Professional Documents
Culture Documents
Draft SIP Projcet On IA in DAB PDF
Draft SIP Projcet On IA in DAB PDF
PROJECT REPORT ON
“INTERNAL AUDIT FUNCTIONS AND ITS PERFORMANCE
IN CENTRAL BANK OF AFGHANISTAN”
SUBMITTED BY
SUBMITTED TO
Internship is a pathway between the theoretical knowledge and practicality in real world business
scenario. Savitribai Phule Pune University has been emphasizing internship as an academic
requirement to make such pathway for students. In this regard, I chose Central Bank of
Afghanistan. The whole internship tenure was for two months where I was provided with an
opportunity to work in internal audit department applying the theoretical knowledge into
practical use.
The report is based internal audit function and its performance in the Central Bank of
Afghanistan. The overall aim of internal audit Department is to provide independent assurance
that organization’s risk management, governance and internal control processes are operating
effectively. During the internship tenure in the Da Afghanistan Bank, I learned various aspects of
internal auditing and how does internal auditing apply. Apart from this knowledge regarding
internal audit department, it also improved my soft skill such as communication skill,
interpersonal skill as well as enhance my confidence level to work in a team.
Besides these learning, I observed DAB has flatter organizational structure. The corporate
environment was so friendly and cooperative. The entire staffs in the department were very
supportive, encouraging, inspiring and constantly guided me towards my learning phase.
Throughout the internship tenure, I got to know how crucial the internal audit department is to an
organization. I also got an opportunity to understand the mission, vision and corporate culture of
Central Bank of Afghanistan.
Chapter 1
One of the major advantages of internship being placed in the 3th semester is that the student can
use the knowledge acquired in the previous semester to his/her advantage and perform efficiently
in the completion of the tasks he/she is assigned in the workplace. The internship gives the
insight to the organization and introduces to the corporate culture within the organization.
Internship assists in improving the interpersonal and communication skills required to sustain in
the competitive business environment. It provides a platform for gaining the essential managerial
and public relationship skills and is an excellent means for gaining work experience.
Thus, the internship is the totally practical based program that boots up the problem-solving
ability by utilizing the conceptual knowledge of an individual in the organizational setting. It is
the career enhancing program and is aimed at developing the level of understanding and
competence required to be professional manager.
In the recent years, people are becoming more practical and knowledge oriented. MBA course
has been extensively developed in order to reach the high expectations of the core based
companies that are involved in both, management of the business as well as within the human
resource department. This, itself shows the significance of this course. This includes the detailed
study of the various aspects of the internal audit and importance of internal auditing in the bank.
MBA course specialize their students in various important sectors such as Accounting, operation
management, Entrepreneurship, Finance, Human Resource Management, International Business,
Marketing etc.
2
1.2 Significance of study
3
Chapter 2
Industry Profile
According to Kent: "A bank is an organization whose principal operations are concerned with
the accumulation of the temporarily ideal money of the general public for the purpose of
advancing to others for expenditure."
In summary, a Bank can be defined as any business organization that offers acceptance of
deposits, which is subject to withdrawal on demand (either through check or electronic
transfer, or both) and grants loans and credits to private individuals and business firms on
Commercial basis.
Through there is much controversy as to the origin of the word "Bank". Some believe that it
originated from the Latin word "Bancus" meaning a bench. Similarly some believe that it
originated from the French word "Banque" and some to Italian word "Banca" all meaning a
bench. Some have stronger belief that it originated from the German word "Banck" meaning
collective fund. Ancient money dealer used to deal on a bench.
History of banking in Afghanistan started in 1933, Bank-e-Millie Afghan (BMA) was the first
financial institution established in Afghanistan in 1933. Similarly, it was the first financial
institution established in a public private partnership set up with 72 percent share held by private
sector. As a first bank in Afghanistan, BMA introduced formal banking services to the people
and government of Islamic Republic of Afghanistan. Since then, the banks competitive strength
and ongoing market leadership philosophy lays in its strong capital base and proven
trustworthiness.
In 1976, it was fully nationalized by the government of Afghanistan. Since its establishment,
BMA is a leading banking in providing modern and secure banking services. Securing
depositors' funds is the top priority of the bank. At the same time, the bank is contributing
considerably to the development of manufacturing, agriculture, services, and international trade
in the country.
4
BMA is operating based on strong corporate governance principles, financial risk management
and strict compliance to keep its credibility and trust. BMA has 15 city branches in Kabul and 21
provincial branches and equity investments in United States of America and England. And it is
celebrating its 84th years of fame.
According to CM (Council of ministers) approval number 152 dated 3/2/1318 (1939) Wolesi
Jirga (House of Representatives) approval number 11 dated 19/6/1318,(1939) Meshrano Jirga
(senate) historical approval dated 12/6/1318(1939) and then-king’s approval number
1317/5280dated17/11/1318,(1939)Da Afghanistan Bank was established in capital Kabul with
initial asset of 120 million Afghanis, which, with its defined authorities and responsibilities, was
able to set up its branches and subsidiaries inside and outside the country.
In late 2001, following decades of conflict, the financial and banking systems of Afghanistan
were devastated. Afghanistan had six licensed state-owned commercial banks5 that were
almost entirely Kabul-based and, to a large extent, inactive. The banks lacked connectivity,
reliable information on assets and liabilities, and did not follow commonly agreed and
accepted accounting standards.
There have been substantial improvements in development outcomes in Afghanistan since
2001. These improvements were particularly in expanded access to essential services such as
water, sanitation, and electricity, and improved outcomes in education and health.
5
Confidence in the banking sector is yet to fully recover from the Kabul Bank crisis in 2010,
during which massive fraud led to a run on the country’s then largest bank, necessitating a
government bailout (equivalent to 5 percent of Afghanistan’s GDP in 2010). Just before its
collapse, Kabul Bank held 34 percent of total banking assets in Afghanistan, almost three times
the amount of its closest competitor. Weak oversight and corruption of all governance functions
of the institution allowed for endemic related party transactions and fraudulent loan origination,
which in turn led to the eventual loss of over 92 percent – or approximately US$861 million - of
its loan book. The Kabul Bank crisis and its aftermath underscores the need to improve the
health of the financial sector, especially considering continuing stresses from deteriorating asset
quality and substantial dollarization of banks. Non-performing loans of the overall banking
sector have steadily increased over the past four years and, by end-June 2017, reached 16.9
percent, a record high since the Kabul Bank crisis. At the same time, around 69 percent of bank
loans and 66 percent of deposits were denominated in US dollars. While banks are required to
keep reserves at DAB in Afghanis only, their capacity to lend in local currency is severely
constrained.
Poor credit risk management has undermined financial performance. BMA and Pashtany
Bank over the last decade have suffered severe equity losses as the result of poorly originated,
controlled and recovered credit risks. Related party lending, as well as constituency driven credit
origination and noncommercial considerations in the granting of loans undermined the portfolios’
viability, as much as the overall vulnerability of borrowers to external shocks.
Obsolete Information Technology (IT) systems and infrastructure not only add to efficiency
constraints but also compound operational risks.
The banking system grew rapidly in the post-Taliban period: by 2005 there were eleven licensed
banks: three state-owned banks and eight private local and foreign banks, including Standard
Chartered Bank, and Afghanistan International Bank (AIB) established with25 percent
ownership held by the Asian Development Bank. Three state-owned banks were relicensed
initially: the Export Promotion Bank (EPB), Banke Millie Afghan (BMA) and Pashtany Tejaraty
Bank (PTB). Despite numerous shortcomings (weak management, unsound practices and
banking law violations), these banks were still operating at a profit. The other three state-owned
banks were not relicensed, primarily because they failed to meet minimum capital requirements.
As of 2005, most banks offered basic services and their operations were constrained severely due
to deficiencies with regard to inadequate laws and regulations (including bankruptcy, mortgage
and contract laws), property rights and inaccurate, incomplete and flawed title deeds and
inefficient and corrupt courts. Uncertainty and security issues limited the operation of
commercial banks in remote areas. As of March 2008, the financial system of Afghanistan
comprised:
i) 15 licensed commercial banks with 183 branches in 20 provinces;
ii) 332 foreign exchange dealers; and
iii) 100 licensed money service providers.
6
2.5 GDP composition by sector is:
Agriculture sector: 23%
Industry sector: 21.1%
Service sector: 55.9%
One third of GDP is contributed by agriculture sector. It is one of the major GDP contributing
sectors because Afghanistan is agriculture based country. Industry sector contributes very less
proportion in Afghanistan economy. Afghanistan has not grown industry sector as compare to
international development pace. Service sector is the major sector in GDP. Service sector
includes hospitality, educational, consultancy, tourism, medical, foreign employment, banking
and insurance and so on. The financial system of Afghanistan is dominated by private banks. As
of end-2016 the banking sector consists of 15 banks with total assets of US$4 billion, customer
deposits of US$3.6 billion and a gross loan portfolio below US$0.7 billion. Banking sector assets
represent 21 percent of GDP.
7
2.7 Major players:
According to function and nature of bank, in Afghanistan banks are classified in following
types:-
1) Central Bank
2) Commercial Bank
3) Finance Companies
2) Commercial Bank:-A Commercial bank is a type of Bank that provides services such as
accepting deposits, making business loans, and offering basic investment products. Commercial
bank can also refer to a bank, which more specifically deals with deposit and loan services
provided to corporations or large/middle-sized business – as opposed to individual members of
the public/small business – Retail banking, or Merchant banks. At present there are 15
Commercial banks in Afghanistan.
3) Finance Companies:- The mission of finance company is to encourage investment in the rural
and urban economy of Afghanistan, and to support economic and social development by serving
men and women owned business and the credit needs of small and medium enterprises (Trade,
Services, Manufacturing, Mining, Production and Agriculture) in the rural and urban areas where
they reside and conduct business all over Afghanistan. Afghanistan Rural Finance Company is
one of the leading finance company in Afghanistan.
2.8 Afghanistan Banks Association (ABA):- Afghanistan Banks Association (ABA) is a non –
political, non-government, not for profit, and independent association established in September
2004 to meet the need of growing banking sector as a united body representing all banks to serve
as their voice in dialogues with Da Afghanistan Banks (DAB), Government and other
Stakeholders. ABA was initially founded by nine licensed banks, but membership has since
grown to include 14 duly licensed banks.
ABA strives to promote a strong, healthy and competitive banking industry in Afghanistan and it
represents the common interests of Afghanistan banking sector. ABA is funded primarily by its
member banks, but is empowered to generate its own revenues and to accept donor funding.
8
Chapter 3
Organization Profile and Business Overview
3.2.2Mission:
The mission of Da Afghanistan Bank is to foster price stability and build a robust financial
system.
9
Establish, maintain and promote sound and efficient systems for payments, for transfers of
securities issued by the State or DAB, and for the clearing and settlement of payment
transactions and transactions in such securities.
Accept foreign bank applications from banks that wish to operate in Afghanistan.
10
3.7 The Board of Directors at DAB Consists of:
1. Khalil Sediq – The Governor and Chairman of the Executive Board, Supervisory Board
and Board of Directors.
2. Wahidullah Nosher– The First Deputy Governor and Vice Chairman of the Executive
Board, Supervisory Board and Board of Directors.
3. Dr. Abdul Ghani Ghawasi.
4. Drs. Narges Nehan.
5. Dr. Shah Mohammad Mehrabi.
11
3.8 Financial Performances
The fiscal year of Afghanistan starts from 21th December and ends in 21th December. The latest
financial highlight of bank is given below.
12
Figure 2 Source https://dab.gov.af/Annual-Financial-Report
13
Figure 3 Source https://dab.gov.af/Annual-Financial-Report
14
Figure 4 Source https://dab.gov.af/Annual-Financial-Report
15
Chapter 4
Internal audit is not a discipline of accountancy; external Audit is related to accountancy, but
internal audit is an entirely separate discipline more closely related to Enterprise Risk
Management. Internal Audit does, of course, cover financial risk amongst its portfolio, but this is
one very minor element of the role. Significant misunderstandings in this area have resulted in
many organizations recruiting accountants with external audit experience to staff an internal
audit function; this is usually detrimental to the quality and completeness of assurance provided
to the Non-Executive Directors/Board, and may, in part, have contributed to corporate failures
where key operational risks that were not directly related to financial statements remained
unidentified and/or unmanaged by the Executive Management. When IIA and ACCA signed the
Global Memorandum of Understanding, IIA President David A. Richards said, "The IIA and
ACCA are both long-standing, highly respected professional associations, each with members
from all around the world. Although we represent two distinctly different professions, our codes
of ethics and perspectives on enhanced professionalism, ongoing education, and quantifiable
research mirror one another."
The scope of internal auditing within an organization is broad and may involve topics such as the
efficacy of operations, the reliability of financial reporting, deterring and investigating fraud,
safeguarding assets, and compliance with laws and regulations.
Traditionally, internal auditing involved measuring compliance with the entity's policies and
procedures. However, internal auditors are not responsible for the execution of company
activities; they advise management and the Board of Directors (or similar oversight body)
regarding how to better execute their responsibilities. As a result of their broad scope of
involvement, internal auditors may have a variety of higher educational and professional
backgrounds. Developments in internal auditing have moved away from "compliance" which is a
function of management control, towards Risk Based Internal Auditing (RBIA) which results in
monitoring and evaluation of the risk based control framework to manage enterprise risk.
16
The modern approach seeks to ensure that key risks are identified, a risk appetite is defined, and
controls are instigated in a fit for purpose way to manage risk according to the risk appetite of the
organization.
Publicly-traded corporations typically have an internal auditing department, led by a Chief Audit
Executive ("CAE") who generally reports to the Audit Committee of the Board of Directors,
with administrative reporting to the Chief Executive Officer.
In short, the two functions share one word in their names, but are otherwise quite different.
Larger organizations typically have both functions, thereby ensuring that their records, processes,
and financial statements are closely examined at regular intervals.
17
4.4 Types of Internal Audit
Operational Audit: An operational audit evaluates performance of a particular function
or department to assess its efficiency and effectiveness. Financial data may be used, but
the primary sources of evidence are the operational policies and achievements related to
organizational objectives. Internal controls and efficiencies may be evaluated during this
type of audit. Some areas of operational audits include: organizational structure,
processes and procedures, accuracy of data, management and security of assets, staffing,
and productivity.
Compliance Audit: A compliance audit evaluates an area’s adherence to established
laws, standards, regulations, policies, and/or procedures. Compliance audits are done
because of a policy or statutory requirement. While the audit is done for regulatory
reasons, the objectives are still to ensure adequate control over an important internal
process.
Financial Audit: A financial audit is a historically oriented, independent evaluation
performed for the purpose of attesting to the fairness, accuracy, and reliability of
financial data. The central objective is to ensure that the financial activity of the
department, unit or area is completely and accurately reflected in the appropriate
financial reports.
Follow up Audit: These are audits conducted approximately six months after an internal
or external audit report has been issued. They are designed to evaluate corrective action
that has been taken on the audit issues reported in the original report. The purpose of a
follow-up audit is to revisit a past audit’s recommendations and management’s action
plans to determine if corrective actions were taken and are working, or if situations have
changed to warrant different actions.
Investigative Audit: This is an audit that takes place as a result of a report of unusual or
suspicious activity on the part of an individual or a department. It is usually focused on
specific aspects of the work of a department or individual. Investigations are conducted to
determine the extent of loss, assess weaknesses in controls, and make recommendations
for corrective actions.
IT Audit: An Information Technology (IT) audit evaluates controls related to the
institution’s automated information processing systems. The information technology
audit function develops audit programs to assess, evaluate, and make recommendations to
management regarding the adequacy of internal controls and security inherent in an
organization’s information systems, and the effectiveness of the associated risk
management. The goal is to ascertain that IT systems are safeguarding assets, maintaining
data integrity, and efficiently operating to achieve business objectives.
Management Audit: Also called performance audit, are internal consulting projects.
Because an internal audit is an activity independent of management, it is often an
excellent resource to provide independent and objective insight on the efficiency of
business processes. Management can request internal auditors to review a business
process, organization, or strategy; and the auditors do not have to worry about backlash
from management.
18
A common management audit is a review of organizational structure, such as having
internal audit look at how administrative work is divided among divisions and if there are
opportunities to be more efficient.
Other types: of internal audits would include the integrated audit, which is a
combination of the IT Audit and the Operational Audit.
19
audit. Gaining client trust and avoiding costly fines associated with non-compliance makes
internal audit an important and worthwhile activity for your organization.
Internal auditors have to be independent people who are willing to stand up and be counted.
Their employers value them because they provide an independent, objective and constructive
view. To do this they need a remarkably varied mix of skills and knowledge. They might be
advising the projective running a difficult change program one day, or investigating a complex
overseas fraud the next.
From very early on in their careers, they talk to executives at the very top of the organization
about complex, strategic issues, which is one of the most challenging and rewarding parts of
their role
Internal auditing activity is primarily directed at improving internal control. Under the COSO
Framework, internal control is broadly defined as a process, affected by an entity's board of
directors, management, and other personnel, designed to provide reasonable assurance regarding
the achievement of objectives in the following internal control categories:
Management is responsible for internal control. Managers establish policies and processes to
help the organization achieve specific objectives in each of these categories. Internal auditors
perform audits to evaluate whether the policies and processes are designed and operating
effectively and provide recommendations for improvement.
20
In larger organizations, major strategic initiatives are implemented to achieve objectives and
drive changes. As a member of senior management, the Chief Audit Executive (CAE) may
participate in status updates on these major initiatives. This places the CAE in the position to
report on many of the major risks the organization faces to the Audit Committee, or ensure
management's reporting is effective for that purpose.
A primary focus area of internal auditing as it relates to corporate governance is helping the
Audit Committee of the Board of Directors (or equivalent) perform its responsibilities effectively.
This may include reporting critical internal control problems, informing the Committee privately
on the capabilities of key managers, suggesting questions or topics for the Audit Committee's
meeting agendas, and coordinating carefully with the external auditor and management to ensure
the Committee receives effective information.
Establish and communicate the scope and objectives for the audit to appropriate management.
Develop an understanding of the business area under review. This includes objectives,
measurements, and key transaction types. This involves review of documents and interviews.
Flowcharts and narratives may be created if necessary.
Describe the key risks facing the business activities within the scope of the audit.
Identify control procedures used to ensure each key risk and transaction type is properly
controlled and monitored.
Develop and execute a risk-based sampling and testing approach to determine whether the most
important controls are operating as intended.
Report problems identified and negotiate action plans with management to address the problems.
Follow-up on reported findings at appropriate intervals. Internal audit departments maintain a
follow-up database for this purpose.
Project length varies based on the complexity of the activity being audited and Internal Audit
resources available. Many of the above steps are iterative and may not all occur in the sequence
indicated.
21
By analyzing and recommending business improvements in critical areas, auditors help the
organization meet its objectives. In addition to assessing business processes, specialists called
Information Technology (IT) Auditors review information technology controls.
22
Chapter 5
Internal Audit in Central Bank of Afghanistan (DAB)
Introduction
5.1 Purpose
The basic objective of Internal Audit is to provide independent, objective assurance and
consulting services designed to add value and improve the DAB’s operations. To assist auditors
in achieving an acceptable level of performance, The Institute of Internal Auditors, an
international body, has issued a Professional Practices Framework which is intended to be used
throughout the world in the conduct of internal audit assignments. In specific areas of
specialization, such as audits of financial records and audits related to computer-based systems
and functions, other authoritative bodies have issued audit statements and guidelines. A
professional internal audit department must have established levels of capability. The most
efficient way of measuring the capability of individual auditors is through a process of
accreditation.
There are existing professional examinations, administered internationally, which provide this
feature. The certification examinations offered by the Institute of Internal Auditors, however, do
not provide multiple levels of performance and may be regarded as too expensive to be routinely
taken by government internal auditors. Accreditation would require formal examination and be
tied to the competency framework. Those occupying positions as professional internal auditors
should be required to hold the appropriate accreditation.
5.1 Vision
To transform Comptroller General’s Office or Internal Audit Department (IAD) into a modern,
efficient, and proactive Department, fully capable to conduct independent audit of all activities
of Da Afghanistan Bank (DAB).
5.2 Mission
The mission Comptroller General’s Office or Internal Audit Department (IAD) is to provide
independent, objective assurance and consulting services designed to add value, improve
operational efficiency and internal control system in line with international best practices, for
accomplishment of DAB’s mission.
5.3 Objective
The main objective of the IAD is to assist all wings of management in the effective discharge of
their responsibilities by providing them with reliable and independent information on the
performance of the organization as a whole.
The internal audit is mainly concerned with examination and evaluation of internal controls and
quality of performance. This involves the review of activities, programs and projects to ensure:
23
Means of safeguarding inventories and assets and verify the existence of such assets
physically and in the ownership of DAB.
That the risks are appropriately defined and carry out risk assessment of all the key
functions of DAB.
The activities of different departments/offices in order to ascertain whether results are
consistent with established objectives and goals and whether the activities are being
carried out as planned.
That the operations are being carried out in economic and efficient manner and to
confirm the effectiveness of different operations in delivering the banking services.
24
Ensure that the operations are being carried out in economic and efficient manner and
to confirm the effectiveness of different operations in delivering the banking services.
25
Discuss with the external auditors major issues arising from the audit including resolved
and outstanding issues.
Review key accounting and audit judgments.
Review the audit representation letters before signature by management review the
management letter from the auditors and management responses to their findings and
recommendations.
The Internal Audit Department in Da Afghanistan Bank headed by Comptroller General who
assisted by Deputy Comptroller General and have adequate qualified Auditors and other staff
required to implement the annual audit work plan as developed by him and approved by the audit
committee. Audit Staff divided into different teams. Each team headed by a Team Leader.
All the teams responsible to carry out internal audit of various departments/offices assigned by
the Comptroller General. One section of professionally qualified auditors responsible for
Quality Assurance in Internal Audit Department.
Head of Quality Assurance section responsible for supervision, monitoring and reporting the
works carried out by the Internal Audit Department. This section also ensures follow up and
compliance of the audit reports. Initially, the Quality Assurance section also assist international
consultant in preparation of Internal Audit Manual for Da Afghanistan Bank. One specialized
team established for the work of inspection his team responsible to the CG.
When an internal audit team finds an observation containing fraud, it reported formally to the
comptroller general and comptroller general hand over the issue to inspection team for further
investigation. This team is directly responsible to comptroller general and should approach
through CG or DCG only. Size of the Internal Audit department, number of auditors and
supporting staff determined and approved depending upon manpower requirement by the
Comptroller General.
5.7 Responsibilities
The Comptroller General of internal audit serve as the Chief Audit Executive of the Internal
Audit Department and perform advanced level professional internal audit work including
performance, financial and compliance audit and provide directions to development of the annual
audit plan, ongoing training, coaching and supervision to internal audit staff. He maintains
organizational and professional ethical standards, and work independently with considerable
initiative and independent judgment.
The Comptroller General and other staff of Internal Audit department have responsibility to;
26
Develop a flexible annual audit plan using an appropriately risk based methodology,
including any risks or control concerns identified by the departments and submit that
plan to the audit committee for review and approval as well as periodic updates,
implement the approved annual audit plan as well as any special audits requested by the
governor or the audit committee,
maintain a professional audit staff with sufficient knowledge, skills, experience and
professional certifications,
issue periodic reports to the audit committee and to the DAB summarizing results of
audit activities,
assist in the investigation of suspected fraudulent activities within the
departments/offices of DAB and inform the management and audit committee of the
results
5.8 Organizational Structure:
The Internal Audit Department of the DAB functions under the direct supervision of the Comptroller
General, who reports to the Audit Committee of the Supreme Council. To carry out the Departmental
functions, the Department has the following sections.
1- Quality Assurance Section.
2- Audit Teams.
3- Inspection Section.
-Comptroller General
-Executive Assistant
-Deputy Comptroller General
-Quality Assurance Section
-Audit Teams
-Inspection Unit
27
Direct the audit staff in identification, development, and documentation of audit issues
and recommendations
Communicate the audit results via written reports and oral presentations to management
and audit committee.
Develop and maintain productive client and staff relationships through individual
contacts and group meetings.
Pursue professional development opportunities, including external and internal training
and professional association memberships, and share information gained with coworkers
Represent internal audit department at management and audit committee meetings and
with external organizations
Perform related work as assigned by the audit committee
28
international standards on auditing.
Review the draft audit reports before submission to C.G./Deputy C.G. for
finalization.
Maintenance and monitoring of the budget for the internal audit activity.
Maintenance and updating of the overall internal audit plan.
Identification of the risk areas and the internal audit plan to address these risks.
Acquisition and deployment of audit tools and use of technology to enhance the
efficiency and effectiveness of the internal audit activity.
Co-ordination with the external auditors.
Staffing related aspects of internal audit – recruitment, training, etc.
Planning and implementation of the training and professional development of the
internal audit staff.
Implementation of the performance metrics for the internal audit activity and
periodic monitoring of the same.
Review of the follow up actions taken on the findings of the internal audit
activity.
29
Manage the identification and evaluation of DAB’s risk areas and provide key input
to the development of audit plan.
Manage the performance of audit procedures, including identifying and defining
issues, developing criteria, reviewing and analyzing evidence, and documentation.
Manage the audit staff in conducting interviews, reviewing documents, developing
and administering surveys, composing memos and for preparing working papers.
Manage the audit staff in identification, development, and documentation of audit
issues and recommendations.
Communicate the audit results through written reports and oral presentations to
management.
Develop and maintain productive client and staff relationships through individual
contacts and group meetings.
Pursue professional development opportunities and share information gained with
colleagues.
Coordination with external auditors.
Perform other related tasks assigned by Deputy Comptroller General or Comptroller
General.
30
Conduct interviews, review documents and prepare working papers.
Identify, develop and document audit issues and recommendations using independent
judgment.
Communicate or assist in communicating the audit results through written reports and
oral presentations to management.
Support audit management in development and maintenance of productive auditee
relationships through individual contacts and group meetings.
Pursue professional development opportunities, including external and internal
training, and share information gained with co-workers.
Perform other related tasks assigned by Audit Supervisor/Audit Team Leader.
5.15. Authority
Authority and Independence is essential to the effectiveness of Internal Auditing. This
independence is obtained primarily through organization status and objectivity.
The organizational status of the Internal Auditing function, and the support accorded to it by
management, are the major determinants of its effectiveness. The Comptroller General is
therefore responsible to the Audit Committee whose authority is sufficient to ensure both
comprehensive range of audit coverage, and the adequate consideration of and effective action
on the audit findings and recommendations.
Whilst the auditor may recommend standards for controls and review procedures before they are
implemented. The design, installation and operation of systems or drafting of procedures for
systems are not an Audit function. Performing such activities is presumed to impair audit
objectivity and could be seen to be displacing the role of management.
31
5.16 Professional Standards:
Internal auditing is an independent, objective assurance and consulting activity designed
to add value and improve an organization’s operations. It helps an organization
accomplish its objectives by bringing a systematic, disciplined approach to evaluate and
improve the effectiveness of risk management, control and governance processes. DAB’s
internal audit department is adopting standards on internal audit as framed by Institute of
Internal Auditors (IIA) and accepted worldwide.
32
Ensure compliance with established policies, procedures, laws and regulations
Safeguard DAB’s assets and interests from losses of all kinds, including those
arising from fraud, irregularity and corruption
Ensure the integrity and reliability of information, accounts and data, including
internal and external reporting and accountability processes
b) Internal Audit devotes particular attention to any aspects of the risk management, control
and governance affected by material changes to the DAB's risk environment.
c) If the Comptroller General or the Audit Committee consider that the level of audit
resources or the terms of reference in any way limit the scope of internal audit, or
prejudice the ability of internal audit to deliver a service consistent with the definition of
internal auditing, they should formally advise the DAB’s Governor emphasizing, the
consequent limitations to the scope and value of the Comptroller General’s opinion and
the risks which may arise as a result. If the Governor decides to accept any such
limitation, this should be recorded formally.
d)
5.18.Fraud
Internal Audit Department has responsibility for the detection of fraud. However internal
auditors should be alert in all their work to risks and exposures that could allow fraud.
Managing the risk of fraud is the responsibility of DAB related departments. In the new
organizational Chart of Comptroller General Office a new section of Inspection is
established, while fraud is observed by any internal audit teams this should be formally
reported to CG where CG will assign Inspection team for further inspection accordingly.
33
5.20 Status of the Comptroller General
The comptroller general of internal audit has independent authority and his
responsibilities have been defined under article 21 of Da Afghanistan Bank Law 2004.
Under DAB Law he is a member of executive board of the bank and is graded with
sufficient status to facilitate the effective discussion and negotiation of the results of the
internal audit work with senior management and different departmental heads of DAB.
Evaluation tools used to grade the post give due weight to the influence of the CG of
internal audit on the risk management, control and governance of the DAB.
34
6- The Chairman of the Audit Committee present during meetings of Supreme
Council convened for the purpose of discussions and adoption of audited
financial statements;
7- The Audit Committee may invite such of the executives, as it considers
appropriate (and particularly the head of the finance function) to present at the
meetings of the committee, but on occasions it also meet without the presence of
any executives of the DAB. The Comptroller General, Chief Financial Officer
and a representative of the statutory auditor present as invitees for the meetings of
the Audit Committee;
8- The Comptroller General or his nominee act as the secretary to the committee.
35
Proposed changes, if any, in accounting policies and practices and reasons for the
same
Major accounting entries involving estimates based on the exercise of judgment
by management.
Significant adjustments made in the financial statements arising out of audit
findings
Compliance with any legal requirements relating to financial statements
Qualifications in the draft audit report.
Reviewing, with the management, the quarterly financial statements before
submission to the Supreme Council for approval.
Reviewing, with the management, performance of statutory and internal auditors
and adequacy of the internal control systems.
Reviewing the adequacy of internal audit function, including the structure of the
internal audit department, staffing and seniority of the official heading the
department, reporting structure coverage and frequency of internal audit.
Discussion with Comptroller General any significant findings and follow up there
on.
Reviewing the findings of any internal investigations by the internal auditors into
matters where there is suspected fraud or irregularity or a failure of internal
control systems of a material nature and reporting the matter to the Supreme
Council.
Discussion with statutory auditors before the audit commences, about the nature
and scope of audit as well as post-audit discussion to ascertain any area of
concern.
To review the functioning of the Whistle Blower mechanism, in case the same is
existing.
Carrying out any other function as is mentioned in the terms of reference of the
Audit Committee.
5.22.3 Review of Information by Audit Committee:
The Audit Committee mandatorily review the following information:
I. Management discussion and analysis of financial condition and results of
operations.
II. Management letters / letters of internal control weaknesses issued by the
statutory auditors.
III. Internal audit reports relating to internal control weaknesses; and
IV. The appointment, removal and terms of remuneration of the Comptroller
General based upon recommendations by the Audit Committee.
36
5.22.5 Consultations with the Audit Committee
The Supreme council of DAB ask the Audit Committee to advise them on the following:
The skill, experience and competency requirements for the post of the
Comptroller General.
The terms of reference for internal audit.
The effectiveness of the internal audit strategy and periodic plan in addressing the
organization’s risks.
The resourcing of internal audit.
The periodic work plans of internal audit, material changes to these plans, the
annual and interim audit reports, and any implications arising from their findings
and opinion..
The arrangements for and the results of quality assurance processes.
The adequacy of management response to internal audit advice and
recommendations.
The arrangements made for cooperation between internal audit, external audit and
other review bodies.
37
management as far as possible, particularly in respect of the timing of audit work
(except where unannounced visits are essential to the achievement of audit
objectives)
When fraud is suspected or detected, decisions to involve other agencies such as
the Attorney General or police taken by the management. If internal auditor does
not agree with the decision taken by the management in this respect, the same
reported to the Audit Committee.
38
5.23. 2 Staffing the Internal Audit Department:
The CG of Internal Audit is responsible for ensuring that the staff has access to
the full range of knowledge, skills, qualifications and experience to meet
department’s objectives and these standards. In addition to internal audit skills,
the CG specifies any other professional skills required by the auditors. He also
makes provision for appropriate support staff.
The CG of internal audit is responsible for recruiting staff with the appropriate
intellectual qualities, personal attributes and qualifications (or perceived ability to
undertake professional training).
The CG can appoint other persons as internal auditors when he believes that such
appointee’s specialist knowledge, training and experience enhances the
organization’s overall audit capability, and does not jeopardize its compliance
with these standards.
5.24 Reporting:
5.24.1 Principles of reporting
The CG determines the way in which audit findings will be reported, subject to
the provisions of these standards.
The CG set local standards for all reports
All audit findings promptly reported to the concerned
Written reports issued to the department/ DAB management, at the close of each
individual audit assignment.
The CG entitles to report any risk management, control or governance issue
directly to DAB’s Governor.
5.24.1.1Executive summary
Clear language
Briefly include all matters given in the main detailed report - audit activities, audit
findings, recommendations, suggestions etc.
Is not more than three pages.
39
5.24.2Review of draft report by team leader
Ensure that the findings are based on facts and figures and supported by evidence
and the result is of good quality audit work.
Ensure that all mistakes, deficiencies and exceptional issues are mentioned in the
report in a proper manner in order to bring attention of senior officials in the
auditee department.
Ensure that proper guidelines for corrective action have been given in all the areas
where weak points have been noticed,.
Ensure that in case of difference of opinion, the comment / disagreement of the
auditee have been given in the report
The language of the audit report is not aggressive but polite.
• Remarks of auditee – Auditor explain why the response is not acceptable and
ask the auditee for revision of its remarks in case of non-satisfactory remarks by
the auditee.
• Follow up - The IAD follows up with the auditee in order to get the response on
the audit report and especially to ensure that its recommendations have been
implemented
• Responsibility - All members of the auditing team have equal responsibility for
the accuracy of the contents of the audit report. In case of inaccuracy in the report,
all the members of the audit team held accountable by the CG.
5.24.5Reporting an engagement:
For each audit engagement a report produced. The purpose of the report is to
communicate the information by the focus of the review as determined by the internal
auditor.
The draft internal audit report reviews for accuracy and completeness before it is
issued to the Auditee Department for comment.
Internal audit reporting include specific reference to the risks associated with the
process under review and the relevance of internal audit findings to that risk profile.
40
The model structure for an internal audit report is as follows:
Title Page
- DAB Logo
- Comptroller General Office
- Internal Audit Report
- Name of Auditee Department
- Name of Assigned Team
- Date Audit Commenced
- Audit Completion Date
- Exist Conference Date
- Checked by
- Approved by
- Date final Report issued
- Confidentiality sentence
-
Main Body
5.25 Follow Up
1. Audit follow up means the follow up of progress of any action to be taken by the head of the
Auditee Department in response to audit findings and recommendations.
2. The purpose of audit follow-up is to gather information about:
Any policy changes or procedural modifications prescribed in response to the audit:
The action or planned action of the clients in response to the audit or any policy
procedural modifications
The result of the actions arising from the audit
3. After every three months, the CG of internal audit must ensure that all internal
Audit findings for which remedial action is not complete are followed up.
4. A follow up report should be submitted by the CG to the Audit Committee. The
Follow up report will have two parts.
i. In the event that the head of the Auditee Department has taken no action in
response to the internal audit report, the follow up report should include;
- Audit finding and recommendation for which the Auditee Department has
taken no action
- The management response of the Auditee Department at the time the
internal audit report was issued
- The reason why the Auditee Department has not taken any action
41
- The auditor’s comment in the event that the auditor still considers that
remedial action is necessary.
ii. In the event that the Auditee Department has taken action, the follow-up report should
Include;
- the audit finding / recommendation that has been followed up
- the management comment from Auditee Department at the time the internal
audit report was issued
- objective of the follow-up – to monitor progress or to review result
42
Chapter 6
Task Undertaken
43
3- Initial Meeting: During this opening conference meeting, the departments and branches
describe the unit or system to be reviewed, the organization, available resources
(personnel, facilities, equipment, funds), and other relevant information. The internal
auditor meets with the senior officer directly responsible for the unit under review and
any staff members s/he wishes to include. It is important that the departments and
branches identify issues or areas of special concern that should be addressed.
4- Preliminary Survey: In this phase the audit team gathers relevant information about the
unit in order to obtain a general overview of operations. Team talks with key personnel
and reviews reports, files, and other sources of information.
5- Internal Control Review: The team will review the unit's internal control structure, a
process which is usually time-consuming. In doing this, the auditor uses a variety of tools
and techniques to gather and analyze information about the operation. The review of
internal controls helps the team determine the areas of highest risk and design tests to be
performed in the fieldwork section.
6- Audit Program: Preparation of the audit program concludes the preliminary review
phase. This program outlines the fieldwork necessary to achieve the audit objectives.
7- Fieldwork: The fieldwork concentrates on transaction testing and informal
communications. It is during this phase that the team determines whether the controls
identified during the preliminary review are operating properly and in the manner
described by the departments and branches. The fieldwork stage concludes with a list of
significant findings from which the auditor will prepare a draft of the audit report.
8- Transaction Testing: After completing the preliminary review, the auditor performs the
procedures in the audit program. These procedures usually test the major internal controls
and the accuracy and propriety of the transactions. Various techniques including
sampling are used during the fieldwork phase.
9- Advice & Informal Communications: As the fieldwork progresses, the team discusses
any significant findings with the branches and department. Hopefully they can offer
insights and work with the team to determine the best method of resolving the finding.
Usually these communications are oral. However, in more complex situations, memos
and/or E-mails are written in order to ensure full understanding by the branches,
departments and the team.
10- Audit Summary: Upon completion of the fieldwork, the team summarizes the audit
findings, conclusions, and recommendations necessary for the audit report discussion
draft.
11- Working Papers: Working papers are a vital tool of the audit profession. They are the
support of the audit opinion. They connect the departments and branches accounting
records and financials to the team opinion. They are comprehensive and serve many
functions.
11- Audit Report: Our principal product is the final report in which we express our
opinions, present the audit findings, and discuss recommendations for improvements. To
facilitate communication and ensure that the recommendations presented in the final
report are practical, Internal Audit discusses the rough draft with the departments and
branches prior to issuing the final report.
44
12- Discussion Draft: At the conclusion of fieldwork, the team drafts the report and reviews
the audit working papers and the discussion draft before it is presented to the departments
and branches for comment. This discussion draft is prepared for branches and department
review before the exit conference.
13- Exit Conference: Internal Audit meets with the unit's management team to discuss the
findings, recommendations, and text of the draft. At this meeting, the departments and
branches comment on the draft and the group work to reach an agreement on the audit
findings.
14- Formal Draft: The team then prepares a formal draft, taking into account any revisions
resulting from the exit conference and other discussions. When the changes have been
reviewed by quality assurance, the final report is issued.
15- Final Report: Internal Audit prints and distributes the final report after signing of team
leader, auditors, comptroller general and approval of the audit committee, board of
directors.
16- Audit Follow-Up: Within approximately one year of the final report, Internal Audit will
perform a follow-up review to verify the resolution of the report findings.
45
Chapter 7
Literature Review
Review of literature comprises upon the existing literature and research related to the present
study with a view to find out what had already been studied. According to Wolf & Pant “The
purpose of the reviewing the literature is to develop some expertise in One’s area, to see what
new contribution can be made and to review some idea for Developing research design”
(Pant and Wolf; 1996:31-44).
Factors that enhance the quality of the relationships between internal auditors and
auditees: Evidence from Italian companies:
This study examines the relationships between internal auditors and auditees in an
attempt to identify the factors that influence the abilities of internal auditors (IAs) to build
high-quality relationships with auditees. The analysis is based on the responses of 78
Italian Chief Audit Executives who took part in a survey in 2014. The results indicate two
factors that are positively and significantly associated with high-quality IA–auditee
relationships: (1) the integration of senior management's inputs in the setting up of audit
plans; and (2) the use of the internal auditing function (IAF) as a management training
ground. The results also show a positive but marginally significant relationship between
the regular revision of audit methodologies and high-quality IA–auditee relationships.
Surprisingly, the results indicate a negative and significant association between the
diversification of an IAF's activities and an IAF's ability to create positive collaboration
with auditees.
46
The association between firm characteristics and the quality characteristics of the
internal audit function in the UK: An agency perspective:
This study investigates firm characteristics that may affect the IAF's quality
characteristics: size, independence, methodology, and competence. Its motivation is that a
firm's agency and economic costs can affect its way to invest in the IAF quality. In this
study, a postal questionnaire survey was sent to the head of internal audit (HIA) in 213
UK non-financial companies with in-source IAF, and archival data were collected from
the respondent companies' annual reports. The study found that a firm's size and the
proportion of cash flows from its operations are positively associated with the IAF's
quality characteristics, a suggestion that a high quality IAF is an important way of
compensating for the direct loss of control and of managing internal agency risks. In
addition, it found evidence that having a high quality IAF is a costly process; the level of
debt had a significant negative association with the IAF's quality characteristics.
Furthermore, the supporting OLS regression revealed a positive significant association
between the effectiveness of the audit committee and the quality characteristics of the
IAF. This study has important implications for both practice and future internal auditing
research and provides a composite measure that can be used to assess IAF quality.
47
Chapter 8
Research Methodology
The study is based on survey method. The primary data is collected by personal interviews
through structured questionnaires to knowing the views, comments and confidence regarding the
performance of Internal Audit functions in DAB. For the purpose of the study executives of
different departments were selected and interviewed. The secondary data is collected from the
books, magazines/ journals, websites, bulletin and including DAB Internal Audit Department
office
Sampling Plan: The sample was selected on the basis of Convenience Sampling.
Sample Size: 50
Schedule design: A well-structured schedule comprising of close ended, multiple choice and
dichotomous questions. Sincere efforts were made to make the schedule simple and precise.
Care is being taken to prepare the schedule according to the structure and format. The
schedule is set according to the objective of the study.
Method of data collection: Primary data were collected by face to face interview with the
help of a well-structured questioner and secondary data were collected from books,
magazines/journals, and websites.
Analysis Technique: The data collected from the respondents were analyzed using standard
statistical methods and techniques. Pie charts and bar diagrams were used to reach at the
conclusion. Findings were made on the basis of analysis. Recommendations were made on
the basis of findings drawn from various data collected.
48
Limitation
49
Chapter 9
Analysis, Interpretation, Findings and Conclusions
Q.1. Have you ever requested specific services of the Internal Audit function?
Percentage of Respondent
15.63%
Yes
No
84.38 %
INTERPRETATION
50
Q.2. How will you judge DAB present Internal Audit activities towards improving the
performance of the organization?
Percentage of Respondents
Good
80%
65.63% Average
60%
40% Poor
25%
20%
Does not
6.25%
0% 3.13% Comment
Good Respondents
Ave rage Poor
Does not
Comment
INTERPRETATION
51
Q.3. Taking into consideration the scope/objectives/structure and
responsibilities of the internal Audit functions, to what extent do you feel that
Internal Audit meets expectations?
Option No. of Respondent Percentage of respondent
Meet Expectations 23 71.875%
Does not meet 4 12.5%
expectations
Does not comment 5 15.625%
Total 32 100%
Percentage of Respondents
Meet
80.00% 71.88%
Expectations
70.00%
60.00%
Does not meet
50.00%
Expectations
40.00%
30.00%
15.63% Does not
20.00% 12.50%
Comment
10.00%
0.00%
Meet Does not meet Does not
Expectations expectations comment
52
INTERPRETATION
Percentage of Respondent
9 6.88%
100% Completely
Confident
80%
60% Somewhat
confident
40%
Does not
Comment
INTERPRETATION
53
Q.5. To what extent do you believe that the work of internal Audit
improves the overall internal control of the organization?
Percentage of Respondents
65.63% Greatly
70%
improves
60% Somewhat
50% improves
Does not
40%
28.13% improve
30% Don’t know/
20% not sure
6.25%
10%
0%
0%
Greatly Somewhat Does not Don’t know/
improves improves improve not sure
INTERPRETATION
54
Q.6.Do you believe that the work of Internal Audit helps in identifying and
improving the overall risk of the organization?
Percentage of Respondents
Agree
21.88%
34.38%
Neutral
Disagree
43.75%
INTERPRETATION
55
Q.7. Do you appreciate that internal audit team is proactive?
Response
Agree
78.1 3%
80.00%
Neutral
60.00%
40.00% Disagree
20.00%
3.13% 12.50% Did not
0.00% 6.25% respond
Agree Response
Neutral
Disagree
Did not
respond
INTERPRETATION
56
Q.8. Do you feel that Audit report issued by Internal Audit department
help the department to improve the work of department?
Percentage of Respondents
60.00% 53.13% Disagree
Not Respond
50.00% Agree
Neutral
40.00%
25%
30.00% 21.88%
20.00%
3.13%
10.00%
INTERPRETATION
Only 22% respondent agreed the statement
53% respondents remain s neutral
25% respondents Disagreed
3% respondents did not comment anything
57
Q.9. How do you rate the quality of Internal Audit report issued by
Internal Audit Department?
INTERPRETATION
58
Q.10.Do you think that Internal Audit have the right reporting structure?
INTERPRETATION
59
Q.11.Do you appreciate that audit work was efficiently performed
according to planning period?
INTERPRETATION
Only 9% Agreed
72% respondent remains Neutral
16% respondents Disagreed
Remaining 3% did not comment anything
60
Q.12.Do you consider that internal audit report was issued in a useful time?
INTERPRETATION
61
Q.13. Do you appreciate that internal Audit department is maintaining the
appropriate auditing standards?
INTERPRETATION
Only 6% Agreed
75% remains Neutral
6% Disagreed
Remaining 13% did not comment anything
62
Q.14.Do the Auditors motivate you to improve on your performance
with their suggestions?
INTERPRETATION
Only 6% respondent agrees that Auditors motivate them in improving their performance.
Nearly 47% respondent remains neutral with the statement.
Rest 47% disagree the statement.
63
Q.15. Does IA function has appropriate status in DAB?
INTERPRETATION
Only 34% of the respondents Agree that IA functions have appropriate
status in DAB
Nearly 47% of the respondents remain Neutral
18% respondent don’t believe that IA functions has appropriate status in
DAB
64
Details of respondents-
INTERPRETATION
65
Length of Service No. of Respondent Percentage of respondent
in DAB
More than 10 years 1 3.125%
5-10 years 2 6.25%
1-5 years 29 90.625%
Total 32 100%
3.13% 6.25%
5-10 years
90.63%
1-5 years
INTERPRETATION
More than 90% of the total respondents have an experience of more than 1-5 years
of service in DAB.
66
9.2 Findings
Major findings based on primary data collected from the respondents are stated as follows:
An internal Audit activity averagely improves the performance of the organization the
expectations of the internal customers were meet by the internal audit functions.
The overall internal control of the organization is improves to some extent by work of
Internal Audit the report issued by IA department helps in improving the performances of
the departments.
The executives of different departments have only few knowledge on the functions of
Internal Audit Department
1- A Project report on “Internal Audit Functions and its Performance in DAB” is the topic
for my study. It is a brief study of understanding about the IA functions of the
organization.
2- From the report it can be well identified that the organization has adopted a well and
distinguish Internal Audit functions. The IA department working independently and
reporting to the Audit Committee in a regular basis.
3- We have felt that the company has come forward to apply new skills and techniques in
order to improve the Functions of IA.
4- But there is some deficiency in internal audit department, senior management should tries
to provide facilities and remove obstacles like:
5- DAB should buy internal audit management software and tools for better performance
and maintaining of work quality.
67
6- DAB should allocate budget for CIA, ACCA or related certification course. To maintain
IIA and accounting standards.
7- DAB senior managements should make a comprehensive plan for employees’ safety.
The project work is very beneficial for us and the guidance and support receive from all during
the course of my project was very encourage.
68
ANEXTURE I
Questioner
Respected Sir/ Madam,
So, in this regard, we need your kind cooperation and support with your
valuable views on the topic to do the research. We assure you that the information
provided by you shall be kept strictly confidential and shall be used for academic
purpose only. Your help will go a long way in assisting us to complete our project.
Thanking you
Yours sincerely,
69
Please Tick off Only One Answer of the Following Questions.
a) Yes b) No
70
6) Do you believe that the work of Internal Audit helps in identifying and
improving the overall risk of the organization?
8. Do you feel that Audit report issued by Internal Audit department help
the department to improve the work of department?
9. How do you rate the quality of Internal Audit report issued by Internal Audit
Department?
71
11. Do you appreciate that audit work was efficiently performed according
to planning period?
12. Do you consider that internal audit report was issued in a useful time?
14.Do the Auditors motivate you to improve on your performance and with
their suggestions?
a) Strongly Agree b) Agree c) Neutral
72
Details of the Respondent:
Name (Optional):________________________________
Sex: a) M b) F
Department: ______________________Designation:______________________
b) 1-5 years.
c) 5-10 years.
_______________________
Signature of the respondent
Thank you for your time and the honesty of your answers.
73
Bibliography
Books:
1. Leading the Internal Audit Function, Auerbach Publications, 1st edition, (Lynn Fountain)
2. The Internal Auditing Handbook, 3rd edition (K H Spencer Pickett)
Reports:
Websites:
1. https://www.worldbank.org/en/country/afghanistan
2. https://dab.gov.af
3. https://na.theiia.org
4. https://www.accountingtools.com
5. http://www.internalauditor.me
74