With the ever-evolving regulatory compliance
landscape, the importance of internal auditing has taken a surge, acting as an effective risk-managemen
t tool to protect companies from fines and reputational damage. The internal audit is defined by the Institute of Internal Auditors as ‘an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations.Internal audit helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control
and governance processes.As per the ‘Global Pulse of Internal Audit’ survey carried out by the Institute of Internal Auditors in 2017, 35% of the respondents expect budgets for internal audits to increase (based on data from 2254 respondents in 111 countries/territories).The scope of internal auditing extends further than just compliance by helping identify inefficiencies in businesses and providing solutions for the same. Think of an internal audit as a way of putting your business to the test and recognising areas to improve on sustainability.
Why carry out an internal audit?
The following 5 points clarify the necessity of carrying out an internal audit:
Acquire the objective insight of a third-party
It is always difficult to act as a moderator of your own work as there will always be a certain degree of bias. An internal audit helps to overcome this issue as the assessment is generally carried out by an external party and the reports are submitted directly to the Board of Directors. The independence of the auditors from the organisation helps eliminate any hint of bias, therefore providing realistic results.
Helps achieve objectives by reducing inefficiencies
Assessing the culture of an organization and pinpointing inefficiencies is another role of an internal audit. It is easy to be oblivious to inefficiencies when a system is used to a certain custom of functionality. Improving on these inefficiencies ensures that the system and structure in place fulfil the purpose of the business, therefore improving the overall control environment.
Accuracy of data
Regulators, lenders, and investors rely on reports submitted by the management with regards to their performances, controls and compliance to internal processes and guidelines
. These reports assist them to make decisions about a company. An independent review of the company can help to uncover weaknesses. This allows the company to tighten their controls, improving on areas advised by auditors and also underscore what organizations are doing well.
Ensures compliance with laws and regulations
Rules and regulations keep changing every now and then, making it difficult for organisations to keep themselves updated amidst their already busy schedule. Internal auditors such as Argus ensure that they are on top of these regulations and help avoid any unintentional violations of the current regulations. Regulatory fines not only affect businesses financially but also harm one of their most important assets, their reputation.
All in all, an internal audit is an effective form of self-evaluation as it takes a holistic approach by covering all aspects of business functions and spotting the precise areas for potential improvement, therefore improving its long-term sustainability.
How is it carried out?
An auditor carrying out any kind of an audit is required to adhere to the International Standards on Auditing (ISA) and their guidelines. This regulation outlines the responsibilities of the internal auditor while conducting the audit. These standards are issued by the International Federation of Accountants (IFAC) through the International Auditing and Assurance Standards Board (IAASB). There are four stages of an internal audit: Planning (sometimes called Survey or Preliminary Review), Fieldwork, Audit Report, and Follow-up review. Following is a process outline:
The first stage of the internal audit is to set up an initial meeting to discuss the scope and objectives, followed by the auditor carrying out an internal control review to further understand the control structure and determine the areas of highest risk. Finally, the Audit Program outlining the necessary fieldwork is written up.
During this stage, the auditor determines whether the controls identified during the preliminary review are operating properly and in the manner described by the client. Following that, various types of testing are done by the auditor. In addition to the tests, the auditor also undertakes informal discussions to gain further insight into the unit. The fieldwork stage concludes with a list of significant findings from which the auditor will write up a draft report. The goal is to have no surprises.
A draft audit summary detailing the findings and recommendations is produced. Following thorough checks with the auditing team, an exit conference is held with the client to discuss the audit report/summary. Following this, the auditor prepares a formal draft and the final report is distributed to the client. As feedback, clients comment on the auditor’s performance.
Within an appropriate time frame to be decided after the issuance of the final report, Internal Audit may perform a follow-up review to verify the resolution of the report findings. The client response letter is reviewed and the actions taken to resolve the audit report findings may be tested to ensure that the desired results were achieved. The review will conclude with a follow-up report which lists the actions taken by the client to resolve the original report findings.
Objective and Scope of Audit
Objective of the Internal audit to review the reliability and integrity of information and ensure its compliance with compliance policies and regulations and providing management with objective analysis, appraisals, recommendations and counseling. Following are the main modules are part of audit:
Operation & Business Process
This Includes review of Operations & Business Process Controls
against the MAS guidelines on Risk Management
Legal, Compliance & Risk Management
This includes review of Legal & Compliance/Risk Management Requirements based on the MAS Guidelines on Licensing
& Conduct of Business for Fund Management Companies
This includes review of Client Suitability based on the MAS Notices/Guidelines on KYC/CDD, AML/CFT
, Tax Evasion & PEPs, onboarding documentation as well as processes.
How will Argus help?
As it appears, the process of carrying out an internal audit can be disconcerting and time-consuming. We at Argus, with our team of experienced professionals, can help you simplify the whole procedure.We provide bespoke Compliance audits
for investors looking at the compliance programmes
on their investments to check if they meet international best practice standards and also undertake annual undertake internal audits as required by regulatory authorities. Argus cover the various aspects of the audit including but not limited to:Ready to enhance your business? Give us a call at +65 68176861 or email us at [email protected]