You are on page 1of 17

Year

2014

Internal Audit Plan

VERSION 1.0/2014

INTERNAL AUDIT DEPARTMENT

TABLE OF CONTENTS

Year 2014

INTERNAL AUDIT PLAN

CONTENTS
PAGE
1. Introduction... 01
2. Purpose of Internal Audit Plan.. 02
3. Internal Audit Approach.. 03
4. Internal Audit Process.. 03
5. Annual Enterprise Risk Assessment. 03
6. Development of Internal Audit Plan.. 06
7. Allocation of Internal Audit Resources. 07
8. Internal Audit Plan 2014 Matrix 08
9. Internal Audit Plan 2014 Timelines. 12
10. Pre-payment Audit (Pre-audit). 13
11. Auxiliary Internal Audit services. 13
12. Internal Audit Plan Revision. 13
13. Internal Audit Reports. 13
14. Internal Audit Follow-up.. 14
15. Coordination with External Auditors.. 14
16. Professional Standards.. 14
17. Appendices.. 15

Urban Sector Planning & Management Services Unit (Pvt) Limited

Year 2014

INTERNAL AUDIT PLAN

1. Introduction
Urban Sector Planning & Management Services Unit (Pvt) Limited (hereinafter called the Urban Unit)
was incorporated under the Companies Ordinance 1984 on June 18, 2012.The core areas of operations
include Urban Planning, Urban Transport, Solid Waste Management, Urban Water & Sanitation, GIS &
Spatial Planning, and Municipal Finance etc. The support services activities comprised of human
resource, procurement, information technology, communication, financial management, internal audit
and administration etc. The organogram of the company splits up the human resources into three broad
categories namely Specialists, corporate and administrative positions.
The Board of Directors comprised of seven members. The authorized share capital of the company is
divided into 1000 shares of Rs.10,000 each. P&D Department Punjab is the majority shareholder.
The objectives of the company are articulated in the memorandum of association. The business of the
company is governed by its articles, policies & procedures, Companies Ordinance 1984 & subordinate
regulations and government laws & directives.
The accountability is ensured through external and internal assurance. The external audit is conducted
by a chartered accountant firm appointed by the BOD as well as by the auditors of the Auditor General
Department under the provisions of Auditor Generals Ordinance 2001.
The internal assurance is provided by the Internal Audit Department of the company which is
responsible to the Audit Committee of the BOD. The terms of reference for the Internal Audit of the
company are laid down in the Internal Audit Charter of the Company. The charter requires an annual
internal audit plan to be approved by the Audit Committee.

2. Purpose of the Internal Audit Plan


The annual internal audit plan is intended to plan for internal audit engagements to evaluate, determine
and opine whether the organizations risk management, control, and governance processes, as designed
and represented by management, are adequate and functioning in a manner to ensure:

Risks are appropriately identified and managed.


Significant financial, managerial, and operating information is accurate, reliable, and timely.
Employees actions are in compliance with policies, standards, procedures, and applicable laws
and regulations.
Resources are acquired economically, used efficiently, and adequately protected.
Programs, plans, and objectives are achieved.
Quality and continuous improvement are fostered in the organizations control process.
Significant legislative or regulatory issues impacting the organization are recognized and
addressed appropriately.

Urban Sector Planning & Management Services Unit (Pvt) Limited

Year 2014

INTERNAL AUDIT PLAN

It is our intent to convey a current sense of the Company's internal control environment and the extent
to which institutional risk mitigation is being assessed by regular audit activities, addressed proactively
through advisory services, or investigated as a result of issues raised.
3. Internal Audit Approach
At the Urban Unit, Internal Audit Department is striving to dispel the notion of an audit as something
done to the management, in a stand-alone activity. Rather, we are promoting the concept that an audit
is something we accomplish with the management. This is what we call participatory auditing, and we
are convinced that the product of this approach will be far superior to any audit completed without
active involvement of the management and the process owner. Why are we so confident of this? The
answer is simple: nobody knows the process better than its owner.
A step forward to participatory audit, our audit approach is risk based and demand driven to provide
independent, objective assurance &review, aimed to add value to the Companys governance, risk
management and control processes.
4. Internal Audit Process
In all phases of the audit we not only welcoming, but requesting the managements active involvement
throughout the audit cycle, in all phases - starting before the entrance conference, and continuing
through planning, testing, and reporting. Following are the audit process steps we normally follow:
Planning - The Internal Auditor meets with the senior management, department heads and process
owners- the staff responsible for the function to be audited. This enables the auditor to understand the
process being audited and the control environment. The Internal Auditor develops an audit program to
outline the testing that will be performed to ensure controls are designed to function as management
expects. The Internal Auditor will often develop flowcharts to document the process of being audited.
Testing - The Internal Auditor will test a sample of transactions and processes during field audit and
express an opinion on the controlled environment. As a result of testing, the Internal Auditor will
recommend audit improvements when noted.
Communication and Reporting - An informal summary of findings is shared with department heads or
process owners directly involved in the audit for their comments. A draft audit report is prepared and
communicated with management and their response is incorporated. The final report is presented to
the Audit Committee for review and discussion. Afterwards, the final report is distributed to the Board
and management.
Follow-up - The Internal Auditor generally performs a follow-up on corrective action plans or
management response to address audit recommendations.
5. Annual Enterprise Risk Assessment
The Internal Audit department continues to utilize a formalized risk assessment methodology in
selecting functions/processes/units/systems for inclusion in the annual audit plan. Relative risk

Urban Sector Planning & Management Services Unit (Pvt) Limited

Year 2014

INTERNAL AUDIT PLAN

assessment is necessary to provide a basis for the rational deployment of our limited resources for audit
engagements across the Company.
The risk assessment comprised of internal & external assessments of existing and emerging risks within
or outside the organization.
5.1 Internal Risk Assessment
As part of the annual risk assessment and audit planning process, we held risk discussions with the
senior management, sectoral heads and process owners to identify risks of concern at the functional and
organizational level. For internal risk assessment, a series of interviews & discussions with the functional
heads were conducted and a personally administered risk assessment questionnaire was shared and
response was recorded. On the basis of assessment, risks were rated. The risk areas & factors evaluated
during annual internal risk assessment include:

The overall governance framework of the company and its functions


Control environment
Designing and implementation of adequate functional processes
Functional significance & impact
A well-defined futuristic business plan and revenue stream of the company
Developing and implementation of sectoral/functional plans, targets and quantified KPIs
Human resources planning, management, appraisals and capacity building
Service delivery efficiency, effectiveness & impact
Financial management
Procurement planning and financial plans /budgets and their implementation
Periodic operational and financial reporting and its reviews and access to information
Documentation management, updation & data security
Assets management & safeguarding

We also held discussions with heads from core and support services to solicit input on the Companys
institutional risks and any specific areas of concern. We also used these meetings as an opportunity to
obtain feedback on the priority & frequency of audit services we plan to provide.
Our internal risk assessment covered the assessment of 20 individual auditable functions/activities of
the company including 9 Core services and 11 support services as listed below.
Core Services

Support Services

Urban Planning
Solid Waste Management
Water & Sanitation
Urban Transport
Geographical Information Systems
Municipal & Local Government Finance
Urban Economic services
Program/Project Management (High value
projects)
Business Development services

Information Technology
Procurement management
Finance & Accounts
Human Resource Management
Admin & logistics
Communication Management
Monitoring & Evaluation
Office documentation & mail management
Corporate Compliance
Assets & inventory management (stores)

Urban Sector Planning & Management Services Unit (Pvt) Limited

Year 2014

INTERNAL AUDIT PLAN


Library/Learning resource center

5.2 External Risk Assessment/Scan


The formal and informal discussions and scan of external environment of the company was undertaken.
The external risks identified are:

The expectations of stakeholders and level of achievement of company objectives


The companys reputation in external environment
The effectiveness of services of the company
Adherence to corporate social responsibility
Future growth & sustainability of the company

5.3 Overall Risk Assessment Findings


The risk factors that we considered significant in prioritizing audit engagements and frequency (cycle)
are:

Impact on the Companys mission & goodwill


Impact on Company finances
Impact on safeguarding assets & resources
Assessment of the activitys control environment
Level of compliance concerns
Impact of information technology
Complexity and/or diversity of the activity
Changes in the organization or leadership
Social responsibility & uplift

Our annual risk assessment 2014 resulted that out of the total 20 individual auditable functions/
activities of the company including 9 Core services and 11 support services (listed above), 6
functions/services are considered to be high risk, 7 moderate risk, and 7 low risk. A rating of high-risk
does not mean that the activity is perceived to have control problems, but rather reflects the criticality
or centrality of the activity to the Companys mission.
The overall risk assessments of the functions/services of the company is depicted in the following TL
diagram showing High Risk (red light), Medium Risk (blue light) and Low Risk (green light) bars listing
functions/activities of the company in each bar. The numbering of functions has nothing to do with risk
rankings.

Urban Sector Planning & Management Services Unit (Pvt) Limited

Year 2014

INTERNAL AUDIT PLAN

1. Solid Waste Management

1. Urban Planning

1. Urban economic Services

2. Geographical Information Systems

2. Water & Sanitation

2. Municipal & LG Finance

3. Project Management

3. Urban Transport

3. Communication Management

4. Corporate Compliance

4. Monitoring & Evaluation

4. HR management

5. Admin & logistics

5. Business Development

5. Procurement management

6. Information Technolgy

6. Library/LRC

6. Finance & Accounts

7. Assets & inventory Management

7. Office documentation & mail

(High Value projects)

management

It is again clarified that a rating of High-Risk does not mean that the activity/function is perceived to
have severe control weaknesses & problems prone to its failure, rather it reflects the criticality,
centrality or significance of the activity to the Companys mission bearing high risks.

6. Development of Annual Internal Audit Plan


The development of the annual audit plan is based on information gathered through broad consultation
across the Company and annual risk assessment findings. Taking into account the information we
obtained in our risk assessment process and its analysis, the Companys increased focus on introducing
new and upgrading its major management systems/processes, paradigm shift in organizational mode,
expanding and changing business spread and induction of fresh sectoral management is occurring within
the Company, we believe that a back to the basics audit plan is most appropriate for 2014.
Finally, our annual planning process includes re-examining the audit universe to ensure that all Company
activities are considered when determining how audit resources will be allocated. We also consider new
regulatory developments, new business processes, institutional priorities and strategic initiatives.

Urban Sector Planning & Management Services Unit (Pvt) Limited

Year 2014

INTERNAL AUDIT PLAN

7. Allocation of Audit Resources


The audit plan timelines are based on human resources available in Internal Audit Department. Internal
audit resources have been allocated on activities required to be performed efficiently to discharge its
responsibilities as per charter and to achieve IA objectives.
Approximately 63% of the Internal Audits resources are committed to the completion of planned audit
engagements. Keeping in view the commencing stage of the Company, 10% resources are estimated to
be consumed in consulting and advisory services while 12% are estimated for pre-audit.
The remainder of our FY 2014 audit resources is reserved as follows:

5% has been reserved to accommodate requests from the Board, audit committee or executives
for audit investigations.
3% has been reserved for follow-up procedures performed on behalf of the Audit Committee.
7% has been set aside for internal administrative functions, annual reporting and trainings
including continuous improvement efforts.

These allocations are based on risk assessment findings, activities level & current scenario in the
company and are subject revision/modification as Audit plan is a living document and changes are
usually envisaged.

Internal Audit Plan 2014

Internal Audit Plan 2014

Resource Allocation

Time Allocation for Scheduled Audits


(in days)
68
Core Services

Pre-audit
12%

Consulting/a
dvisory
services
10%
Special
Audits/Invest
igations
5%

Support Serivces

48

19

Scheduled
Audits
63%

12
3
High Risk

Med Risk

Low Risk

The Internal Audit Department will be provided requisite budgetary resources and logistical support by
the management and a free access to all information, documents, records, properties and employees in
order to facilitate the implementation of the plan. The management will also provide additional human
resources, if so required by the Internal Audit Department during the year, for efficient discharging of its
responsibilities and execution of the plan.

Urban Sector Planning & Management Services Unit (Pvt) Limited

Year 2014

INTERNAL AUDIT PLAN

8. 2014 Internal Audit Plan Matrix

Urban Sector Planning & Management Services Unit (Pvt) Limited

INTERNAL AUDIT PLAN

Year 2014

URBAN SECTOR PLANNING & MANAGEMENT SERVICES UNIT (PVT) LIMITED

Internal Audit Plan Matrix


Audits

Process Owner/
Functional Head

High Risk Audits


Support Services
Human
Resource Senior HR Manager
Management

Year 2014 (20th Feb 31st Dec 2014)


Audit
Budgeted Scope of audit
Frequency diem p.a

Type of audit

Quarterly

16

Functional
Process

& Compliance

Procurement
management

Procurement Manager

Quarterly

16

Functional
Process

& Compliance

Finance & Accounts

Chief Financial Officer

Quarterly

36

Functional
Process

& Compliance &

Core Services
Solid
management

waste Sr. SWM Specialist

assurance

Risk Area(s) Covered

Governance, HR process, service


delivery,
internal
controls,
documentation, financial
Governance, HR process, service
delivery,
internal
controls,
documentation, financial
Governance, internal controls,
documentation, financial
Governance, service delivery,
internal controls, documentation,
financial
Governance, service delivery,
internal controls, documentation,
financial
Governance, service delivery,
internal controls, documentation,
financial

Quarterly

Functional

Performance
& Compliance

Quarterly

Functional

Performance
& Compliance

32

Functional
Process

& Performance,

Performance
& Compliance
Performance
& Compliance
Performance
& Compliance

Governance, service
documentation

delivery,

Governance, service
documentation

delivery,

Governance, service
documentation

delivery,

Performance
& Compliance

Governance, service
documentation

delivery,

Geographic
information system

Sr. GIS Specialist

Program/Project
Management

Project
Leader

Medium Risk Audits


Core services
Urban Planning

Sr. Urban Planner

Annually

Functional

Water & Sanitation

Sr. W&S Specialist

Annually

Functional

Urban Transport

Sr. Transport Specialist

Annually

Functional

Support services
Corporate Compliance

Company Secretary

Annually

Functional

Manager/Team Quarterly

Urban Sector Planning & Management Services Unit (Pvt) Limited

Compliance &
assurance

Year 2014

INTERNAL AUDIT PLAN

Admin & logistics

Admin Manager

Assets & inventory Admin Manager & IT


Management
Information
IT Specialist
Technology
Low Risk Audits

Auxiliary
Audit
activities
Consulting & advisory
services
Pre-audit
Annual Audit Report
Audit Follow-up
Special
Audit
Investigations
IA Management &
trainings

Annually

Annually

Annually

Library,
M&E, Annually
Communication,
Office
documentation & other
low risk functions

10

CIA

25

CIA
CIA
CIA
CIA
CIA

On
demand
Concurrent
Annual
Concurrent
On
demand
Concurrent

Functional
Process
Functional
Process
Functional
Process

&

Performance
& Compliance

Governance, service delivery,


internal controls, documentation

&

Performance
& Compliance

Governance, service delivery,


internal controls, documentation

&

Performance
& Compliance

Governance, service delivery,


internal controls, documentation,
information system
Governance, service delivery,
internal controls, documentation

Functional

Performance
& Compliance

30
5
8
12
8

Urban Sector Planning & Management Services Unit (Pvt) Limited

10

INTERNAL AUDIT PLAN

Year 2014

9. Internal Audit Plan 2014 Timelines


Following is the proposed timelines (schedule) for Internal Audit Plan 2014
Quarter

Q1
Jan

Month
Week

Planned Audits
Annua l Ri s k
As s es s ment
Annua l Interna l
Audi t Pl a n

Q3

Q2

Feb

Mar
8

Apr

May

Jun

July

Q4

Aug

Sep

Oct

Nov

Dec

10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52

Cycle
Annual
Annual

High Risk Audits


Support Servi ces
Huma n Res ource
Ma na gement
Procurement
ma na gement
Fi na nce & Accounts

Quarterly
Quarterly
Quarterly
Q1

Q1 Audi t Report
Core Servi ces
Sol i d wa s te
ma na gement
Geogra phi c
i nforma ti on s ys tem
Progra m/Project
Ma na gement

Quarterly
Quarterly
Quarterly
Q2

Q2 Audi t Report
Medi um Ri s k
Audi ts
Support s ervi ces
As s ets & i nventory
Ma na gement
Informa ti on
Technol ogy

Annual
Annual

Admi n & l ogi s ti cs

Annual

Corpora te
Compl i a nce

Annual

Core s ervi ces


Urba n Pl a nni ng

Annual

Wa ter & Sa ni ta ti on

Annual

Urba n Tra ns port

Annual
Q3

Q3 Audi t Report
Low Ri s k Audi ts

Annual

Annua l Audi t
Report

Q4

Urban Sector Planning & Management Services Unit (Pvt) Limited

11

Year 2014

INTERNAL AUDIT PLAN

Urban Sector Planning & Management Services Unit (Pvt) Limited

12

Year 2014

INTERNAL AUDIT PLAN

10. Pre-payment Audit (Pre-audit)


During the year, the Internal Audit Department will carry out pre-payment audit (pre-audit) of financial
transactions in accordance with its mandate given in Internal Audit Charter and decisions of the Audit
Committee of the Company. The pre-payment audit is a concurrent activity that will remain continue
during the year.
The materiality of the financial transaction of the company for pre-audit is determined as under:
i.
ii.
iii.

All financial transactions of above Rs.500,000/- (five hundred thousand) involving procurement
of goods, services or works.
Every financial transaction involving salary & salary supplements
All financial transactions of above Rs. 100,000 relating to operating expenses including repair &
maintenance, advances and all other expenses.

Vouchers & cheques along with all supporting documents of all the financial transactions which are
subject to pre-audit, shall invariably be presented to internal audit department before making payments
by allowing a reasonable time for pre-audit. The internal audit officer will signed and stamp the
vouchers or otherwise furnish his observations on the transaction(s) for management response.

11. Auxiliary Internal Audit Services


The Internal Audit department will also continue to perform auxiliary services relating to internal audit
such as consulting services or special investigations on the request of management or the Board subject
to availability of resources and expertise. However, no member of the Internal Audit department will
assume or perform management responsibilities.

12. Internal Audit Plan Revision


The Internal Audit Plan 2014 may be revised during the year as the need arises or due to operational or
external exigencies with the prior approval of the Audit Committee.

13. Internal Audit Reports


The internal Audit Department will submit the plan status reports and internal audit reports periodically
in accordance with the plan at least quarterly to the audit committee regarding the progress of the
implementation of the Internal Audit Plan 2014 and audit findings along with management response, if
available.

Urban Sector Planning & Management Services Unit (Pvt) Limited

13

Year 2014

INTERNAL AUDIT PLAN

14. Internal Audit Follow-up


The Internal audit department will continue follow-up of the audit recommendations and management
action plan thereupon during the year.

15. Coordination with external auditors


The Internal Audit Department will coordinate its audit plan and reports with the Companys external
auditors to ensure appropriate coverage is achieved through the internal and external audit plans and to
leverage the collective efforts of both assurance providers.

16. Internal Auditing Standards


The Internal Audit Department will perform its audit activities in accordance with the Institute of
Internal Auditors Standards for the Professional Practice of Internal Auditing. All members of the
internal audit department are also required to comply with the Institutes Code of Conduct for Internal
Auditors.

Urban Sector Planning & Management Services Unit (Pvt) Limited

14

Year 2014

INTERNAL AUDIT PLAN

17. Appendices

APPENDIX A

ANNUAL ENTERPRISE RISK PROFILE 2014

Urban Sector Planning & Management Services Unit (Pvt) Limited

15

Year 2014

INTERNAL AUDIT PLAN

APPENDIX B

ENTERPRISE RISK ASSESSMENT QUESTIONAIRE

Urban Sector Planning & Management Services Unit (Pvt) Limited

16