Standards on Internal Audit Part-III

Here in this article we have explored two important Standards on Internal Audit Process that must be taken into consideration by the internal auditors while auditing a company or taxpayer. These standards are-

Internal Audit Process

  1. Standard on Internal Audit (SIA) 11: Consideration of fraud in an Internal Audit

This standard state the regulations related to the fraud that has to be considered during the Internal Audit process. The contents of this Standard on Internal Audit or SIA 11 are-

  • Introduction: The SIA 11 states the following-
  • It defines the term “Fraud” as an intentional action done by one or more individuals in the management, governance mechanism or any third party. Such an act involves the deception use to obtain advantages that are illegal or unjust.
  • The management and the people in the governance mechanism have been levied with the primary responsibility for preventing and detecting any frauds or forgery in the company.
  • Objectives of Internal Control System: The management designs, implements and maintains the Internal Control process, to ensure that the following objectives and goals are accomplished-
  • To safeguard the assets of the company.
  • To ensure compliance with the applicable provisions and laws.
  • To bring effectiveness and efficiency in operations.
  • To make the financial reporting more reliable.
  • Elements of Internal Control System: A good Internal Control System in an organization must contain the following elements-
  • The risk assessment process in the entity.
  • A well-defined control environment.
  • Control actions and activities.
  • Communication and information system.
  • Monitoring over the controls.
  • Responsibilities of Internal Auditor: The responsibility of the Internal Auditor while conducting the Internal Audit Process are as follows-
  • Assessing the risks.
  • Monitoring all the activities and procedures.
  • Gathering proper and necessary documentation.
  • Checking the Information system and communication methods used in the organization.
  • Evaluating the control environment of the company.
  • Communicating about the frauds in the company to the management.
  1. Standard on Internal Audit (SIA) 13: Enterprise Risk Management (ERM)

This standard state the regulations related to the risk management involved in the enterprise fraud that must be considered during the Internal Audit process. The contents of this Standard on Internal Audit or SIA 13 are-

  • Introduction: An effective ERM in a company enables the management-
  • In dealing with the following types of involved risks effectively and efficiently:
  • Operational risks
  • Knowledge
  • strategic
  • Financial
  • To associate any uncertainty.
  • To enhance the capacity to build entity values.
  • Process of ERM: The Internal Audit Process involves the following ERM procedures step by step-
  • ERM is a structured, consistent and a continuous mechanism that measures and assess the risks of the entity.
  • It develops strategies for managing these risks within the limits of risk appetite.
  • It consists of various processes related to risk identification, mitigation, monitoring, assurance, prioritization and reporting mechanism.
  • Scope of Internal Auditor’s Work: The scope of the auditor’s work during the Internal Audit Process covers the following-
  • Compliance with the policies on risk management.
  • Level of the risk maturity.
  • In case of the risks that are covered under the plan of internal audit service:
  1. Assessing the risk response and its effectiveness and efficiency.
  2. Assessing the limit of the residual risk score within the risk appetite.
  • Maturity of ERM Structure: It involves the following-
  • Protecting the company from any surprise risks or changes
  • Operating within the limits of the established risk appetite.
  • Creating a system that manages the risks proactively.
  • Protecting the entity’s abilities to attend its core business area.
  • Stabilizing the overall performance of the company with earnings that are less volatile.
  • Disclosure: The following disclosures are to be made in the whole Internal Audit Process and reporting-
  • As a result of the review, assurance rating from high to medium to low
  • Covering all the samples
  • Conduction of appropriate tests
  • Observations and recommendations made by the auditor
Author: Anil Agrawal
EZYBIZ India Consulting LLP, New Delhi. The firm is business and tax consultancy firm providing consultancy in Taxation, Regulatory, Transfer pricing, Valuation, Corporate funding and Business set up matters. He may be reached at 9899217778 or