a different type of risk to his
      independence, whereby management seeks active business support from the
      internal auditor. Apart from providing basic assurance and advisory inputs,
      he is assigned certain operational responsibilities (such as risk management,
      compliance, system automation, process re-engineering, etc.). Although some
      limited operational role may be acceptable for a short duration of time, the
      Internal Auditor should do so only after defining his limitations along the
      following lines:
      (a) Unable to assume ownership or accountability of the process; and
      (b) Inability to take operational decisions which may be subject to an audit
            later on.

5.2.2 Integrity & Objectivity

      The internal auditor should be honest, truthful and a person of high integrity.
      He must operate in a highly professional manner and seen to be fair in all his
      dealings. He should not seek to derive any undue personal benefit from his
      position or in the performance of his duty.

      He must conduct his work in a highly objective manner, especially in the
      gathering and evaluation of facts and evidence matter. He must not allow
      prejudice or bias to override his objectivity, especially in arriving at

5.2.3 Due Professional Care

      The internal auditor should exercise due professional care and diligence
      expected of him while carrying out the internal audit. Due professional care
      signifies that the internal auditor exercises reasonable care in carrying out the
      work entrusted to him to ensure the achievement of planned objectives.

      The internal auditor has to pay particular attention to certain key aspects, such
      as establishing the scope of the engagement so as not to miss out any
      important aspects, recognizing the risks and materiality of the areas, having
      required skills to review complex matters, establishing the extent of testing
      required to achieve the objectives, etc.

      Due professional care, however, neither implies nor guarantees infallibility,
      nor does it require the internal auditor to go far beyond the established scope
      of the engagement.

5.2.4 Confidentiality

      The internal auditor should at all times, maintain the utmost confidentiality of
      all information acquired during the course of his audit work. He should not
      disclose any such information to a party outside of the Internal Audit function
      and that also on a "need to know basis".

      The internal auditor should keep confidential information away from other
      employees of the entity and under no circumstances should confidential
      information be shared with third parties outside of the company, without the
      specific authority of the management/client or unless there is a legal or a
      professional responsibility to do so (e.g., to share information with Statutory
      Auditors). Internal audit reports should be addressed to specified internal
      auditees and distributed to only those who appointed/engaged the Internal
      Auditor services.

5.2.5 Skills and Competence

      The internal auditor should have sound knowledge, strong inter-personal
      skills, practical experience, expertise in certain areas and other competence
      required to conduct a high-quality audit. He should undertake only those
      assignments for which he has the requisite competence.

      The internal auditor should either have, or obtain, such skills and competence,
      as necessary for the purpose of discharging his responsibilities. Continuing
      Professional Education is a key part of this exercise. In addition to the basic
      technical skills, the internal auditor should have the softer skills (such as
      interpersonal/communication skills) required to engage with a multitude of

      Where the internal auditor believes he is lacking in certain expertise, he is
      expected to procure the required skills either though in-house experts or
      through the services of an outside expert, provided their independence is not
      compromised. Key is to ensure that the audit team as a whole has all the
      expertise and knowledge of the area under review.

5.2.6 Risk based approach

      Risk based internal audits are designed to link the audit procedures with the
      risks which impact the achievement of organisational objectives. The internal
      auditor identifies the important audit areas through a risk assessment exercise
      (using impact and probability of errors as a basis) and tailors the audit activity
      such that detailed audit procedures are conducted over high risk areas/issues
      while less time is devoted to low risk areas through curtailed audit
      procedures. Additionally, it ensures that risks under consideration are more
      aligned to the overall strategic and company objectives rather than narrowly
      focused on process objectives.

      This risk based approach therefore ensures these three fold objectives:
      (a) Audit procedures need not cover the whole process and can be limited to
            only the important controls in the process;
      (b) Provide a linkage to aspects more relevant and connected with broader
            company & functional objectives; and
      (c) Findings and issues highlighted are significant and important and time is
            not wasted on areas with low probability of significant observations.

5.2.7 System and Process Focus

      A system and process based internal audit goes beyond transaction and
      balance audits (focussed to error detection), to review the design and inter-
      linkage of the controls (focussed on error prevention). A root cause analysis
      conducted on each exception helps to identify opportunities to improve the
      systems or to automate the process with the objective to prevent a repetition of
      such errors. This is a more sustainable approach as it helps the internal auditor
      to move away from people to process and from detection to prevention.

5.2.8 Participation is decision making

      In conducting internal audit assignments, the internal auditor should avoid
      passing judgement or render an opinion on past management decisions. As
      part of his advisory role, the internal auditor should avoid participation in
      operational decision making which may be subject to a subsequent audit.

      The focus of the internal auditor should remain with the quality and operating
      effectiveness of the decision making process and how best to strengthen it,
      such that the chance of flawed or erroneous decisions is minimised. However,
      the internal auditor is at full liberty to present the lessons could be learnt from
      such past decisions.

5.2.9 Balancing of multiple stakeholder interests

      The internal auditor needs to evaluate the implication of his observations and
      recommendations on multiple stakeholders, especially where their interests
      maybe conflicting in nature. In such situations, the internal auditor should
      remain objective and present a balanced view to the auditee. This would allow
      senior management to take the final call since they are generally privy to the
      full information and best placed to balance the strategy/objectives of the
      company with expectations/interests of the diverse stakeholders.

5.2.10 Quality and continuous improvement

      The quality of the internal audit work should be paramount in the mind of the
      internal auditor since the credibility of the audit reports depends on the
      reliability of the findings. The Chief Internal Auditor should have in place a
      process of quality control to:
      (a) ensure factual accuracy of the observations and validate the accuracy of
            all findings; and
      (b) continuously improve the quality of the internal audit process and the
            internal audit reports.

      The Internal auditor also has to ensure that a self assessment mechanism is in
      place to monitor his own performance and also that of his subordinates and
      external experts on whom he is relying to complete some part of the audit

5.3   Internal Audit Charter

      The constitution and establishment of the Internal Audit function within the
      organisation is generally articulated in a formal document called the Internal
      Audit Charter. It defines all important aspects of the functioning of the
      Internal Audit department and provides clarity to the Internal Auditor
      regarding the manner in which the internal audit work is undertaken and how
      his responsibility is to be discharged.

      Typical key contents of the Charter are as follows (indicative list):
      (a) Vision & Mission of the Internal Audit function
      (b) Purpose & Objectives
      (c) Scope & Approach
      (d) Accountability & Authority
      (e) Roles & Responsibility
      (f) Reporting structure
      (g) Independence
      (h) Standards of audit practice

      The Internal Audit Charter is generally reviewed and approved by the highest
      governing body of the organisation; either the Board of Directors or the Audit
      Committee. It's important that the governing body is aware and in agreement
      with its contents in order to support the internal audit agenda.

      Where the Internal Audit charter is absent, it's recommended that a formal
      document of this nature be put in place and used as the basis on which the
      internal audits will be conducted. Where the Internal Audit function is
      completely outsourced to an outside agency, a similar document should be
      developed as part of the terms of reference of the engagement.

      The Internal Audit Charter should be reviewed periodically to ensure that it
      stays relevant to the changing needs and expectations of the board members,
      its management and the organisation. It is the responsibility of the Chief
      Internal Auditor to ensure periodic review and revision.

5.4   Compliance with IASB Pronouncements

      The IASB has issues a number of Standards, Guidelines and Clarifications
      (collectively referred to as Pronouncements) on Internal Audit and this body
      of pronouncements has to be complied with by the internal auditor. These
      pronouncements are designed to provide the internal auditor with all the
      information required to deliver a high quality service and thus maintain
      reliability and credibility of his work.

      If, for any reason, a member is unable to comply with any of the mandatory
      requirements, in accordance with the SIAs, his internal audit report should
      draw attention to the material departures therefrom. Any significant
      deviations from the procedures outlined in the pronouncements could also be
      viewed as shortcoming in taking due professional care.

      A peer review mechanism for quality control is to be followed to ensure that
      members have adhered to all aspects of the pronouncements.


6.1   This Framework governing Internal Audits is applicable for all internal audits
      beginning on or after .......

6.2   In the first year of its implementation, this Framework will be mandatory only
      for internal audits conducted on Listed Companies, and thereafter, it will
      become mandatory for internal audits conducted on all companies subject to
      internal audit as per Companies Act, 2013 (Refer Preface to the Framework
      and Standards on Internal Audit, Section 4.1).

Home | About Us | Terms and Conditions | Contact Us
Copyright 2018 CAinINDIA All Right Reserved.
Designed and Developed by Binarysoft Technologies Pvt. Ltd.
Content Management System development CMS development Content Management Solutions CMS Solutions Content Management Services CMS Services CMS Software

Transfer Pricing | International Taxation | Business Consulting | Corporate Compliance and Consulting | Assurance and Risk Advisory | Indirect Taxes | Direct Taxes | Transaction Advisory | Regular Compliance and Reporting | Tax Assessments | International Taxation Advisory | Capital Structuring | Withholding tax advisory | Expatriate Tax Reporting | Litigation | Badges | Club Badges | Seals | Military Insignias | Emblems | Family Crest | Software Development India | Software Development Company | SEO Company | Web Application Development | MLM Software | MLM Solutions