Posts Tagged ‘audit’

What is Audit Governance?

November 8, 2008

Internal audit department should have good audit governance. Audit governance comprises audit charter, audit plan, audit manual and audit program.

Audit Charter

A formal written document that states internal audit’s purpose, authority, scope, independence and responsibility. Audit Charter must be approved by the Audit Committee and endorsed by the board of director.

Audit Plan

It is a means of directing and controlling the audit work. The plan for a particular of time such as a year sets out audit objectives, auditable areas, scope of coverage, frequency of audits, resources required and the duration of audit. The audit plan must must be endorsed by the Audit Committee (AC) and should be flexible to respond to changing needs.

Audit Manual

It is a set of uniform audit standards for guidance and reference. It contains written audit policies, objectives, standard procedures and programs.

Audit Program

Audit program is a set of detailed step-by-step procedures for each auditable area and is usually supplemented by the ICQ (internal control questionnaire).

How to Distinguish the Types of Internal Audit

November 8, 2008

There are several types of internal audits. There are financial audit, operational audit, management audit, compliance audit, IS audit and investigation audit. Each audit has different purpose and characteristic.

Financial Audit

The purpose is express opinion on financial condition based on analysis, comparisons and test of accuracy. Its scope is on the financial records. The expected results from this audit is to give opinion on the accuracy and reliability of the financial statements.

Operational Audit

The purpose is to analyse and improve methods of operations and performance. Its scope on the operational activities of a unit or department. The expected results from this audit is to give recommendations to management for the improvement of operations.

Management Audit

The purpose is to review and evaluate business and management issues to enhance profitability. Its scope is on the business support activities of a unit or the entire organisation. The expected results from this audit is to give opinion on strategic issues and recommendations or solutions.

Compliance Audit

The purpose is to express opinion as to adherence to internal policies and regulatory rules and requirements and applicable laws. Its scope on the specific aspects of operations and business. The expected results from this audit to make immediate rectification and compliance thereafter.

IS/IT Audit

The purpose is to audit on the computer systems and the provision and management of information. Its scope is on the technical reviews on computer systems and their peripherals . The expected results from this audit is to give recommendations on computerisation and information systems related.

Investigation Audit

The purpose is to audit in dept into irregularities such as misappropriation of bank’s assets or reported fraud or allegations. Its scope is in the area specified to determine modus operandi. The expected results from this audit is to give conclusion to findings with recommendations to prevent recurrence.

Chief Internal Auditor

September 20, 2008

After spent so much time in Corporate Planning, since 1 May 2008, I become Chief Internal Auditor. Again, this is a new experience and challenge to me. As an auditor you main responsibility is to give reassurance to the Board that all internal controls in the organisation are in place.

It was a right time when I joined this department. In April 2008, the bank was corporatised. It changed its name from Bank Pertanian Malaysia to Agrobank of Malaysia. As a new organisation, new board members and Audit and Examination Committee (AEC) were appointed.

The current Audit and Examination (AEC) are comprised four members and headed by Datuk Elias Kadir. The first AEC meeting was held on 15 September 2008 and the second AEC was on 16th Septembr 2008. I feel the bank have very strong AEC.  You see in the two AEC meetings, we were presented a few important policy papers

In the first AEC meeting on 15th September 2008, we have presented four papers related to policy matters. The papers presented were Vision and Mission of Internal Audit, new Terms of Reference for AEC, Audit Charter, Audit Programs for branches and a new organisation chart of Internal Audit.

In the second meeting we tabled a few more papers. There were ‘KPIs for Internal Auditors’, ‘audit rating’ for branch audit and ‘whistle blowing policy’, Audit Program for ICT and Audit Time Sheet. In that meeting we also proposed audit plan 2009 which cover nearly 150 auditable areas. Audit Plan 2009 is based on risk based auditing. Risk based auditing is still a new approach to us.