Manual On Internal Audit PDF
Manual On Internal Audit PDF
Manual On Internal Audit PDF
Internal Audit
DISCLAIMER :
The views expressed in the Manual on Internal Audit are those of the
author(s). The Institute of Chartered Accountants of India may not
necessarily subscribe to the views of the author(s).
Edition
January, 2009
Website
www.icai.org
Price
ISBN
978-81-8441-179-9
Published by
Printed by
ii
Foreword
The year 2008-09 has been a very active year for the Internal Audit Standards Board. The year
has seen the Board issuing a number of Standards on Internal Audit as well as other technical
literature such as generic and industry specific technical guides. I am happy to note that the
Board is brining out this Manual on Internal Audit.
This is first of its kind of Manual on internal audit to be published by the Institute as it contains a
step by step approach to conduct internal audit, right from appointment to reporting. The Manual
has been developed by a team of experts in the field of internal audit and risk management and
the fact is amply reflected in the fine balancing of conceptual vis a vis practical approach to
internal audit in the Manual.
I appreciate that despite being a highly technical document, the Manual has been written in a
very simple and lucid manner. Besides, the guidance contained herein being generic in nature,
the Manual can be gainfully used by all the internal auditors across the cross section of industry
type and size.
At this juncture, I wish to compliment all members of Internal Audit Standards Board, especially,
the Chairman, CA. Abhijit Bandyopadhyay for having conceived the idea.
I am sure that this Manual, like other publications of the Board, would be warmly received and
appreciated by the members and other interested readers.
Ved Jain
New Delhi
President, ICAI
iii
Preface
Contemporary internal audit is a vast field with a number of facets to be understood and
addressed. The Internal Audit Standards Board has been working relentlessly to bring out more
and more quality literature for the guidance of the members. Till date the Board has brought out
not only more than ten Standards on Internal Audit (SIAs) on various significant aspects of
internal audit, it has published a number of widely appreciated generic as well as industry
specific technical guides for the benefit of the members.
When the Board conceived the idea of having a Manual on Internal Audit, the basic objective
behind the same was to bring out a comprehensive publication on internal audit, containing
practical guidance on conducting an internal audit in a real life scenario. Accordingly, the Board
roped in the services of an expert in the area of internal audit and risk management to prepare
this Manual. The Manual, as you would see, is quite comprehensive, providing a step by step
guidance on every aspect of internal audit. It is divided into four main parts. Part A deals with
Internal Audit Engagement Management, Part B deals with Internal Audit Project Management,
Part C deals with Close Outs and Part D deals with General Annexures. While each of the
Parts is further divided into relevant sub topics, Part B contains, guidance on aspects such as
overall planning, pre audit opening, detailed walk throughs, report, checklists, audit
programmes, report compilation, exit meeting and report issuance.
The Manual contains a number of templates as well as checklists for ready reference and easy
use of the readers. The Manual has therefore, a wider usage and appeal. I personally feel that
the Manual has turned out to be the first of its kind one stop reference for the internal auditors to
be issued by the Institute.
I wish to place on record my thanks for Shri Ved Jain, President, and Shri Uttam P Agarwal,
Vice President, ICAI for their vision and unstinted support in the activities of the Internal Audit
Standards Board. I also wish to express my sincere gratitude to all my colleagues from the
Council at the Internal Audit Standards Board, viz., CA. Bhavna G. Doshi, Vice Chairperson,
CA. Sunil H. Talati, CA. Mahesh P. Sarda, CA. Shanti Lal Daga, CA. K. P. Khandelwal, CA.
Manoj Fadnis, CA. Anuj Goyal, CA. Amarjit Chopra, Shri Manoj K Sarkar, Shri K. P. Sasidharan,
Dr. Pritam Singh and Shri O. P. Vaish for their vision and support. I also wish to place on
records my gratitude for the co-opted members on the Board, viz., CA. Partha Sarathi De, CA.
N. K. Aneja, CA. Charanjit S. Attra, CA. Nagesh D. Pinge as also special invitees on the Board,
viz., CA. Harinderjit Singh (my Council colleague), CA. Deepak Wadhawan, CA. Manu Chadha,
CA. Santosh Nair and CA. Amit Roy for their free and frank views, invaluable guidance as also
their dedication and support to the various initiatives of the Board. I also wish to thanks to
CA. K. Raghu (my Council colleague), for his support in bringing out the Manual. I also wish to
express my thanks to CA. Puja Wadhera, Secretary, Internal Audit Standards Board and her
team of officers, CA. Gurpreet Singh, Senior Executive Officer and CA. Arti Aggarwal, Executive
Officer for their efforts in giving final shape to the Manual.
I am sure that the Manual would be warmly received by the interested readers and would be
recounted as a landmark publication of the Institute.
January 19, 2009
Abhijit Bandyopadhyay
Kolkata
vi
Contents
Page No
Foreword..(iii)
Preface. (v)
Format
No
Part - A
A/1
A/2
A/3
Engagement letter
A/4
15
A/5
Organization Background
16
A/6
Industry Research
18
A/7
20
Paet - B
B/1
23
25
B/2.1
25
B/2.2
26
B/2.3
28
B/2.4
29
B/2.5
30
B/2.6
31
32
B/3.1
Selection of sample
32
B/3.2
33
B/3.3
34
37
37
B/4.1.1
37
B/4.1.2
43
B/4.1.3
51
B/4.1.4
65
B/4.1.5
74
B/4.1.6
83
B/4.1.7
88
B/4.1.8
B/4.1.9
101
B/4.1.10
B/4.1.11
B/4.2
106
120
93
124
B/4.3
129
B/4.4
132
Report Compilation
133
B/5.1
133
B/5.2
136
B/5.1
137
Exit Meeting
138
138
139
144
B/5.2
B/6.2A,
B/6.2B
B/5.1
Report Issue
145
B/7.1
145
B/7.2
147
B/7.3
154
157
157
B/8.1A
157
B/8.1B
161
B/8.2
162
Part -C
Close Outs
C/1
Invoice Format
165
C/2
166
C/3
167
Part - D
General Annexures
D/1
171
D/2
172
D/3
173
D/4
175
viii
PART A
Dear Sir,
Sub: Introduction of Our Internal Audit Services
In continuation to your request, we are very happy to introduce XYZ & Co, one of a specialist in
delivering you high value Internal Audit Services based at <City>. We are a team of XX
Chartered Accountants, XX Information Systems Auditors, XX Internal Auditors.
Our methodology is adopted from global standards and ICAI standards and would be providing
required value add. Some of the clients whom we have delivered the services are Client 1,
Client 2, Client 3, Client 4 etc. to name a few.
Please also find attached a detailed profile1 of our organization for your review.
forward to hear from you in this regard.
We look
Warm Regards,
For XYZ & Co.
XYZ,
Partner
2
3
Attach your organizations profile to this letter. Please comb-bind the profile for presentation.
The objective of this letter is just to introduce your organization subject to a request from the client.
3
The letter should be preferably signed by the Partner of the organization or an authorized representative. Keep an
office copy of this letter. A file viz., Initial Introduction Letters may be opened to track all the letters.
2
Evaluate the business processes to ensure that they are aligned to the business objectives.
Evaluate the compliance to both the internal policies and procedures of the company and
external regulations to the extent applicable to the following key processes.
Evaluate the effectiveness and efficiency of the identified processes and related internal
controls.
Evaluate progressively the risks relating to the business management covering information
technology and general process
Process 12
Process 2
Marketing
Process 1
Process 2
1
2
Proposal may be printed on the letter head of the organization or a simple A4 Size Sheet.
You may also add a list of risks that shall be looked into in the process.
Process 1
Process 2
Process 1
Process 2
HR Process
Process 1
Process 2
Process 1
Process 2
Process 1
Process 2
Information Technology
Process 1
Process 2
The depth and sample size under the above business processes will be decided based on Risk
assessment, where incase the Risk level is high, the area shall be analyzed in depth and the
sample size shall also accordingly increase. The coverage shall be based on significant risks
identified in the area of concentration. The methodology adopted for internal audit deliveries is
separately given in this proposal.
Each firm may have its own methodology / format of deliverables. This is model only.
Relevant business / process / internal audit expertise and access to best practices
Saving costs and efforts for the organization and help management concentrate on core
competency
Our strong methodology also includes taking the input of the top management, process
management and audit management to design a solution that means value addition. Our
deliverable will give a road map to make the necessary process improvements that gives a big
seat for practicality of implementation of recommendations.
Pre Audit Opening
Planning of Audit
Report Compilation
Exit Meeting
Final Official Report Issue as per Standards on Internal Audit (SIAs) Issued by the ICAI
Executive summary
Audit Implementation Action Plans with time lines and responsibility shall be updated after
management discussion.
The Audit shall be conducted as per the Standard on Internal Audit (SIA) 4 for Reporting
released by ICAI.
Sl
No
Partner
Senior Manager
Associates / Consultants
No of man
days / man
months
Qualifications
Total Time
Taking the above deployments into account, the fee for the assignment is estimated as Rs.
XXXXXXX/- excluding applicable service taxes. Incase there is any travel incidental to the
delivery of the project we shall adhere to internal policies and shall be reimbursed on actual.6
4
Incase you would like to expand the deliverables, it can be done. Sometimes clients would like to know what is the
format of deliverable, in such cases, an annexure may be added.
5
A detailed resource list may be given where necessary.
6
It is always good practice to add commentary about service tax and out of pocket expenses (OPEs) applicability /
inclusion.
Resources Required
An audit room will be set up having the sufficient no. of Table and chairs along with White
board for meeting and discussion.
Access to all the data, record, employees required for the effective performance of internal
audit.
Computers with access to company ERP, email and other systems with printing facility with
adequate stationary.
Project Coordination:
We understand the importance of a project coordinator over the period of the assignment. The
team shall be interacting with the process owners through the project coordinator.
7
8
Logos of clients may be given, whereas prior permission of clients may be necessary.
Some firms also add confidentiality clause / non-compete clause in the proposal itself.
Engagement Letter
Format No: A/3
<on the letter head>
Date: <DD MMM YYYY>,
<City>.
To
Mr./Mrs. <Name of the Client Representative>,
<Designation>,
<Name of the Company>,
<City>.
Dear Sir,
Sub: Internal Audit Engagement Letter
With regards to the discussions we had on DD/MM/YYYY and in continuation with the proposal
given on DD/MM/YYYY, please find the Engagement Letter for the Internal Audit Assignment
with the following Scope, Objective and Timelines:
Evaluate the business processes to ensure that they are aligned to the business objectives.
Evaluate the compliance to both the internal policies and procedures of the company and
external regulations to the extent applicable to the following key processes.
Evaluate the effectiveness and efficiency of the identified processes and related internal
controls.
Evaluate progressively the risks relating to the business management covering information
technology and general process
Process 1
Process 2
Marketing
Process 1
Process 2
Contract/Project Management
Process 1
Process 2
Process 1
Process 2
HR Process
Process 1
Process 2
Process 1
Process 2
Process 1
Process 2
Information Technology
Process 1
Process 2
The depth and sample size under the above business processes will be decided based on Risk
assessment, where incase the Risk level is high, the area shall be analyzed in depth and the
sample size shall also accordingly increase. The coverage shall be based on significant risks
identified in the area of concentration. The methodology adopted for internal audit deliveries is
separately given in this proposal.
10
Engagement Letter
The following are the benefits for the organization from outsourcing:
Relevant business / process / internal audit expertise and access to best practices
Saving costs and efforts for the organization and help management concentrate on core
competency
Our strong methodology also includes taking the input of the top management, process
management and audit management to design a solution that means value addition. Our
deliverable will give a road map to make the necessary process improvements that gives a big
seat for practicality of implementation of recommendations.
Pre Audit Opening
Planning of Audit
Some clients may not want a detailed methodology to be given in the engagement letter.
11
Report Compilation
Exit Meeting
Report Issue
Final Official Report Issue as per Standards on Internal Audit (SIAs) Issued by the ICAI
Executive summary
Audit Implementation Action Plans with time lines and responsibility shall be updated after
management discussion.
Partner
Senior Manager
Associates / Consultants
12
No of man days /
man months
Qualifications
Engagement Letter
3
Taking the above deployments into account, the fee for the assignment is estimated as Rs.
XXXXXXX/- excluding applicable service taxes. Incase there is any travel incidental to the
delivery of the project we shall adhere to internal policies and shall be reimbursed on actual.
Resources Required
An audit room will be set up having the sufficient no. of Table and chairs along with White
board for meeting and discussion.
Access to all the data, record, employees required for the effective performance of internal
audit.
Computers with access to company ERP, email and other systems with printing facility with
adequate stationary.
Project Coordination:
We understand the importance of a project coordinator over the period of the assignment. The
team shall be interacting with the process owners through the project coordinator. It is the duty
of the Project Coordinator to organize the information and time of the process owners. Any
delay due to coordinator or process owner shall not be the responsibility of the Internal Audit
Service Provider.
Confidentiality Clause:
We shall maintain confidential all the information collected as part of the engagement and shall
not disclose them unless until necessary as per the regulations of the land of assignment.
Incase of need to disclose the information, we shall take the permission of the client coordinator
before disclosing.
Termination Clause:
The assignment can be terminated by either parties by giving a notice in advance of atleast 1
month. Thereafter the information / documentation collected shall be returned back to the client.
4
Incase of negligence, quality standards compromise, and willful default, the client shall have
the right to be indemnified for all the costs till the date of termination.
3
4
Some clients may be interested to add a detailed Gantt chart of the project.
Some clients may also be interested to add a Quality Assurance Clause.
13
XYZ,
Partner
On behalf of Client
Please ensure that the seal is put on the Contract. The engagement letter shall be made in two copies, one for
each party.
14
Assignment Name
Engagement Manager
Company Name
Please define in as much detail as possible the objectives for which the assignment is being handled. Objective is
the element, one is trying to achieve at the end of the project. It is very important that the objectives are defined as
clearly as possible to eliminate ambiguity.
2
Define the areas of coverage, it may be in period / departments / divisions / business processes / locations / units
etc., The scope should be linked to objectives.
3
It is recommended to do as much brainstorming as possible to define this document at the planning stage.
15
Organization Background
Format No: A/5
Assignment Name
Assignment No
Engagement Manager
Company Name
16
Organization Background
Obtain important performance statistics which shall help understand organizations current state of affairs.
Please give annexure where necessary. You may use MS-Visio or MS-Excel to prepare organization structures.
4
Detail about the systems and procedures currently in place. Also capture the level of standardization in the
organization ie. Existence of Standard Operating Procedures, Policies etc.,
3
17
Industry Research
Format No: A/6
Assignment Name
Assignment No
Engagement Manager
Company Name
The objective of this document is to identify the industry practices / competitor practices so as to
enable the organization under to benchmark itself.1
Source
The strength of this document projects you as an industry resource to the clients.
18
Industry Research
Sl No
Performance Indicator
Business /
Business Process
19
Source
Associations,
Websites,
Industry
Assignment No
Engagement Manager
Company Name
Proposal Copy
Organization Background
Industry Research
Work Papers
10
11
12
13
Feedback Form
14
20
PART B
21
22
Overall Planning
Format No: B/1
Assignment No
Assignment Name
Engagement Manager
Company Name
Name of Person
Selected
Project Costing:
Sl.no
Expenditure type
Administrative Costs
Planned
Total
Amount Billed
Profitability
% age of Profitability
Detailed Planning
Sl. No
Form Name
Planned Date
Opening Meeting
Assignment Scheduling
23
Auditor
Form Name
Planned Date
Planning
4.1
4.2
Data Analysis
4.3
Walk Through
4.4
4.6
4.7
Field Work
5.1
5.2
6
6.1
Exit Meeting
Draft Report with management comments
7.1
Structured Reporting
7.2
Presentation of Finding
8
8.1
9
Auditor
9.1
Invoice Generation
9.2
9.4
Client Feedback
9.5
9.6
10
Quality Audit
10.1
10.2
File Closure
Manager
Partner
24
Assignment No
Engagement Manager
Company Name
Date of Meeting
Participants from Auditees
Name
Sl No
Department
Participants from Internal Audit Team
Designation
Name
Handled by
Collect
policies
(Reffer footnote)
various
operating
Designation
Documentation
the
procedures,
Any further specific questions may be raised apart from generic. Whereas, the objective of the meet is to give a very
high level understanding on the audit.
Assignment No
Engagement Manager
Company Name
Major Process
Name
Name of the
Process1
Process Owner
Date of Process
Analysis
Process Objectives
Division
No of
Employees
Location
System
ERP / Manual
Process Map2
1
2
Document only the most important processes which relate to our audit objectives.
Process Maps can also be done using MS-Visio, Excel. Whereas, MS-Word may be most frequently used tool.
26
Process /
Activity /
Action Box
Decision
Box
Filing,
Document,
Form etc.,
Process
Gap
Indicator
We recommend basic flow charting techniques for process flow. You may also use advanced techniques where
necessary.
4
Process flow should be signed off with the process owners.
27
28
Data Needs
Objective6
Period to
be
Covered
Necessary Field
28
Format in
Which Required
( Excel /
Text/PDF)
The data collection may be possible with ERP / Tally / Excel / Manual.
Refer to the Risk Checklists for more information on Data needs identification.
Sl
No
Company Name
Assignment Name
Requested
To
Date of
Request
Expected
Date
Engagement Manager
Assignment No
Actual Date of
Collection
29
Details of Data
Analysis
Details of
Inferences9
Remarks
Engagement Manager
Assignment No
7 8
29
The objective of the document is to consolidate the analysis, research, previous audit reports in an inference document which shall be an input to various other phases,
reports etc.
This document also acts as a best practice instrument and is generally highly appreciated during Quality Assurance / Audits / Peer Reviews.
Inference may be the conclusion drawn after the analysis which in-turn may lead to further analysis, in-depth verification, direct reporting etc.
Sl No
Company Name
Assignment Name
1011
Engagement Manager
Assignment No
Remarks
30
30
The objective of the document is to consolidate the analysis, research, previous audit reports in an inference document which shall be an input to various other
phases, reports etc.
11
This document also acts as a best practice instrument and is generally highly appreciated during Quality Assurance / Audits / Peer Reviews.
12
Inference may be the conclusion drawn after the analysis which in-turn may lead to further analysis, in-depth verification, direct reporting etc.
10
Sl No
Company Name
Assignment Name
31
14
13
Details of Processes /
Risks Discussed in
the Session
Important Conclusions
1314
Remarks
Engagement Manager
Assignment No
31
Brainstorming sessions are a very good practice where the Consultants, Managers and Partners discuss as to the understanding of the processes, risks and threats in
the organization and evolve a deeper thought process. This is also a good way to exchange knowledge in your organization.
This document also acts as a best practice instrument and is generally highly appreciated during Quality Assurance / Audits / Peer Reviews.
Sl No
Company Name
Assignment Name
Assignment Name
Company Name
Sl No Area of Verification
1
Process to be verified
and Objective to be
achieved
Type of
Sampling
Adopted
No of
Samples
Selected3
Result of
Verification4
Conclusi
ons
Incase of usage of an Audit Tool viz., ACL, IDEA generally 100% transactions can be verified for exceptions study.
Seed technique may be used for random sample pick up. All the transactions should have equal probability of
being picked up. Random number generator may be used for selection to avoid bias.
3
Attach a list of samples selected and the result of verification as an annexure.
4
Incase of high critical observations to be made, and the result is negative, you may confirm the conclusion by
picking up further more sample.
2
33
Sample Transaction
Control 1
Control 2
Control 3
33
This document should be used to track the walk through / verification on the samples selected for study.
This document may be used at the time of planning or at the time of field work.
Sl No
Company Name
Assignment Name
Control 4
Control 5
Engagement Manager
Assignment No
Control 6
Assignment Name
Engagement Manager
Company Name
Process 1: 8
Sl
No
Sub
Process
Area
Comments
Form / Format
Objective
Critical Control Description
ERP / Application Used
Maker
Authorizer
Report Generated
Input
Output
Operating Procedures
Policies
Objective
Critical Control Description
ERP / Application Used
Maker
Authorizer
Report Generated
Input
Output
Operating Procedures
Policies
7
It is not mandatory to document the processes always in the format given above, whereas once documented, it
increases the clarity of the auditor on the business process and hence mistakes at the time of report are significantly
reduced.
8
Process Sub Process can be as detailed as possible till it identifies an auditable area with clarity.
34
Sub
Process
Area
Comments
Form / Format
Objective
Critical Control Description
ERP / Application Used
Maker
Authorizer
Report Generated
Input
Output
Operating Procedures
Policies
Process 2:
Sl
No
Sub
Process
Area
Comments
Objective
Critical Control Description
ERP / Application Used
Maker
Authorizer
Report Generated
Input
Output
Operating Procedures
Policies
Objective
Critical Control Description
ERP / Application Used
Maker
Authorizer
Report Generated
Input
35
Form /
Format
36
38
c. Is there a system for
evaluating
legal
compliance issues
a. Has
the
Company
designed processes to
ensure that there is no
lapse of control leading
to frauds
c. Is there a succession
plan with the
management for key
positions
The
use
of a. Is there a MIS system
inappropriate
highlights the performcontrols/performance
ances of the various
measures, leading to
department
and
wrong conclusions and
functions
inferences
about b. Does the Management
performance of the
review
the
perform-
Possibility of frauds,
illegal acts
Risk Listing
(What Wrong Can
Happen)
Checklist
38
Operational Risks
Auditor
Time for
Audit
Step
a.
MIS
Reports
received
by
Management
a. Audit Committee
action points
a. Organization Chart
Information
Required from
Auditee
Observations
39
c. Is there a review of SOP
frequently
for
incorporating changes
firm's operations
Risk Listing
(What Wrong Can
Happen)
Checklist
39
Communication Risks
Auditor
Time for
Audit
Step
Budget
a. List of training
programs
and
feedback given
a. Standard
Operating
Procedures Manual
b. Operating Plans
a. Annual
Plan
Information
Required from
Auditee
Observations
40
Risk
of
customer a. Has the Management
taken conscious efforts
dissatisfaction
for quality improvement
The
risk
that a. Capture the process of
communication from top
movement
of
management gets lost
memos/circulars
and
evaluate if the process is
in transition
adequate
Risk Listing
(What Wrong Can
Happen)
Checklist
40
Marketing Risks
HR Risks
Auditor
Time for
Audit
Step
a. Quality documents
a. Key Performance
Indicators
Information
Required from
Auditee
Observations
b. Has
the
company
implemented
quality
standards such as Six
Sigma
or
ISO
for
maintaining quality and
thereby
customer
satisfaction
41
taken for
of
new
c. Are
new
markets
explored for adequate
product
and
market
spread
b. Are efforts
exploration
products
Risk Listing
(What Wrong Can
Happen)
Auditor
41
Checklist
Time for
Audit
Step
a.
Business
Continuity
and
Disaster
Recovery
Plan
Information
Required from
Auditee
Observations
Risk from
wrong
inadequate
commitment,
execution
b. Are
Service
Level
Agreement drawn for
engagements
and
reviewed
Risk Listing
(What Wrong Can
Happen)
Auditor
42
Checklist
Time for
Audit
Step
Information
Required from
Auditee
Observations
42
43
Impact Analysis
Auditor
Checklist
43
Time
for
Audit
Step
1. Invoices
Register/List
2. Supporting
documents
such as terms
and conditions
3. Payment
Register
4. Credit Notes
5. Debtor Reconciliation
and
confirmation
documents
6. Bad
Debts
written off
Information
Required from
Auditee
Engagement Manager
Assignment No
Ineffective
process
invoice
generation
Risk Listing
(What Wrong
Can Happen)
Company Name
Assignment Name
Observations
Inadequate
receivables
management
Risk Listing
(What Wrong
Can Happen)
Delays in invoicing
resulting in delays in
receipts and funds
blockage.
44
Generate
receivables
ageing
report
and
ascertain reasons for long
pending outstanding and
check the procedure for
follow up of outstandings
44
Delays in monitoring
receipts resulting in
cash
flow
loss.
Calculate the average
number of days of
delay and the cash
flow loss due to non
receipt of funds on
time.
Impact Analysis
Auditor
Checklist
Time
for
Audit
Step
Information
Required from
Auditee
Observations
Inadequate
Payment
Process
Risk Listing
(What Wrong
Can Happen)
45
Auditor
Checklist
Goods/Services
Receipt note and
approval from the
user department for
receipt
of
material/service
45
Misstatement of debtor
balances in the final
accounts.
Impact Analysis
Time
for
Audit
Step
d. Goods/Ser-vice
delivery Notes
c. Payment
Register
b. Payment
Vouchers
a. Purchase
Orders
Information
Required from
Auditee
Observations
Risk Listing
(What Wrong
Can Happen)
46
c. Payment is made as
per the terms and
conditions
entered
into with the vendor
b. Payment entry is
made accurately and
completely for all the
GRN/Service notes
46
Debit
notes
not
supported
by
Purchase
returns
documents
and
replacement/adjustme
nt not made accurately
for the debit notes
Delay
in
payment
results in unnecessary liability imposed
as per the terms and
agreements with the
vendor
Impact Analysis
Auditor
Checklist
Time
for
Audit
Step
a. Debit notes
a. Creditors ageing
analysis
e. Agreement with
the vendor
Information
Required from
Auditee
Observations
Books
of
accounts not
closed on a
timely basis
Risk Listing
(What Wrong
Can Happen)
Impact Analysis
47
Ledger Accounts
P&L account
Balance Sheet
Debtors ageing
a.
b.
c.
d.
e.
Auditor
Checklist
47
Ascertain delays in
closure of books and
ensure the reasons for
the delay
Delays
in
closure
leading
to
non
availability of financials
for
review
and
decision making.
Delay
in
payment
results in unnecessary liability imposed
as per the terms and
agreements with the
vendor
Time
for
Audit
Step
of
e. Statutory
remittances
d. Bank
Reconciliat-ion
Statem-ent
c. Ageing reports
b. Ledger
summaries
a. Books
Account
a.
Vendor
reconciliation
documents
Information
Required from
Auditee
Observations
Risk Listing
(What Wrong
Can Happen)
Bank Reconciliation
Statutory remittances
g.
h.
48
Peform a GL scrutiny to
ascertain
any
irregularities
in
transactions posting and
undertake
a
detailed
review
wherever
discrepancies
are
identified
Creditors ageing
f.
48
Inaccurate updation of
accounts resulting in
misstatement
in
financials.
Impact Analysis
Auditor
Checklist
Time
for
Audit
Step
a. General Ledger
Information
Required from
Auditee
Observations
49
an
Checklist
Time
for
Audit
Step
b. Variance
Analysis Report
a. Annual Budget
Information
Required from
Auditee
49
Funds Management would also include review of Foreign Exchange gains/loss, technique of hedging etc depending upon the nature of the company.
b. Expenditure incurred is
verified with the budget
and corrective actions
are taken for deviations
from the budget
authorized
on
annual basis
Review
the
budget Inordinate deviations
system and verify the from
the
budget
resulting
in
following:
excess/short
spending
a. Budget is prepared and
Inadequate
budget system
Auditor
Impact Analysis
Inadequate
provisioning
Risk Listing
(What Wrong
Can Happen)
Observations
Inadequate
control
over
physical
cash/cheques
Inadequate
fund utilization
Risk Listing
(What Wrong
Can Happen)
50
Ensure
if
Physical
verification of cash is
done Periodicity /
timings and reconciliation
of differences in balances
if any.
Ensure if review of
investments
/
bank
balances, interest earned
and identification of idle
balances is being done .
50
Inadequate
funds
management resulting
in idle funds and
notional loss on idle
funds
Impact Analysis
Auditor
Checklist
Time
for
Audit
Step
c. Cash Vouchers
b. PDCs
a. Cheque books
b. Physical Cash
a. Cash Register
c. Interest details
b. Bank
details
and
bank
statements
a. Investment
details
Information
Required from
Auditee
Observations
51
HR Plan not a.
Understand
the
meeting
the process of HR planning
objectives of the to verify that adequate
steps are taken to
Company
ensure
that
the
candidate requirement
projected is justifiable
Risk Listing
(What Wrong
Can Happen)
Auditor
Number of persons
recruited
in
excess/short
thereby resulting in
inadequate
HR
sizing
Check
for
requirements which
are not properly
authorized.
Positions recruited
not
adequately
justified resulting in
increasing
HR
Costs.
51
HR Planning Process
Impact Analysis
Company Name
Assignment Name
Checklist
Time
for
Audit
Step
a. Annual
Plan
HR
Information
Required from
Auditee
Engagement Manager
Assignment No
Observations
Selection
of
Candidate not
as
per
the
requirements of
the Company
Risk Listing
(What Wrong
Can Happen)
52
b. If it is outsourced to a
recruitment
agency
verify if the process
carried out for selection
of the agency is done
after proper evaluation
Approval
not
assigned
for
deviations resulting
in non compliance
with
policy
and
inadequate control
effectiveness
Auditor
Improper selection
of
recruitment
agency resulting in
recruitment flaws.
52
Recruitment Process
Impact Analysis
Checklist
Time
for
Audit
Step
a.
Requisition
form wherein the
requirement of the
candidate and the
expectations are
filled
in
b.
Inerview/Assessm
ent
form
c.
Candidate's
resume
d. Offer letter
e.
Recruitment
policy
and
Operating
Information
Required from
Auditee
Observations
Risk Listing
(What Wrong
Can Happen)
Impact Analysis
Non availability of
supporting
documents
for
selected candidate
resulting
in
inadequate
justification
for
candidate selected
Candidate selected
not meeting the
requirements of the
department
resulting
in
inefficiency in the
functional area
Delay in recruitment
resulting
in
positions not filled
up
within
the
required
time
leading
to
inefficiency
and
overtime costs for
the
existing
employees
c.
Check
if
the
recruitment
of
the
candidate is supported
by
documents,
viz.
resume,
interview
results,
terms
of
employment, offer letter
etc.
53
Auditor
Checklist
Time
for
Audit
Step
Procedure
available
Information
Required from
Auditee
if
Observations
53
Induction
formalities not
completed
as
per
requirements
Risk Listing
(What Wrong
Can Happen)
Inadequate
background verification
resulting in selection of candidate not
suitable
for
the
related vacancy
f. Check if adequate
background verification
has been done for the
candidate selected. If
the selection is through
the recruitment agency,
check if the agency has
carried out adequate
background check for
the candidate selected
54
Auditor
Inadequate
induction
formalities
resulting in administrative
inconveniences
(eg.
Salary payment to
be processed seperately because of
not opening bank
account
of
the
employee on time)
54
Induction
g.
Check
if
the Selection not as per
recruitment is authorized the requirements of
by
the
appropriate the company
personnel
Impact Analysis
Checklist
Time
for
Audit
Step
a.
Induction
Checklist if any
b. Policies/Code
of
conduct
documents signed
by the employees
Information
Required from
Auditee
Observations
Inadequate
procedures for
monitoring
attendance
of
the employees
Risk Listing
(What Wrong
Can Happen)
Inadequate communication of
company's policies
resulting in dilution
of Company's
objectives
Auditor
Checklist
Inadequate
attendance
captured resulting in
inability to compare
the salary paid to
number of days
worked
Leave
not
sanctioned by the
designated authority
resulting in control
lapses
and
inaccurate payroll
processing
a. Select sample of
attendance
register
(manual/system
generated) for a month
and compare it with the
leave records to ensure
that
the
attendance
captured is accurate
b. In case of leave as
selected above, check if
the leave has been
sanctioned
by
the
concerned personnel as
defined in the Delegation
of Authority.
55
Attendance Management
Impact Analysis
Time
for
Audit
Step
a.
Attendance
Registerb. Leave
Records
Information
Required from
Auditee
Observations
55
Risk Listing
(What Wrong
Can Happen)
56
Inaccurate
calculation of leave
resulting
in
inaccurate payroll
processing
and
salary payment
Possibility
for
modifications
in
records resulting in
non reliability of
data
Impact Analysis
56
Auditor
Checklist
Time
for
Audit
Step
Information
Required from
Auditee
Observations
Auditor
Fictituous
employees in the
payroll resulting in
higher salary costs
for the company
b.
Inaccurate b.
Compare
the
Payroll
employee details as per
the attendance register
Database
and employee details as
per Payroll register and
check for any dummy
names in the payroll
register
57
Payroll Processing
Impact Analysis
Inadequate
Segregation of Duty
resulting
in
unauthorized
access to records
increasing
the
possibility
for
manipulation
a.
Inadequate a. Check that the person
Segregation of capturing the attendance
and
the
person
Duty
processing the payroll is
different,
to
ensure
adequate segregation of
duty.
Risk Listing
(What Wrong
Can Happen)
Checklist
Time
for
Audit
Step
Payroll
Database
Offer letter
for
salary
details
List of new
joinees
List
of
resignees
List
of
employees
transferred/
promoted
Authorized
Payroll
Register
a.
b.
c.
d.
e.
f.
Information
Required from
Auditee
Observations
Risk Listing
(What Wrong
Can Happen)
58
Salary
paid
to
resignees resulting
in higher salary
costs
d.
Obtain
list
of
resignees for the last
three months and check
if any names still appear
in the payroll employee
list
f.
Obtain
list
of
employees who have
been
transferred/promoted in
the last three months
and check if their salary
details
have
been
modified as per the
transfer order/promotion
letter
Impact Analysis
58
Auditor
Checklist
Time
for
Audit
Step
Information
Required from
Auditee
Observations
Program
logic
inaccurate resulting
in wrong salary
processing
and
inaccurate payouts
Inadequate
authorization
document
authenticity
g.
If
the
payroll
processing is done by a
software, reperform the
calculation to ensure
that the logic built in the
software is correct
59
Appraisal
not a. Obtain the Key
aligned
to Performance Indicators
(KPIs) defined for each
performance
role if available
Auditor
Checklist
Non definition of
Key Result Areas
resulting
in
inadequate
communication of
role profile and non
alignment of role to
the
company's
objectives
59
Performance Appraisal
Statutory
non
compliances
resulting in penalties
and offences as
defined under the
concerned Statutory
Regulation
for
Impact Analysis
Verify
c. Statutory Non i.
PF/ESI/Professional
Tax
Compliance
deductions
are
in
compliance with the
prevailing
Statutory
Norms.
Risk Listing
(What Wrong
Can Happen)
Time
for
Audit
Step
a.
Appraisal
Recordsb.
Appraisal Policyc.
Key Performance
Indicators (KPIs)
if available
Information
Required from
Auditee
Observations
Risk Listing
(What Wrong
Can Happen)
Impact Analysis
Appraisal
not
aligned
to
performance
resulting
in
mismatch between
the position and the
person
Appraisal
not
aligned
to
performance
resulting
in
mismatch between
the position and the
person
Non confidentiality
of appraisal records
resulting
in
employee
dissatisfaction and
unrest
c. In case of non
availability of standard
KPIs,
ensure
the
following:
Appraisal is done by
the concerned functional
head to whom the
employee
reports
The scores given are
adequately justified
60
Auditor
Checklist
Time
for
Audit
Step
Information
Required from
Auditee
Observations
60
Increasing
Training Costs
Risk Listing
(What Wrong
Can Happen)
Training provided to
fictitious employees
resulting in higher
training costs
Training feedback
forms not analyzed
adequately resulting
in
training
inefficiencies
and
lack of benefit to the
trainees
c. Enquire on the
decisions taken based
on training feedback
forms
Non
compliance
with
Company's
policy resulting in
inefficiency
Auditor
Checklist
61
Impact Analysis
Time
for
Audit
Step
a.
Training
Programme
details
b.
Training
attendance sheet
and
Feedback
form
c.
Supporting
documents
for
training
cost
d.
Training
Budget
and
approvals
Information
Required from
Auditee
Observations
61
62
Non availability of
supporting
documents
for
justifying the cost
incurred
Cost in excess/short
of
the
budget
resulting in higher
payouts
or
inefficiency
Auditor
62
Separation
Impact Analysis
Risk Listing
(What Wrong
Can Happen)
Checklist
Time
for
Audit
Step
a. Exit Policy
b. Full and final
settlement forms
of
resigned
employees
Information
Required from
Auditee
Observations
Unauthorized
access
to
company's assets
resulting in loss of
information
or
resource
63
Auditor
Checklist
Statutory
non
compliances
resulting
in
penalties
and
offences as defined
under
the
concerned Statutory
Regulation
63
Checklist to
be
prepared
for the
provisions
of various
Labour Act
applicable
to the
Company
Statutory Compliances
Impact Analysis
Statutory
Non a. List out the various
Compliance
Labour Acts applicable
to the Company
Risk Listing
(What Wrong
Can Happen)
Time
for
Audit
Step
of
c.
Remittances
challans
b.
Copies
returns filed
a.
Records
maintained under
various acts
Information
Required from
Auditee
Observations
Risk Listing
(What Wrong
Can Happen)
Impact Analysis
e.
Check
if
the
remittances are made
within the relevant due
date
Statutory
non
compliances
resulting
in
penalties
and
offences as defined
under
the
concerned Statutory
Regulation
64
Auditor
Checklist
Time
for
Audit
Step
Information
Required from
Auditee
Observations
64
Inadequate
gate
entry
controls
for
material
receipts
Risk Listing
(What Wrong
Can Happen)
65
Is there a procedure of
confirming/cross checking
the material/men reporting
at the gate with the
stores/visitee and the in
time/out time of the
truck/men entered in the
register
Auditor
Receipt System
Impact Analysis
65
Inadequate
confirmation
of
purpose
of
visit
thereby resulting in
unauthorized access to
the information and
facilities
at
the
premises
Check
if
there
are Inadequate
control
necessary
controls over
men/material
implemented at the gate entering the premises
to ensure that all the
men/materials
(Truck/material by Courier
,
etc.)
entering
the
premises are recorded.
Company Name
Assignment Name
Checklist
Time
for
Audit
Step
a. Entry Register
maintained by
the Security
Guard
Information
Required from
Auditee
Engagement Manager
Assignment No
Observations
Inadequate
process
for
material receipt
at
the
warehouse
Risk Listing
(What Wrong
Can Happen)
Impact Analysis
66
Weight
differences
between the quantity
ordered and quantity
received
and
excess/short payment
Check
weighment
procedures
wherever
applicable and weigh
bridge
certificate
is
available for the receipts
66
receipt
Auditor
Checklist
Time
for
Audit
Step
c. Weighment
Certificate
b. Supporting
documents
viz. invoice
and delivery
challan,
purchase
order
a. Goods
Inward note
and register
Information
Required from
Auditee
Observations
Risk Listing
(What Wrong
Can Happen)
67
67
Delay in receipt of
material
thereby
affecting issues and
resulting in production
delays
Impact Analysis
Auditor
Checklist
Time
for
Audit
Step
Information
Required from
Auditee
Observations
Receipt
of
sub
standard
material
thereby affecting the
production process
68
68
Compile
cases
of
rejection
in
the
production line due to
substandard quality of
material
Receipt
of
sub
standard
material
thereby affecting the
production process
Compile
cases
of
rejection
in
the
production line due to
substandard quality of
material
Impact Analysis
Material
Check if quality clearance
received
is
obtained
for
the
without quality material unloaded
clearances
Risk Listing
(What Wrong
Can Happen)
Auditor
Checklist
Time
for
Audit
Step
a. Quality
clearance
certificates
Information
Required from
Auditee
Observations
69
Unauthorized
access
to
storage area
Inadequate
transfer of risk
Auditor
Checklist
69
Unauthorized
entry
into the storage area
resulting in loss or
damage of material
stored
Statutory
non
compliances resulting
in
penalties
and
offences under the
relevant regulations
Impact Analysis
Risk Listing
(What Wrong
Can Happen)
Time
for
Audit
Step
a. Insurance
Policy for
warehouse
b. Stock
Register
a. Statutory
records
b. Stock
Register
a. List of goods
in transit
Information
Required from
Auditee
Observations
Risk Listing
(What Wrong
Can Happen)
70
70
Check if purchases
have
been
made
inspite of availability of
material and ascertain
the amount incurred
for the purchases.
Non maintenance of
bin cards and stock
register
results
in
inaccurate knowledge
on material availability
leading
to
excess
purchases.
Mixing up of goods
resulting in inaccurate
issues
and
inefficiencies
in
production
damages resulting in
financial burden, in the
event
of
any
catastrophe
Impact Analysis
Auditor
Checklist
Time
for
Audit
Step
Information
Required from
Auditee
Observations
Inadequate
system
for
issue
of
material from
the warehouse
Auditor
Issues Management
Impact Analysis
71
71
c. Stock
Reconciliatio
n Records
b. Bin Card
a. Stock
Register
Inaccurate
updation
resulting in incorrect
stock position. Check
the stock reconciliation
records and identify
cases
where
the
reconciliation
was
b. Stock
Register
a. Issue
Request/BO
M
Information
Required from
Auditee
a. List of returns
from the line
Checklist
Time
for
Audit
Step
Risk Listing
(What Wrong
Can Happen)
Observations
Inadequate
process
for
reconciliation
of stock
Risk Listing
(What Wrong
Can Happen)
Auditor
Checklist
72
Difference
is
any
resulting out of stock
reconciliation implies
the funds lost due to
inadequate
stock
handling procedures
necessitated due to
inaccurate updation in
stock records.
Impact Analysis
Time
for
Audit
Step
a. Stock
Register
b. Physical
verification
documents
c. Approvals for
write off
Information
Required from
Auditee
Observations
72
73
73
Impact Analysis
reconciliation check if
it is authorized as per
the
delegation
of
authority matrix and
such written off stocks
are
physically
available
e. Physically
verify
certain sample cases
to ensure that the
stock are physically
available
Inadequate
Monitoring of
non
moving,
damaged stock
Risk Listing
(What Wrong
Can Happen)
Auditor
Checklist
Time
for
Audit
Step
a. Reorder level
policy
a. List of non
moving/damage
d stock
Information
Required from
Auditee
Observations
74
Non definition
of
Security
Policy
in
accordance
with business
requirements
and
relevant
laws
and
regulations
Risk Listing
(What Wrong
Can Happen)
Auditor
Impact Analysis
74
Enquire
about Lack of definition of
Information
security information
security
aspects results in risk
policy availability
compromise
of
If exists ask for its last of
availability,
renewal and approval
confidentiality
and
Ensure that the policy integrity of data and
has
been information processing
communicated to all assets
employees and other
third parties involved
in aspects relating to
information security in
the organization
Company Name
Assignment Name
Checklist
Time
for
Audit
Step
b. Minutes
of
Meetings in
which
the
policy
is
reviewed
a. Information
Security
Policy
Information
Required from
Auditee
Engagement Manager
Assignment No
Observations
75
Review
the
agreement and note
the
clauses
of
security. Ensure that
clauses
for
legal
recourse, in case of
compromise
of
confidentiality
is
included
in
the
agreement
Auditor
IT Assets Management
Impact Analysis
75
Check
if
confidentiality
agreement exists with
employees and other
third parties who have
access
to
critical
information in the
organization
Inadequate
Maintenance of
IT Assets
Risk Listing
(What Wrong
Can Happen)
Checklist
Time
for
Audit
Step
b. IT
assets
procurement
details
a. IT
asset
Register
Confidentiality
Agreements with
employees and
third parties
Information
Required from
Auditee
Observations
76
Check
if
any
guidelines exist for
classification
of
information
as
sensitive,
non
sensitive etc. Identify if
the asset holding such
sensitive information is
classified
and
protected adequately
Impact Analysis
76
Review
the
IT Access to information
assets/media disposal to outsiders due to
inadequate
disposal
procedures in place
List out the cases of methods
Inadequate
procedure for
disposal of IT
assets
Risk Listing
(What Wrong
Can Happen)
Auditor
Checklist
Time
for
Audit
Step
a. List of assets
disposed
a. Information
Classification
guidelines if
any
Information
Required from
Auditee
Observations
77
Access to information
even after resignation
of
the
employee.
Observe cases where
the full and final
settlement process is
not complete. Probe
into list of items not
returned
by
the
employee.
77
Inadequate
training
resulting in lack of
awareness
and
financial pay outs
Lack
of Were there any training
awareness
programmes conducted
about
on IT security
information
What was the last date
security in the
the
training
was
organization
conducted
Review the training
documents and the
participants list
Inadequate
separation
procedures
Auditor
Checklist
Impact Analysis
Unauthorized access
to
information
to
persons
who
may
misutilize the same
Allowing
Are
back
ground
access
to
checks done on the all
persons
candidates, third party
without
users and contractors
thorough
Verify in few cases
background
Verify
who
is
check
responsible for back
ground verification
Risk Listing
(What Wrong
Can Happen)
Time
for
Audit
Step
a. List
of
resigned
employees
b. Full and final
settlement
a. List of training
programmes
conducted and
their details
Information
Required from
Auditee
Observations
78
Production/operations
stoppage
duet
o
occurrence of such
events
78
Downtime
and
recovery time to be
calculated
due
to
occurrence of such
Review whether the failures.
telecommunication
and power cables are
properly
protected
(test basis)
Review
the
environment hazards
and
threats
and
related controls. Eg.
Fire, water logging etc
Auditor
Checklist
Impact Analysis
Inadequate
Security at the
server room
Risk Listing
(What Wrong
Can Happen)
Time
for
Audit
Step
a.
Insurance
policies
Information
Required from
Auditee
Observations
79
Inadequate
network
management
Inadequate
back up
information
of
Inadequate
control against
malicious
codes
Inadequate
Maintenance of
IT assets
Risk Listing
(What Wrong
Can Happen)
Downtime
due
to
repairs and damages.
Check the average
downtime and frequent
reasons for repairs.
Impact Analysis
Understand
network
being used
79
on
the Compromise
due
to
software security
inadequate
network
Obtain the detailed design and network
network diagram and monitoring
identify the points of
contact with external
environment
Is there a back up
system in existence.
Review the back up
frequency,
media,
data
coverage,
storage,
recovery
procedures
regularly
Auditor
Checklist
Time
for
Audit
Step
b. Network
security
policy
a. Network
diagram
b. Repairs
register
a. AMC details
Information
Required from
Auditee
Observations
80
Run
the
network
security analyzer on
the network (if in case
necessary)
Impact Analysis
80
Non availability
of audit logs
Risk Listing
(What Wrong
Can Happen)
Auditor
Checklist
Time
for
Audit
Step
a. Audit
details
logs
Information
Required from
Auditee
Observations
Inadequate
access
definitions
Risk Listing
(What Wrong
Can Happen)
Review
the
procedures
for
deleting the login /
access for users who
have resigned.
Is there a procedure in
place
for
regular
management review of
access roles given to
various users.
network,
application
systems,
email
systems, internet etc.,)
Auditor
Impact Analysis
81
Checklist
Time
for
Audit
Step
a. Access
control policy
Information
Required from
Auditee
Observations
81
Inefficient
Security
incidents
management
Risk Listing
(What Wrong
Can Happen)
Were
there
any
security breaches that
have taken place in
the last one year
(hacking, data theft,
web attack etc.)
Auditor
Checklist
Managing
breaches
recurrence
events
82
82
security
avoid
of such
Impact Analysis
Time
for
Audit
Step
a.
Security
Incident details
Information
Required from
Auditee
Observations
Inaccurate
fixation
targets
of
Risk Listing
(What Wrong
Can Happen)
83
Auditor
Inaccurate
targets
result in inadequate
plan for the marketing
team.
Identify
if
the
marketing team is
aligned to achieve
the targets.
83
Target Fixation
Impact Analysis
Company Name
Assignment Name
Checklist
Time
for
Audit
Step
b. Short terms
sales
plan
with targets
a. Annual Sales
Plan
Information
Required from
Auditee
Engagement Manager
Assignment No
Observations
Inappropriate
marketing
strategies
Risk Listing
(What Wrong
Can Happen)
84
with
respect
to
Branding,
Advertisement
and
other
marketing
strategies.
Auditor
Checklist
84
Impact Analysis
Time
for
Audit
Step
a. Advertisement
spend details
Information
Required from
Auditee
Observations
Inadequate
Customer
Information
Risk Listing
(What Wrong
Can Happen)
Impact Analysis
85
Is
there
dependence
on
single
product.
Analyse
the
product wise sales
Is
there
dependence
on
single market
Is
there
a
dependence
on
single customer.
Calculate
the
proportion of sales
vis a- vis the
customer
Auditor
Checklist
Inadequate
information
on
customer results in
inaccurate decisions.
85
c. Evaluate
the Lack of diversification
following for ensuring of sales results in
the adequacy of single point failure.
marketing strategies:
Time
for
Audit
Step
a.
Customer
database
Information
Required from
Auditee
Observations
86
Impact Analysis
in the database:
rejection
perform
analysis
frequent
Analyse the
cases and
root cause
on cases of
rejections
Frequent Customer
rejection results in
poor reputation of the
company.
Identify
cases
of
inaccurate,
Is the updation in the
and
database made on a incomplete
unreliable data.
timely basis.
Inadequate
Are Customer rejections
action
on captured separately and
Customer
actions are effectively
taken on the same.
Feedback
Ensure if reason wise
analysis is made and
corrective actions are
taken
Risk Listing
(What Wrong
Can Happen)
86
Auditor
Checklist
Time
for
Audit
Step
a.
Customer
rejections
summary
Information
Required from
Auditee
Observations
Inadequate
incentive
system
Risk Listing
(What Wrong
Can Happen)
Impact Analysis
87
c. Is an incentive system
designed
for
rewarding
achievement
of
targets
Auditor
87
Monitoring
Checklist
Time
for
Audit
Step
b. Incentive
system and
payment
a. Target vis-a
vis
actuals
comparison
Information
Required from
Auditee
Observations
Inadequate
indenting
system
Risk Listing
(What Wrong
Can Happen)
Auditor
Checklist
88
88
Impact Analysis
Company Name
Assignment Name
Time
for
Audit
Step
c. Supporting
documents for
indents
b. Delegation of
Authority
matrix
for
sanctioning the
indents
a. Indents raised
for a month
Information
Required from
Auditee
Engagement Manager
Assignment No
Observations
89
89
Procurement without
sufficient
authorization
resulting
in
purchases
made
without justification
Procurement without
sufficient
authorization
resulting
in
purchases
made
without justification
Delay in procurement
of required items
resulting
in
production delays
Delay in procurement
of required items
resulting
in
production delays
b.
Study
cycle
time
between receiving of an
indent and raising of PO
and evaluate reasons in
case of exceptional delays3
d. Generate an exception
report on open indents for
a long time with reasons
and analyze the root cause
for such delays
Impact Analysis
1. The process for calculating the delays can be done using CAAT tools
Risk Listing
(What Wrong
Can Happen)
Auditor
Checklist
Time
for
Audit
Step
a. List of open
indents
b. Procurement
budget
a. Purchase Orders
raised for the
requisitions
Information
Required from
Auditee
Observations
90
Auditor
Checklist
Inadequate
vendor
selection resulting in
the following:4
a. Procurement
at
5
higher cost
b. Procurement
of
sub
standard
quality material
c. Vendor
not
competent
to
deliver
the
service/material
d. Possibility
of
collusion
with
vendors
and
thereby
not
adhering to the
vendor
selection
policy
Impact Analysis
90
Risk Listing
(What Wrong
Can Happen)
Time
for
Audit
Step
a. Procurement
Policy
b. Vendor selection
documents
c. Delegation of
Authority Matrix
Information
Required from
Auditee
Observations
Inadequate
Ordering
process
Risk Listing
(What Wrong
Can Happen)
91
Receipt
of
material/service not
as per the terms and
conditions
agreed
upon
Impact Analysis
91
Check if negotiations
have been made for
better
terms
of
purchase
f. Check if authorization
for the purchases as
per the Delegation of
Authority defined by
the organization
Review the agreement with
the vendor and check if the
terms and conditions are
met for the material/service
delivered
e.
Auditor
Checklist
Time
for
Audit
Step
a. Goods
delivery/service
receipt note
a. Agreement
between the
company and the
vendor
Information
Required from
Auditee
Observations
Inaccurate
vendor
database
92
Auditor
Statutory
Compliance
s Checklist
Checklist
Statutory
Non
compliances resulting
in
penalties
and
offences
under
various regulations
Impact Analysis
92
Risk Listing
(What Wrong
Can Happen)
Time
for
Audit
Step
d. Goods receipt
note/service
delivery note
c. Purchase
orders to the
vendor
b. Agreements
with vendors
a. Vendor
database dump
a. Copies of
payment challans
and returns filed
Information
Required from
Auditee
Observations
Inadequate
Production
Plan
Risk Listing
(What Wrong
Can Happen)
93
Auditor
Checklist
93
Impact Analysis
Inaccurate
estimation of
requirements
results in
b. Check the process unnecessary
for evolving the Bill purchases.
of Material
a. Is there a Bill of
Material
(BOM)
available for the
production
Company Name
Assignment Name
Time
for
Audit
Step
a. Bill of Material
Information
Required from
Auditee
Engagement Manager
Assignment No
Observations
Risk Listing
(What Wrong
Can Happen)
94
a. Is production plan
reviewed
on
a
frequent basis for
making necessary
adjustments
reliable
and
accurate. Check for
modifications if any
in BOM for similar
orders and obtain
the justification for
the same
Inadequate review
of the production
plan resulting in
production
inefficiencies.
made.
Impact Analysis
94
Auditor
Checklist
Time
for
Audit
Step
a. Minutes of
meeting for
production review
Information
Required from
Auditee
Observations
95
Inadequate
quality check
Auditor
Checklist
Inaccurate charging
of raw material
resulting in quality
mismatches.
95
Impact Analysis
c. Are
safety
procedures
complied with in
case of raw material
which
are
of
hazardous nature
Inadequate
a. Are
the
raw
controls on raw
materials
charged
material
as
per
the
charging
production plan
process
b. Does
a
review
happens to ensure
that
the
correct
quality and quantity
of raw material for
the
batch
is
charged
Risk Listing
(What Wrong
Can Happen)
Time
for
Audit
Step
d. Pending claims
c. Customer
rejections
b. Quality
checklist
a. Quality
clearance
certificates
b. Raw
Material
charging
checksheet
if
any
a. Production Plan
Information
Required from
Auditee
Observations
Inadequate
review of line
activities
Risk Listing
(What Wrong
Can Happen)
Impact Analysis
96
a. Are
line
Production not
carried out as per
the procedure.
Check on quality
rejection in line and
activities calculate the
Auditor
96
Line Processes
Compare the
production quantity
deviations due to
low quality of raw
material.
and ensure if it is
due to raw material
quality.
checklist used by
the
quality
department
for
checking the quality
parameters at this
stage.
Checklist
Time
for
Audit
Step
a. Documents
showing output of
line activities
Information
Required from
Auditee
Observations
97
Inadequate
Machinery
Impact Analysis
Non monitoring of
rejection and
damages resulting
in material
b. Is the physical stock leakages.
sent to raw material
warehouse
Physically verify if
Inadequate
a. Are
the
rejections/rewo
rejections/damages
rk
and
wastages
Management
adequately recorded
Risk Listing
(What Wrong
Can Happen)
97
Auditor
Checklist
Time
for
Audit
Step
a. Preventive
Maintenance
a. Rejections/
damages
records
Information
Required from
Auditee
Observations
Impact Analysis
98
Non availability or
inefficient usage of
utilities resulting in
down time
Inadequate
a. Is the output in the Inadequate quality
quality check in
line certified for check results in
Identify instances of
down time due to
non availability of
Also ensure if records key utilities and the
are maintained showing actions taken for
utilization details of key ensuring
continuous supply
utilites
of the same
Review the
instances of
machinery
breakdown and
time taken to rectify
the same and the
number of times the
instance has
recurred
Is there a preventive
maintenance schedule
evolved and adhered to
by the company
Maintenance
Risk Listing
(What Wrong
Can Happen)
98
Auditor
Checklist
Time
for
Audit
Step
a. Quality
clearance
a. Production down
time details
b. Equipment
failure details
Schedule
Information
Required from
Auditee
Observations
Inadequate
storage of
finished goods
the lines
Risk Listing
(What Wrong
Can Happen)
inadequate quality
of the final product
leading to customer
rejections.
quality
prior
to
passing it to the next
process or to the
finished
goods
warehouse
99
Auditor
Checklist
a. Are
the
finished Quality rejections
goods stored in a due to improper
safe location prior to storage
transferring it to the
warehouse
99
Impact Analysis
Time
for
Audit
Step
a. Quality
rejections
d. Pending claims
c. Customer
rejections
b. Quality checklist
certificates
Information
Required from
Auditee
Observations
Check
for
controls
adopted
during
the
packing and labeling
process to ensure the
following:
Inadequate
procedure for
packing and
labeling of
material
Quality rejections
internal and
external due to
inadequate packing
and labeling.
Impact Analysis
100
Labelling is done as
per the standards
defined
Risk Listing
(What Wrong
Can Happen)
100
Auditor
Checklist
Time
for
Audit
Step
Information
Required from
Auditee
Observations
Inaccurate
fixation
targets
of
Risk Listing
(What Wrong
Can Happen)
101
Auditor
101
Identify
if
the
marketing team is
aligned to achieve
the targets.
Inaccurate
targets
result in inadequate
plan
for
the
marketing team.
Sales Plan
Impact Analysis
Company Name
Assignment Name
Checklist
Time
for
Audit
Step
b. Short terms
sales
plan
with targets
a. Annual Sales
Plan
Information
Required from
Auditee
Engagement Manager
Assignment No
Observations
Has
it
been
communicated to all the
departments
Risk Listing
(What Wrong
Can Happen)
Auditor
Checklist
102
102
Evaluate
the
monitoring system for
customer calls, follow
up and closure and
identify points of
control
lapses
leading
to
non
booking of orders.
Risk
of
delivery
without booking of
orders.
Impact Analysis
Time
for
Audit
Step
a. Sales Order
copies
b. Customer
call
information
Information
Required from
Auditee
Observations
Risk Listing
(What Wrong
Can Happen)
103
Auditor
103
Customer rejections
due to inadequate
delivery.
Impact Analysis
Checklist
Time
for
Audit
Step
c. Customer
rejections
b. Customer
acknowledge
ments
a. Delivery
Orders
Information
Required from
Auditee
Observations
Inaccurate
invoicing
Risk Listing
(What Wrong
Can Happen)
Auditor
104
104
Identify cases of
inaccuracies
and
delays and calculate
the revenue lost due
to the same.
Inadequate invoicing
results
in
direct
revenue loss for the
company.
Invoicing
Impact Analysis
Checklist
Time
for
Audit
Step
b.
a.
Invoice
Register
Sales
orders and
delivery
notes
Information
Required from
Auditee
Observations
Inadequate
controls
collection
process
invoiced
e. Are
the
invoices
authorized by the
designated person
Risk Listing
(What Wrong
Can Happen)
Auditor
105
105
Inadequate controls
result in revenue
leakage.
Collection Process
Impact Analysis
Checklist
Time
for
Audit
Step
a. Ageing report
b. Collection
summary
Information
Required from
Auditee
Observations
106
Time for
Audit Step
Checklist
Excise
Registration Certificate
RG23D Register
Excise Returns
a.
b.
c.
Information Required
from Auditee
Engagement Manager
Assignment No
Observations
106
The Checklist is inclusive and is subject to change as per the changes to the Statutes. The checklist can be used as an indicative checklist and is not final.
Does
the
excise
registration
certificate
cover
all
chapters/subheadings/products
Auditor
4.1.10
Company Name
Assignment Name
Auditor
Time for
Audit Step
107
107
Checklist
b. TDS returns
a. TDS Challans
Information Required
from Auditee
Observations
Auditor
Time for
Audit Step
108
Services Tax
Checklist
Information Required
from Auditee
Observations
108
Check
whether
month
wise
statement
of
service
tax
receivable/payable
account
matching
with
the
monthly
payments of service tax.
Auditor
109
Checklist
Time for
Audit Step
Information Required
from Auditee
Observations
109
Auditor
Checklist
Time for
Audit Step
Information Required
from Auditee
110
Registration Certificate
Sales Tax Act/ Value Added Tax/ Central Sales Tax Act
Observations
110
111
Does
the
unit
maintain
acknowledged Sales Tax challans
Auditor
111
ESIC Act
Checklist
Time for
Audit Step
ESI Challans of
both
company / contractor
Information Required
from Auditee
Observations
Auditor
112
Checklist
Time for
Audit Step
Information Required
from Auditee
Observations
112
Auditor
Time for
Audit Step
113
Checklist
Information Required
from Auditee
Observations
113
114
Does
the
acknowledged
challans
unit
maintain
Profession
tax
Auditor
Time for
Audit Step
114
Professional Tax
Checklist
Information Required
from Auditee
Observations
Checklist
Time for
Audit Step
115
Auditor
Information Required
from Auditee
Observations
115
Auditor
Time for
Audit Step
116
Checklist
Information Required
from Auditee
Observations
116
117
obtained
Checklist
Time for
Audit Step
Information Required
from Auditee
117
Auditor
Observations
118
Register of Fines
Register of Advance
Register of Overtime
Register of Deductions
Register of Wages
Muster Roll
the
Auditor
118
Checklist
Time for
Audit Step
Information Required
from Auditee
Observations
Has
the
Contractors
issued
Employment Card/Wage slips to
their workers?
Auditor
119
Checklist
Time for
Audit Step
Information Required
from Auditee
Observations
119
120
Non availability
of
administration
plan
Risk Listing
(What Wrong
Can Happen)
Auditor
120
Facilities Plan
Impact Analysis
plan
Check if facilities plan Inadequate
in
is made based on resulting
inadequate
Annual Operating Plan
purchases
and
Check
if
it
is
non availability of
communicated
the
relevant
adequately
facilities on time
Check
if
the
administration
department has an
internal procurement
plan generated for the
approved facilities and
placed it with the
procurement
department
Company Name
Assignment Name
Checklist
Time
for
Audit
Step
Faciltiies Plan
Annual
perating
Plan
Information
Required from
Auditee
Engagement Manager
Assignment No
Observations
121
Auditor
Compromise
to
physical security
aspects due to
wrong selection of
guards
121
Security Functions
Impact Analysis
Review
the
security Unauthorized entry
process and ensure the and exit resulting
in
unauthorized
following:
access
to
the
a. Does
the
Security
and
Guard
note
down company
companys
details of all persons
resources.
(employees/visitors)
The risk involved in outsourcing activity is not included as a part of this checklist.
Inadequate
selection and
monitoring of
security
functions
Risk Listing
(What Wrong
Can Happen)
Checklist
Time
for
Audit
Step
e. Inward and
Outward
Registers
d. Visitors
passes
c. Outward
Gate Pass
b. Inward Gate
Pass
a. Visitors
Register
Information
Required from
Auditee
Observations
Inadequate
house keeping
Risk Listing
(What Wrong
Can Happen)
122
d. Is the movement of
material monitored by
Inward Gate Pass and
Outward Gate pass
Auditor
High spending on
house
keeping
without a budget
resulting
in
inefficient
utilization of funds.
Analyze the trend
in house keeping
cost. Compare the
cost
as
a
percentage of total
cost and sales and
comment if it is on
a higher side
122
House Keeping
Impact Analysis
Checklist
Time
for
Audit
Step
c. House
keeping staff
attendance
b. Housekeepin
g
costs
breakup
a. Housekeepin
g Checklsit
Information
Required from
Auditee
Observations
Inadequate
Maintenance of
facilites
Risk Listing
(What Wrong
Can Happen)
123
warranties, is the
follow up done with Calcuate
the
the
vendor
for number
of
services
breakdowns and
c. Is the maintenance the time taken for
rectifying. Analyse
cost too high
trend
in
d. Does the company the
have any service level maintenance cost
agreement
for to see if it is rising
maintenance activity due to inadequate
and
is
it
being preventive
adhered
to
and maintenance.
monitored
Auditor
123
Maintenance
Impact Analysis
Checklist
Time
for
Audit
Step
c. Maintenance
Cost details
b. AMCs
a. Maintenance
Register
Information
Required from
Auditee
Observations
124
Operational
Communication
Marketing
Receivables
Payables
Financial Closures
Cash Management
Leadership
Corporate
Process / Area
Sl
No
Company Name
Assignment Name
Auditor
Process
Owner
Planned
Date
124
Actual
Date
Status
Work Paper
Engagement Manager
Assignment No
Remarks
125
Issue
Reconciliations
Security Policy
IT Assets
IT
Stacking
Receipts
Training
Inventory
Performance Appraisal
Payroll
Statutory
Attendance
Induction
Separation
Recruitment
Planning
HR
Process / Area
Sl
No
Auditor
Process
Owner
Planned
Date
125
Actual
Date
Status
Work Paper
Remarks
126
PO Releases
VD Management
Production Planning
Production Line
Production
Requisitions
Procurement
Monitoring
CRM
Strategic Evaluation
Events
Targeting
Access Controls
IT Dept
Marketing
Physical Security
HR Security
Process / Area
Sl
No
Auditor
Process
Owner
Planned
Date
126
Actual
Date
Status
Work Paper
Remarks
Order Management
Invoicing
Collection
Income Tax
Service Tax
ESI
Workmens
Compensation
Minimum Wages
Payment of Wages
Professional Tax
10
Central Excise
Statutory
Sales Planning
Finished Goods
Process / Area
Sl
No
Auditor
Process
Owner
Planned
Date
127
Actual
Date
Status
Work Paper
Remarks
127
Others
House Keeping
Security
Administration
Contract Labour
Facilities Planning
Payment of Gratuity
Payment of Bonus
Process / Area
Sl
No
Auditor
Process
Owner
Planned
Date
128
Actual
Date
Status
Work Paper
Remarks
128
129
Only
High
Risk
Level
Area
Observation
No
Reference
Detailed Report
129
<Give a list of meetings, interviews conducted during the assignment along with the dates>
<Repeat as given in the Engagement Letter. If there is any change in the Scope please give details when the scope was amended>
Sl No
Executive Summary
130
Recommendation
Observation
130
Recommendation
c. Complete The evidence should be complete, there should not be any ambiguity>
the
be
Person
Management Comments
the
which
shall
Management Comments
<Give the annexure relevant to the observation. Ensure that the evidence satisfies the three conditions as under:
Observation
Observation
Observation
131
Recommendation
Recommendation
Management Comments
Management Comments
131
Assignment No
Engagement Manager
Company Name
Obs
No
Observation
Brief
Work
Papers
Collected
Accurate8
Relevant9
Complete10
Annexure
Area:
Area:
Area:
Prepared by
Check by
132
Report Compilation
5.1 Draft Audit Report
Format No: B/5.1.
Title and Date of the Audit Report
Addressed to: <Name and Designation of the Person Addressed to >
Report Distribution List:
a.
b.
c.
d.
e.
<Mention that the report is not intended to anyone other than included in the distribution list>
Introduction:
<Give a brief overview about the functions / processes audited>
<Give a statement of responsibility of the management of the organization and Internal Audit in
the organization>
134
Only
High
Risk
Level
Area
Observation
No
Reference
134
<Give a brief methodology (do not give it in detailed. Give it as necessary for the reader to understand the extent and way of study)>
<Give a list of meetings, interviews conducted during the assignment along with the dates>
<Repeat as given in the Engagement Letter. If there is any change in the Scope please give details when the scope was amended>
Sl No
Executive Summary
135
Recommendation
135
c. Complete The evidence should be complete, there should not be any ambiguity>
the
which
shall
Person
the
be
Management Comments
<Give the annexure relevant to the observation. Ensure that the evidence satisfies the three conditions as under:
Observation
Detailed Report
Report Compilation
Report Compilation
136
Closure:
Observation
Observation
Observation
136
Recommendation
Recommendation
Recommendation
Management Comments
Management Comments
Management Comments
Report Compilation
Dear Sir,
Sub: Circulation of Draft Report for Management Comments
With regard to the Internal Audit Engagement captioned <Name of the Engagement>
assigned to us, we have completed the field work of the engagement and have firmed up the
Draft Report and is being circulated to you for your comments. The process from now
onwards shall be as under:
a. The process owners shall go through the observations and give their comments in the
designated zone provided against each observation.
b. A copy of email is also sent to your official id.
c. The documents shall be returned to us by DD/MMM/YYYY either by an email or printed
copy.
d. Incase you need our team member to explain you the observation, you can contact Mr.
XYZ, (Mob No: XXXXXXX) for the same.
We look forward for your dates availability for holding Exit Meeting for this engagement. We
look forward for your response in this regards.
Warm Regards,
For XYZ & Co.,
YZ,
Manager / Partner
5.3
Exit Meeting
6.1 Fixing of the Meeting Time
(Refer to Format No B/5.2)
Assignment No
Engagement Manager
Company Name
Observation-wise Discussion
Obs
No.
Observation Details
Status
Management Comments
Dropped /
Retained
Ref of
Observation
Responsibility
Dead
Line
Remarks
It is important to take the signature of the Process Owner as it shall act as an evidence and the Process owner does
not disclaim
Exit Meeting
<Client Logo>
Format:B/6.2
<Location>
<Date of Presentation>
<Client Logo>
139
<Client Logo>
Overview
Overview
140
<Client Logo>
Exit Meeting
XYZ & Co.,
1. Observation 1:
<Client Logo>
(Reference)
Impact:
Value:
2. Observation 1:
(Reference)
Impact:
Value:
3. Observation 1:
(Reference)
Impact:
Value:
4. Observation 1:
(Reference)
Impact:
Value:
5. Observation 1:
(Reference)
Impact:
Value:
<Client Logo>
Detailed Audit
Observations
Area 1
Area 2
Area 3
141
Area 4
Area 5
<Client Logo>
Detailed Audit
Observations
Area 1
Area 2
Area 3
Area 4
Area 5
<Client Logo>
Recommendation
Annexure
142
Management Comments
<Comments from the Auditee
as it is>
<Date
by
which
the
implementation
shall
be
completed>
<Name
of
the
Person
Responsible>
Exit Meeting
<Client Logo>
Detailed Audit
Observations
Area 1
Area 2
Area 3
Area 4
Area 5
<Client Logo>
Recommendation
Annexure
143
Management Comments
<Comments from the Auditee
as it is>
<Date
by
which
the
implementation
shall
be
completed>
<Name
of
the Person
Responsible>
<Client Logo>
Action Plan
Sl No
<Client Logo>
Ref of
Observation
Responsibility
Dead Line
Remarks
144
Report Issue
7.1 Final Report Release Checklist
Format No: B/7.1
Assignment No
Assignment Name
Engagement Manager
Company Name
Sl.
No
Checklist
Whether
Objective
and
Scope
Document is given and relates to the
Engagement Letter
Status
Remarks
Checklist
10
11
12
13
Status
Remarks
14
15
Team Leader
Engagement Manager
Partner
146
Report Issue
<Client Logo>
Format:B/6.2
Quarterly Report
<Name of the Company>
Audit Committee Presentation
<Location>
<Quarter No / Date>
<Client Logo>
147
<Client Logo>
<Client Logo>
Status of Plan vis--vis Actual Report of various projects planned during the quarter
Details
Month 1
Month 2
Month 3
Week 1 Week 2 Week 3 Week 4 Week 1 Week 2 Week 3 Week 4 Week 1 Week 2 Week 3 Week 4
Area 1
Audit 1
Audit 2
Audit 3
Area 2
Audit 1
Audit 2
Audit 3
Area 3
Audit 1
Audit 2
Audit 3
Area 4
Audit 1
Audit 2
Audit 3
Area 5
Audit 1
Audit 2
Audit 3
148
Report Issue
XYZ & Co.,
Audit
No
Status
Reason
<Client Logo>
Remarks
Delayed
Not Started
<Client Logo>
Quarterly Audits
Critical Observations
Presentation
149
<Client Logo>
No of Observations
Audit
No
Name of Audit
High
Risk
Audit No
Mediu
m Risk
<Client Logo>
Audit Name
Observation
Audit No
Risk / Impact
Management
Comments
Audit Name
Observation
Risk / Impact
150
Low
Risk
Management
Comments
Report Issue
Audit No
<Client Logo>
Audit Name
Observation
Audit No
Risk / Impact
Management
Comments
Audit Name
Observation
Risk / Impact
Management
Comments
<Client Logo>
Status of Closures of
Old Observations
151
Audit
No
Quarter
Observation
Impact
Status of
Implementation &
Remarks
Area
Response
152
<Client Logo>
Status
<Client Logo>
Supporting
Document
Status
Report Issue
<Client Logo>
Month 1
Week 2 Week 3
Week 4
Week 1
Month 2
Week 2 Week 3
Week 4
Week 1
Month 3
Week 2 Week 3
Week 4
Area 1
Audit 1
Audit 2
Audit 3
Area 2
Audit 1
Audit 2
Audit 3
Area 3
Audit 1
Audit 2
Audit 3
Area 4
Audit 1
Audit 2
Audit 3
Area 5
Audit 1
Audit 2
Audit 3
XYZ & Co., Important Performance Measures of Internal Audit <Client Logo>
Sl
No
Measure
Standard
153
Achievement
Last Quarter
Assignment Name
Engagement In-charge
Company Name
Very Good
Good
Average
Poor
Additional Comments:
b. How do you rate the knowledge levels of out team members in delivering the assignment
Excellent
Very Good
Good
Average
Poor
Additional Comments:
c. How do you find the report content and presentation and the general visuals
Excellent
Very Good
Good
Average
Additional Comments:
154
Poor
Report Issue
d. How do you rate the overall team performance
Excellent
Very Good
Good
Average
Poor
Additional Comments:
e. How do you rate the time schedules adherence and general project management of the our
Team
Excellent
Very Good
Good
Average
Poor
Good
Average
Poor
Good
Average
Poor
Additional Comments:
Very Good
Additional Comments:
Very Good
Additional Comments:
155
Client Coordinator
156
Sl.
No
158
Filing distribution:
Particulars
Score
Achieved*
158
Remarks
Sl.
No
Particulars
Score
Achieved*
159
Remarks
159
Sl.
No
Particulars
Field Work
Exit Meeting
Final Reporting
Implementation
160
Total
Particulars / Remarks
Planning
Filing Distribution
Sl No
A.1
160
Assignment Name
Engagement In-charge
Company Name
Name of the Quality
Auditor
Sl.
No
Non Conformities
Identified
Improvements
161
Responsibility
Future Action
Plan
Assignment Name
Engagement In-charge
Company Name
Updation
Status
Sl.no
Particulars
Updation of
innovation
website
incase
of
any
6
7
8
162
Work
Paper
Reference
Acted on
and By
PART C
Clouse Outs
163
164
Close Outs
C.1 Invoice Format
Format No: C/1
<On Your Letter Head / Pre Printed Form>
Date: <DD MMM YYYY>,
<City>.
To
Mr./Mrs. <Name of the Client Representative>,
<Designation>,
<Name of the Company>,
<City>.
Invoice No:
Service Tax Registration No:
PAN:
TAN:
Invoice
S. No.
Particulars
Amount (Rs.)
1.
Total
(Rupees only)
166
Travel Details
Destination
Start
Date
Client
Code
TOTAL
Particulars
166
Ticket
Total Expenses
incurred
Less: Advance Taken
Due From/To
Total
Close Outs
Assignment No
Engagement Manager
Company Name
Sl.
No
Planned
Date
Form Name
Opening Meeting
Assignment Scheduling
Planning
4.1
4.2
Data Analysis
4.3
Walk Through
4.4
4.6
4.7
Field Work
5.1
5.2
6
6.1
Exit Meeting
Draft Report with management comments
7.1
Structured Reporting
7.2
Presentation of Finding
8
8.1
9
9.1
Invoice Generation
9.2
9.4
Client Feedback
167
Complete
Date
Signature
Planned
Date
Form Name
9.5
9.6
10
Quality Audit
10.1
10.2
File Closure
Any Comments:
Partners Comments:
168
Complete
Date
Signature
PART D
General Annexures
169
170
General Annexures
D.1 Confirmation of Meeting Format
Format No: D/1
Dear Sir,
a.
b.
c.
d.
We shall be needing ________ hours to complete the discussion. Please provide us suitable
time for the same.
Regards,
XYZ
Team, XYZ & Co.,
171
Date of Meeting
Company Name
Participants
From Client
From Auditor
b.
c.
d.
172
General Annexures
Date of Meeting
Company Name
Participants
From Client
Sl
No
Agenda of the
Meeting
From Auditor
Supporting
Information
Time
173
Status
Remarks
Name
and
Audit No
Obser-
vation
Observa-
tion No
Risk
ndation
Recommeof
Date
Comments Report
ment
Manage-
174
Auditor
ment
DepartDivision
tion
Loca-
bility
ResponsiLine
Dead
Plan
Action
Status
Closure
Closure
Date of
Reference
Paper
Work
174
General Annexures
Safeguarding of assets
Compliance with laws, regulations and contracts as well as policies laid down by the
management
Accomplishment of objectives and goals of the organization through ethical and effective
governance
The Institute of Chartered Accountants of India constituted the Committee on Internal Audit
on 5th February 2004. The Council, at its 282nd meeting held in November 2008, had
renamed the Committee on Internal Audit as Internal Audit Standards Board. The primary
mission of the Board is to enable its members to provide more effective and efficient value
added services relating to internal audit to the industry and others by issuing Standards on
Internal Audit, Guidance Notes and Industry Specific Technical Guides.
The following definition of internal audit, as contained in the Preface to the Standards on
Internal Audit, issued by the Institute of Chartered Accountants of India, amply reflects the
current thinking as to what is an internal audit:
3. Internal audit is an independent management function, which involves a continuous
and critical appraisal of the functioning of an entity with a view to suggest improvements
thereto and add value to and strengthen the overall governance mechanism of the entity,
including the entitys strategic risk management and internal control system.
It is, however, pertinent to note that variations in propositions do not change the basic
philosophy of collecting and evaluating evidence and formulating an opinion; what
undergoes a change is the approach, the tools and the techniques used. Internal audit is,
therefore, an important tool in the hands of the management to help improve its decision
making process. The growing importance of internal audit to good governance can be
appreciated from the spate of legal and regulatory requirements world over, directly or
indirectly necessitating the need for internal help management to rope in the services of
internal audit to help in improving the formers efficiency in running an enterprise. However,
before discussing how internal audit can help management in that respect and the drivers of
an efficient and effective internal audit, it is essential to understand the various stages of
evolution of internal audit over time.
Confidentiality
The internal auditor, in the course of his work, invariably comes across information that is
confidential and/ or critical to the working of the entity. The internal auditor should respect
the confidentiality of such information and should not disclose the same to a third party
without the specific authority or unless there is a legal or professional duty to do so. The
internal auditor should, therefore, ensure that there are adequate policies and mechanisms
to protect the confidentiality of the information.
176
Planning
Adequate planning for every audit should cover all material areas. The audit working papers
should incorporate documentary evidence of audit planning in the form of an audit plan,
setting out the objectives and scope of an audit and the techniques and resources to be
used by an internal auditor. Plans may be revised as required in the course of the audit.
Ensuring that working papers adequately support the audit findings, conclusions and
reports.
177
Evidence
The internal auditor should obtain all the evidence considered necessary for the expression
of an informed opinion. Professional judgment is needed to determine the nature and
amount of evidence required. In this regard, the internal auditor should consider:
Work Papers
The internal auditor should document matters that are important in providing evidence to his
opinion or the findings. Advantages of having sufficient and properly maintained work
papers include the following:
Aiding cross referencing between audit evidence and decision taken by the internal
auditor.
Providing evidence that the internal audit was carried out in accordance with the
requirements of the relevant pronouncements of the Institute of Chartered Accountants of
India.
Standard on Internal Audit (SIA) 2, Basic Principles Governing Internal Audit issued by the
Institute of Chartered Accountants of India.
178
5.4.5 Documentation
Adequate documents act as basis for the planning and performing the internal audit.
Documents provide the evidence of the work of the internal auditor. The Institute of
Chartered Accountants of India had also issued the Standard on Internal Audit (SIA) 3,
Documentation. The purpose of this Standard on Internal Audit is to establish Standards and
provide guidance on the documentation requirements in an internal audit. This Standard
provides guidance regarding the form and content of the internal audit documentation,
detention and retention of the same and identification of the preparer and reviewer.
5.4.6 Reporting
Reporting is a formal opinion or disclaimer thereof, issued by the internal auditor as a result
of evaluations made by him as per the terms of the engagement. The Institute of Chartered
Accountants of India has also issued the Standard on Internal Audit (SIA) 4, Reporting. The
purpose of the Standard on Internal Audit (SIA) 4, Reporting is to establish standards on the
form and content of the internal auditors report issued as a result of the internal audit
performed by an internal auditor of the systems, processes, controls including the items of
financial statements of an entity. This SIA describes the basic elements of an internal audit
report such as opening, objectives, scope paragraphs, and executive summary. This SIA
also deals with the different stages of communication and discussion of the report and
describes the reporting responsibilities of the internal auditor when there is a limitation on
the scope. The Standard also lays down the reporting responsibilities of the internal auditor
when there is restriction on usage and circulation of the report.
5.4.7 Sampling
Sampling is that part of statistical practice concerned with the selection of individual
observations intended to yield some knowledge about the audit population, especially for the
purpose of statistical inference. The Institute of Chartered Accountants of India had also
issued the Standard on Internal Audit (SIA) 5, Sampling. The Standard on Internal Audit
(SIA) 5, Sampling provides the guidance regarding the design and selection of an audit
sample and also on the use of the audit sampling in the internal audit engagements. This
SIA also deals with the evaluation of the sample results. This Standard also provide
guidance on the use of sampling in risk assessment procedures and tests of controls
performed by the internal auditor to obtain an understanding of the entity, business and its
environment, including mechanism of its internal control. The areas covered by the SIA
include design of sample, tolerable and expected error, selection of sample, evaluation of
sample results, analysis of errors in the sample, projection of errors, reassessing sampling
risk. This also describes the internal auditors documentation requirements in the context of
the sampling.
179
180