Internal Audit - Chapter 9 - Finance Code
Para 929. Internal Audit- Focus -Traditionally, the focus of internal audit has been on compliance of rules, regulations, policies and procedures. As is evident from the role assigned to the Internal Audit Wings in the “Redefined Charter for Financial Advisors” issued by Ministry of Finance on June 1, 2006, the remit of Internal Audit has been enlarged. While Compliance Audit remains important, internal auditors are now expected to focus on evaluation of controls with reference to the risks and to provide an assurance to the Management that the controls are functioning in the intended manner and hence there is a reasonable assurance that the goals and objectives of Ministry/Department will be achieved. Through this, Internal Audit contributes to the efforts to strengthen governance processes in Ministries/Departments.
Para 930. Internal Audit Process: The internal audit process comprises of five action phases. 1. Planning the audit engagement. 2. Preparing for Audit. 3. Performing the audit engagement. 4. Reporting upon the audit engagement; and 5. Follow up action. 931. A typical internal audit assignment involves the following steps: 1) Establish and communicate the scope and objectives for the audit to appropriate management/authorities. 2) Develop an understanding of the operational area under review. This includes objectives, measurements and key transaction types. This involves review of documents and interaction with the auditee. Flowcharts and narratives may be created if necessary. 3) Describe the risks facing the business activities within the scope of the audit. 4) Identify control procedures used to ensure each key risk and transaction type is properly controlled and monitored. 5) Develop and execute a risk based sampling and testing approach to determine whether the most important controls are operating as intended. 6) Report problems identified and review action plans with management to address the problems.7) Follow-up on reported findings at appropriate intervals for which Internal Audit departments must maintain a follow up database.
Para 932. Internal audit is a concurrent process and may not involve the detailed audit process, unless it is a specific theme based audit, undertaken as a special audit. By analyzing and recommending business improvements in critical areas, auditors help the organization to meet its objective. In addition to assessing business processes, Information Technology (IT), Auditors also review information controls.
Here are the simplified notes from your provided content, structured in exam-oriented bullet points with practical illustrations where useful:
Simplified Notes – Internal Audit
1. Focus of Internal Audit
Traditional focus: Checking compliance with rules, regulations, policies, and procedures.
Example: Ensuring Railway staff TA/DA claims are settled strictly as per rules.Redefined role (post June 1, 2006 – Ministry of Finance Charter):
Go beyond compliance.
Evaluate controls against risks.
Provide assurance to management that controls are effective.
Contribution: Strengthens governance processes in Ministries/Departments.
Example: Internal Audit not only checks if railway procurement followed tender rules but also whether risks like inflated pricing or cartel formation are controlled.
2. Internal Audit Process (Five Phases)
Planning the audit engagement – define purpose, scope, and resources.
Preparing for audit – gather background, understand processes, meet auditees.
Performing audit engagement – conduct checks, risk analysis, and test controls.
Reporting audit engagement – document findings, suggest improvements.
Follow-up action – check if corrective measures are implemented.
3. Typical Steps in Internal Audit Assignment
Define scope & objectives → communicate with management.
Understand operational area → review objectives, documents, transactions; interact with auditee; prepare flowcharts if needed.
Example: In Railway Stores Depot audit, study how issue/receipt registers are maintained.Identify risks → e.g., risk of material shortage, revenue leakage.
Identify control procedures → systems to prevent/monitor risks.
Example: Cross-verification of stock ledgers with physical stock.Test controls using risk-based sampling → check whether controls work effectively.
Report problems & agree action plans → management reviews and corrective steps.
Follow-up → maintain database of findings and ensure corrective action.
4. Nature of Internal Audit
Concurrent process → runs alongside operations, not only after completion.
Example: Checking contractor bills before payment, not after final settlement.Special audits → may be theme-based (e.g., “Audit of Passenger Refunds”).
5. Value Addition by Internal Audit
Business process improvements – streamline systems and reduce inefficiency.
IT & Information controls – ensure secure and reliable data management.
Example: Verifying safety of Railway Passenger Reservation System (PRS) to prevent data manipulation.Assurance role – helps the organization achieve goals by improving risk management and control mechanisms.
