II AA MM NNTTEERRNNAALL UUDDIITT AANNUUAALL 22000099 A Guide to Planning, Performing and Reporting on Internal Auditing Engagements (For Internal Use) ISSUED BY THE O/o CHIEF CONTROLLEROF ACCOUNTS, MINISTRY OF HOME AFFAIRS NEW DELHI 1 CONTENTS Page Nos. 1. Foreword 1 2. Introduction 2 3. Internal Audit Charter 9 4. Duties of Internal Audit Wing at Headquarters 11 5. Jurisdiction & Scope 14 6. Performing the Audit Engagement 17 7. Standard Audit Work Programs for Different Types of Audit 29 8. Drafting of Internal Audit Reports 64 9. Modern Techniques and Approaches for Improving the Effectiveness of Government Internal Auditing 67 10. Sample Audit Report 75 11. Annexure 92 Foreword   In last few years, there has been a paradigm shift in the area of Governance. The emphasis is more  on  efficient  and  effective  management  of  the  government  functions,  explicit  standards  and  measures of performance of the government officials and enhanced service deliveries to the citizens  of the country. These, new dimensions require that resources are effectively and efficiently utilized.   Thus,  a  systematic  feedback  mechanism  needs  to  be  installed  to  have  an  assurance  that  the  functions  of  Government  are  being  discharged  efficiently  and  effectively.  Internal  Audit  is  an  effective  tool  for  providing  objective  assurance  and  advice  that  adds  value,  influences  change  that  enhances  governance,  assists  risk  management  and  control  processes  and  improves  accountability  for  results.  Ministry of Home Affairs with the support of the “Centre of Excellence” established in the O/o Controller  General of Accounts intends to reorient the internal audit organization of MHA. The Internal Audit Wing  would now focus on Risk Based and Performance Audits in place of traditional routine audits.  I am confident  that the Internal Audit Manual of MHA, would serve as a guide for planning, performing and reporting on the  Internal Audit Engagements of the Ministry. This document brings out the revised structure, charter and  jurisdiction of the IA function and would help in ensuring that the objectives of the Ministry are achieved in a  better and more efficient manner.                            G.K. Pillai                        Secretary (MHA)          1. INTRODUCTION   1 1.1 Internal Audit Function 1.1.1 The General Financial Rule 64 lays down the duties and responsibilities of the Chief Accounting Authority of the Ministry. It states that the Secretary/Chief Accounting Authority of the Ministry/Department shall – • be responsible and accountable for financial management of his Ministry or Department • ensure that the public funds appropriated to the Ministry or Department are used for the purpose for which they were meant. • be responsible for the effective, efficient, economical and transparent use of resources of the Ministry or Department in achieving the stated project objectives of that Ministry or Department, while complying with the performance standards. • review and monitor regularly the performance of the programmes and projects assigned to his Ministry to determine whether the stated objectives are achieved. • be responsible for preparation of expenditure and other statements relating to his Ministry or Department as required by regulations, guidelines or directives issued by Ministry of Finance. • shall ensure that his Ministry or Department maintains full and proper records of financial transactions and adopts systems and procedures that will at times afford internal controls.   2 • shall ensure that his Ministry or Department follows the Government procurement procedure for execution of works, as well as for procurement of services and supplies and implements it in affair, equitable, transparent and cost effective manner. An independent internal audit would help the Chief Accounting Authority in all these functions. Internal Audit and Internal Controls are an integral part of sound financial management systems world over. It should aim at looking both at the financial and non financial aspects of the Government operations and ensuring full value for the Government money. The Internal Audit function would help in improving economy, effectiveness and transparency in the Government administration in general and financial administration in particular. It would also help in maintaining a sound record keeping systems with adequate checks and balances to ensure a sound information system for decision making by the executives. 1.1.2 Also, the revised charter of integrated finance scheme issued by the Ministry of Finance lays down the role and responsibilities of CCAs/CAs with regards to internal audit. It envisages that the Internal Audit Wing working under the control and supervision of the CCAs/CAs would move beyond the existing system of compliance/regulatory audit and would focus on: • The appraisal, monitoring and evaluation of individual schemes. • Assessment of adequacy and effectiveness of Internal Controls in general and soundness of financial systems and reliability of financial and accounting reports in particular. • Identification and monitoring of risk factors (including those contained in the outcome budget). • Critical assessment of economy, efficiency and effectiveness of service delivery mechanism to ensure value for money; and • Provide an effective monitoring system to facilitate mid course corrections.   3 The above revised functions would be carried out as per the guidelines issued by the CGA from time to time. 1.1.3 Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It basically aims at helping the organization to accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. Independence is established by the organizational and reporting structure. Objectivity is achieved by an appropriate mind-set. The internal audit activity evaluates risk exposures relating to the organization’s governance, operations and information systems, in relation to: 1. Effectiveness and efficiency of operations 2. Reliability and integrity of financial and operational information 3. Safeguarding of assets 4. Compliance with laws, regulations and contracts Based on the results of the risk assessment, the internal auditors evaluate the adequacy and effectiveness of how risks are identified and managed in the above areas. They also assess other aspects such as ethics and values within the organization, performance management, communication of risk and control information within the organization in order to facilitate a good governance process. The internal auditors are expected to provide recommendations for improvement in those areas where opportunities or deficiencies are identified. While management is responsible for internal controls, the internal audit activity provides assurance to management and the audit committee that internal controls are effective and working as intended. The internal audit activity is led by the Chief Audit Executive (CAE). The CAE delineates the scope of activities, authority and independence for internal auditing in a written charter that is approved by the audit committee.   4 An effective internal audit activity is a valuable resource for management and the board or its equivalent and the audit committee due to its understanding of the organization and its culture, operations, and risk profile. The objectivity, skills and knowledge of competent internal auditors can significantly add value to an organization’s internal control, risk management and governance processes. Similarly an effective internal audit activity can provide assurance to other stakeholders such as regulators, employees, providers of finance and shareholders. 1.1.4 Purpose Scope & Future Amendments The overall purpose of this guide is to assist the Internal Auditing Wing of the Ministry of Home Affairs in providing independent, objective, value-added and professional assurance and advisory services to the executive authorities in the Ministry of Home Affairs in order to improve the operations of the Ministry. More specifically, this guide is intended to provide IAW with practical guidance, tools and information for assessing risk in processes and activities; developing an appropriate internal auditing work program; and planning, performing and reporting on audit engagements. The guide is primarily for use of internal auditors. It is intended to help facilitate the performance of audit engagements with the independence and objectivity and proficiency and due professional care, envisaged in the International Standards for the Professional Practice of Internal Auditing (Standards) of The Institute of Internal Auditors (IIA). This guide is not intended to be prescriptive or strictly procedural in nature. It is principles-based with an expectation that internal auditors comply with the General Financial Rules of the Government of India and use professional judgment in the conduct of their work. Any subsequent amendment in the internal audit manual to take care of changing requirements of the internal audit would be done with the approval of Chief Audit Executive in the routine cases and with the approval of Chairman of the Audit Committee/Secretary of the Ministry in policy level changes.   5 1.2 Structure of Internal Audit Organization: 1.2.1 Audit Committee: An Audit Committee would be an apex body whose purpose would be to oversee the : 1. Reliability of the entity s financial statements and disclosures. 2. Effectiveness of the entity s control and risk management systems. 3. Compliance with the entity s code of business conduct, legal and regulatory requirements. 4. Independence, qualifications and performance of the external auditors and the performance of the internal audit activity. The Audit Committee would have the following composition: • Secretary (Home), Chairman • AS & FA (Home), Vice Chairman • CCA (Home), Member Secretary • Director (Finance), Member • Director (Fin-Pers.), Member • The Audit Committee would be responsible for finalizing and approving the Internal Audit Character for the audit organization and establishing its role, responsibility and structure within the organization. • The Audit Committee would periodically review the administration of Internal Audit Function and would specify the direction in which IA function should move. • The Audit Committee would also take stock of the audits undertaken by the Internal Audit Organization and follow up the cases where some serious issues have been identified. • The Internal Audit Organization would put up a quarterly review of the Internal Audit Function before the Audit Committee which would take up the serious issues with the concerned divisions in writing as well as through review meetings for the Internal Audit Observation.   6 1.2.2 Management Team: 1. Management Team of the Internal Audit Function would be headed by the Chief Audit Executive who would supervise the Internal Audit Function of the Ministry. 2. The management team would discuss key risk areas and would plan the audit priorities. The management team would supervise all the phases of Internal Audit: Annual audit plan, planning the audit engagements, conducting the audits, preparation and issue of reports, monitoring and follow up with the auditees. 3. The management team would also finalize the available audit resources and their utilization. The management team would approve audit advisories for the audit team and would decide on scope of various types of audit. The management team would also discuss with various audit teams the focus, direction and emphasis of audits. 4. The management team would develop standard audit programs for various schemes and would provide it to the audit teams which would then conduct the audit according to the work program. Completing the work program provided to them would be the minimum expected from every audit team, besides the teams should exercise their judgement when they actually conduct the audit assignment. 5. Management team would have following composition: • Chief Controller of Accounts (Chairman) • Controller of Accounts (Vice Chairman) • Director (Accounts), BSF (Member) • Deputy Director (Accounts), CRPF (Member) • Deputy Controller of Accounts/Assistant Controller of Accounts, IA (Member Secretary) • Deputy Controller of Accounts/Assistant Controller of Accounts in various field offices (Members) Management team would supervise the entire audit process and would guide the audit teams to deliver quality in audits.   7 1.2.3 Chief Audit Executive: 1. The Chief Audit Executive would be responsible for the overall management of the audit process and would be the link between the audit committee and the audit organization. 2. The Chief audit executive as a head of management team would finally take decision on various issues faced by the audit team after taking inputs from other members of management team. 3. CAE would decide upon the audit resources, members of the audit team for a particular audit. He would also approve the annual audit plan. He would provide guidance on the scope and depth of coverage for various audits. 4. CAE would also approve the advisories to Internal Audit teams as to concentrate on any specific issue in a particular audit. The audit reports submitted by the audit teams would be put up to him for approval before being finally issued to the client and to the Ministry. 5. CAE and the Management Team would meet with the audit teams regularly to guide them regarding the focus of Internal Audit Function. Also, CAE would facilitate the audit process by interacting audit clients at an appropriate level if there are any issues related with providing of records by the audit client. 6. CAE would also finalize and approve the general format of the report and also the format in which working papers are to be maintained in the audits. 7. Chief Controller of Accounts (MHA) would be the Chief Audit Executive. Audit Execution Team consists of Officers/ Staff of : • Internal Audit Organization of MHA including Internal Audit organizations of CPFs • Other PAOs of MHA • From other Division of MHA and   8