Internal Audit Project

1

A PROJECT ON

HOW INTERNAL AUDIT CAN CONTROL COST

IN THE SUBJECT

ADVANCED COST ACCOUNTNG

SUBMITTED BY

NAME: SOUMEET D. SARKAR

ROLL NO.: 041

DIVISIONS: A

M.Com. Part – I in Advance Accountancy

UNDER THE GUIDANCE OF

PROF. KEDAR BHIDE

TO

UNIVERSITY OF MUMBAI FOR

MASTER OF COMMERCE PROGRAMME (SEMESTER - I)

YEAR: 2013-14

SVKM’S

NARSEE MONJEE COLLEGE OF COMMERCE &ECONOMICS

VILE PARLE (W), MUMBAI – 400056.

2

EVALUATION CERTIFICATE

This is to certify that the undersigned have assessed and evaluated the project

on “HOW INTERNAL AUDIT CAN CONTROL COST” submitted by

student of M.Com. – Part - I (Semester – I) for the academic year 2013-14. This

project is original to the best of our knowledge and has been accepted for

Internal Assessment.

Name & Signature of Internal Examiner

Name & Signature of External Examiner

PRINCIPAL

Shri. Sunil B. Mantri

3

DECLARATION BY THE STUDENT

I, student of M.Com. (Part – I) Roll No.:041 hereby declare that the project

titled “HOW INTERNAL AUDIT CAN CONTROL COST” for the

subject ADVANCED COST ACCOUNTING submitted by me for

Semester- I of the academic year 2013-14, is based on actual work carried

out by me under the guidance and supervision of PROF. KEDAR BHIDE . I

further state that this work is original and not submitted anywhere else for

any examination.

Place: MUMBAI.

Date:

(SOUMEET D. SARKAR)

Name & Signature of Student

4

ACKNOWLEDGEMENT

It is indeed a great pleasure and proud privilege to present this project

work.

I thank my project guide and M-COM co-ordinator of SVKM’S NARSEE

MONJEE COLLEGE OF COMMERCE AND ECONOMICS, VILE PARLE

(WEST). Their co-operation and guidance have helped me to complete this

project.

I would sincerely like to thank the principal of our college Shri.Sunil

B.Mantri for his support and guidance.

I would also like to thank the college library and its staff for patiently

listening and guiding me and finally. I would like to thank my family and

friends who supported me in this project.

THANK YOU.

5

CONTENT

Sr. No. PARTICULARS Page No.

CHAPTER I – INTRODUCTION

1.1 Meaning & Definition 6

1.2 History of Internal Audit 8

CHAPTER II – INTERNAL AUDIT and COST CONTROL

2.1 Mission of Internal Audit 8

2.2 Purpose of Internal Audit 9

2.3 Objective of Internal Audit 9

2.4 Principles of Internal Audit 10

2.5 Areas of Operation 11

2.6 Essentials of Internal Audit 12

2.7 Roles of Internal Audit 18

3.1 Categories 20

3.2 Standards related to Internal Audit 21

4.1 Cost Control 30

4.2 Methods of Cost Control 31

CHAPTER V – CONCLUSIONS & SUGGESTIONS

5.1 Conclusion 37

5.3 Biblography 38

6

INTRODUCTION:-

The general definition of an audit is an evaluation of a person, organization, system,

process, enterprise, project or product. The term most commonly refers to audits in

accounting, internal auditing and government auditing, but similar concepts also exist in

project management, quality management, water management and energy conservation.

Auditing is defined as a systematic and independent examination of data, statements,

records, operations and performances (financial or otherwise) of an enterprise for a stated

purpose. In any auditing the auditor perceives and recognizes the propositions before him

for examination, collects evidence, evaluates the same and on this basis formulates his

judgment which is communicated through his audit report. The types of audit are:-

1. EXTERNAL AUDIT:- independent of the organisation.

2. INTERNAL AUDIT:- an organization auditing its own systems, a self-assessment.

Here, we will study about internal audit and how it helps to control cost.

INTERNAL AUDIT is an independent, objective assurance and consulting activity

designed to add value and improve an organization's operations. It helps an organization

accomplish its objectives by bringing a systematic, disciplined approach to evaluate and

improve the effectiveness of risk management, control, and governance processes. Internal

audit is a catalyst for improving an organization's governance, risk management and

management controls by providing insight and recommendations based on analyses and

assessments of data and business processes. With commitment to integrity and

accountability, internal audit provides value to governing bodies and senior management

as an objective source of independent advice. Professionals called internal auditors are

employed by organizations to perform the internal auditing activity.

The scope of internal audit within an organization is broad and may involve topics such

as an organization's governance, risk management and management controls over:-

efficiency/effectiveness of operations (including safeguarding of assets), the reliability of

financial and management reporting and compliance with laws and regulations. Internal

7

audit may also involve conducting proactive fraud audits to identify potentially fraudulent

acts; participating in fraud investigations under the direction of fraud investigation

professionals, and conducting post investigation fraud audits to identify control

breakdowns and establish financial loss. Internal audit is an audit conducted by an

internal auditor appointed by the management of the enterprises with a view to

highlighting the weak areas of the organizations. It includes examination and evaluation

of various organizational activities and to produce the helping hand to the management

complete their responsibilities efficiently and effectively. The institute of internal auditor

has defined internal auditing as follows: “ Internal auditing is the independent appraisal

activity within an organization for the review of the accounting, financial and other

operation as a basis for protective and constructive service to the management. It is a

type of control, which functions by measuring and evaluating the effectiveness of other

types of control. It deals primarily with accounting and financial matters but it may also

properly deal with matters of an operating nature.” The internal auditor audits the

accounts and other relevant records daily, regularly or on periodical basis to accomplish

the following requirements:-

1. Internal audit may be conducted to ascertain whether all rules, regulations,

policies, procedures and principles have been followed by the company or not.

2. To check whether the existing internal control system is adequate and effective

and according to the size of the organization.

3. To ensure that all the assets of organization are properly safeguarded, if not, he

reports the management about the drawback with suggestions.

4. To highlight the weak areas of the organization and give suggestion to strengthen

them.

5. To check whether working of the organization is smooth, effective, efficient and

economical.

8

HISTORY OF INTERNAL AUDIT:-

The Internal Auditing profession evolved steadily with the progress of management

science after World War II. It is conceptually similar in many ways to financial auditing

by public accounting firms, quality assurance and banking compliance activities. While

some of the audit technique underlying internal auditing is derived from management

consulting and public accounting professions, the theory of internal auditing was

conceived primarily by Lawrence Sawyer (1911-2002), often referred to as "the father of

modern internal auditing"; and the current philosophy, theory and practice of modern

internal auditing as defined by the International Professional Practices Framework (IPPF)

of the Institute of Internal Auditors owes much to Sawyer's vision.

With the implementation in the United States of the Sarbanes-Oxley Act of 2002, the

profession's exposure and value was enhanced, as many internal auditors possessed the

skills required to help companies meet the requirements of the law. However, the focus

by internal audit departments of publicly traded companies on SOX related financial

policy and procedures derailed progress made by the profession in the late 20th century

toward Larry Sawyer's vision for internal audit. Beginning in about 2010, the IIA once

again began advocating for the broader role internal auditing should play in the corporate

arena, in keeping with the IPPF's philosophy.

MISSION OF INTERNAL AUDIT:-

The internal audit supports effective and efficient discharging of the guiding and

monitoring duties of the organization’s management by producing assurance services for

its internal customers relating to governance, control and risk management processes. The

internal audit brings added value and promotes achievement of the set goals by giving

improvement recommendations, producing objective and independent information and by

training supervisors and employees in understanding and application of monitoring

processes and self-assessment of business and other activities within the organization. The

internal audit sets its own objectives and performs its duties so that the values of the

9

organization are included in them and that these values also guide the work of the

auditors. The internal auditors function as partners of the other organizational parts and

work as experts in different teams (especially development teams) if they do not

endanger their independence.

PURPOSE OF INTERNAL AUDIT:-

The internal audit is one of the management’s control tools who through its operations

assist the entire organization by examining and evaluating the adequacy and efficiency of

internal control, risk management, quality of operations and governance processes. The

internal audit furnishes the organization with analyses, appraisals, recommendations,

counsel and information. The purpose is to ascertain that the internal control system, by

taking into account also the information produced by the external auditors, functions so

that the management can be reasonably sure that the set objectives and goals will be

achieved, the operations are effective, reporting is reliable and safeguarding of assets and

compliance with the laws and regulations is done.

OBJECTIVES OF INTERNAL AUDIT:-

1. To determine the reliability and integrity of information; (i.e. evaluating the

internal control systems and the integrity of financial and operating information

produced by those systems).

2. To determine whether compliance exists with policies, procedures, laws and

regulations.

3. To establish that there is a proper authority for every acquisition, retirement and

disposal of assets.

4. To confirm that liabilities have been incurred only for legitimate activities of the

organization.

5. To appraise the economy and efficiency of resource utilization (i.e. physical,

monetary and most importantly staff).

10

6. To review operations or programs for consistency with established management

goals and objectives.

7. To assist members of the organization in the effective and successful performance

of their responsibilities by providing them with analyses, appraisals,

recommendations and other pertinent information concerning the activities being

reviewed.

8. To analyze and improve the system of internal check, in particular to see that it

is:-

a) working,

b) sound, and

c) economical.

9. To facilitate the prevention and detection of frauds.

10. To review the operation of the overall internal control system and to bring

material departures and non-compliances to the notice of the appropriate level of

management, to locate unnecessary and weak control system effective and

economical.

PRINCIPLES OF ESTABLISHING INTERNAL AUDIT:-

The basic principles of establishing internal audit in a business concern are:-

1. Independence:- The internal audit department should have an independent

status in the organization. The internal auditor must have sufficiently high

status in the organization. He may be required to report directly to the board

of directors.

2. Objectives:- The objectives of the internal audit function should be made very

clear and unambiguous. The objective should be properly communicated so

that internal audit is not viewed as “ over the shoulder check” by other

departments.

3. Clarity In Scope:- The scope of internal audit department must be specified

in a comprehensive manner. The department must at all times, have authority

11

to investigate from the financial angle, every phase of organizational activity

under any circumstance.

4. Definition Of Duties:- The internal audit department’s duty is to review

operations as part of the internal control system. It should not be involved in

performance of executive actions.

5. Internal Audit Department:- The size and qualification of staff of the internal

audit department should be commensurate with the size of the business. The

cost of internal audit department should not exceed the benefits expected to be

derived from it.

6. Reporting:- The programme of internal audit should be time-bound. There

should be provisions for periodic reporting on various operational and other

aspects.

7. Follow-up and review:- There should be sufficient scope for the follow-up

action on the various points raised in internal audit report. Top management

should take active part in ensuring compliance with action points raised in the

report.

8. Relationship with Statutory Auditor:- The copy of the internal audit report

should be made available to the statutory auditor, who can deal with the same

in the manner as he deems fit.

AREAS in which INTERNAL AUDIT OPERATES:-

Internal audit covers the following areas-

1) Review of Accounting System and Related Internal Controls:- The

establishment of an adequate accounting system and related controls is the

responsibility of management which demands proper attention on a continuous

basis. The internal audit function is often assigned specific responsibility by

management for reviewing the accounting system and related internal controls,

monitoring their operation and recommending improvements thereto.

12

2) Examination for Management of Financial and Operating Information:- This

may include review of the means used to identify, measure, classify and report

such information and specific inquiry into individual items including detailed

testing of transactions, balances and procedures.

3) Examination of the Economy, Efficiency and Effectiveness of Operations

including Non-Financial Controls of an Organization:- Generally, the external

auditor is interested in the results of such audit work only when it has important

bearing on the reliability of the financial records.

4) Physical Examination and Verification of Tangible Assets

ESSENTIALS OF INTERNAL AUDITING:-

The essentials for effective internal auditing are:-

I. Independence:- The internal auditor should have the independence in terms of

organizational status and personal objectivity which permits the proper performance

of his duties.

II. Staffing and Training:- The internal audit unit should be appropriately staffed in

terms of numbers, grades, qualifications and experience, having regard to its

responsibilities and objectives. The internal auditor should be properly trained to

fulfill all his responsibilities. The effectiveness of internal audit depends

substantially on the quality, training and experience of its staff. The aim should be

to appoint staff with the appropriate background, personal qualities and potential.

Thereafter, steps should be taken to provide the necessary experience, training and

continuing professional education.

STAFFING

The internal audit unit should be managed by a head of internal audit who should

be suitably qualified and should possess wide experience in internal audit and its

management. He should plan, direct, control and motivate the resources available

to ensure that the responsibilities of the internal audit unit are met. The full range

of duties may require internal audit staff to be drawn from a variety of

13

disciplines. The effectiveness of internal audit may be enhanced by the use of

specialist staff, particularly in the internal audit of activities of a technical nature.

The internal audit unit should employ staff with varying types and levels of skills,

qualifications and experience in order to satisfy the requirements of each internal

audit task.

TRAINING

The organization has a responsibility to ensure that the internal auditor receives

the training necessary for the performance of the full range of duties. Training

should be tailored to the needs of the individual. It should include both

theoretical knowledge and its practical application under the supervision of suitably

competent and experienced internal auditors. Account should be taken of:-

a) internal audit objectives and priorities;

b) the type of internal audit work;

c) previous training, experience and qualifications; and

d) personal development in the light of the needs of the organization and the

internal audit unit.

The internal auditor should keep abreast of current developments, improvements,

new techniques and practices in auditing. The head of internal audit should co-

ordinate, and keep under review, the training requirements of internal auditors. He

should be responsible for preparing training profiles which identify the training

requirement for different grades of internal auditors, and should maintain personal

training records for each individual. In large organizations this may be performed

by a designated training officer.

III. Relationships:- The internal auditor should seek to foster constructive working

relationship and mutual understanding with management, with external auditors,

with any other review agencies and, where one exist, the audit committee. In order

that the internal auditor may properly perform all his tasks, it is necessary for all

those with whom he has contact to have confidence in him. Constructive working

relationships make it more likely that internal audit work will be accepted and

acted upon, but the internal auditor should not allow his objectivity to be

impaired.

14

Organizational Relationships

The head of internal audit should prepare the internal audit plan in consultation

with senior management. The internal auditor should arrange the timing of internal

audit assignments in consultation with the management concerned, except on those

rare occasions where an unannounced visit is a necessary part of the audit

approach. Consultation can lead to the identification of areas of concern or of

other interest to management. Matters which arise in the course of the audit are

confidential and discussion should be restricted to management directly responsible

for the area being audited unless they have given express agreement to broaden

the discussion. Discussions with management are necessary when preparing the

audit report. This is an essential feature of the good relationship between the

auditor and the management.

Relationship with External Audit

The relationship between internal and external audit needs to take account of their

differing roles and responsibilities. Internal audit is an independent appraisal

function within the organization and internal auditors are direct employees. The

external auditor usually has a statutory responsibility to express an independent

opinion on the financial statements and stewardship of the organization. The aim

should be to achieve mutual recognition and respect, leading to a joint

improvement in performance and the avoidance of unnecessary over-lapping of

work. It should be possible for the external and internal auditors to rely on each

other's work, subject to limits determined by their different responsibilities,

respective strengths and special abilities. Consultations should be held and

consideration given to whether any work of either auditor is adequate for the

purpose of the other. The internal auditor does not automatically have a right of

access to the records of the external auditor. However, the relationship between

the internal and external auditor will usually be such that the external auditor will

be able to allow access to the necessary records. Since internal audit evaluates an

organization's internal control system the external auditor may need to be satisfied

that the internal audit function is being planned and performed effectively. This

review needs to be seen by both parties as a necessary part of the working

15

relationship (Institute's International Auditing Guideline No: 10 on "Using the work

of an Internal Auditor"). Regular meetings should be held between internal and

external auditors at which joint audit planning, priorities, scope and audit findings

are discussed and information exchanged. The benefits of joint training

programmes and joint audit work should also be considered.

Review Agencies and Specialists

Certain information obtained during an internal audit assignment may assist a

review agency, such as management services or consultants, which are seeking to

secure improvements in the organization's performance. Management's formal

approval should be obtained before releasing any audit report or other information

to the review agencies. The internal auditor should establish a regular dialogue

with review agencies and obtain their reports for information, review and

comment where proposals may affect internal control arrangements. Where it is

necessary for the internal auditor to have contact with other specialists the same

basic principles about information apply as in the case of review agencies.

IV. Due Care:- The internal auditor should exercise due care in fulfilling his

responsibilities. The internal auditor cannot be expected to give total assurance that

control weaknesses or irregularities do not exist. In order to demonstrate that due

care has been exercised the internal auditor should be able to show that his work has

been performed in a way which is consistent with this guideline. The internal auditor should

possess a thorough knowledge of the aims of the organization and the internal

control system. He should also be aware of the relevant laws and the requirements

of relevant professional and regulatory bodies. The internal auditor must be

impartial in discharging all responsibilities; bias, prejudice or undue influence must

not be allowed to limit or over-ride objectivity. At all times, the integrity and

conduct of the internal auditor must be above reproach. He should not place

himself in a position where responsibilities and private interests conflict and any

personal interests should be declared. The internal auditor should not improperly

disclose any information obtained during the course of his work.

16

V. Planning, Controlling And Recording:- The internal auditor should adequately plan,

control and record his work. The main purposes of internal audit planning are:-

a) To determine priorities and to establish the most cost-effective means of

achieving audit objectives;

b) To assist in the direction and control of audit work;

c) To help ensure that attention is devoted to critical aspects of audit work;

and

d) To help ensure that work is completed in accordance with pre-determined

targets.

Control of the internal audit unit and of individual assignments is needed to

ensure that internal audit objectives are achieved and work is performed

effectively. The most important elements of control are the direction and

supervision of the internal audit staff and review of their work. This will be

assisted by an established audit approach and standard documentation. The degree

of control and supervision required depends on the complexity of assignments and

the experience and proficiency of the internal audit staff.

Internal audit work should be properly recorded because:-

a) The head of internal audit needs to be able to ensure that work delegated

to staff has been properly performed. He can generally do this only by

reference to detailed working papers prepared by the internal audit staff

who performed the work;

b) Working papers provide, for future reference, evidence of work performed,

details of problems encountered and conclusions drawn; and

c) The preparation of working papers encourages each internal auditor to

adopt a methodical approach to his work.

VI. Evaluation of the Internal Control System:- The internal auditor should identify

and evaluate the organization's internal control system as a basis for reporting upon

its adequacy and effectiveness.

VII. Evidence:- The internal auditor should obtain sufficient, relevant and reliable

evidence on which to base reasonable conclusions and recommendations. Internal

audit evidence is information obtained by an internal auditor which enables

17

conclusions to be formed on which recommendations can be based. The internal

auditor should determine what evidence will be necessary by exercising judgement

in the light of the objectives of the internal audit assignment. This judgement will

be influenced by the scope of the assignment, the significance of the matters under

review, the relevance and the reliability of available evidence and the cost and

time involved in obtaining it. The collection and assessment of internal audit

evidence should be recorded and reviewed to provide reasonable assurance that

conclusions are soundly based and internal audit objectives achieved.

VIII. Reporting and Follow-Up:- The internal auditor should ensure that findings,

conclusions and recommendations arising from each internal audit assignment are

communicated promptly to the appropriate level of management and he should

actively seek a response. He should ensure that arrangements are made to follow

up audit recommendations to monitor what action has been taken on them. Internal

audit reports provide a formal means of communicating to management the results

arising from audits undertaken. Such reports should include audit findings,

recommendations and conclusions relating to the adequacy of and compliance with

the system of internal control and the efficiency, effectiveness and economy of

operations in the area covered by the audit. From the point of view of

completeness, management response to the audit findings should preferably also be

included in the report. The aim of every internal audit report should be:-

a) To prompt management action to implement recommendations for change

leading to improvement in performance and control; and

b) To provide a formal record of points arising from the internal audit

assignment and, where appropriate, of agreements reached with management.

18

DIFFERENT ROLES of INTERNAL AUDIT:-

1. Role in Internal Control:- Internal auditing activity is primarily directed at

improving internal control. Internal control is broadly defined as a process,

effected by an entity's board of directors, management and other personnel,

designed to provide reasonable assurance regarding the achievement of objectives

in the following internal control categories:-

a) Effectiveness and efficiency of operations.

b) Reliability of financial reporting.

c) Compliance with laws and regulations.

Management is responsible for internal control. Managers establish policies and

processes to help the organization achieve specific objectives in each of these

categories. Internal auditors perform audits to evaluate whether the policies and

processes are designed and operating effectively and provide recommendations for

improvement.

2. Role in Risk Management:- Internal auditing professional standards require the

function to monitor and evaluate the effectiveness of the organization's risk

management processes. Risk management relates to how an organization sets

objectives, then identifies, analyzes, and responds to those risks that could

potentially impact its ability to realize its objectives. Risks fall under strategic,

operational, financial reporting, and legal/regulatory categories. Management

performs risk assessment activities as part of the ordinary course of business in

each of these categories. Examples include:- strategic planning, marketing planning,

capital planning, budgeting, hedging, incentive pay out structure, and credit/lending

practices. Internal auditors may evaluate each of these activities, or focus on the

processes used by management to report and monitor the risks identified. For

example, internal auditors can advise management regarding the reporting of

forward looking operating measures to the Board, to help identify emerging risks.

In larger organizations, major strategic initiatives are implemented to achieve

objectives and drive changes. As a member of senior management, the Chief

Audit Executive (CAE) may participate in status updates on these major

19

initiatives. This places the CAE in the position to report on many of the major

risks the organization faces to the Audit Committee, or ensure management's

reporting is effective for that purpose. Internal auditors may help companies

establish and maintain Enterprise Risk Management processes.

3. Role in Corporate Governance:- Internal auditing activity as it relates to

corporate governance is generally informal, accomplished primarily through

participation in meetings and discussions with members of the Board of Directors.

Corporate governance is a combination of processes and organizational structures

implemented by the Board of Directors to inform, direct, manage and monitor the

organization's resources, strategies and policies towards the achievement of the

organizations objectives. The internal auditor is often considered one of the "four

pillars" of corporate governance, the other pillars being the Board of Directors,

management, and the external auditor. A primary focus area of internal auditing

as it relates to corporate governance is helping the Audit Committee of the Board

of Directors (or equivalent) perform its responsibilities effectively. This may

include reporting critical internal control problems, informing the Committee

privately on the capabilities of key managers, suggesting questions or topics for

the Audit Committee's meeting agendas, and coordinating carefully with the

external auditor and management to ensure the Committee receives effective

information.

20

CATEGORIES of INTERNAL AUDIT:-

1. System Based Audit:- It refers to an in-depth evaluation of the internal control

system with the objective to assess to extent to which the controls are functioning

effectively. It is designed to assess the accuracy and completeness of financial

statements, the legality and regularity of underlying transactions and the economy,

efficiency and effectiveness of operations. A systems based audit should be

followed-up through substantive testing of a number of transactions, account

balances, etc. to determine whether the financial statements of the auditee are

accurate and complete, the underlying transactions legal and regular and/or the

criteria for economy, efficiency and effectiveness have been achieved.

2. Performance Audit or Operational Audit:- It assesses whether the activity,

programme or body has been managed economically and/or efficiently and/or

effectively. A particular performance audit will not necessarily seek to reach

conclusions about all three aspects above:- it should be clear from the audit

objectives, which need to be examined. When carrying out audits of economy or

efficiency, however, the auditor does need to make a general consideration of the

effectiveness of the audited entity:- it may be better that the entity does the right

thing badly rather than doing the wrong thing well.

3. Financial or Accounting Audit:- It evaluates the accuracy of the accounting and

related procedures and practices. It assesses the accuracy and completeness of the

financial statements of the activity, programme or body being audited; and/or

evaluates whether the transactions underlying the financial statements are legal and

regular. However, according to the definition of internal auditing, internal auditors

are mainly evaluating the system of internal control. Therefore internal auditors

primary interest is not the accounting as such, but rather the controls which

ensures the quality of accounting information and financial reporting.

4. Compliance Audit:- It evaluates the how well the organization conforms and

adherences with relevant policies, plans, procedures, laws, regulations, and

contracts. Usually all audits include the compliance element, because the auditor

uses the laws, policies and regulations as a yardstick to measure the performance

21

of the organization. Therefore these guidelines do not contain separate section for

compliance audit, but the aspect is included in all audit instructions later in these

guidelines.

STANDARDS RELATED to INTERNAL AUDIT:-

1. Standard on Internal Audit 1 - Planning an Internal Audit

a) Internal audit plan should cover areas such as obtaining knowledge of legal

and regulatory framework within which the entity operates, obtaining

knowledge of the entity’s accounting and internal control systems and

policies, determining the effectiveness of internal control procedures adopted

by the entity, determining the nature, timing and extent of procedures to be

performed, identifying activities warranting special focus based on

materiality and criticality of such activities, and their overall effect on

operations of the entity, identifying and allocating staff to different

activities to be undertaken.

b) Planning process includes obtaining knowledge of business, establishing the

audit universe, establishing the objectives of engagement, establishing scope

of the engagement, deciding resource allocation, preparation of audit

programed.

c) Plan to be finalised in consultation with the appropriate authority before

commencement of the work.

2. Standard on Internal Audit 2 - Basic Principles Governing Internal Audit

a) Internal auditor should adhere to the basic principles governing an internal

audit.

b) These principles are integrity, objectivity and independence, confidentiality,

skills and competence, work performed by others, documentation, planning,

internal audit evidence, accounting system and internal control, and internal

audit conclusions and reporting.

22

3. Standard on Internal Audit 3 - Documentation

a) Internal audit documentation should be designed and properly organized to

meet the requirements and circumstances of each audit. To formulate

policies for standardization of internal audit documentation.

b) It should be sufficiently complete and detailed for an internal auditor to

obtain an overall understanding of the audit.

c) It should cover all the important aspects of an engagement viz.,

engagement acceptance, engagement planning, risk assessment and

assessment of internal controls, evidence obtained and examination /

evaluation carried out, review of the findings, communication and reporting

and follow up.

4. Standard on Internal Audit 4 - Reporting

a) To review and assess the analysis drawn from internal audit evidence

obtained as the basis for his conclusion on the efficiency and effectiveness

of systems, processes and controls including items of financial statements.

b) Report clearly expressing significant observations, suggestion /

recommendations based on the policies, processes, risks, controls and

transaction processing taken as a whole and managements responses.

c) Report includes basic elements such as title, addressee, report distribution

list, period of coverage of the report, opening or introductory paragraph,

objectives paragraph, scope paragraph (describing the nature of an internal

audit), executive summary (highlighting key material issues, observations,

control weaknesses and exceptions), observations, findings and

recommendations made by the internal auditor, comments from the local

management, action taken report – action taken / not taken pursuant to the

observations made in the previous internal audit reports, date of the report,

place of signature and Internal auditor’s signature with membership number.

23

5. Standard on Internal Audit 5 - Sampling

a) Design and select an audit sample, perform audit procedures thereon, and

evaluate sample results so as to provide sufficient appropriate audit

evidence to meet the objectives of internal audit engagement unless

otherwise specified by the client.

b) When designing an audit sample, internal auditor should consider specific

audit objectives, the population from which internal auditor wishes to

sample, and the sample size.

c) When determining the sample size, internal auditor should consider

sampling risk, tolerable error and the expected error.

6. Standard on Internal Audit 6 - Analytical Procedures

a) To apply analytical procedures as the risk assessment procedures at the

planning and overall review stages of internal audit.

b) Analytical procedures are analysis of significant ratios and trends including

resulting investigation of fluctuations and relationships that are inconsistent

with other relevant information or which deviate from predicted amounts.

c) Factors to be considered for analytical procedures are significance of the

area being examined, adequacy of the system of internal control,

availability and reliability of financial and non–financial information, the

precision with which results of analytical procedures can be predicted,

availability and comparability of information regarding the industry in

which the organization operates, the extent to which other auditing

procedures provide support for audit results. After evaluating the

aforementioned factors, internal auditor should consider and use additional

auditing procedures, as necessary, to achieve the audit objective.

7. Standard on Internal Audit 7 - Quality Assurance in Internal Audit

a) A system for assuring quality in internal audit should provide reasonable

assurance that the internal auditors comply with professional standards,

regulatory and legal requirements, so that the reports issued by them are

24

appropriate in the circumstance. In order to ensure compliance with the

professional standards, regulatory and legal requirements, and to achieve the

desired objective of internal audit, a person within the organization should

be entrusted with the responsibility for the quality in the internal audit,

whether done in–house or by an external agency.

b) In case of in–house internal audit or a firm carrying out internal audit, the

person entrusted with the responsibility for the quality in internal audit

should ensure that the system of quality assurance includes policies and

procedures addressing leadership responsibilities for quality in internal audit,

ethical requirements, acceptance and continuance of client relationship and

specific engagement, as may be applicable, human resources, engagement

performance, monitoring. The quality assurance framework should cover all

the elements of internal audit activity.

8. Standard on Internal Audit 8 - Terms of Internal Audit Engagement

a) Internal auditor and the auditee should agree on the terms of engagement

before commencement. Terms should be approved by the Board of

Directors or a relevant Committee thereof such as the Audit Committee or

such other person(s) as may be authorized by the Board in this regard.

b) It should contain a statement in respect of the scope of internal audit

engagement.

c) It should clearly mention that internal auditor would not be involved in the

preparation of auditee’s financial statements. It should also be made clear

that the internal audit would not result in the expression of an opinion or

any other form of assurance on the auditee’s financial statements or any

part thereof.

d) The terms of engagement should clearly mention the responsibility of the

auditee vis-a-vis the internal auditor.

25

9. Standard on Internal Audit 9 - Communication with Management

a) Internal auditor while performing audit should communicate clearly the

responsibilities of internal auditor and an overview of the planned scope

and timing of audit with the management.

b) Communication regarding the planned scope and timing of internal audit

may assist the management to understand better the objectives of internal

auditor’s work, to discuss issues of risk and materiality with internal

auditor and to identify any areas in which they may request the internal

auditor to undertake additional procedures, assist the internal auditor to

understand the entity and its environment better.

c) Different stages of communication and discussion should be:- discussion of

draft; exit meeting; formal draft; and final report.

10. Standard on Internal Audit 10 - Internal Audit Evidence

a) To obtain sufficient appropriate evidence to enable him to draw reasonable

conclusions there from on which to base his opinion or findings.

b) Scope of an internal audit is much broader in comparison to that of

statutory audit. The depth of coverage of internal audit, being a

management function, would also be much wider. An internal audit

function normally is spread beyond checking of financial transactions and is

expected to cover comments on internal control

systems, risk management, propriety aspect of transactions.

c) To evaluate sufficiency of appropriate audit evidence before conclusions

there from. The internal audit evidence should enable internal auditor to

form an opinion on the scope of the terms of engagement.

11. Standard on Internal Audit 11 - Consideration of Fraud in an Internal Audit

a) An internal auditor is not expected to possess skills and knowledge of a

person expert in detecting and investigating frauds, he should, however,

have reasonable knowledge of factors that might increase the risk of

26

opportunities for frauds in an entity and exercise reasonable care and

professional skepticism while carrying out internal audit.

b) A system of internal control comprise of following five elements namely

control environment, entity’s risk assessment process, information system

and communication, control activities and monitoring of controls. It is

essential for internal auditor to gain an understanding of the components of

system of internal control.

c) The primary responsibility for prevention and detection of frauds is that of

the management of the entity. The internal auditor should, however, help

the management fulfill its responsibilities relating to fraud prevention and

detection.

12. Standard on Internal Audit 12 - Internal Control Evaluation

a) The system of internal control must be under continuous supervision by

management to determine that it is functioning as prescribed and is

modified, as appropriate, for changes in environment. Internal control

system extends beyond those matters which relate directly to the functions

of accounting system and comprises of control environment and control

activities.

b) To examine the continued effectiveness of internal control system through

evaluation and make recommendations, if any, for improving that

effectiveness. To focus towards improving internal control structure and

promoting better corporate governance.

c) To obtain an understanding of significant processes and internal control

systems sufficient to plan the internal audit engagement and develop an

effective audit approach, assess and evaluate the maturity of entity’s

internal control, assess management’s attitudes, awareness and actions

regarding internal controls and their importance in the entity.

27

13. Standard on Internal Audit 13 - Enterprise Risk Management

a) Risk is an event which can prevent, hinder, fail to further or otherwise

obstruct the enterprise in achieving its objectives. Risk may be broadly

classified into Strategic, Operational, Financial and Knowledge.

b) ERM is a structured, consistent and continuous process of measuring or

assessing risk and developing strategies to manage risk within the risk

appetite. It involves identification, assessment, mitigation, planning and

implementation of risk and developing an appropriate risk response policy.

Management is responsible for establishing and operating the risk

management framework.

c) ERM process consists of Risk identification, prioritization and reporting,

Risk mitigation, Risk monitoring and assurance. The corporate risk function

establishes the policies and procedures, and the assurance phase is

accomplished by internal audit. The role of internal auditor is to provide

assurance to management on the effectiveness of risk management.

14. Standard on Internal Audit 14 - Internal Audit in an Information Technology

Environment

a) The overall objective and scope of an internal audit does not change in an

IT environment. However, the use of a computer changes the processing,

storage, retrieval and communication of financial information and the

interplay of processes, systems and control procedures. This may affect the

internal control systems employed by the entity. Accordingly, and IT

environment may affect the procedures followed by the internal auditor in

obtaining a sufficient understanding of the processes, systems and internal

control system and the auditor’s review of the entity’s risk management and

continuity systems.

b) To consider the effect of an IT environment on internal audit engagement,

inter alia the extent to which IT environment is used to record, compile,

process and analyse information and the system of internal control in

existence in the entity with regard to flow of authorised, correct and

28

complete data to the processing centre, the processing, analysis and

reporting tasks undertaken in the installation and the impact of computer–

based accounting system on the audit trail that could otherwise be expected

to exist in an entirely manual system.

c) To have sufficient knowledge of information technology systems to plan,

direct, supervise, control and review the work performed. The sufficiency of

knowledge would depend on the nature and extent of the IT environment.

15. Standard on Internal Audit 15 - Knowledge of the Entity and its Environment

a) To obtain knowledge of the economy, entity’s business and its operating

environment, including its regulatory environment and the industry in which

it operates, sufficient to enable him to review the key risks and entity–

wide processes, systems, procedures and controls. To identify sufficient,

appropriate, reliable and useful information to achieve the objectives of the

engagement.

b) Prior to accepting an engagement, the internal auditor should obtain a

preliminary knowledge of the industry and of the nature of ownership,

management, regulatory environment and operations of the entity subjected

to internal audit, and should consider whether a level of knowledge of the

entity’s business adequate to perform the internal audit can be obtained.

c) Following the acceptance of the engagement, further and more detailed

information should be obtained.

16. Standard on Internal Audit 16 - Using the Work of an Expert

a) To obtain technical advice and assistance from competent experts if the

internal audit team does not possess necessary knowledge, skills, expertise

or experience needed to perform all or part of the internal audit

engagement.

b) When the internal auditor uses the work of an expert, he should satisfy

himself about the competence, objectivity and independence of such expert

and consider the impact of such assistance or advice on the overall result

29

of internal audit engagement, especially in cases where the outside expert

is engaged by senior management or those charged with governance.

c) When determining whether to use the work of an expert or not, internal

auditor should consider the materiality of the item being examined, the

nature and complexity of the item including the risk of error therein, the

other internal audit evidence available with respect to the item.

17. Standard on Internal Audit 17 - Consideration of Laws and Regulations in an

Internal Audit

a) It is the primary responsibility of management, with the oversight of those

charged with governance, to ensure that the entity’s operations are

conducted in accordance with the provisions of laws and regulations,

including compliance with the provisions of laws and regulations that

determine the reported amounts and disclosures in an entity’s financial

statements.

b) The objectives of the internal auditor are to obtain sufficient appropriate

audit evidence regarding compliance with the provisions of those laws and

regulations generally recognised to have a direct effect on the

determination of material amounts and disclosures in the financial

statements, to perform specified audit procedures to help identify instances

of non-compliance with other laws and regulations that may have a

significant impact on the functioning of the entity and to respond

appropriately to non-compliance or suspected non-compliance with laws and

regulations identified during the internal audit.

30

COST CONTROL:-

Cost control and reduction refers to the efforts business managers make to monitor,

evaluate, and trim expenditures. These efforts might be part of a formal, company-wide

program or might be informal in nature and limited to a single individual or department.

In either case, however, cost control is a particularly important area of focus for small

businesses, which often have limited amounts of time and money. In a small business

the focus is often on selling and servicing the customer. This leaves the task of

purchasing slightly sidetracked. Even seemingly insignificant expenditures - for items like

office supplies, telephone bills, or overnight delivery services - can add up for small

businesses. On the plus side, these minor expenditures can often provide sources of cost

savings.

Cost control refers to management's effort to influence the actions of individuals who are

responsible for performing tasks, incurring costs, and generating revenues. First managers

plan the way they want people to perform, then they implement procedures to determine

whether actual performance complies with these plans. Cost control is a continuous

process that begins with the annual budget. As the fiscal year progresses, management

compares actual results to those projected in the budget and incorporates into the new

plan the lessons learned from its evaluation of current operations. Through the budget

process and accounting controls, management establishes overall company objectives,

defines the centers of responsibility, and determines specific objectives for each

responsibility center, and designs procedures and standards for reporting and evaluation.

Cost control is the practice of managing and/or reducing business expenses. Cost controls

starts by the businesses identifying what their costs are and evaluate whether those costs

are reasonable and affordable. Then, if necessary, they can look for ways to cut costs

through methods such as cutting back, moving to a less expensive plan or changing

service providers. The cost control process seeks to manage expenses ranging from

phone, internet and utility bills to employee payroll and outside professional services. To

be profitable, companies must not only earn revenues, but also control costs. If costs are

too high, profit margins will be too low, making it difficult for a company to succeed

against its competitors. In the case of a public company, if costs are too high, the

31

company's may find that its share price is depressed and that it is difficult to attract

investors. The following are some simple successful cost control methods:-

1. Review and Modify Business Model:- There is a great, economically and

commercially successful business model, that is used to lay down the foundations

of any company. The business model must be however subject to small and big

changes. It means as a manager, you should subject the business model to

changes according to your competitors actions and markets status. By the term

change, I also mean that you should be upgrading and improving all possible

business operations. You need to come up with new process and procedures to

reduce costs.

2. Daily Updates:- One of the best ways to start controlling costs it to have daily

updates of production, all possible long and short term expenditures. Divide all

these expenditures, even the ones such cost of machinery or insurance, and sales,

by the number of working days. This will give you a concrete figure of the total

amount that has been spent. Similarly after sales of your goods or services, you

may also divide the total amount of sales by the number of working days. This

will give you a micro figure about the daily expenditure and sales. It will

definitely help you to zero down on all possible cost problems that you incur.

3. Uniformity:- Cost control management is all about deriving the best outputs in a

least cost. Hence, set up a highly efficient and specialized stores department which

will oversee all purchases. You may also take a risk and make long term

agreements regarding the quality and quantity of materials that are being supplied

to your manufacturing process. This uniformity will ensure a timely, cheap and

assured supply of raw materials.

4. Time Planning:- Time is money! Well divide the amount of wages that you give

out with the number of work hours per month. Explain to the employees per

hour expenditures that you incur, and hence the necessity for time management.

You may also install good cost control systems, in order to help your employees

to manage their work hours well. A cost control software will also work wonders

in the finance and accounting department.

32

5. Renegotiate all Contracts Annually:- For whatever reason, businesses presume

that multiple year contracts will result in lower costs. Maybe sometimes, but not

always. A smart company policy is not to have the life of a contract exceed one

year. This forces annual bidding or at least renewal discussions with the current

suppliers. Almost always these discussions will result in lower cost of goods. A

multi-year contract will usually favor the vendor. Of course this is a lot of work,

but it sure pays out.

6. Ask your Customers:- Annual planning sessions with customers have many

benefits. Naturally these discussions primarily should focus on ways to grow the

business. But too often these discussions fail to address costs. By discussing costs

holistically up and down the combined supply chains, customers often can

recommend ways to reduce costs. For example, how to take wasted steps out of

the process, or how to plan jointly to smooth production, or maybe even how to

change the product mix to get rid of costly items and replace them with some

that are more profitable. Talking to the customer is never a bad thing. But talking

about how to jointly improve business deepens the relationship, shows them you

care, and helps reduce costs for both parties.

7. Match terms with turns:- Each item in your inventory moves at a different rate,

and yet suppliers normally apply a one size fits all approach to payment terms.

You can reduce your working capital to zero if payment terms were matched with

the inventory turns of each item. By negotiating this into your contracts it incents

the suppliers only to sell the best moving items and to work with you to improve

inventory productivity. The results will free up cash that can be deployed

elsewhere in the business and improve profits.

8. Ask Vendors to own their Inventory:- Better even than matching terms with

turns is to have the vendors keep title to their inventory until sold. Normally

inventory acquired from a vendor is held in your warehouse for use in

manufacturing conversion or resale to your customers. But why think of it as

your inventory, it hasn’t been used yet so why isn’t it their inventory. Best

planning results in “just-in-time” delivery so there is no inventory. But this isn’t

always possible, for instance, in industries like retail where that inventory is

33

necessary for your own customers. But again, why are you paying them and then

sitting on their inventory. They need to own the inventory until time of sale. This

is commonly referred to as “scan based trading” or “just-in-time trading.”

INTERNAL AUDIT and COST CONTROL:-

Many organizations focus their cost reduction efforts around the numbers. This is the

reason why cost reduction initiatives are regarded as the sole domain of the financial

community. Cost cutting is often no more than a review of the budget, the introduction

of a saving against each line item, and then monitoring actual versus planned spend.

There is no problem with this approach if it is short-term cuts that are wanted. It is

easy to reduce costs by a small amount on each line item by delaying expenditure into

a future period. However, these are not real savings and the organization loses the

opportunity to review underlying business practices during difficult economic periods that

have the potential to create sustainable cost savings. Once the pressure is off, these “so

called” cost savings quickly come back into the budgets and management are none the

wiser. This is the tactical response to cost cutting. It can be done and it does have

benefits but these are mainly short term in nature. On the other hand, organizations that

approach their cost reduction efforts in a strategic manner have the opportunity to

significantly strengthen their competitive position from a cost perspective rather than just

survive the current economic downturn. Activity-based cost reduction is a strategic

response to cost cutting that provides sustainable benefits. This means the focus shifts

from the individual line items on the income statement or balance sheet toward the

underlying activities that drive the expenditure. Once these underlying activities are

understood, it is relatively easy to identify and prioritize improvements that will have a

larger and longer-term impact on the business.

The biggest risk for any major initiative is the ability of the organization to sustain the

benefits. In a survey of 115 multinationals taken from the Financial Times Stock

Exchange’s top 350 companies, it was found that 70% could not sustain the benefits of

their cost reduction efforts beyond two years. Often this is due to the fact that the

34

changes introduced are not continuously re-enforced through regular, visible reporting of

the key measures that determined success in the beginning. The organization loses sight

of those aspects that were considered essential when the program was first introduced.

This is where the internal audit function can play a significant role.

The internal audit function should be an integral part of any strategic cost reduction

program because it can ensure the redesigned business processes, activities and structures

(if any) remain responsive to the risks, and are embedded in the business methods and

practices.

The value that can be achieved by the inclusion of the internal audit function is

immense, as it can support a number of strategic objectives, including the following:

1. Achieving buy-in to the cost reduction program from a broader group of

stakeholders.

2. Improving visibility at management, executive and board levels by ensuring

internal audit reports include commentary on the cost cutting initiatives.

3. Identifying the risks and implications of cost reduction initiatives.

4. Providing valuable input and insight into the key processes and activities that

drive certain costs.

5. Identifying critical improvement drivers to keep the business focused on priority

areas.

6. Bringing a process and control capability to the overall program.

7. Monitoring and evaluating key performance indicators on a continuous basis.

8. Developing regular reviews as part of the annual internal audit plan to support

sustainability.

9. Providing an objective view point on the proposed initiatives prior to, during and

after the introduction of the cost cutting program.

10. Reporting on the benefits realized by the program.

As an example, overtime cost was considered to be excessive in one very large

organization. Certain employees were actually earning more by way of overtime pay than

from their regular salaries. Management decided to cut this cost, especially as difficult

economic circumstances were resulting in lower business activity levels. As a result of

the increased focus on overtime pay together with more regular reporting, the cost began

35

to show a reducing trend. However, as often happens, the moment the emphasis changed

to other significant areas and the level of scrutiny reduced, the cost of overtime began

to increase. This example highlights the need for much more effort in understanding and

changing the underlying reasons for a particular cost rather than simply focusing on the

cost itself. For example, travel expenditure may be under review and the finance

manager might request a saving of 20% in the following year’s budget. One approach

would simply be to cut the number of trips by an average of 20%, and the target would

be achieved with no difficulty. Except during the following year, when the pressure is

off, the costs will creep back into the system and the benefits of the saving will be

short lived. An alternative approach, in addition to the above action (which is a very

good starting point), would be to review and redesign the underlying activities that drive

travel expenditure in order to change the way the organization operates. This would have

the effect of sustaining the saving over a much longer term and ultimately gain the

organization competitive advantage.

The following questions in relation to travel expenses should also be asked:-

1. What is the breakdown of the travel expense ? (In order to understand the

makeup of the cost and where to focus improvement efforts.)

2. What activities are performed that result in these costs being incurred ?

3. Why do these activities need to be performed and do they add value to the

business ? And how can the benefit or value of the activity be determined ?

4. What are the interdependencies and risks of changing these activities ?

5. Is there a better way to achieve the same or even a better result, e.g., scenario or

option planning ?

6. What should the targeted cost be, taking into account potential improvements ?

7. What needs to be done to redesign the approach to travel to enhance the process

and reduce the cost ?

8. What controls or performance measures need to be introduced to ensure

sustainable success ?

9. How will the performance of the activities be reported to ensure that the costs

don’t creep back into the system ?

10. Who will sponsor the change program ?

36

This simple example demonstrates how cost cutting is much more than just the

elimination of expenses from a budget. It is a strategic adjustment that may well have a

material impact on how an organization does business. Working through this approach in

a meticulous way, organizations are more likely to achieve substantial benefits over the

longer term by identifying significant improvement areas. After an exercise similar to

that described is performed, it is possible to prepare a much more informed budget for

the next period, which will recognize the embedded savings derived. All too often

budgets are simply a derivative of the previous period plus an adjustment for perceived

economic and market changes. In fact, it is recommended that three year rolling budgets

be introduced, showing the expenditure trends and the benefits derived from any cost

saving initiatives over a longer term. Unfortunately, many organizations leave the cost

reduction program in the hands of the financial community which also has many other

priorities. This results in a number of quick wins and short-term benefits but often fails

to achieve the longer-term sustainable impact that could make a strategic difference to

the entity. Organizations that view cost reduction initiatives as a strategic imperative that

could potentially result in a competitive advantage, and that approach the overall effort

in an inclusive and methodical manner, will be much stronger when the economic cycle

turns. No one yet knows who will survive, who will thrive, and who will disappear

during the current downturn - only time will tell. Nonetheless, those organizations that

approach cost reduction with the right mindset have a better chance of success than

those which simply tamper on the periphery.

37

CONCLUSION:-

The internal auditor should check whether proper operating standards and norms have

been established for cost control and reduction. They should be detailed enough to be

identifiable with specific operating responsibilities and should be capable of being used

by operating personnel for monitoring and evaluating their performance. The internal

auditor should review the methods of establishing the operating standards and norms. He

should carefully examine the assumptions made while setting the standards to ensure that

they are appropriate and necessary. The variances should be examined to evaluate

whether or not the standards and norms are practical. Where there is a wide divergence

between actual performance and the corresponding standards, reasons may be looked into.

The system of identification and analysis of deviations from standards should be

examined. The internal auditor should examine whether analysis of variances is

communicated to those concerned in time. He should also examine whether in

communicating the variances serious matters are highlighted and whether exceptional

variances are communicated more expeditiously than is done in the normal course. As a

part of evaluating resources utilization, identifying the facilities which are under-utilized

is an important function of the internal auditor. Such instances may consist of under-

utilized machines, unoccupied storage space, huge cash or bank balances, idle man power

etc. The internal auditor may also identify understaffing and overstaffing in various areas

as these prevent optimum use of resources.

While commenting on staffing, the internal auditor should pay special attention to non-

productive work being performed. This would require an enquiry into the job descriptions

of employees combined with an intelligent observation of the work being done. Finally

the internal auditor should review all procedures with reference to their costs and

benefits. One of the factors resulting in inefficiency is that in many cases procedures

become hindrance to operations.

38

BIBLOGRAPHY:-

1) AUDITING books of ICAI.

2) COSTING books of ICWAI.

3) www.wikipedia.com

4) www.ey.com

5) www.deloitte.com

6) www.icai.org