Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: 11 Standard on Internal Audit - SIA 11 CONSIDERATION OF FRAUD IN AN INTERNAL AUDIT

  1. #1
    AAS
    Guest

    Default 11 Standard on Internal Audit - SIA 11 CONSIDERATION OF FRAUD IN AN INTERNAL AUDIT

    Standard on Internal Audit (SIA) 11
    CONSIDERATION OF FRAUD IN AN INTERNAL AUDIT
    The following is the text of the Standard on Internal Audit (SIA) 11, Consideration of Fraud in Internal Audit, issued by the Institute of Chartered Accountants of India. The Standard should be read in the conjunction with the Preface to the Standards on Internal Audit, issued by the Institute.
    In terms of the decision taken by the Council of the Institute at its 260th meeting held in June 2006, the following Standard on Internal Audit shall be recommendatory in nature in the initial period. The Standard shall become mandatory from such date as may be notified by the Council in this regard.

  2. #2
    AAS
    Guest

    Default Introduction of internal audit

    Introduction of internal audit

    1. Fraud is defined as an intentional act by one or more individuals among management, those charged with governance, or third parties, involving the use of deception to obtain unjust or illegal advantage. A fraud could take form of misstatement of an information (financial or otherwise) or misappropriation of the assets of the entity.

    2. The primary responsibility for prevention and detection of frauds rests with management and those charged with governance. They achieve this by designing, establishing and ensuring continuous operation of an effective system of internal controls.

    3. Paragraph 6 of the Standard on Internal Audit (SIA) 2, Basic Principles Governing Internal Audit, states as follows:

    "The internal auditor should exercise due professional care, competence and diligence expected of him while carrying out the internal audit. Due professional care signifies that the internal auditor exercises due professional care in carrying out the work entrusted to him in terms of deciding on aspects such as the extent of work required to achieve the objectives of the engagement, relative complexity and materiality of the matters subjected to internal audit, assessment of risk management, control and governance processes and cost benefit analysis. Due professional care, however, neither implies nor guarantees infallibility, nor does it require the internal auditor to travel beyond the scope of his engagement."

    An internal auditor should, therefore, use his knowledge and skills to reasonably enable him to identify indicators of frauds. However, the internal auditor cannot be expected to possess the expertise of a person with specialized knowledge and skills in detecting and investigating frauds.

  3. #3
    AAS
    Guest

    Default Common Fraud Situations in internal audit

    Common Fraud Situations in internal audit

    4. A fraud normally occurs in situations where there is an incentive or a pressure to commit fraud, an opportunity to commit fraud or a rationalisation for committing fraud. Although, normally, an internal auditor is not expected to possess skills and knowledge of a person expert in detecting and investigating frauds, he should, however, have reasonable knowledge of factors that might increase the risk of opportunities for frauds in an entity and exercise reasonable care and professional skepticism while carrying out internal audit. In addition, the understanding of the design and implementation of the internal controls in an entity would also help the internal auditor to assess the risk of frauds.

  4. #4
    AAS
    Guest

    Default Internal Control System in internal audit

    Internal Control System in internal audit

    5. Internal control refers to the process designed, implemented and maintained by the management of the entity to ensure accomplishment of its following objectives:

    * Reliability of financial reporting;

    * Efficiency and effectiveness in operations;

    * Compliance with applicable laws and regulations; and

    * Safeguarding of assets.


    The design and the manner of implementation and maintenance of internal controls varies with the size and complexity of the entity.

    6. Internal controls can, however, provide only reasonable assurance to the entity with regard to accomplishments of its objectives stated in paragraph 5 above since my system of internal control is subject to inherent limitations such as faulty human judgment, ineffective use of the information generated for the purpose of internal controls, collusion among two or more persons, management override of controls, faulty design of controls, management judgments as to nature and extent of risks it wants to assume, etc.

  5. #5
    AAS
    Guest

    Default Elements of Internal Control System

    Elements of Internal Control System

    7. A system of internal control comprise of following five elements:

    * the control environment;

    * entity's risk assessment process;

    * information system and communication;

    * control activities; and

    * monitoring of controls.


    It is essential for the internal auditor to gain an understanding of the components of the system of internal control. These components have been discussed in the following paragraphs.

    8. The control environment sets the tone at the top in an entity and greatly impacts the effectiveness of internal controls. It includes the following:

    * the policies and procedures established by the management to communicate and enforce the culture of integrity and ethical values in the entity

    * management's commitment to competence.

    * management's philosophy and operating style.

    * organizational structure.

    * assignment of authority and responsibility.

    * human resources policies and practices.


    9. The entity's risk assessment process includes the policies and procedures adopted by the management to identify risks that can affect the achievement of the objectives of the entity and to distinguish risks from opportunities. In the context of prevention of frauds, the entity's risk assessment process would include the policies and procedures of the management to identify and assess the risk of frauds, including the possibility of fraudulent financial reporting and misappropriation of assets.

    10. The information system and communication refers to the policies and procedures established by the management to identify~ capture and communicate relevant information to the concerned persons in the entity to enable them to make timely and effective decisions and discharge their responsibilities efficiently. In the context of frauds, such policies and procedures could take form of whistleblower policies and mechanisms, ethics helplines and counseling, training of employees, etc.

    11. The control activities refer to the policies and procedures established by the management to ensure that the risks identified are responded to as per the policy or the specific decision of the management, as the case maybe. In the context of frauds, the control activities include actions taken by management to prevent or detect and correct the frauds or breach of internal controls.

    12. Monitoring refers to continuous supervision and assessment of the internal controls to identify instances of any actual or possible breaches therein and to take corrective action on a timely basis.

  6. #6
    AAS
    Guest

    Default Responsibilities of the Internal Auditor

    Responsibilities of the Internal Auditor

    13. As discussed in paragraph 2, the primary responsibility for prevention and detection of frauds is that of the management of the entity. The internal auditor should, however, help the management fulfill its responsibilities relating to fraud prevention and detection. The following paragraphs discuss the approach of the internal auditor regarding this.

  7. #7
    AAS
    Guest

    Default Control Environment of internal audit

    Control Environment

    14. The internal auditor should obtain an understanding of the various aspects of the control environment and evaluate the same as to the operating effectiveness.

  8. #8
    AAS
    Guest

    Default Risk Assessment in internal audit

    Risk Assessment in internal audit

    15. The internal auditor should obtain an understanding of the policies and procedures adopted by the management to identify risks that can affect the achievement of the objectives of the entity and to distinguish risks from opportunities and evaluate the effectiveness of these policies and procedures. In the context of prevention of frauds, the internal auditor should specifically evaluate the policies and procedures established by the management to identify and assess the risk of frauds, including the possibility of fraudulent financial reporting and misappropriation of assets.

  9. #9
    AAS
    Guest

    Default Information System and Communication in internal audit

    Information System and Communication in internal audit

    16. The internal auditor should assess the operating effectiveness of the policies and procedures established by the management to identify, capture and communicate relevant information to the concerned persons in the entity to enable them to make timely and effective decisions and discharge their responsibilities efficiently.

  10. #10
    AAS
    Guest

    Default Control Activities in internal audit

    Control Activities

    17. The internal auditor should assess whether the controls implemented by the management to ensure that the risks identified are responded to as per the policy or the specific decision of the management, as the case may be, are in fact working effectively and whether they are effective in prevention or timely detection and correction of the frauds or breach of internal controls.

Tags for this Thread

Bookmarks

Posting Permissions

  • Register / Login to post new threads
  • Register / Login to post replies
  • Register / Login to post attachments
  • You may not edit your posts
  •