Professional Documents
Culture Documents
Internal Audit
Ø “Internal audit provides independent assurance on effectiveness of internal controls & risk mgt
processes to enhance governance & achieve organisational objectives”.
Ø IA is expected to evaluate mgt activities & advise on areas of improving internal controls and manage
business and operational risks effectively by recommending appropriate mitigating controls.
Ø IA is important element of mgt controlling function
ü Helps mgt to set up appropriate systems & processes in place to mitigate risk while remaining
independent to operations.
ü IA is expected to report on identified gaps and areas of weak internal control
ü Identify root cause of problems & suggest appropriate mitigating steps & strengthen internal
controls environment of org.
Conclusion:
IA is seen as important function that helps mgt to achieve org. goals & work in an orderly manner.
Audit Trail
• Audit Trail (or Edit Log) is a visible trail of evidence enabling one to trace info. contained in
statements or reports back to original input source.
• Audit trails are a chronological record of changes made to data. Any change to data including creating
new data, updating or deleting data that must be recorded.
In order to demonstrate that the audit trail feature was functional, operated and was not disabled,
a Co. would have to design & implement specific internal controls (predominantly IT controls) which
would be evaluated by auditors, as appropriate. Explain.
An illustrative list of internal controls reqd to be implemented & operated are given below:
Controls to ensure that:
ü audit trail feature hasn’t been disabled or deactivated
ü access to audit trail (and backups) is disabled or restricted & access logs, whenever audit
trails have been accessed, are maintained.
ü changes to configurations of audit trail are authorized & logs of such changes are maintained.
ü User IDs are assigned to each individual and User IDs are not shared (
ü periodic backups of audit trails taken & archived as per statutory period specified under
provisions of Act.
Learn with Fun J
Evaluating whether work of Internal Audit Function can be used for Audit Purpose
a. Extent to which IA function’s organizational status and relevant policies and procedures support
objectivity of internal auditors
b. Level of competence of internal audit function &
c. Whether IA function applies a systematic and disciplined approach, including quality control.
Determining Nature & Extent of work of Internal Audit Function that can be used
Types of Work of IA function that can be used by external auditor include following:
• Testing of operating effectiveness of controls.
• Substantive procedures involving limited judgment.
• Observations of inventory counts.
• Tracing transactions through the information system relevant to financial reporting.
• Testing of compliance with regulatory requirements.
• In some circumstances, audits or reviews of financial information of subsidiaries that aren’t significant
components to group (where this does not conflict with requirements of SA 600).
Written Agreements: Prior to using IA to provide direct assistance for purposes of audit
a. From authorized representative of entity that IA will be allowed to follow external auditor’s
instructions, & entity will not intervene in work IA performs for external auditor and
b. From internal auditors that they will keep confidential specific matters instructed by external
auditor and inform about any threat to their objectivity.
“If you want to fly, give up everything that Weighs you down”