Comprehensive Manual of Internal Audit Practice and Guide: The Most Practical Guide to Internal Auditing Practice

By Kibreab K Ftaw

The Internal Audit Manual is a comprehensive, up-to-date presentation of the core responsibilities and challenges facing the internal audit in the present days. The manual is based on the experience achieved and the practice of internal audit work which have been envisaged on the ground and is based on the Principles and Practice of the Institut

• Language: English
• Publisher: Kibreab K Ftaw
• Release date: Feb 4, 2023
• ISBN: 9781802277265

Book preview

This is a work of fiction. Names, characters, places, and incidents either are the product of the author’s imagination or are used fictitiously. Any resemblance to actual persons, living or dead, events, or locales is entirely coincidental.

Copyright © 2022 by Kibreab K Ftaw

All rights reserved. No part of this book may be reproduced or used in any manner without the written permission of the copyright owner except for the use of quotations in a book review. For more information, contact: kebreab.kidane@yahoo.com

First paperback edition 2022

Book design by Kibreab Ftaw

ILLUSTRATIONS BY Kibreab Ftaw

ISBNs:

Paperback: 978-1-80227-725-8

eBook: 978-1-80227-726-5

e- IBAN GB85 LOYD 3065 6217 0242 60

www.kfaccountsservices.com

Contents

Abbreviations and Acronyms

The following abbreviations and acronyms will be found throughout this manual and in respective functional area procedure manuals, including checklists and other guidance materials:

Record of Amendments

Manual Revisions

This Internal Audit Practice and Guide Manual will be subject to ongoing review and revision. Persons identifying errors or omissions, or those wishing to make recommendations for change, are asked to forward their observations to a responsible authority or the Organisation’s Chief Executive.

Preface

1.1 GENERAL OVERVIEW

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helps an organisation to review the system of control and evaluate and improve the effectiveness of risk management, control, and governance processes. The necessity of having an internal audit system has also been mandated by Section 138 of the Company Act, 2013 UK, which made it obligatory for auditors of all entities to comment on whether the entity has an internal audit system commensurate with its size and nature of the business.

These guidelines aim to provide for consistency, stability, continuity, standards of acceptable performance, and a means of effectively coordinating the efforts of the members comprising the Internal Audit Office. The overall objective of the internal audit activity is to provide all levels of the organisation’s management and the Board with an independent assessment of the quality of the organisation’s internal controls and administrative processes and provide recommendations and suggestions for continuous improvement. It is this Internal Audit Manual that would fulfil these requirements.

The primary purpose of this Manual is stated as follows:

1. This Manual aims to provide an insight knowledge covering all aspects of the practice of internal auditing, with particular emphasis on the practical application of the principals involved. These principles are generally well established and have been comprehensively defined in the statement of standards and guidance published by the Institute of Internal Auditors.

2. The Manual is intended primarily for use as a reference work and guidance and broadly includes standardisation, procedures, controlling creativity, and audit approaches and underpins professional standards for delivering the adopted audit strategy. It is also intended to serve as an efficient resource to explain the main principles and identify the relevant standards underlying the conduct of internal audit activities.

3. The Manual describes the basic processes for establishing risk-based annual audit plans, planning and conducting audit engagements, and reporting the results of the audit work. The Manual also provides basic perceptions on Governance, Risk Management, Internal Control, and Fraud that underpin almost all audit work. Similarly, the Manual also provides guidance on methods for collecting and documenting relevant audit evidence. Procedures and processes for maintaining quality internal audit service, Information systems audit, and business continuity plan are also provided.

4. All over the Manual, the IIA Standards directly applicable or relevant to the subject or particular procedures under consideration have been provided. References are also made to Practice Advisories and Practice Guides, where appropriate. In many instances, Internal Auditors are encouraged to excise professional judgment, particularly in determining levels of risk, adequacy of internal control processes, and the choice of appropriate audit methodology. It is expected that auditors and users of the Manual will do well to review and familiarise themselves with the IPPF and refer to these when using this Manual and performing internal audit work.

5. The Manual is designed to be flexible and unrestrictive. In particular, it is not intended to constrain any initiative Internal Auditors can bring to their work based on prior work experience, knowledge, and skills. Neither is the Manual intended to constrict the Internal Auditors from excising their professional judgment.

6. Users of the Manual are expected to have at least basic knowledge and understanding of management frameworks, including governance, risk management, and control processes, and be capable of exercising professional judgment. In addition to the International Professional Practices Framework (IPPF), Internal Auditors should also have a comprehensive understanding of the policies, regulations, rules, and directives established by the respective Organisation and other respective institutions in order to be able to apply the guidance provided in the Manual fruitfully.

7. There is an expectation that the framework for conducting audits within the Internal Audit Service (IAS), as outlined in this Manual, will be followed by all Internal Auditors. It is recognised that it may be difficult to conform to the Manual in all circumstances. However, conformance should be the norm rather than the exception. Where an Internal Auditor or Chief Internal Auditor (CIA) faces difficulties in understanding or complying with the Manual, then appropriate clarifications and assistance should be obtained from their respective Chief Executives, from CIAs of other Internal Audit Division (IADs), and the Internal Audit Bureau or equivalent institutions.

8. This Manual is intended to provide members of the Internal Audit Service in their respective organisation with practical professional guidance, tools, and information for managing the internal audit activity and planning, conducting, and reporting on internal audit work. The use of the Manual should help bring a systematic and disciplined approach to the audit of governance, risk management, and control processes and assist the Internal Auditor to meet the goal of adding value to their respective organisations.

9. It is essential to have a robust Internal Audit Manual that provides high-level guidance for its day-to-day operations, which coincides with the Internal Audit Charter that stipulates the organisational status and role of the internal audit functions as specified in Chapter 1, Section 4, and in Appendix 1-2.

About the Author

Kibreab K Ftaw has over 41 years of experience in internal auditing and financial management, from propelling new internal audit functions in several public and private organisations to providing internal auditing and consulting services. Over the years, Mr Ftaw, starting as a junior Internal Auditor in the Ministry of Finance Ethiopia, was successfully promoted to higher level audit services and became Deputy Internal Audit Director. Following his 10 years of productive service in the internal audit area, he was promoted to Head of Treasury and Government Accounts, where he stayed for another 12 years, providing valuable services in auditing, budgeting, and financial management.

Subsequent to his 10 years of internal audit and 12 years of treasury and government accounts service and valuable achievements, he was promoted to the level of Accountant General in the Ministry of Finance, Ethiopia. After 22 years of constructive achievement in this field, in 1992, he left Ethiopia and moved to an independent Eritrea, where he worked for another 10 years as a budgeting, government accounts, and treasury consultant. In the same period, he also worked as a finance and budgeting adviser to the Eritrean Minister of Finance.

In 2004, he joined the British Council, Eritrea, and became Finance Manager, where he worked for 5 constructive years. In 2009, he moved to England. Following his academic achievement of an MSc degree in Internal Audit and Consultancy, he became Head of Internal Audit in the London Community Credit Union and London Mutual Credit Union, UK, where he worked for 4 years.

Mr. Ftaw has an MSc in Internal Audit and Consultancy from Birmingham City University in the UK, and a BA degree in Business Administration and Accounting from Asmara University, Eritrea; In addition to the above-mentioned vast experience, he has also accumulated a wide range of professional certifications from different organisations such as the IMF Washington DC, World Bank, African Development Bank, and the British Council, UK.

Furthermore, he had been effectively managing in addition to the above-mentioned years of duties and responsibilities. He was promoted to Head of Internal Audit in 2014 in the London Community Credit Union and London Mutual Credit Union, where he initiated numerous new practices and implemented rigorously internal audit policies and procedures. Besides these achievements, he has been professionally active in the Institute of Internal Auditors and presented seminars on the role of internal audits in corporate governance, internal control, and risk management. Overall, he continues to stay well-connected with the profession of internal auditing and consulting.

At present, he is working as a self-employed Accounting and Internal Audit Consultant.

Kibreab Ftaw lives with his wife, Elsa, in West London. They enjoy travelling to the countryside, cooking, attending church services, and socialising with neighbours and fellow citizens.

Acknowledgements

The author wishes to acknowledge the assistance of the following institutions and individuals:

The Institute of Internal Auditors in the United Kingdom, for permitting me to quote from Standards and Guidelines for the Professional Practice of Internal Auditing throughout the manual.

I want to note that the IIA standards quoted in this Manual are the same in every material respect as those published and embraced by the Institute of Internal Auditors, Inc., International Headquarters, 240 Mainland Avenue, Altamonte Springs, Florida 32701-4201, USA.

I wish to express my gratitude to my advisor Professor Stefanos Hailemariam, Dean of the College of Business and Social Sciences (CBSS), Eritrea, for his honest and direct encouragement and appreciative comments as he read and reread each chapter with tireless dedication, contributing to factual and linguistic quality assurance and making many valuable suggestions which helped me to fully engage in the writing of the manuscript from the beginning until the end.

Gratitude is also due to Sebhat Tewelde (Ph.D.), Editor, Lecturer, College of Business and Social Sciences, Frankfurt, Germany, for his encouragement and invaluable comments and advice, who also read and reread each chapter with tireless dedication, contributing to factual and linguistic quality assurance and making many valuable suggestions which helped me to fully engage in the writing of the manuscript from the beginning until the end.

I also want to acknowledge the unreserved assistance and guidance provided by Bereket Tsegay (Ph.D.), Editor, PENHA Senior Researcher, and Policy Analyst, Honorary Research Associate, School of Oriental and African Studies (SOAS), the University of London, for his indispensable comments and advice, which helped me to fully engage in the writing of the manuscript from the beginning until the end.

As the scale of work suggests, this book could not have been published without the dedicated efforts of a large team of people who worked hard over the past two years to help this project succeed.

I would be delighted if this new handbook enjoyed a positive reception in both corporate practices and at colleges and universities. I look forward to your critical feedback and suggestions for improvement, which I will incorporate in the next edition.

Finally, I want to acknowledge the loving and spiritual encouragement I received from my wife, Elsa Abraha, and the passion I got from my children. Without their help and moral support, the task would have been overwhelming.

Please email any comments to kebreab.kidane@yahoo.com.

List of Appendixes

CHAPTER I

Audit Services Framework and Structure

1. INTRODUCTION

1.1 The purpose of this Manual is to outline the authority and scope of the organisation’s Internal Audit function and provide standards, guidelines, and procedures for the Audit Office. The audit is well established to provide helpful support and certification to an organisation and monitoring bodies. However, these services may not be supplied outside well-documented policies and procedures, including an audit manual.

1.2 Risk management, governance, and internal control processes are the primary roles of Internal Audit to provide independent assurance that an ‘organisation’ is operating effectively. It is achieved by systematic reviews of management processes, policies, and procedures. The Internal Audit function is established to assist management and staff members in discharging their duties and responsibilities. It is accomplished through analyses, appraisals, recommendations, and applicable comments concerning the activities reviewed.

1.3 This Manual sets forth the audit activity’s purpose, authority, responsibility, and structure regarding IIA Standards 2040, setting policies and procedures to guide Internal Audit activity and international auditing standards.

1.4 For efficient and effective functioning of the Internal Audit Service (IAS), the organisation has established an Audit Charter. The Charter provides the organisational framework for providing Internal Audit services and prescribes the organisation’s policies, standards, and responsibilities.

1.5 The International Professional Practices Framework (IPPF), issued by the Institute of Auditors, is adopted by the organisation to regulate the IAS’s activities. In addition, it also helps to prove that the Internal Audit services are discharging their duties and responsibilities in accordance with international practices and are professionally well equipped in providing adequate services.

2. ACCOUNTABILITY FRAMEWORK AND MANAGEMENT RESPONSIBILITIES

2.1 The vital purpose of the Management and Accountability Framework is to assist organisations and services operating with a well-defined and robust framework for decision-making and accountability. It is designed to achieve successful delivery of its purpose, aims, and objectives in a manner that:

a. Supports organisational values and standards of behaviour;

b. Follows all relevant regulatory, accreditation, licensing requirements, standards, directions, and instructions;

c. Secures the efficient, effective and economical use of the available resources;

d. Takes safety measures to protect all assets, including its people; and

e. Safeguards good governance while working in partnership with others.

2.2 It is the responsibility of the Chief Executive and officials of the organisation to establish appropriate governance, risk management, and internal control systems to ensure compliance with applicable laws and regulations and the existing policies and procedures so that the goals and objectives of their respective organisations are achieved efficiently and effectively.

2.3. Based on the principles of (a) Efficiency; (b) Economy; (c) Effectiveness; (d) Equity; (e) Sustainability; (f) Transparency; and (g) Accountability, the organisation shall have a sound system of finance and accountability framework.

2.4 The organisation issues Financial Policies and Regulations to elaborate the rules and regulations to ensure that the aforementioned principles are implemented and generally fulfil financial management objectives. In addition to further prescribing in more detailed policies and procedures.

2.5 The Internal Audit Division (IAD) is responsible for playing a profound role in providing the Chief Executives of their respective organisations with independent and objective assurances that governance, risk management, and internal control systems are meeting their objectives. In addition, the division also assists the Chief Executive with identifying opportunities for achieving organisational goals and objectives efficiently and effectively.

3. ORGANISATIONAL STRUCTURE OF AUDIT SERVICES

3.1 The establishment of an appropriate audit structure designed to perform the tasks efficiently and effectively rests with the Head of the Audit Division. The division is led by a Chief Internal Auditor (CIA). It consists of Deputy Directors, Team Leaders, and a team of Auditors. Depending on the size and activities of the organisation, the number of the Deputy Directors, Audit Team Leaders, and Auditors can vary. Where the IAD is established, the CIA reports directly to and is functionally responsible to the board’s Audit Committee and the Chief Executive of the Entity. The Audit is responsible for providing Audit services as per the Audit Charter. In addition, the service is provided in compliance with the Code of Ethics for Auditors, the IIA Standards, and other guidelines issued by the organisation.

3.2 Audits are designed for evaluating the extent to which internal control achieves its objectives in critical areas, including as an integrated process, independent from other business operations. In addition, its role includes having effective and appropriate risk management, governance, and internal control. It is also devised to bring efficiency and effectiveness in business operations, reliable financial reporting, and compliance with laws, regulations, and internal rules.

3.3 Audits are conducted objectively and are comprehensively independent of operational reporting lines. It offers advice and remedial recommendations in connection with any problems identified during the audit process. Through this process, audits assist the Chief Executive and the Board of Directors of the organisation or equivalent authority to fulfil their managerial duties efficiently and effectively.

Organisational Structure of Internal Audit Services

Duties and Responsibilities of IA

Director: The overall responsibility of the Director includes planning, directing, and implementing the annual risk-based work plan and coordinating with other divisions of the organisation. Its role includes coordinating with oversight bodies, overseeing budget and recruitment, and implementing the quality assurance programme. In addition, it proposes suggestions for improving the organisation’s key operational and finance activities and internal controls.

Deputy Director: Is responsible for supporting the IAD Director in planning, directing, and coordinating the work of IAD, implementation of the risk-based annual work plan, and supervising the audit teams under their responsibility. The Deputy Director also has direct oversight of the crosscutting functions from planning, administration, and Professional Practices Section to impact assessment.

Audit Team Leaders comprise individual Auditors, and the duties and responsibilities of the audit team leader are as follows:

• Developing a risk-based audit plan, including determining the audit objectives, scope, and criteria with the audit client.

• Cooperating the audit plan with the audit team as well as the audit client.

• Confirming any requirements for the audit team, such as transport, resources, and access to client documents and other relevant information.

• Accommodating the audit plan to the audit team as well as the audit client.

• Specifying roles and responsibilities of audit team members or Auditors.

• Collaborating with the audit team and communicating with the audit client.

• Managing all communication and correspondence by contacting the Auditee prior to, during, and after the audit.

• Ensuring the logistic requirements are acceptable and understood by the Auditee.

• At