EXPOSURE DRAFT
STANDARD ON INTERNAL AUDIT (SIA) 230
OBJECTIVES OF INTERNAL AUDIT
The Internal Audit Standards Board of The Institute of Chartered Accountants of
India (ICAI) invites comments on Standard on Internal Audit (SIA) 230, Objectives of
Internal Audit.
Comments are most helpful if they indicate a clear rationale and, where applicable,
provide a suggestion for alternative wording.
Comments can be e-mailed either at cia@icai.in; or at concurrentaudit@icai.in.
Last date for sending comments is March 28, 2019.
This Standard on Internal Audit (SIA 230) seeks to revise and supersede Standard on Internal Audit (SIA) 8, Terms of
Internal Audit Engagement, issued in December 2008 (as recommendatory in nature) as well as incorporate certain new
aspects covering the subject matter. This SIA will be issued as a mandatory standard from its effective date.
STANDARD ON INTERNAL AUDIT (SIA) 230
OBJECTIVES OF INTERNAL AUDIT
Contents
Paragraph(s)
Introduction ........................................................................................... 1
Objectives ......................... .............................................................. 2
Requirements ......................................................................................... 3
Explanatory Comments ........................................................................ 4
Effective Date ........................................................................................ 5
Appendix ................................................................................................
This Standard on Internal Audit (SIA) 230, Objectives of Internal Audit, issued by the
Council of the Institute of Chartered Accountants of India (ICAI) should be read in
conjunction with the "Preface to the Standards on Internal Audit", "Framework
governing Internal Audits" and "Basic Principles of Internal Audit" issued by the
Institute.
1. INTRODUCTION
1.1 The objectives of internal audit vary widely and depend on the size,
structure, and complexity of the entity subject to internal audit. These
objectives are also influenced by specific requirements of management
and, in most cases, defined by those charged with governance.
1.2 In the case of Companies required to appoint an Internal Auditor as per
Section 138 of the Companies Act, 2013, Rule 13(2) of Companies
(Accounts) Rules 2014, states:
"The Audit Committee of the company or the Board shall, in
consultation with the Internal Auditor, formulate the scope,
functioning, periodicity, and methodology for conducting the
internal audit."
Hence, in these class of companies, the Audit Committee or the Board, in
conjunction with management and the Chief of Internal Audit, is expected
to exercise the responsibility to formulate the objectives of internal audit.
1.3 In the case of other organisations not covered under Rule 13, those who
appoint the Internal Auditor (e.g., the owners, the promoters, the Board of
Trustees, etc.) would generally define the objectives of internal audit.
1.4 While the specific objectives of any internal audit may vary from
company to company, these objectives are generally consistent with the
overall definition of "Internal Audit", which as defined under Para 3 of
"Framework governing Internal Audit", issued by the ICAI, states as
follows:
"Internal audit provides independent assurance on the
effectiveness of internal controls and risk management processes
to enhance governance and achieve organisational objectives.
Para 3.2 of the Framework also indicates how the nature of internal audit
services may go beyond assurance to include an advisory (consulting)
role.
Appendix -1 to this Standard provides an indicative list of the Objectives
of Internal Audit as noted in a previous Standard on Auditing (SA) - 610:
"Using the work of an Internal Auditor". Companies may choose some or
all of these objectives, or even add something as per their requirements.
1.5 Scope: The current law in India permits internal audit to be performed
either by an entity's own employee (i.e., personnel on the payroll of the
organization or its group company) or by a professional who is part of an
external agency (e.g., a firm of practicing Chartered Accountants
undertaking internal audit engagements). Hence the manner in which the
objective of internal audit is defined in each situation may vary. This
Standard applies to all ICAI members in both situations, irrespective of
whether the internal audit is conducted by them in the capacity of an
employee or as a representative of an external audit firm.
2. OBJECTIVES
2.1 The purpose of defining the Objectives of Internal Audit are to:
(a) Document the constitution and establishment of the Internal Audit
function and the terms of the out-sourced internal audit arrangement;
(b) Provide clarity to the Internal Auditor and its stakeholders regarding
the nature of the internal audit set-up and it's working;
(c) Ensure linkage between what is expected of the Internal Auditor and
how those expectation can be met within the Framework governing
Internal Audits; and
(d) Promote better understanding on key operational areas such as
accountability & authority, roles & responsibility, and such other
functional matters.
2.2 Once the objectives of internal audit are defined, they help to establish the
operating parameters within the overall internal audit agenda. These
objectives and operating parameters are formally recorded in one of these
two documents:
(a) An Internal Audit Charter, primarily designed for the in-house team
of internal auditors and its stakeholders; and
(b) An Engagement Letter, a formal agreement signed with the out-
sourced internal audit service provider.
In some cases, both the documents may exist, although where the
complete internal audit function is out-sourced, the Engagement Letter
covering the whole Internal Audit activity may be the only document in
place.
3. REQUIREMENTS
3.1 Every Internal Auditor shall be guided by a document that defines the
Objectives of Internal Audit. It is the duty of the Chief of Internal Audit to
have in place a written Internal Audit Charter documenting the
constitution and functioning of the internal audit function. (Para 4.1).
3.2 Where part of the internal audit activity is out-sourced, the Chief of
Internal Audit shall have a formal Engagement Letter defining the terms
of engagement and documenting the nature of the arrangement with the
external internal audit service provider. If the internal audit activity is
completely out-sourced, the Engagement Partner will be acting in the
capacity of the Chief of Internal Audit, who shall ensure a formal
Engagement Letter documenting the terms of engagement. (Para 4.2).
3.3 The Chief of Internal Audit shall ensure that the Internal Audit Charter is
reviewed and approved by those charged with governance (the Board of
Directors, or the Audit Committee of the Board). In the case of the
Engagement Letter, the Engagement Partner shall ensure that the formal
agreement with the terms of engagement shall have the approval of the
competent authority, as per the company's Delegation of Powers. Where
the complete internal audit activity is out-sourced, then this approval
shall come from those charged with governance (the Board of Directors,
or the Audit Committee of the Board).
3.4 It's important that the governing body members and other stakeholders
are aware of, and in agreement with, the Objectives of Internal Audit and
other relevant portions of the Internal Audit Charter and Engagement
Letter. This information shall be communicated to all stakeholders
through formal channels of communication.
3.5 The Internal Audit Charter and the Engagement Letter shall be reviewed
periodically by the Chief of Internal Audit and the Engagement Partner to
ensure its relevance to the changing times. If found necessary, the
proposed amendments to these documents shall be put up to the
approving authority for their review and approval.
4. EXPLANATORY COMMENTS
4.1 Internal Audit Charter (Para 3.1): The constitution and establishment of
the internal audit function within the organisation is noted in a formal
document called the Internal Audit Charter. It defines the objectives of
internal audit (in line with the definition of Internal Audit) and other
important aspects of the functioning of the Internal Audit department. It
also provides clarity to the Internal Auditor regarding the manner in
which the internal audit work is undertaken and how the auditor's
responsibility is to be discharged.
4.1.1 An indicative list of areas covered in the Internal Audit Charter are as
follows:
(a) Vision & Mission of the Internal Audit function
(b) Purpose & Objectives of Internal Audit
(c) Reporting Structure & Independence
(d) Scope & Approach
(e) Accountability & Authority
(f) Roles & Responsibility
(g) Quality Assurance & conformance with SIAs.
4.1.2 Further explanation of each of the above noted areas is given under
Annexure - 2.
4.2 Engagement Letter (Para 3.2): The Objectives of Internal Audit and other
terms of engagement of the external service provider are documented in a
formal agreement referred to as the Engagement Letter. The Engagement
Letter is signed by the Engagement Partner along with the appointing
authority of the Company.
4.2.1 An indicative list of terms of engagement, covered in an Engagement
Letter, are as follows:
(a) Purpose & Objectives of Internal Audit
(b) Independence & Objectivity
(c) Scope & Approach
(d) Accountability & Authority
(e) Roles & Responsibility
(f) Limitations & Confidentiality
(g) Quality Assurance & conformance with SIAs
(h) Reporting & Compensation
(i) Ownership of Working Papers.
4.2.2 Further explanation of above noted areas is given under Appendix - 3.
4.3 A signed Engagement Letter shall be obtained prior to commencement of
any audit work.
5. EFFECTIVE DATE
5.1 This Standard is applicable for internal audits beginning on or after a date
to be notified by the Council of the Institute.
Appendix 1
OBJECTIVES OF INTERNAL AUDIT AS PER
SA - 610: "USING THE WORK OF AN INTERNAL AUDITOR".
Scope and Objectives of the Internal Audit Function (Ref: Para. 3)
A3. The objectives of internal audit functions vary widely and depend on the
size and structure of the entity and the requirements of management and, where
applicable, those charged with governance. The activities of the internal audit
function may include one or more of the following:
Monitoring of internal control. The internal audit function may be
assigned specific responsibility for reviewing controls, monitoring their
operation and recommending improvements thereto.
Examination of financial and operating information. The internal audit
function may be assigned to review the means used to identify, measure,
classify and report financial and operating information, and to make specific
inquiry into individual items, including detailed testing of transactions,
balances and procedures.
Review of operating activities. The internal audit function may be
assigned to review the economy, efficiency and effectiveness of operating
activities, including non- financial activities of an entity.
Review of compliance with laws and regulations. The internal audit
function may be assigned to review compliance with laws, regulations and
other external requirements, and with management policies and directives
and other internal requirements.
Risk management. The internal audit function may assist the organization
by identifying and evaluating significant exposures to risk and contributing to
the improvement of risk management and control systems.
Governance. The internal audit function may assess the governance
process in its accomplishment of objectives on ethics and values,
performance management and accountability, communicating risk and
control information to appropriate areas of the organization and
effectiveness of communication among those charged with governance,
external and internal auditors, and management.
NOTE: The above is not a complete and exhaustive list and is presented only
as an example of the nature of Objectives of Internal Audit.
Appendix 2
COMPONANTS OF A TYPICAL INTERNAL AUDIT CHARTER
Vision & Mission of the Internal Audit (IA) function:
This indicates the long-term view of the IA function, in line with its reason for existence.
Purpose & Objectives of Internal Audit:
Explains what the Internal Audit function hopes to achieve in a certain period of time.
These objectives cover the internal audit definition and are usually in line with the
Objectives of the Organisation in a similar period of time.
Also see Annexure 1, above.
Reporting Structure & Independence:
This section explains where the Internal Audit function is placed within the overall
Organisation Structure of the Company and whom it reports to (both functionally as well
as administratively). Also clarifies how the independence of the function is assured
through limitations on responsibilities which may be assigned (such as that seeking
active business support) but might compromise on independence.
Also see Principle 1 in "Basic Principles of Internal Audit."
Scope & Approach:
The scope of the internal audits shall be consistent with the goals and objectives of the
internal audit function and also in line with the nature and extent of assurance to be
provided by the Internal Auditor. Any entities/units excluded from the scope shall be
clearly noted. The approach is generally a risk-based audit approach, with a system and
process focus.
Also see Principle 6 & 7 "Basic Principles of Internal Audit."
Accountability & Authority:
The Internal Auditor may be held accountable for certain deliverables beyond providing
basic assurance, such as improving the control environment, reducing risk ratings or
improving compliance percentage etc. These should be clearly spelt out. Along with
accountability, come the authority and the powers required to conduct audits without
any undue hindrances, engaging external experts and receiving all information and
system access on time.
Roles & Responsibility:
All the key job functions and activities are spelt out in this section, which are usually in
line with the objectives of the Internal Audit function.
Quality Assurance & conformance with SIAs:
This section indicates the importance of ensuring high quality audit work and
procedures, including how the audit procedures will be conducted in conformance with
ICAI pronouncements applicable at the time. It also notes the checks put in place to
ensure reliability and credibility of the output.
Appendix 3
COMPONANTS OF A TYPICAL ENGAGEMENT LETTER
Purpose & Objectives of Internal Audit:
This section indicates what the Internal Audit engagement hopes to achieve in the set
period of time. These objectives are mostly defined by those charges with governance and
appointing the Internal Auditor.
Also see Annexure 1, above.
Independence & Objectivity:
This section defines the reporting structure and reporting protocol of the Internal
Auditor. It also clarifies how the independence of the Internal Auditor is assured through
assignments which don't compromise on his independence.
Also see Principle 1 in "Basic Principles of Internal Audit".
Scope & Approach:
The scope of the internal audits shall be consistent with the goals and objectives of the
internal audit and in line with the nature and extent of assurance to be provided. Any
entities/units excluded from the scope shall be clearly noted. The approach is generally a
risk-based audit approach, with a system and process focus.
Also see Principle 6 & 7 in "Basic Principles of Internal Audit."
Accountability & Authority:
The Internal Auditor is accountable to deliver the outcome of his work to the appointing
authority or those changed with governance. Where the laws & regulations require, the
internal auditor may also be required to report directly to external authorities. Along
with accountability, come the authority and the powers required to conduct audits
without any undue hindrances and to receive all information and system access on time.
Roles & Responsibility:
All key job functions and activities get clearly spelt out in this section, which are usually
in line with the objectives of the Internal Audit function.
Limitations & Confidentiality:
Limitations on liabilities which the auditor is exposed to and the manner of
determination of the same should be included in this section. Obligations on part of the
Internal Auditor to maintain confidentiality of information collected and on part of the
Company to keep the audit report confidential is also covered here.
Quality assurance & conformance with SIAs:
This section indicates the importance of ensuring high quality audit work and
procedures, including how the audit procedures will be conducted in conformance with
ICAI pronouncements applicable at the time. It also notes the checks put in place to
ensure reliability and credibility of the output.
Reporting & Compensation:
All requirements with regards to the nature of reports to be issued, the type of assurance
to be provided, the timing, or periodicity of reports and the recipients is clearly noted
here.
The basis upon which the compensation is established, the manner of its review, the
ancillary charges (cost reimbursements, taxes etc) and how these are to be determined are
all covered here.
Ownership of Working Papers:
This section clarifies the understanding regarding the ownership of working papers.
Where a formal internal audit report is issued (with or without assurance), the ownership
of the working papers should be retained by the Internal Auditor.
Also see "SIA 330: Internal Audit Documentation."
|