INDEX.

Chapter Sr. Particulars Page

No. No.
ABBREVIATIONS 4
1. INTRODUCTION 5-20
1.1 History 7
1.2 Mission 7-8
1.3 Characteristics 8-10
1.4 Purpose 10
1.5 Principles 10-11
1.6 Areas 11-12
1.7 Essentials 12-17
1.8 Different Role 17-19
1.9 Role of Management 19-20

2. RESEARCH METHODOLOGY 21-23

2.1 Objectivities 21
2.2 Hypothesis 21
2.3 Scope 21-22
2.4 Limitation 22
2.5 Significance 22
2.6 Selection of problem 22-23
2.7 Sample Size 23
2.8 Data Collection 23

3. LITRATURE OF REVIEW 24-58

3.1 Literature of Review 24

3.2 Research Study (Nation) 24

1
 3.3 Standard Related to Internal Audit 24-36

3.4 Clause 49 of Listing Agreement 36-38

3.5 Technical Guide on Internal Audit in 38-40
telecommunication industry
3.6 Technical Guide on Internal Audit of Pharmaceutical 40-43
Industry
3.7 Technical Guide on Internal Audit of Beverages 44-49
Industry
3.8 Cost Control 49-52

3.9 Internal audit and cost control 52-58

4. DATA ANALYSIS, INTERPRETATION 59-79

AND PRESENTATION

4.1 Responses to questionnaire 59-79

5. CONCLUSIONS AND SUGGESTIONS 80-85

5.1 Conclusions 80-81

5.2 Suggestions 81
5.3 APPENDIX 1 82-84
5.4 BIBLIOGRAPHY 85

LIST OF TABLES

Table No. Particulars Page No.

1 Order to Cash
2 Response to Question 01 60
3 Response to Question 02 61
4 Response to Question 03 62
5 Response to Question 04 63
6 Response to Question 05 64
7 Response to Question 06 65
8 Response to Question 07 66
9 Response to Question 08 67
10 Response to Question 09 68

2
11 Response to Question 10 69
12 Response to Question 11 70
13 Response to Question 12 71
14 Response to Question 13 72
15 Response to Question 14 73
16 Response to Question 15 74
17 Response to Question 16 75
18 Response to Question 17 76
19 Response to Question 18 77
20 Response to Question 19 78
21 Response to Question 20 79

LIST OF CHARTS

Diagram No. Particulars Page No.

1 Response to Question 01 60
2 Response to Question 02 61
3 Response to Question 03 62
4 Response to Question 04 63
5 Response to Question 05 64
6 Response to Question 06 65
7 Response to Question 07 66
8 Response to Question 08 67
9 Response to Question 09 68
10 Response to Question 10 69
11 Response to Question 11 70
12 Response to Question 12 71
13 Response to Question 13 72
14 Response to Question 14 73
15 Response to Question 15 74
16 Response to Question 16 75
17 Response to Question 17 76
18 Response to Question 18 77
19 Response to Question 19 78
20 Response to Question 20 79

3
 ABBREVIATIONS

CWA- Cost and Works Accountant

CA - Chartered Accountant

MIS - Management Information System

SIAs - Standards on Internal Audit

OTC- Order to Cash

ERM- Enterprise Risk Management

CIA - Committee on internal Audit

SEBI- Securities and Exchange Board of India

CS - Company Secretary

4
Chapter:1 INTRODUCTION

The general definition of an audit is an evaluation of a person, organization, system,

process, enterprise, project or product. The term most commonly refers to audits in
accounting, internal auditing and government auditing, but similar concepts also exist in
project management, quality management, water management and energy conservation.
Auditing is defined as a systematic and independent examination of data, statements,
records, operations and performances (financial or otherwise) of an enterprise for a stated
purpose. In any auditing the auditor perceives and recognizes the propositions before him
for examination, collects evidence, evaluates the same and on this basis formulates his
judgment which is communicated through his audit report. The types of audit are: -

1. EXTERNAL AUDIT:- Independent of the Organization.

2. INTERNAL AUDIT:- An organization auditing its own systems, a self-assessment.

INTERNAL AUDIT is an independent, objective assurance and consulting activity

designed to add value and improve an organization's operations. It helps an
organization accomplish its objectives by bringing a systematic, disciplined
approach to evaluate and improve the effectiveness of risk management, control,
and governance processes.
 Internal audit is a catalyst for improving an organization's governance, risk
management and management controls by providing insight and
recommendations based on analyses and assessments of data and business
processes. With commitment to integrity and accountability, internal audit
provides value to governing bodies and senior management as an objective source
of independent advice. Professionals called internal auditors are employed by
organizations to perform the internal auditing activity.
 The scope of internal audit within an organization is broad and may involve topics
such as an organization's governance, risk management and management controls
over: - efficiency/effectiveness of operations (including safeguarding of assets),

5
 the reliability of financial and management reporting and compliance with laws
and regulations
 Internal Audit may also involve conducting proactive fraud audits to identify
potentially fraudulent acts; participating in fraud investigations under the
direction of fraud investigation professionals, and conducting post investigation
fraud audits to identify control breakdowns and establish financial loss.
 Internal audit is an audit conducted by an internal auditor appointed by the
management of the enterprises with a view to highlighting the weak areas of
the organizations. It includes examination and evaluation of various
organizational activities and to produce the helping hand to the management
complete their responsibilities efficiently and effectively.
 The institute of internal auditor has defined internal auditing as follows:
“Internal auditing is the independent appraisal activity within an
organization for the review of the accounting, financial and other operation
as a basis for protective and constructive service to the management”. The
internal auditor audits the accounts and other relevant records daily, regularly or
on periodical basis to accomplish the following requirements: -

1. Internal audit may be conducted to ascertain whether all rules, regulations, policies,
procedures and principles have been followed by the company or not.

2. To check whether the existing internal control system is adequate and effective and
according to the size of the organization.

3. To ensure that all the assets of organization are properly safeguarded, if not, he reports
the management about the drawback with suggestions.

4. To highlight the weak areas of the organization and give suggestion to strengthen
them.

5. To check whether working of the organization is smooth, effective, efficient and

economical.

6
1.1 HISTORY OF INTERNAL AUDIT:

The Internal Auditing profession evolved steadily with the progress of management
science after World War II. It is conceptually similar in many ways to financial auditing
by public accounting firms, quality assurance and banking compliance activities. While
some of the audit technique underlying internal auditing is derived from management
consulting and public accounting professions, the theory of internal auditing was
conceived primarily by Lawrence Sawyer often referred to as "the father of modern
internal auditing"; and the current philosophy, theory and practice of modern internal
auditing as defined by the International Professional Practices Framework (IPPF) of the
Institute of Internal Auditors owes much to Sawyer's vision
With the implementation in the United States of the Sarbanes-Oxley Act of 2002, the
profession's exposure and value was enhanced, as many internal auditors possessed the
skills required to help companies meet the requirements of the law. However, the focus
by internal audit departments of publicly traded companies on SOX related financial
policy and procedures derailed progress made by the profession in the late 20th century
toward Larry Sawyer's vision for internal audit. Beginning in about 2010, the IIA once
again began advocating for the broader role internal auditing should play in the corporate
arena, in keeping with the IPPF's philosophy.

1.2 MISSION OF INTERNAL AUDIT: -

The internal audit supports effective and efficient discharging of the guiding and
monitoring duties of the organization’s management by producing assurance services for
its internal customers relating to governance, control and risk management processes.
The internal audit brings added value and promotes achievement of the set goals by
giving improvement recommendations, producing objective and independent information
and by training supervisors and employees in understanding and application of
monitoring processes and self-assessment of business and other activities within the
organization. The internal audit sets its own objectives and performs its duties so that

7
the values of the organization are included in them and that these values also guide the
work of the auditors. The internal auditor’s function as partners of the other
organizational parts and work as experts in different teams (especially development
teams) if they do not endanger their independence.

1.3 Characteristics of Internal Audit.

1. Internal Audit is to be done Independently
Internal Audit is an independent function which is being carried out on behalf of
management for some specific objective. It is always preferred that Internal audit
function should report directly to the board/audit committee so that independence of
internal audit function is maintained and it may carry out the internal audit function
effectively.
2. Internal Audit is done objectively.
It is very important that internal audit exercise is done with objective approach. An
internal auditor should work without an prejudice approach and he should brings out his
observations and evidences in an objective mode so that management may got some
worth considering insight from the report.
3. An Internal Auditor works as a consultant and not as an executor
It is a worth mentioning insight from the above listed definition that Internal Auditor
works as a consultant to the organization. His role is to show the path and accordingly
management is to review his recommendations and take necessary actions on the areas of
improvement suggested in Internal Auditor. An internal auditor should not be held
responsible for failure of an action at management’s end.
4. Internal Audit is carried out to add value to the organization and
improve its operations
The objective of internal audit is not to find faults but to improve the operations of the
organization. An internal auditors sits with the management representative and review out
the actual result with the desired result. The internal auditor suggest out the areas of
improvement to the management.

8
5. Internal Audit improves the effectiveness of risk management, control
and governance processes.
Internal control, risk management and governance processes are applied in the
organization by the management for the smooth and successful operation. Internal
Control, governance process and risk management practices effectiveness can be
maintained only if these practices are being reviewed on a periodic basis.
To achieve the objectives of appraising and suggesting improvements in the overall
governance mechanism of the organization, internal auditors have been carrying out
assurance and consulting activities in the following areas:
a. Internal policy compliance.
b. Regulatory policy compliance.
c. Process improvement.
d. Training and development.

Assurance and consulting activities undertaken by internal auditors in the above four
areas have normally taken the shape of the following activities:
 Examination and evaluation of the adequacy and effectiveness of the internal
control system.
 Undertaking risk assessments in focus areas, either as a consulting activity or as
an input to the internal audit plan.
 Review of financial information system, Management Information System (MIS)
and the underlying technology platform that delivers this electronic data.
 Review of the accuracy and reliability of accounting records and financial reports.
Review of safeguarding of assets.
 Appraisal of the economy and efficiency of activities in operational areas.
 Carrying out process improvement activities through business process audits.
 Carrying out performance reviews of functions through operational audits.
 Review of the systems established to ensure compliance with legal and regulatory
requirements, code(s) of conduct and the implementation review of policies and
procedures.

9
 Testing the reliability and timeliness of legal compliance. Using the internal audit
department as a training ground for developing finance and accounts managers.

1.4 PURPOSE OF INTERNAL AUDIT: -

The internal audit is one of the management’s control tools who through its operations
assist the entire organization by examining and evaluating the adequacy and efficiency of
internal control, risk management, quality of operations and governance processes. The
internal audit furnishes the organization with analyses, appraisals, recommendations,
counsel and information. The purpose is to ascertain that the internal control system, by
taking into account also the information produced by the external auditors, functions so
that the management can be reasonably sure that the set objectives and goals will be
achieved, the operations are effective, reporting is reliable and safeguarding of assets and
compliance with the laws and regulations is done.

1.5 PRINCIPLES OF ESTABLISHING INTERNAL AUDIT: -

The basic principles of establishing internal audit in a business concern are: -
1. Independence: - The internal audit department should have an independent status in
the organization. The internal auditor must have sufficiently high status in the
organization. He may be required to report directly to the board of directors.

2. Objectives: - The objectives of the internal audit function should be made very clear
and unambiguous. The objective should be properly communicated so that internal audit
is not viewed as “Over the shoulder check” by other departments.

3. Clarity in Scope: - The scope of internal audit department must be specified in a

comprehensive manner. The department must at all times, have authority to
Investigate from the financial angle, every phase of organizational activity under any
circumstance.

10
4. Definition of Duties: - The internal audit department’s duty is to review operations as
part of the internal control system. It should not be involved in performance of executive
actions.

5. Internal Audit Department: - The size and qualification of staff of the internal audit
department should be commensurate with the size of the business. The cost of internal
audit department should not exceed the benefits expected to be derived from it.

6. Reporting: - The programme of internal audit should be time-bound. There should be

provisions for periodic reporting on various operational and other aspects.

7. Follow-up and review: - There should be sufficient scope for the follow-up action on
the various points raised in internal audit report. Top management should take active part
in ensuring compliance with action points raised in the report.

8. Relationship with Statutory Auditor: - The copy of the internal audit report should
be made available to the statutory auditor, who can deal with the same in the manner as
he deems fit.

1.6 Areas in which Internal Audit Operates: -

Internal audit covers the following areas-

1) Review of Accounting System and Related Internal Controls: - The establishment

of an adequate accounting system and related controls is the responsibility of
management which demands proper attention on a continuous basis. The internal audit
function is often assigned specific responsibility by management for reviewing the
accounting system and related internal controls, monitoring their operation and
recommending improvements thereto.

2) Examination for Management of Financial and Operating Information: - This

may include review of the means used to identify, measure, classify and report such

11
information and specific inquiry into individual items including detailed testing of
transactions, balances and procedures.

3) Examination of the Economy, Efficiency and Effectiveness of Operations

including Non-Financial Controls of an Organization: - Generally, the external
auditor is interested in the results of such audit work only when it has important bearing
on the reliability of the financial records.

4) Physical Examination and Verification of Tangible Assets.

1.7 ESSENTIALS OF INTERNAL AUDITING: -

The essentials for effective internal auditing are: -
I. Independence: - The internal auditor should have the independence in terms of
organizational status and personal objectivity which permits the proper performance of
his duties.
II. Staffing and Training: - The internal audit unit should be appropriately staffed in
terms of numbers, grades, qualifications and experience, having regard to its
responsibilities and objectives. The internal auditor should be properly trained to fulfill
all his responsibilities. The effectiveness of internal audit depends substantially on the
quality, training and experience of its staff. The aim should be to appoint staff with the
appropriate background, personal qualities and potential. Thereafter, steps should be
taken to provide the necessary experience, training and continuing professional
education.
STAFFING
The internal audit unit should be managed by a head of internal audit who should be
suitably qualified and should possess wide experience in internal audit and its
management. He should plan, direct, control and motivate the resources available to
ensure that the responsibilities of the internal audit unit are met. The full range of duties
may require internal audit staff to be drawn from a variety of disciplines. The
effectiveness of internal audit may be enhanced by the use of specialist staff, particularly
in the internal audit of activities of a technical nature. The internal audit unit should

12
employ staff with varying types and levels of skills, qualifications and experience in
order to satisfy the requirements of each internal audit task.
TRAINING
The organization has a responsibility to ensure that the internal auditor receives the
training necessary for the performance of the full range of duties. Training should be
tailored to the needs of the individual. It should include both theoretical knowledge and
its practical application under the supervision of suitably competent and experienced
internal auditors. Account should be taken of: -
a) Internal audit objectives and priorities;

b) The type of internal audit work;

c) Previous training, experience and qualifications; and

d) Personal development in the light of the needs of the organization and the internal
audit unit.
The internal auditor should keep abreast of current developments, improvements, new
techniques and practices in auditing. The head of internal audit should co-ordinate, and
keep under review, the training requirements of internal auditors. He should be
responsible for preparing training profiles which identify the training requirement for
different grades of internal auditors, and should maintain personal training records for
each individual. In large organizations this may be performed by a designated training
officer.

III. Relationships: - The internal auditor should seek to foster constructive working
relationship and mutual understanding with management, with external auditors, with any
other review agencies and, where one exist, the audit committee. In order that the internal
auditor may properly perform all his tasks, it is necessary for all those with whom he has
contact to have confidence in him. Constructive working relationships make it more
likely that internal audit work will be accepted and acted upon, but the internal auditor
should not allow his objectivity to be impaired.

13
Organizational Relationships
The head of internal audit should prepare the internal audit plan in consultation with
senior management. The internal auditor should arrange the timing of internal audit
assignments in consultation with the management concerned, except on those rare
occasions where an unannounced visit is a necessary part of the audit approach.
Consultation can lead to the identification of areas of concern or of other interest to
management. Matters which arise in the course of the audit are confidential and
discussion should be restricted to management directly responsible for the area being
audited unless they have given express agreement to broaden the discussion. Discussions
with management are necessary when preparing the audit report. This is an essential
feature of the good relationship between the auditor and the management
.
Relationship with External Audit
The relationship between internal and external audit needs to take account of their
differing roles and responsibilities. Internal audit is an independent appraisal function
within the organization and internal auditors are direct employees. The external auditor
usually has a statutory responsibility to express an independent opinion on the financial
statements and stewardship of the organization. The aim should be to achieve mutual
recognition and respect, leading to a joint improvement in performance and the avoidance
of unnecessary over-lapping of work. It should be possible for the external and internal
auditors to rely on each other's work, subject to limits determined by their different
responsibilities, respective strengths and special abilities. Consultations should be held
and consideration given to whether any work of either auditor is adequate for the purpose
of the other. The internal auditor does not automatically have a right of access to the
records of the external auditor. However, the relationship between the internal and
external auditor will usually be such that the external auditor will be able to allow access
to the necessary records. Since internal audit evaluates an organization's internal control
system the external auditor may need to be satisfied that the internal audit function is
being planned and performed effectively. This review needs to be seen by both parties as
a necessary part of the working relationship

14
Review Agencies and Specialists
Certain information obtained during an internal audit assignment may assist a review
agency, such as management services or consultants, which are seeking to secure
improvements in the organization's performance. Management's formal approval should
be obtained before releasing any audit report or other information to the review agencies.
The internal auditor should establish a regular dialogue with review agencies and obtain
their reports for information, review and comment where proposals may affect internal
control arrangements. Where it is necessary for the internal auditor to have contact with
other specialists the same basic principles about information apply as in the case of
review agencies.

IV. Due Care: - The internal auditor should exercise due care in fulfilling his
responsibilities. The internal auditor cannot be expected to give total assurance that
control weaknesses or irregularities do not exist. In order to demonstrate that due care has
been exercised the internal auditor should be able to show that his work has been
performed in a way which is consistent with this guideline. The internal auditor should
possess a thorough knowledge of the aims of the organization and the internal control
system. He should also be aware of the relevant laws and the requirements of relevant
professional and regulatory bodies. The internal auditor must be impartial in discharging
all responsibilities; bias, prejudice or undue influence must not be allowed to limit or
over-ride objectivity. At all times, the integrity and conduct of the internal auditor must
be above reproach. He should not place himself in a position where responsibilities and
private interests conflict and any personal interests should be declared. The internal
auditor should not improperly disclose any information obtained during the course of his
work.

V. Planning, Controlling And Recording: - The internal auditor should adequately

plan, control and record his work. The main purposes of internal audit planning are: -
a) To determine priorities and to establish the most cost-effective means of achieving
audit objectives;
b) To assist in the direction and control of audit work;
c) To help ensure that attention is devoted to critical aspects of audit work; and
15
d) To help ensure that work is completed in accordance with pre-determined targets.
Control of the internal audit unit and of individual assignments is needed to ensure that
internal audit objectives are achieved and work is performed effectively. The most
important elements of control are the direction and supervision of the internal audit staff
and review of their work. This will be assisted by an established audit approach and
standard documentation. The degree of control and supervision required depends on the
complexity of assignments and the experience and proficiency of the internal audit staff.
Internal audit work should be properly recorded because: -
a) The head of internal audit needs to be able to ensure that work delegated to staff has
been properly performed. He can generally do this only by reference to detailed working
papers prepared by the internal audit staff who performed the work;
b) Working papers provide, for future reference, evidence of work performed, details of
problems encountered and conclusions drawn; and
c) The preparation of working papers encourages each internal auditor to adopt a
methodical approach to his work.

VI. Evaluation of the Internal Control System: - The internal auditor should identify
and evaluate the organization's internal control system as a basis for reporting upon its
adequacy and effectiveness.

VII. Evidence: - The internal auditor should obtain sufficient, relevant and reliable
evidence on which to base reasonable conclusions and recommendations. Internal audit
evidence is information obtained by an internal auditor which enables
Conclusions to be formed on which recommendations can be based. The internal auditor
should determine what evidence will be necessary by exercising judgment in the light of
the objectives of the internal audit assignment. This judgment will be influenced by the
scope of the assignment, the significance of the matters under review, the relevance and
the reliability of available evidence and the cost and time involved in obtaining it. The
collection and assessment of internal audit evidence should be recorded and reviewed to
provide reasonable assurance that conclusions are soundly based and internal audit
objectives achieved.

16
VIII. Reporting and Follow-Up: - The internal auditor should ensure that findings,
conclusions and recommendations arising from each internal audit assignment are
communicated promptly to the appropriate level of management and he should actively
seek a response. He should ensure that arrangements are made to follow up audit
recommendations to monitor what action has been taken on them. Internal audit reports
provide a formal means of communicating to management the results arising from audits
undertaken. Such reports should include audit findings, recommendations and
conclusions relating to the adequacy of and compliance with the system of internal
control and the efficiency, effectiveness and economy of operations in the area covered
by the audit. From the point of view of completeness, management response to the audit
findings should preferably also be included in the report. The aim of every internal audit
report should be:-

a) To prompt management action to implement recommendations for change leading to

improvement in performance and control; and
b) To provide a formal record of points arising from the internal audit assignment and,
where appropriate, of agreements reached with management.

1.8 DIFFERENT ROLES OF INTERNAL AUDIT: -

1. Role in Internal Control: - Internal auditing activity is primarily directed at

improving internal control. Internal control is broadly defined as a process, effected by an
entity's board of directors, management and other personnel, designed to provide
reasonable assurance regarding the achievement of objectives

In the following internal control categories: -

a) Effectiveness and efficiency of operations.

b) Reliability of financial reporting.

c) Compliance with laws and regulations.

Management is responsible for internal control. Managers establish policies and
processes to help the organization achieve specific objectives in each of these categories.

17
Internal auditors perform audits to evaluate whether the policies and processes are
designed and operating effectively and provide recommendations for improvement.

2. Role in Risk Management: - Internal auditing professional standards require the

function to monitor and evaluate the effectiveness of the organization's risk management
processes. Risk management relates to how an organization sets objectives, then
identifies, analyzes, and responds to those risks that could potentially impact its ability to
realize its objectives. Risks fall under strategic, operational, financial reporting, and
legal/regulatory categories. Management performs risk assessment activities as part of the
ordinary course of business in each of these categories. Examples include: - strategic
planning, marketing planning, capital planning, budgeting, hedging, incentive pay out
structure, and credit/lending practices. Internal auditors may evaluate each of these
activities, or focus on the processes used by management to report and monitor the risks
identified. For example, internal auditors can advise management regarding the reporting
of forward-looking operating measures to the Board, to help identify emerging risks. In
larger organizations, major strategic initiatives are implemented to achieve objectives and
drive changes.

3. Role in Corporate Governance: - Internal auditing activity as it relates to

corporate governance is generally informal, accomplished primarily through participation
in meetings and discussions with members of the Board of Directors. Corporate
governance is a combination of processes and organizational structures implemented by
the Board of Directors to inform, direct, manage and monitor the organization's
resources, strategies and policies towards the achievement of the organizations
objectives. The internal auditor is often considered one of the "four pillars" of corporate
governance, the other pillars being the Board of Directors, management, and the external
auditor. A primary focus area of internal auditing as it relates to corporate governance is
helping the Audit Committee of the Board of Directors (or equivalent) perform its
responsibilities effectively. This may include reporting critical internal control problems,
informing the Committee privately on the capabilities of key managers, suggesting
questions or topics for the Audit Committee's meeting agendas, and coordinating

18
carefully with the external auditor and management to ensure the Committee receives
effective information.

Meeting with the Auditee

Before starting the internal audit, Internal Auditor should have a meeting with the auditee
where he should explain the objectives of Internal audit. He should also discuss the
internal audit plan with the auditee and get their consent for the schedule. Internal
Auditor should be in constant touch of the auditee and if he found something grave, he
should take management representation before reporting it out to the top management.
Before finalizing his report, it is important for an internal auditor to discuss all his
findings with the concerned auditee and take their representation on the findings

Study of Company system, Policies, Procedures, processes, techniques

For carrying out the internal audit assignment in a meaningful manner, it is necessary for
the internal auditor to study the company policies, procedures and processes. He should
make thorough study about the company Internal Control system, risk management
practices and policies. This will give him a insight about company’s policies, procedures
and possible areas of improvements.

Support the findings with objective and conclusive evidences

It is very important for an auditor to be objective in his approach. An internal auditor

should collect objective and corroborative evidences for supporting his findings.

Be polite, Cooperative and humble

A successful Internal Auditor is one who is popular among the auditee. It is very
necessary for an internal auditor to have good interpersonal skills. While dealing with
auditee he should be humble, polite and co-operative. Here it is important aspect that
being humble does not mean that he is to surrender his independency and objectivity; he
needs to be humble while maintaining the two

1.9 ROLE OF MANAGEMENT IN INTERNAL AUDIT

Management needs to play a very significant and pivot role in meaningful execution of
Internal Audit. An internal Auditor needs to work very closely with the management

19
representative to get the internal audit done. Generally, people do not treat an internal
auditor favourably. Management of an organization and Internal auditor should take
various steps to make internal audit, a happy event for all. Here, some of the steps which
may be taken by Management and Internal Auditor are listed below.

1. To declare/exhibit that Internal Audit is the Mandate of Top

Management

to assist an internal auditor in achieving the objective, Management should show their
commitment for the internal audit. It should be known to all employees that Internal audit
is the mandate of Top management and all employee/associates are expected to give their
full co-operation for the internal Audit.

2. To give the orientation of Internal Audit, Internal Control, Risk

management and governance to the management

For smooth and successful execution of internal audit, it is necessary that all the
management personals should be made aware about the importance of Internal Audit,
Internal Control, Risk management and governance practices. They should also be made
aware that internal audit is carried out to make their life easy and to identify the
deviations from statutory laws and company policies and procedures.

3. To review out the internal Auditor report and recommendations and

take necessary actions.
For smooth and successful execution of internal audit, it is necessary that the
management should review out the internal auditor report and recommendation on
periodic basis. Internal auditor report should be discussed not only at the board room or
Audit committee meeting but it should also be acted upon at ground level.

Internal Auditor and Management both are the two wheels of a mill. Internal audit is
successful in achieving its objectively only when both of them work in tandem. The
management of the organization should show its high commitment towards its successful
execution and internal auditor too carry out the internal audit assignment objectively.

20
Chapter No-2. Research Methodology
The research methodology is the specific procedure or technique used to identify,
select, process, and analyses information about a topic

2.1 OBJECTIVES OF INTERNAL AUDIT

1. To know whether internal audit can help to control costs.

2. To determine whether compliance exists with policies, procedures, laws and

regulations.

3. To analyze and improve the system of internal check, in particular to see that it is
Working, Sound, and Economical.

4. To facilitate the prevention and detection of frauds. And also To find out which main costs
can be controlled by performing internal audit.

2.2 HYPOTHESIS
It has been proved that -

 H0: Internal audit does not help to control cost

 H1: Internal audit does help to control cost

2.3 Scope of Internal Audit

The professionals of the Mumbai area [Link],[Link] etc. selected for sending the
questionnaire and also send the questionnaire to the firm . the qualified person in mumbai
is increasing rapidly. The scope internal audit is very large concept the study of internal
audit cost not known all the profession therefore we select the only [Link]. CWA, person
and firm we send them some questionnaire to the CA, CS CWA and to the IPCC student
for know their review on over topic

21
Also the study covered the period from 1 august 2018 to 30 November 2018 for the
primary and secondary data collection. during the period the questionnaire distributed the
the above professionals mentioned above.

2.4 The Limitations of Internal Audit are given below:

Despite these benefits, internal audit has some limitations.

1. Since, the respondent were CA, CS, CWA and firm etc. and the questionnaire
were send to them in the month of September due to their works of filling annual
reports and annual accounts many respondents did not give their responses and
they are not corporates with us because they busy in their work
2. There are also some limitation during project work. The manager and their
employees does not give us proper responses on our topic it may be due to lack of
knowledge or their work burden.

2.5 Significance of Internal Audit

Collection of data is great experiences. the dedicated professions were ready to give
Responses. they are give motivation to the learner about their research. the many
Respondent said the study is beneficial to the all business orgnisation.

2.6 Nature of of Problem

Now a days many frauds, scams, scandals and illegalities by the orgnisation have come out
in the news. Considering that learner thought the need of checking the effectiveness, efficiency
of the orgnisation. the internal audit give proper information about the orgnisation regarding
production, availability of raw materials and also optimum use of recourses such other
information. The internal audit control cost provide rules and regulation to the orgnisation.

The main purpose of the internal audit control cost is to prevent from internal fraud in the
orgnisation and also the orgnisation function run properly or not. Here the various aspect
represent internal control system, financial control, performance management system, mission
statement, vision statement, values, performance target etc. the internal audit can control the
cost of all heads of the orgnisation. the following are some problem of internal audit and control
cost

22
 2.7 Sample Size

There were many professional in the area of Mumbai. the learner decided to select 50 samples
randomly and sent them the questionnaire via google forms. 34 amongest the sample size
selected responded to the questionnaire.

2.8 Data Collection

Internal Audit is base on communication with internal team and give suggestion on basis
of issues, Therefore Here I select combination of Primary and Secondary Method of
Data Collection

 Primary data-
 The primary data was collection through the random professionals in Mumbai which
included CA, CS, CWA, etc. by sending them the questionnaire via google forms.
 Secondary data
 This data was collected from internet on various websites, articles, books, etc.

 Outline of the study

This project work is divided in five different chapter
1. Chapter one: includes introductory part of the project, this includes meaning,
importance, principles, benefits, code and objectives of corporate governance, what is
auditing and basic information of audit.
2. Chapter two: it is the research methodology i.e. objective of the study, hypothesis,
scope of the study , difficulties that were faced by learner, significance of the study,
nature of problem, sample size and data collection
3. Chapter three: it is provide the review of literature
4. Chapter four: in the chapter data analysis, interpretation and presentation which
includes details whether respondents work in corporate and the analysis presentation
and of their responses
5. Chapter five : this chapter gives us the conclusions and suggestions made by the learner.

23
Chapter 3 Literature of Review
3.1 Review of Literature
Literature review is the crucial part of any research. This helps the researcher avoid
reinventing past contributions and results. This focuses on the past literature in the field
of research and its classification under different angles. The critique comparison of the
past literature will narrow down the research topic and provide a base for selecting a
research topic which will have more pay-off. The outcome of the literature review gives a
direction for future research.

3.2 RESEARCH STUDIES :( NATIONAL)

Aditya Birla Group Corporate Management Audit according to the study, Corporate
Management Audit is committed towards systems perfection across the group in India
and overseas. It has been actively involved in the evolution, implementation and review
of internal controls, cost reduction methods. Group policies, effective MIS, assessment
and mitigation of business risks and promoting effective corporate governance, etc. The
audit function regularly shares information and best practices among the units and helps
the group to keep pace with the fast changing business scenario, resulting in continuous
growth of the group as well as value addition to stakeholders.

3.3 STANDARDS RELATED to INTERNAL AUDIT -

1. Standard on Internal Audit 1 - Planning an Internal Audit

a) Internal audit plan should cover areas such as obtaining knowledge of legal and
regulatory framework within which the entity operates, obtaining knowledge of the
entity’s accounting and internal control systems and policies, determining the
effectiveness of internal control procedures adopted by the entity, determining the nature,
timing and extent of procedures to be performed, identifying activities warranting special
focus based on materiality and criticality of such activities, and their overall effect on

24
operations of the entity, identifying and allocating staff to different activities to be
undertaken.

b) Planning process includes obtaining knowledge of business, establishing the audit

universe, establishing the objectives of engagement, establishing scope of the
engagement, deciding resource allocation, preparation of audit programed.
c) Plan to be finalized in consultation with the appropriate authority before
commencement of the work.
2. Standard on Internal Audit 2 - Basic Principles Governing Internal Audit

a) Internal auditor should adhere to the basic principles governing an internal audit.

b) These principles are integrity, objectivity and independence, confidentiality, skills and
competence, work performed by others, documentation, planning, internal audit evidence,
accounting system and internal control, and internal audit conclusions and reporting.

3. Standard on Internal Audit 3 - Documentation

a) Internal audit documentation should be designed and properly organized to meet the
requirements and circumstances of each audit. To formulate policies for standardization
of internal audit documentation.

b) It should be sufficiently complete and detailed for an internal auditor to obtain an

overall understanding of the audit.

c) It should cover all the important aspects of an engagement viz., engagement

acceptance, engagement planning, risk assessment and assessment of internal controls,
evidence obtained and examination / evaluation carried out, review of the findings,
communication and reporting and follow up.
The internal audit documentation would, therefore, generally, include:
 Progress report, MIS report.
 Reconciliation statements.
 Communication with the client personnel and third parties, if any.
 Certification and representations obtained from management.

25
 Copies of relevant circulars, extracts of legal provisions.
 Results of risk and internal control assessments.
 Analytical procedures performed and results thereof.
 List of queries and resolution thereof.
 Copy of draft audit report, along with the comments of the auditee thereon and final
report issued.
 Records as to the follow up on the recommendations/ findings contained in the report.
Internal audit documentation should be sufficiently complete and detailed for an internal
auditor to obtain an overall understanding of the audit. The extent of documentation is a
matter of professional judgment since it is neither practical nor possible to document
every observation, finding or conclusion in the internal audit documentation. All the
significant matters which require exercise of judgment, together with the internal
auditor’s conclusion thereon should be included in the internal audit documentation.
However, the documentation prepared by the internal auditor should be such that enables
an experienced internal auditor (or a reviewer), having no previous connection with the
internal audit to understand:
(a) The nature, timing and extent of the audit procedures performed to comply with SIAs
and applicable legal and regulatory requirements;
(b) The results of the audit procedures and the audit evidence obtained;
(c) Significant matters arising during the audit and the conclusions reached thereon; and
(d) terms and conditions of an internal audit engagement/requirements of the internal
audit charter, scope of work, reporting requirements, any other special conditions,
affecting the internal audit.
After the assembly of the audit file, the internal auditor should not delete or discard
internal audit documentation before the end of the retention period.

4. Standard on Internal Audit 4 - Reporting

a) To review and assess the analysis drawn from internal audit evidence obtained as the
basis for his conclusion on the efficiency and effectiveness of systems, processes and
controls including items of financial statements.

26
b) Report clearly expressing significant observations, suggestion / recommendations
based on the policies, processes, risks, controls and transaction processing taken as a
whole and managements,responses.

c) Report includes basic elements such as title, addressee, report distribution list, period
of coverage of the report, opening or introductory paragraph, objectives paragraph, scope
paragraph (describing the nature of an internal audit), executive summary (highlighting
key material issues, observations, control weaknesses and exceptions), observations,
findings and recommendations made by the internal auditor, comments from the local
management, action taken report – action taken / not taken pursuant to the observations
made in the previous internal audit reports, date of the report, place of signature and
Internal auditor’s signature with membership number.
Basic Elements of the Internal Audit Report. The internal auditor’s report includes the
following basic elements, ordinarily, in the following layout:
(a) Title;
(b) Addressee;
(c) Report Distribution List;
(d) Period of coverage of the Report;
(e) Opening or introductory paragraph;
(i) Identification of the processes/functions and items of financial statements audited; and
(ii) a statement of the responsibility of the entity’s management and the responsibility of
the internal auditor;
(f) Objectives paragraph - statement of the objectives and scope of the internal audit
engagement;
(g) Scope paragraph (describing the nature of an internal audit):
(i) A reference to the generally accepted audit procedures in India, as applicable;
(ii) A description of the engagement background and the methodology of the internal
audit together with procedures performed by the internal auditor; and
(iii) A description of the population and the sampling technique used.
(h) Executive Summary, highlighting the key material issues, observations, control
weaknesses and exceptions;
(i) Observations, findings and recommendations made by the internal auditor;

27
(j) Comments from the local management;
(k) Action Taken Report – Action taken/ not taken pursuant to the observations made in
the previous internal audit reports;
(l) Date of the report;
(m) Place of signature; and
(n) Internal auditor’s signature with Membership Number.
6. The internal auditor should exercise due professional care to ensure that the internal
audit report, inter alia, is: (i) clear
(ii) Factual – presents all significant matters with disclosure of material facts
(iii) Specific Standard on Internal Audit (SIA) 4 4
(iv) Concise
(v) Unambiguous
(vi) Timely
(vii) Complies with generally accepted audit procedures in India, as applicable.

5. Standard on Internal Audit 5 - Sampling

a) Design and select an audit sample, perform audit procedures thereon, and evaluate
sample results so as to provide sufficient appropriate audit evidence to meet the
objectives of internal audit engagement unless otherwise specified by the client.

b) When designing an audit sample, internal auditor should consider specific audit
objectives, the population from which internal auditor wishes to sample, and the sample
size.

c) When determining the sample size, internal auditor should consider sampling risk,
tolerable error and the expected error.
 The internal auditor should select sample items in such a way that the sample can
be expected to be representative of the population. This requires that all items or
sampling units in the population have an opportunity of being selected.
 When designing an audit sample, the internal auditor should consider the specific
audit objectives, the population from which the internal auditor wishes to sample,
and the sample size.

28
  The internal auditor should evaluate the sample results to determine whether the
assessment of the relevant characteristics of the population is confirmed or
whether it needs to be revised.
 When determining the sample size, the internal auditor should consider sampling
risk, the tolerable error, and the expected error. The lower the risk that the internal
auditor is willing to accept, the greater the sample size needs to be. Examples of
some factors affecting sample size are contained in Appendix 1 and Appendix 2
to the Standard.

6. Standard on Internal Audit 6 - Analytical Procedures

a) To apply analytical procedures as the risk assessment procedures at the planning and
overall review stages of internal audit.

b) Analytical procedures are analysis of significant ratios and trends including resulting
investigation of fluctuations and relationships that are inconsistent with other relevant
information or which deviate from predicted amounts.

c) Factors to be considered for analytical procedures are significance of the area being
examined, adequacy of the system of internal control, availability and reliability of
financial and non–financial information, the precision with which results of analytical
procedures can be predicted, availability and comparability of information regarding the
industry in which the organization operates, the extent to which other auditing procedures
provide support for audit results. After evaluating the aforementioned factors, internal
auditor should consider and use additional auditing procedures, as necessary, to achieve
the audit objective.

7. Standard on Internal Audit 7 - Quality Assurance in Internal Audit

a) A system for assuring quality in internal audit should provide reasonable assurance
that the internal auditors comply with professional standards, regulatory and legal
requirements, so that the reports issued by them are appropriate in the circumstance. In
order to ensure compliance with the professional standards, regulatory and legal

29
requirements, and to achieve the desired objective of internal audit, a person within the
organization should be entrusted with the responsibility for the quality in the internal
audit, whether done in–house or by an external agency.

7. Standard on Internal Audit 7 - Quality Assurance in Internal Audit

a) A system for assuring quality in internal audit should provide reasonable assurance
that the internal auditors comply with professional standards, regulatory and legal
requirements, so that the reports issued by them are appropriate in the circumstance. In
order to ensure compliance with the professional standards, regulatory and legal
requirements, and to achieve the desired objective of internal audit, a person within the
organization should be entrusted with the responsibility for the quality in the internal
audit, whether done in–house or by an external agency.

b) In case of in–house internal audit or a firm carrying out internal audit, the person
entrusted with the responsibility for the quality in internal audit should ensure that the
system of quality assurance includes policies and procedures addressing leadership
responsibilities for quality in internal audit, ethical requirements, acceptance and
continuance of client relationship and specific engagement, as may be applicable, human
resources, engagement performance, monitoring. The quality assurance framework
should cover all the elements of internal audit activity.
c) In order to ensure compliance with the professional Standards, regulatory and legal
requirements, and to achieve the desired objective of the internal audit, a person within
the organization should be entrusted with the responsibility for the quality in the internal
audit, whether done in – house or by an external agency.
d) In order to improve the functionalities of the organization, transparency in reporting
and good governance, the person entrusted with responsibility for the quality in internal
audit, while establishing the quality assurance framework, should consider the following
parameters of the internal audit activity:
 Terms of engagement and their adequacy.
 Professional standards and compliance therewith.
 Internal audit goals and the extent to which they are being achieved.

30
 Recommendations for improving the quality of internal audit and the extent to which
they are being implemented and their effectiveness.
 Skills and technology used in carrying out internal audit
The quality assurance framework established by the person entrusted with the
responsibility for the quality in internal audit should, therefore, cover all the elements of
the internal audit activity.

8. Standard on Internal Audit 8 - Terms of Internal Audit Engagement

a) Internal auditor and the auditee should agree on the terms of engagement before
commencement. Terms should be approved by the Board of Directors or a relevant
Committee thereof such as the Audit Committee or such other person(s) as may be
authorized by the Board in this regard.

b) It should contain a statement in respect of the scope of internal audit engagement.

c) It should clearly mention that internal auditor would not be involved in the preparation
of auditor’s financial statements. It should also be made clear that the internal audit
would not result in the expression of an opinion or any other form of assurance on the
auditor’s financial statements or any part thereof.
d) The terms of engagement should clearly mention the responsibility of the auditee vis-
a-vis the internal auditor.
The scope of the terms of the engagement, after delineating the broad areas of function of
internal audit, should clarify that any additional services that are not encompassed by the
engagement letter shall be performed only on mutual agreement and with separate
engagement letter.
e) Confidentiality of Working Paper

9. Standard on Internal Audit 9 - Communication with Management

a) Internal auditor while performing audit should communicate clearly the responsibilities
of internal auditor and an overview of the planned scope and timing of audit with the
management.

31
b) Communication regarding the planned scope and timing of internal audit may assist
the management to understand better the objectives of internal auditor’s work, to discuss
issues of risk and materiality with internal auditor and to identify any areas in which they
may request the internal auditor to undertake additional procedures, assist the internal
auditor to understand the entity and its environment better.

c) Different stages of communication and discussion should be:- discussion of draft; exit
meeting; formal draft; and final report.

10. Standard on Internal Audit 10 - Internal Audit Evidence

a) To obtain sufficient appropriate evidence to enable him to draw reasonable conclusions

there from on which to base his opinion or findings.

b) Scope of an internal audit is much broader in comparison to that of statutory audit. The
depth of coverage of internal audit, being a management function, would also be much
wider. An internal audit function normally is spread beyond checking of financial
transactions and is expected to cover comments on internal control systems, risk
management, propriety aspect of transactions.

c) To evaluate sufficiency of appropriate audit evidence before conclusions there from.

The internal audit evidence should enable internal auditor to form an opinion on the
scope of the terms of engagement.

11. Standard on Internal Audit 11 - Consideration of Fraud in an Internal Audit

a) An internal auditor is not expected to possess skills and knowledge of a person expert
in detecting and investigating frauds, he should, however, have reasonable knowledge of
factors that might increase the risk of opportunities for frauds in an entity and exercise
reasonable care and professional skepticism while carrying out internal audit.

b) A system of internal control comprise of following five elements namely control

environment, entity’s risk assessment process, information system and communication,
control activities and monitoring of controls. It is essential for internal auditor to gain an
understanding of the components of system of internal control.

32
c) The primary responsibility for prevention and detection of frauds is that of the
management of the entity. The internal auditor should, however, help the management
fulfill its responsibilities relating to fraud prevention and detection.

12. Standard on Internal Audit 12 - Internal Control Evaluation

a) The system of internal control must be under continuous supervision by management

to determine that it is functioning as prescribed and is modified, as appropriate, for
changes in environment. Internal control system extends beyond those matters which
relate directly to the functions of accounting system and comprises of control
environment and control activities.
b) To examine the continued effectiveness of internal control system through evaluation
and make recommendations, if any, for improving that effectiveness. To focus towards
improving internal control structure and promoting better corporate governance.
c) To obtain an understanding of significant processes and internal control systems
sufficient to plan the internal audit engagement and develop an effective audit approach,
assess and evaluate the maturity of entity’s internal control, assess management’s
attitudes, awareness and actions regarding internal controls and their importance in the
entity.

13. Standard on Internal Audit 13 - Enterprise Risk Management

a) Risk is an event which can prevent, hinder, fail to further or otherwise obstruct the
enterprise in achieving its objectives. Risk may be broadly classified into Strategic,
Operational, Financial and Knowledge.

b) ERM is a structured, consistent and continuous process of measuring or assessing risk

and developing strategies to manage risk within the risk appetite. It involves
identification, assessment, mitigation, planning and implementation of risk and
developing an appropriate risk response policy. Management is responsible for
establishing and operating the risk management framework.

33
c) ERM process consists of Risk identification, prioritization and reporting, Risk
mitigation, Risk monitoring and assurance. The corporate risk function establishes the
policies and procedures, and the assurance phase is accomplished by internal audit. The
role of internal auditor is to provide assurance to management on the effectiveness of risk
management.

14. Standard on Internal Audit 14 - Internal Audit in an Information Technology

Environment
a) The overall objective and scope of an internal audit does not change in an IT
environment. However, the use of a computer changes the processing, storage, retrieval
and communication of financial information and the interplay of processes, systems and
control procedures. This may affect the internal control systems employed by the entity.
Accordingly, and IT environment may affect the procedures followed by the internal
auditor in obtaining a sufficient understanding of the processes, systems and internal
control system and the auditor’s review of the entity’s risk management and continuity
systems.
b) To consider the effect of an IT environment on internal audit engagement, inter alia the
extent to which IT environment is used to record, compile, process and analyse
information and the system of internal control in existence in the entity with regard to
flow of authorized, correct and complete data to the processing centre, the processing,
analysis and reporting tasks undertaken in the installation and the impact of computer–
based accounting system on the audit trail that could otherwise be expected to exist in an
entirely manual system.

c) To have sufficient knowledge of information technology systems to plan, direct,

supervise, control and review the work performed. The sufficiency of knowledge would
depend on the nature and extent of the IT environment.

15. Standard on Internal Audit 15 - Knowledge of the Entity and its Environment

a) To obtain knowledge of the economy, entity’s business and its operating environment,
including its regulatory environment and the industry in which it operates, sufficient to
enable him to review the key risks and entity–wide processes, systems, procedures and

34
controls. To identify sufficient, appropriate, reliable and useful information to achieve the
objectives of the engagement.

b) Prior to accepting an engagement, the internal auditor should obtain a preliminary

knowledge of the industry and of the nature of ownership, management, regulatory
environment and operations of the entity subjected to internal audit, and should consider
whether a level of knowledge of the entity’s business adequate to perform the internal
audit can be obtained.

c) Following the acceptance of the engagement, further and more detailed information
should be obtained.

16. Standard on Internal Audit 16 - Using the Work of an Expert

a) To obtain technical advice and assistance from competent experts if the internal audit
team does not possess necessary knowledge, skills, expertise or experience needed to
perform all or part of the internal audit engagement.

b) When the internal auditor uses the work of an expert, he should satisfy himself about
the competence, objectivity and independence of such expert and consider the impact of
such assistance or advice on the overall result of internal audit engagement, especially in
cases where the outside expert is engaged by senior management or those charged with
governance.
c) When determining whether to use the work of an expert or not, internal auditor should
consider the materiality of the item being examined, the nature and complexity of the
item including the risk of error therein, the other internal audit evidence available with
respect to the item.

17. Standard on Internal Audit 17 - Consideration of Laws and Regulations in an

Internal Audit
a) It is the primary responsibility of management, with the oversight of those charged
with governance, to ensure that the entity’s operations are conducted in accordance with
the provisions of laws and regulations, including compliance with the provisions of laws

35
and regulations that determine the reported amounts and disclosures in an entity’s
financial statements.
b) The objectives of the internal auditor are to obtain sufficient appropriate audit
evidence regarding compliance with the provisions of those laws and regulations
generally recognized to have a direct effect on the determination of material amounts and
disclosures in the financial statements, to perform specified audit procedures to help
identify instances of non-compliance with other laws and regulations that may have a
significant impact on the functioning of the entity and to respond appropriately to non-
compliance or suspected non-compliance with laws and regulations identified during the
internal audit.

3.4 Clause 49 of the Listing Agreement

Securities and Exchange Board of India (SEBI) introduced specific mandatory and
recommendatory corporate governance provisions in Clause 49 of the Listing Agreement
applicable to listed entities according to which audit committee is required to review –
1. Whether the internal audit function is being made functional
2. Internal audit reports relating to weaknesses found in internal controls.
3. Findings of any internal investigation by internal auditors into matters where there is a
suspected fraud or irregularity, or a failure of internal control systems of a significant
impact and
4. That the CEO and the CFO have certified to the Board of Directors that they accept
responsibility for the effectiveness of internal controls, and that they have disclosed to the
auditors and the audit committee deficiencies in the operation of the internal controls, if
any, and steps have been taken for their rectification.
Section 138 Internal Audit, of Chapter IX - ACCOUNTS OF COMPANIES,
Companies Act, 2013 r/w Rule 13 of Companies (Accounts) Rules, 2014
Following class of companies shall be required to appoint an internal auditor or a firm of
internal auditors, who shall either be a chartered accountant or a cost accountant, or such
other professional as may be decided by the Board to conduct internal audit of the
functions and activities of the company-

36
1. Every listed company
2. Every unlisted public company having- (i) paid up share capital of fifty crore rupees or
more during the preceding financial year; or (ii) turnover of two hundred crore rupees or
more during the preceding financial year; or (iii) outstanding loans or borrowings from
banks or public financial institutions exceeding one hundred crore rupees or more at any
point of time during the preceding financial year; or (iv) outstanding deposits of twenty
five crore rupees or more at any point of time during the preceding financial year; and
3. Every private company having- (i) turnover of two hundred crore rupees or more
during the preceding financial year; or (ii) outstanding loans or borrowings from banks or
public financial institutions exceeding one hundred crore rupees or more at any point of
time during the preceding financial year: Provided that an existing company covered
under any of the above criteria shall comply with the requirements of section 138 and this
rule within six months of commencement of such section.
IRDA (Investment) (Fourth Amendment) Regulations, 2008 has introduced requirements
of quarterly internal audit for insurers. Requirements of Sections 302 and 404 of the
Sarbanes Oxley Act of 2002, for companies seeking listing in US stock exchanges,
NASDAQ, NYSE, etc. Resources for an effective Internal Audit - Standards on Internal
Audit (eighteen Standards) - developed by Committee on Internal Audit (CIA) - which
aim to codify the best practices in the area of internal audit and also serve to provide a
benchmark of the performance of the internal audit services.
- Technical Guides
- Compendium of Industry Specific Internal Audit Guides
To give this assurance, the internal auditor conducts:
1. A process audit on risk management processes at all levels of the organization, viz.,
corporate, divisional, business unit, business process level, etc., put in place by line
management so as to assess the adequacy of their design and compliance.
2. A transactional audit on the significant risks so as to assess whether the risk is within
acceptable limits. The COSO (Committee of Sponsoring Organizations of the Treadway
Commission) framework defines internal control as a process, effected by an entity's
board of directors, management and other personnel, designed to provide "reasonable
assurance" regarding the achievement of objectives in the following categories:

37
a. Effectiveness and efficiency of operations,
b. Reliability of financial reporting,
c. Compliance with applicable laws and regulations,
d. Safeguarding of Assets

3.5 Technical Guide on Internal Audit in Telecommunications Industry

Internal auditing is being widely accepted as an effective control device for efficient and
effective management of economic enterprises, comprising a complete financial and
operational review. As per the modern concept of internal auditing, the internal auditor
apart from reviewing routine accounting procedures and policies also evaluates the
performance of management processes to determine whether there has been effective and
efficient utilization of the resources of the enterprise. For such a review and evaluation,
the internal auditor must possess knowledge of the technical, commercial and other
aspects of the operations of the enterprise concerned.

India is the fourth largest telecom market in Asia after China, Japan and South Korea.
The Indian telecom network is the eighth largest in the world and the second largest
among emerging economies. At current levels, telecom intensiveness of Indian economy
measured as the ratio of telecom revenues to GDP is 2.1 percent. In view of the
complexity, volume and growth of telecom industry, internal auditors have a dynamic
role to play to support the management in helping fostering this growth. Keeping this in
mind, the Committee on Internal Audit has brought out this Technical Guide on Internal
Audit in Telecom sector. This Technical Guide contains extensive guidance on all
significant aspects such as the regulatory framework in which the telecom companies
operate, frauds, revenue assurance and revenue recognition, network.

Metering and Billing Audit

In order to bring standardization and transparency in the metering and billing
procedures being followed by various operators, TRAI developed a regulation
“Quality of Service (Code of Practice for Metering and Billing Accuracy)
Regulation 2006”, which has benchmarks for metering and billing system. The
salient features of Code are as follows:-

38
(i). Before a customer is enrolled as a subscriber of any telecommunication
service, he shall be provided in advance with detailed information relating to the
tariff for using that service. Further, the service provider shall inform the
customer in writing, within a week of activation of service, the complete details of
his tariff plan.
(ii). Where a value-added service (e.g., download of content, such as a film clip or
ring tone) or entry to an interactive service (such as a game) can be selected
through a choice of the service user (e.g., by dialing a specific number) then the
charge for the service must be provided to the customer before he commits to use
the service.
(iii.) The services provided to the customer and all subsequent changes therein
shall be those agreed with him in writing prior to providing the service or
changing its provisions.
(iv). All the charges must be consistent with published tariff applicable to the
user.
(v). Payments made by a post-paid customer shall be credited to his account
immediately for cash payment and within reasonable time in case of cheque
payment. For pre-paid customers, top-up credit shall be applied to a customer’s
account within 15 minutes of its application.
(vi). Where the service provider unilaterally intends to restrict or cease service to
the customer, a notice shall be provided to the customer in advance of such action
so that the customer has reasonable time to take preventive action to avoid
restriction or cessation of service.
(vii.) The service provider shall have a documented process for identifying,
investigating and dealing with billing complaints and creating appropriate records
thereof.
(viii.) Reliability performance of the total metering and billing system should be
within the tolerances specified by TRAI.
(ix.) The telecom company shall submit the compliance of code of practices
adopted to TRAI on yearly basis

39
 (x.) The Authority has notified a panel of agencies capable for auditing the
metering and billing system to certify the adequacy of Metering and Billing
System of Telecom Company.
(xi.) The telecom companies shall arrange audit of their Metering and Billing
System in compliance with this regulation on an annual basis through any one of
the auditors notified by the Authority and an audit certificate thereof shall be
furnished to the Authority not later than 30th June of every year.
The internal auditors should satisfy themselves that the audit is carried out
by the notified auditors and that the company has taken corrective actions on
the observations reported by the auditors.

3.6 Technical Guide on Internal Audit of Pharmaceutical Industry

Indian pharmaceutical industry has grown at a high pace during the last few years. The
major challenges faced by the companies in the pharmaceutical industry are developing
new products and services through research, shifting demographics, evolving governing
regulations, transforming business models and increased expectations from stakeholders.
Risk is central to pharmaceutical companies as they are dependent on continuous research
and development with long gestation periods, compliance issues with environmental
laws, heavy capital investments as well as expenditures for environmental liabilities,
management of their intellectual property rights, etc. Most innovative pharmaceutical
companies are undergoing transition from their traditional business model and resort to
diversification, mergers & acquisitions to deal with the growing competition for low cost
generics.

The objective of the Technical Guide is to provide an insight into the functioning of the
pharmaceuticals industry, the key drivers of pharmaceuticals industry, technical aspects
peculiar to the industry and internal audit procedures with respect to certain processes
which would help the readers in conducting internal audit of a pharmaceuticals company.
The Guide briefly covers the following:
(i) Key Drivers of Pharmaceutical Industry.
(ii) Technical Aspects of Pharmaceutical Industry.
(iii) Regulatory Framework
40
(iv) Internal Audit Aspects of Pharmaceutical Industry
(v) Research and Development
(vi) Clinical Trials
(vii) Enterprise Risk Management (ERM) in Pharmaceutical Industry.

Internal Audit — Pharmaceutical Industry

Internal Audit with respect to following

(i) P2P cycle
(Procurement to Pay)
(ii) OTC (Order To Cash)
(iii) Statutory Compliances
(iv) Production
(v) Inventory Management
 Order to Cash (OTC)
The following table given a brief of internal audit activity related to order
to cash:
S. No. Activity Controls Key Control
Objective
1. Credit control Customer credit Review of
worthiness credit limits.
should be
properly Approvals for
evaluated and releasing the
credit limits credit blocks to
should be customer
accordingly set, orders.
in line with the
policy of the
Company.
2. Credit notes Credit notes Authorization
raised on and processing

41
 account of of Credit notes
shortages, etc., for shortages.
should be duly
authorized and
supported by
adequate
backup.

Sales returns Matching

are accurately report:
and completely Duplicate
recorded in the SRCNs (sales
books of returns credit
accounts. notes).
3. Customer All updations to Authorization
master the Customers of Credit Limit
Master should rating form for
be duly customer code
authorized and updation.
accurately
captured.
4. Collections Collections Review of ERP
should be generated
accurately and invoices
completely pending
accounted in the collections list.
proper period.
Review of
Monthly cheque
pending
realization

42
 report.
5. Invoicing and Goods (as per Review of ERP
Dispatches to invoices) should based daily
Customers be dispatched dispatch report.
immediately
and there
should be no
time lag
between
invoicing and
dispatches.
6. IT access The access to Review of user
relevant access rights
modules in ERP list.
should be
restricted to the
authorized
personnel.
7. Cheque All cheques Review of
Bouncing returns should cheque bounced
be promptly and legal file.
correctly
accounted

3.7 Technical Guide on Internal Audit of Beverages Industry

Indian beverages industry is extremely competitive with specific challenges confronting
the industry such as, ever changing consumer tastes, increasing power of global retailers,
increasing emphasis on product safety and quality along with the pressure to keep prices
low. To meet these challenges and capitalize on emerging opportunities, companies
operating in beverages industry should focus on revenue protection and enhancement,
cost reduction leading to margin improvement, improved asset utilization and

43
maintaining brand reputation by achieving compliance with applicable laws and
regulations.
Chartered accountants can play an important role by helping companies operating in the
beverages industry to understand these challenges and turn them into opportunities in the
form of improved internal controls and governance structure and enhanced growth and
profitability.
The beverages industry consists of two major categories and eight subgroups. The non-
alcoholic category is comprised of soft drink syrup manufacture; soft drink and water
bottling and canning; fruit juices bottling, canning and boxing; the coffee industry and the
tea industry. Alcoholic beverages categories include distilled spirits, wine and brewing.
Market Trends and Industry Challenges∗
Market trends for the soft drink industry can be summarized by six fundamental themes:
• Changing consumer beverages preferences, featuring a shift toward health-oriented
wellness drinks;
• Growing friction between bottlers and manufacturers in the distribution system;
• Continually increasing retailer strength;
• Fierce competition;
• Complex distribution system composed of multiple sales channels;
• Beverages safety concerns and more-stringent regulations.
Internal audit is conducted in variant economic, legal, cultural and business
environments. The organizations in which internal audit is performed differ widely in
size, structure, nature of business, scale, purpose, objectives and geographical spread.
Further, the internal audit activity may be performed by an entity’s employees or by some
external agency. Thus, the Framework for Standards on Internal Audit applies to all the
persons performing internal audit activity, irrespective of whether the function is
performed in-house or by an external agency.
The purpose of Standards on Internal Audit (SIAs) is:
• To provide standards for quality of services during an internal audit.
• To codify the best practices in internal audit services.
Internal control system consists of following inter-related components:
• Control (Or Operating) Environment

44
• Risk Assessment • Control Objectivity Setting
• Event Identification
• Control Activities
• Information and Communication
• Monitoring
• Risk Response.
Internal Audit Documentation
Internal audit documentation should be designed and properly organized to meet the
requirements and circumstances of each audit. It should be sufficiently complete and
detailed for an internal auditor to obtain an overall understanding of the audit. All
significant matters which require exercise of judgment, together with internal auditor’s
conclusion thereon should be included in the internal audit documentation.
Documentation prepared by internal auditor should enable reviewer to understand:
• The nature, timing and extent of audit procedures performed to comply with SIAs and
applicable legal and regulatory requirements;
• The results of audit procedures and audit evidence obtained;
• Significant matters arising during the audit and conclusions reached thereon; and
• Terms and conditions of an internal audit engagement/ requirements of internal audit
charter, scope of work, reporting requirements, any other special conditions, affecting the
internal audit.

Technical Guide on Internal Audit of Beverages Industry

Includes returning any excess quantities of material to the stores and the transferring of
completed production to the warehouse.
(i) Production Department
(a) Prepare planned and a firm next day’s production plan.
(b) Requisition for raw, packing and other materials for production.
(c) Prepare production report for each shift and line.
(d) Record breakage during production.
(e) Transfer product to shipping.
(f) Return excess raw and packing material to stores and empties to shipping.
(g) Secure material, if any, on the production floor.

45
(ii) Sales Department
Provide detailed sales forecast.
(iii) Stores Department
(a) Issue raw, packing and other materials.
(b) Receive any returns from the production department.
(iv) Procurement Department
Ensures availability of materials as per the production plan.
(v) Warehousing Department
(a) Prepare status of empties and fills to facilitate production planning.
(b) Provide empties for production and receive fills from production.
(c) Secure the fills and the empties storage area.
(d) Update excise records, as applicable.
(vi) Quality Department
(a) Perform on-line quality checks during production.
(b) Compute raw material yields
(vii) Finance Department
(a) Record accounting entries for production and consumption of materials.
(b) Determine and account for other manufacturing costs.
(c) Accounts Receivables and Collections

(d) Review necessity for provision for doubtful debts;

(e) Review debtors ageing report and overdue listing on a weekly basis;

(f) Obtain approval as per certain approvals for write-off of balances;

(g) Review dispatches to credit customers against established limits.

Sales and Accounts Receivables

Check-in Check-out Process

The purpose of Stock-out and Stock-in procedures is to establish controls over inventory
in the direct route selling process. These procedures describe the manner in which the

46
hand over or takeover of Company products is to occur between functions and to
establish the responsibility (for custody).

• Check physical stock of fulls, empties and cases given/ received to/ from salesmen;

• Check and report empties for damages and chip necks at Stock-In;

• Prepare Load-out summary.

Q No. Sub Process Question Remarks

1 Sales Ordering What was the value Higher the value or
of credit sales at proportion of credit
this location? sales, higher is the
risk at the location
in terms of
collectability and
liquidity.
2 Sales Ordering How many issues Higher the number
were noted in last of issues identified
audit in this in a sub-process,
subprocess? higher the
weightage or risk
ranking of the sub-
process.
3 Shipping of goods Has there been any Shipping is one of
turnover in the the important
preparer or functions in Sales
reviewer of process. If there is
shipping any significant
information in this change in this
location? function, it
increases the risk
around this sub-
process and needs
more attention in
the year of
transition.
4 Shipping of goods How many issues Higher the number
were noted in last of issues identified
audit in this in a sub-process,
subprocess? higher the
weightage or risk
ranking of the sub-
process
5 Revenue What was the value In case high value

47
 Recognition of new contracts at contracts have been
this location? entered into, it
needs auditor’s
attention to ensure
that compliance
with company
policies has been
ensured and due
diligence has been
performed.
6 Pricing of SKU Were there any Higher the number
changes to the Price of changes in price
Master File at this master, higher is
location? the weightage of
the risk to this sub-
process
7 Invoicing How many issues Higher the number
were noted in last of issues identified
audit in this in a sub-process,
subprocess? higher the
weightage or risk
ranking of the sub-
process.
8 Daily Sales Has there been any Higher the number
Settlement fraud related to the of fraud cases,
daily sales higher the
settlement process? weightage or risk
If yes, please ranking of this sub-
specify the number process.
of fraud cases
identified.
9 Sales Return How many issues Higher the number
were noted in last of issues identified
audit in this in a sub-process,
subprocess? higher the
weightage or risk
ranking of the sub-
process.
10 Sales Analysis How many issues Higher the number
were noted in last of issues identified
audit in this sub- in a sub-process,
process? higher the
weightage or risk
ranking of the sub-
process.

48
Chartered accountants can play an important role by helping companies operating in the
beverages industry to understand these challenges and turn them into opportunities in the
form of improved internal controls and governance structure and enhanced growth and
profitability.

3.8 COST CONTROL: -

Cost control and reduction refers to the efforts business managers make to monitor,
evaluate, and trim expenditures. These efforts might be part of a formal, company-
wide program or might be informal in nature and limited to a single individual or
department. In either case, however, cost control is a particularly important area of focus
for small businesses, which often have limited amounts of time and money. In a small
business the focus is often on selling and servicing the customer. This leaves the task of
purchasing slightly sidetracked. Even seemingly insignificant expenditures - for items
like office supplies, telephone bills, or overnight delivery services - can add up for small
businesses. On the plus side, these minor expenditures can often provide sources of cost
savings.

Cost control refers to management's effort to influence the actions of individuals

who are responsible for performing tasks, incurring costs, and generating revenues.
First managers plan the way they want people to perform, then they implement
procedures to determine whether actual performance complies with these plans. Cost
control is a continuous process that begins with the annual budget. As the fiscal year
progresses, management compares actual results to those projected in the budget and
incorporates into the new plan the lessons learned from its evaluation of current
operations. Through the budget process and accounting controls, management establishes
overall company objectives, defines the centers of responsibility, and determines specific
objectives for each responsibility center, and designs procedures and standards for
reporting and evaluation.

49
Cost control is the practice of managing and/or reducing business expenses. Cost controls
starts by the businesses identifying what their costs are and evaluate whether those costs
are reasonable and affordable. Then, if necessary, they can look for ways to cut costs
through methods such as cutting back, moving to a less expensive plan or changing
service providers. The cost control process seeks to manage expenses ranging from
phone, internet and utility bills to employee payroll and outside professional services. To
be profitable, companies must not only earn revenues, but also control costs. If costs are
too high, profit margins will be too low, making it difficult for a company to succeed
against its competitors. In the case of a public company, if costs are too high, the
company's may find that its share price is depressed and that it is difficult to attract
investors. The following are some simple successful cost control methods:-

1. Review and Modify Business Model:- There is a great, economically and

commercially successful business model, that is used to lay down the foundations of any
company. The business model must be however subject to small and big changes. It
means as a manager, you should subject the business model to changes according to your
competitor’s actions and markets status. By the term change, I also mean that you should
be upgrading and improving all possible business operations. You need to come up with
new process and procedures to reduce cost.

2. Daily Updates :- One of the best ways to start controlling costs it to have daily updates
of production, all possible long and short term expenditures. Divide all these
expenditures, even the ones such cost of machinery or insurance, and sales, by the
number of working days. This will give you a concrete figure of the total amount that has
been spent. Similarly after sales of your goods or services, you may also divide the total
amount of sales by the number of working days. This will give you a micro figure about
the daily expenditure and sales. It will definitely help you to zero down on all possible
cost problems that you incur.

3. Uniformity:- Cost control management is all about deriving the best outputs in a least
cost. Hence, set up a highly efficient and specialized stores department which will
oversee all purchases. You may also take a risk and make long term agreements

50
regarding the quality and quantity of materials that are being supplied to your
manufacturing process. This uniformity will ensure a timely, cheap and assured supply of
raw materials.

4. Time Planning:- Time is money! Well divide the amount of wages that you give out
with the number of work hours per month. Explain to the employees per hour
expenditures that you incur, and hence the necessity for time management. You may also
install good cost control systems, in order to help your employees to manage their work
hours well. A cost control software will also work wonders in the finance and accounting
department.

5. Renegotiate all Contracts Annually:- For whatever reason, businesses presume that
multiple year contracts will result in lower costs. Maybe sometimes, but not always. A
smart company policy is not to have the life of a contract exceed one year. This forces
annual bidding or at least renewal discussions with the current suppliers. Almost always
these discussions will result in lower cost of goods. A multi-year contract will usually
favor the vendor. Of course this is a lot of work, but it sure pays out.

6. Ask your Customers:- Annual planning sessions with customers have many benefits.
Naturally these discussions primarily should focus on ways to grow the business. But too
often these discussions fail to address costs. By discussing costs holistically up and down
the combined supply chains, customers often can recommend ways to reduce costs. For
example, how to take wasted steps out of the process, or how to plan jointly to smooth
production, or maybe even how to change the product mix to get rid of costly items and
replace them with some that are more profitable. Talking to the customer is never a bad
thing. But talking about how to jointly improve business deepens the relationship, shows
them you care, and helps reduce costs for both parties.

7. Match terms with turns:- Each item in your inventory moves at a different rate, and
yet suppliers normally apply a one size fits all approach to payment terms. You can
reduce your working capital to zero if payment terms were matched with the inventory
turns of each item. By negotiating this into your contracts it incents the suppliers only to

51
sell the best moving items and to work with you to improve inventory productivity. The
results will free up cash that can be deployed elsewhere in the business and improve
profits.

8. Ask Vendors to own their Inventory:- Better even than matching terms with turns is
to have the vendors keep title to their inventory until sold. Normally inventory acquired
from a vendor is held in your warehouse for use in manufacturing conversion or resale to
your customers. But why think of it as your inventory, it hasn’t been used yet so why it
isn’t their inventory. Best planning results in “just-in-time” delivery so there is no
inventory. But this isn’t always possible, for instance, in industries like retail where that
inventory is necessary for your own customers. But again, why are you paying them and
then sitting on their inventory. They need to own the inventory until time of sale. This is
commonly referred to as “scan based trading” or “just-in-time trading.”

3.9 INTERNAL AUDIT and COST CONTROL

Many organizations focus their cost reduction efforts around the numbers. This is the
reason why cost reduction initiatives are regarded as the sole domain of the financial
community. Cost cutting is often no more than a review of the budget, the introduction of
a saving against each line item, and then monitoring actual versus planned spend. There
is no problem with this approach if it is short-term cuts that are wanted. It is easy to
reduce costs by a small amount on each line item by delaying expenditure into a future
period. However, these are not real savings and the organization loses the opportunity to
review underlying business practices during difficult economic periods that have the
potential to create sustainable cost savings. Once the pressure is off, these “so called”
cost savings quickly come back into the budgets and management are none the wiser.
This is the tactical response to cost cutting. It can be done and it does have benefits but
these are mainly short term in nature. On the other hand, organizations that approach their
cost reduction efforts in a strategic manner have the opportunity to significantly
strengthen their competitive position from a cost perspective rather than just survive the
current economic downturn. Activity-based cost reduction is a strategic response to cost
cutting that provides sustainable benefits. This means the focus shifts from the individual

52
line items on the income statement or balance sheet toward the underlying activities that
drive the expenditure. Once these underlying activities are understood, it is relatively
easy to identify and prioritize improvements that will have a larger and longer-term
impact on the business.
The biggest risk for any major initiative is the ability of the organization to sustain the
benefits. In a survey of 115 multinationals taken from the Financial Times Stock
Exchange’s top 350 companies, it was found that 70% could not sustain the benefits of
their cost reduction efforts beyond two years. Often this is due to the fact that the changes
introduced are not continuously re-enforced through regular, visible reporting of the key
measures that determined success in the beginning. The organization loses sight of those
aspects that were considered essential when the program was first introduced. This is
where the internal audit function can play a significant role.
The internal audit function should be an integral part of any strategic cost reduction
program because it can ensure the redesigned business processes, activities and
structures (if any) remain responsive to the risks, and are embedded in the business
methods and practices.
The value that can be achieved by the inclusion of the internal audit function is immense,
as it can support a number of strategic objectives, including the following:
1. Achieving buy-in to the cost reduction program from a broader group of stakeholders.

2. Improving visibility at management, executive and board levels by ensuring internal

audit reports include commentary on the cost cutting initiatives.

3. Identifying the risks and implications of cost reduction initiatives.

4. Providing valuable input and insight into the key processes and activities that drive
certain costs.

5. Identifying critical improvement drivers to keep the business focused on priority areas.

6. Bringing a process and control capability to the overall program.

7. Monitoring and evaluating key performance indicators on a continuous basis.

53
8. Developing regular reviews as part of the annual internal audit plan to support
sustainability.

9. Providing an objective view point on the proposed initiatives prior to, during and after
the introduction of the cost cutting program.

10. Reporting on the benefits realized by the program.

As an example, overtime cost was considered to be excessive in one very large
organization. Certain employees were actually earning more by way of overtime pay
than from their regular salaries. Management decided to cut this cost, especially as
difficult economic circumstances were resulting in lower business activity levels. As a
result of the increased focus on overtime pay together with more regular reporting, the
cost began to show a reducing trend. However, as often happens, the moment the
emphasis changed to other significant areas and the level of scrutiny reduced, the cost
of overtime began to increase. This example highlights the need for much more effort in
understanding and changing the underlying reasons for a particular cost rather than
simply focusing on the cost itself. For example, travel expenditure may be under review
and the finance manager might request a saving of 20% in the following year’s budget.
One approach would simply be to cut the number of trips by an average of 20%, and the
target would be achieved with no difficulty. Except during the following year, when the
pressure is off, the costs will creep back into the system and the benefits of the saving
will be short lived. An alternative approach, in addition to the above action (which is a
very good starting point), would be to review and redesign the underlying activities that
drive travel expenditure in order to change the way the organization operates. This
would have the effect of sustaining the saving over a much longer term and ultimately
gain the organization competitive advantage.
The following questions in relation to travel expenses should also be asked:-
1. What is the breakdown of the travel expense? (In order to understand the makeup of
the cost and where to focus improvement efforts.)

2. What activities are performed that result in these costs being incurred?

54
3. Why do these activities need to be performed and do they add value to the business?
And how can the benefit or value of the activity be determined?

4. What are the interdependencies and risks of changing these activities?

5. Is there a better way to achieve the same or even a better result, e.g., scenario or option
planning?

6. What should the targeted cost be, taking into account potential improvements?

7. What needs to be done to redesign the approach to travel to enhance the process and
reduce the cost?

8. What controls or performance measures need to be introduced to ensure sustainable

success?

9. How will the performance of the activities be reported to ensure that the costs don’t
creep back into the system?

10. Who will sponsor the change program?

This simple example demonstrates how cost cutting is much more than just the
elimination of expenses from a budget. It is a strategic adjustment that may well have a
material impact on how an organization does business. Working through this approach
in a meticulous way, organizations are more likely to achieve substantial benefits over
the longer term by identifying significant improvement areas. After an exercise similar
to that described is performed, it is possible to prepare a much more informed budget
for the next period, which will recognize the embedded savings derived. All too often
budgets are simply a derivative of the previous period plus an adjustment for perceived
economic and market changes. In fact, it is recommended that three year rolling
budgets be introduced, showing the expenditure trends and the benefits derived from
any cost saving initiatives over a longer term. Unfortunately, many organizations leave
the cost reduction program in the hands of the financial community which also has
many other priorities. This results in a number of quick wins and short-term benefits but
often fails to achieve the longer-term sustainable impact that could make a strategic

55
difference to the entity. Organizations that view cost reduction initiatives as a strategic
imperative that could potentially result in a competitive advantage, and that approach
the overall effort in an inclusive and methodical manner, will be much stronger when
the economic cycle turns. No one yet knows who will survive, who will thrive, and who
will disappear during the current downturn - only time will tell. Nonetheless, those
organizations that approach cost reduction with the right mindset have a better chance
of success than those which simply tamper on the periphery.
(1) How Internal audit and Cost Control are dependent activity?
The internal auditor should check whether proper operating standards and norms have
been established for cost control and reduction. They should be detailed enough to be
identifiable with specific operating responsibilities and should be capable of being used
by operating personnel for monitoring and evaluating their performance. The internal
auditor should review the methods of establishing the operating standards and
norms. He should carefully examine the assumptions made while setting the standards to
ensure that they are appropriate and necessary. The variances should be examined to
evaluate whether or not the standards and norms are practical. Where there is a wide
divergence between actual performance and the corresponding standards, reasons may be
looked into.

(2) Why Cost Control is Important

The internal audit function plays a key role in assessing and reporting on an
organization’s risk management, internal controls and management information systems.
Directors of companies that have an internal audit function should have a general
understanding of its role and contribution. In addition, the audit committee should
confirm that the internal audit function is properly constituted, has the necessary
resources, and operates professionally.

 Improving Risk Assessment Process

 Becoming more relevant to achieving the organizations business Objectives
 Reducing overall internal audit function
 Identifying opportunities for cost saving in business.

56
Interviewing is a powerful data collection technique, which works well on its own and is
often used to support other techniques, such as observation. The interviewee’s insights
can guide the Internal Auditor’s decisions about what to observe. Communication is a
key element to the success of any audit. The more effectively the Internal Auditor
interviews personnel, the more useful information will be gathered.

Inspections

When inspecting something, it is good practice to start with general observations and
proceed to more specific elements. First, the Internal Auditor will have a good overall
look around the facility and then examine specific items more closely, noting anything
that does not seem quite right.

It is important to ask questions throughout the inspection. The big picture must make
sense and any detail that doesn’t fall into place needs to be scrutinized.

Reviewing Documents

When reviewing company records, the Internal Auditor can use a number of techniques.
Random sampling is one of them. It gives a general idea of the quality of record keeping
and exposes the potential problem areas. However, one sample taken in one given period
of time is usually not enough to form accurate conclusions. It may be more effective to
check records based on a common characteristic that seems to be problematic and
systemic.

Vertical Tracking

This method, which is also referred to as “vertical auditing”, consists of following a

specific development from the beginning until the end, simultaneously checking all the
records that are produced in the process. Applying the vertical tracking technique can
lead the Internal Auditor to areas that were not initially part of the scope, but it does
facilitate a bigger picture view, as this allows the Internal Auditor to see how the various
parts of a given program work together.

Exercises

57
The aim of an exercise is to test something that is usually done at the facility as part of
the routine. However, the Internal Auditor gets to pick the time and the circumstances for
the test. The subject of testing can be the personnel, the program, or the equipment. An
Internal Auditor should not run an exercise without the knowledge and cooperation of the
auditee. Doing so is likely to have negative consequences as unannounced actions may
breach certain facility-specific rules or regulations which the Internal Auditor is unaware
of

Taking Notes

A good Internal Auditor must have his or her own efficient way of taking notes. This is
an extremely important part of the job that cannot be neglected. Notes must get reviewed
and refined along the way. In situations where taking notes is inconvenient, a mental
note-taking technique should be used. Notes are used to organize thoughts and
observations which will in turn help the Internal Auditor reach accurate conclusions
throughout the audit. Notes need to be reviewed and completed at the end of each audit
day.

Conclusion

Knowing how to look, where to look, and what to look for is the key to meeting the audit
objectives. Therefore, data gathering is a big and highly important part of any internal
audit. It is up to the Internal Auditor to decide which method or methods of collecting
information to use for the audit and how to coordinate his or her actions with the auditee.

58
Chapter 4: Data Analysis and Interpretation

The data was collected using questionnaire method which is given in appendix 1. A total
of 20 question were asked the respondents covering various topics and aspects of the
objective and hypothesis of the project.

All of these questions was filled up into google form and was sent to the respondents via
various means which includes email, social media, etc.

After these responses received were directly converted into spreadsheet of google
where the learner analysed and interpreted the data and made pie diagrams, tables,
from the responses received.

The pie diagrams and table are given below. Its show the clearity of the responses and
we can also easily see the percentage of positive and negative responses

59
Response to the question

Question no. 1

Q.1 Counts Percentage

Yes 16 47.4%
No 3 7.9%
Maybe 15 44.7%
Table no. 1: Counts of Response to Q.1

 The responses to this question was taken in yes or no formate.

 16 respondents give their positive responses as yes
 3 respondents give their negative responses i.e no
 15 respondents give their in possible form i.e maybe
 After taking the response into consideration it is to be interpreted that maximum
people agree with the point.

60
Question no .2

Q.2 Counts Percentage

yes 32 94.1%
No 2 5.9%
Table no. 2: Counts of Response to Q.2

 The responses to this question was taken in yes or no formate.

 32 respondents gave their positive responses as yes.
 Remaining 02 respondent gave negative responses i.e. no.
 After taking the response into consideration it is to be interpreted that maximum
people agree with the point that internal audit is provide forming plans and
policy regarding cost control.

61
Question no. 3

Q.2 Counts Percentage

Yes 28 82.6%
No 6 17.4%
Table no. 3: Counts of Response to Q.3

 The responses to this question was taken in yes or no formate.

 28 i.e 82.4% respondents gave their positive responses as yes.

 Remaining 06 i.e 17.6% respondent gave negative responses i.e. no.

 After taking the response into consideration it is to be interpreted that maximum
people agree with the point that internal audit facilated prevention and
detection of fraud.

62
Question no. 4

Q.4 Counts Percentage

Yes 32 94.1%
No 2 5.9%
Table no. 4: Counts of Response to Q.4

 The responses to this question was taken in yes or no formate.

 32 respondents give their positive response as yes.
 2 respondents give their negative responses i.e no
 After taking the response into consideration it is to be interpreted that maximum
people agree with the point that internal audit help to management to take
review regarding cost change

63
Question no. 5

Q.5 Counts Percentage

Yes 31 92.3%
No 2 5.1%
Maybe 1 2.6%
Table no. 5: Counts of Response to Q.5

 The responses to this question was taken in yes or no formate.

 31 respondents give their positive responses as yes.
 2 respondents give negative responses i.e no.
 There are only one respondent give response in maybe form.
 After taking the response into consideration it is to be interpreted that maximum
people agree with the point that internal audit help to ascertain whether all the
rules, regulation policies, procedure have been followed or not

64
Question no. 6

Q.6 Counts Percentage

Yes 33 97.1%
No 1 2.9%
Table no. 6: Counts of Response to Q.6

 The responses to this question was taken in yes or no formate.

 33 respondents give their responses in positive as yes.
 Only one respondent give in negative i.e no.
 After taking the response into consideration it is to be interpreted that maximum
people agree with the point that internal audit help to take daily update
regarding expenditure incurred by management.

65
Question no.7

Q. 7 Counts Percentage
Neutral 2 5.9%
Strongly agree 9 26.5%
Agree 23 67.6%
Table no. 7: Counts of Response to Q.7

 The responses to this question was taken in yes or no formate.

 2 respondents give their responses in neutral.
 9 respondents are strongly agree.
 23 respondents are agree .
 After taking the response into consideration it is to be interpreted that maximum
people agree with the point that internal audit planning helps to optimize buying
decision and benefits from supply or demand opportunities.

66
Question no.8

Q.8 Counts Percentage

Yes 17 53.3%
No 1 2.6%
Maybe 16 46.2%
Table no. 8: Counts of Response to Q.8

 The responses to this question was taken in yes or no formate.

 17 respondents give their responses in positive as yes.
 Only one respondent give their responses in negative i.e no.
 16 respondents give their responses in possible form i.e maybe
 After taking the response into consideration it is to be interpreted that maximum
people agree with the point that internal audit capability to control overall
program in right manner.

67
Question no.9

Q.9 Counts Percentage

Yes 29 86.8%
No 2 5.3%
Maybe 3 7.9%
Table no. 9: Counts of Response to Q.9

 The responses to this question was taken in yes or no formate.

 29 Respondents give their responses in positive as yes.
 2 respondents give their responses in negative I.e no.
 3 respondents give their responses in maybe form.
 After taking the response into consideration it is to be interpreted that maximum
people agree with the point that internal audit helps to identify the risk and
implication of cost reduction initiatives.

68
Question no.10

Q.10 Counts Percentage

Yes 31 91.2%
No 3 8.8%
Table no. 10: Counts of Response to Q.10

 The responses to this question was taken in yes or no format.

 31 i.e 91.2% respondents gave their positive responses as yes.

 Remaining 03 i.e 8.8% respondent gave negative responses i.e. no.

 After taking the response into consideration it is to be interpreted that maximum

people agree with the point that the internal audit help achieving buy in to the
cost reduction program from a broader group of stakeholders.

69
Question no.11

Q.11 Counts Percentage

Yes 28 83.3%
No 6 16.7%
Table no. 11: Counts of Response to Q.11

 The responses to this question was taken in yes or no format.

 28 i.e 83.3% respondents gave their positive responses as yes.

 Remaining 06 i.e 16.7% respondent gave negative responses i.e. no.

 After taking the response into consideration it is to be interpreted that maximum

people agree with the point that the internal audit help to facilitate the
prevention and detection of frauds.

70
Question no.12

Q.12 Counts Percentage

Yes 23 66.7%
No 11 33.3%
Table no. 12: Counts of Response to Q.12

 The responses to this question was taken in yes or no format.

 23 i.e 66.7% respondents gave their positive responses as yes.

 Remaining 11 i.e 33.3% respondent gave negative responses i.e. no.

 After taking the response into consideration it is to be interpreted that maximum

people agree with the point that the internal audit helps to provide the review of
the operation of overall internal control system.

71
Question no.13

Q.13 Counts Percentage

Yes 25 75%
No 9 25%
Table no. 13: Counts of Response to Q.13

 The responses to this question was taken in yes or no format.

 25 i.e 75% respondents gave their positive responses as yes.

 Remaining 9 i.e 25% respondent gave negative responses i.e. no.

 After taking the response into consideration it is to be interpreted that maximum

people agree with the point that internal audit helpful to take proper decision
regarding production.

72
Question no.14

Q.14 Counts Percentage

Yes 25 75%
No 9 25%
Table no. 14: Counts of Response to Q.14

 The responses to this question was taken in yes or no format.

 25 i.e 75% respondents gave their positive responses as yes.

 Remaining 9 i.e 25% respondent gave negative responses i.e. no.

 After taking the response into consideration it is to be interpreted that maximum

people agree with the point that we generate the maximum profit and control
the cost with help of internal audit.

73
Question no.15

Q.15 Counts Percentage

Yes 28 82.6%
No 6 17.4%
Table no. 15: Counts of Response to Q.15

 The responses to this question was taken in yes or no format.

 28 i.e 82.6% respondents gave their positive responses as yes.

 Remainin8g 6 i.e 17.4% respondent gave negative responses i.e. no.

 After taking the response into consideration it is to be interpreted that maximum

people agree with the point that the internal audit help to control the cost of the
organization.

74
Question no.16

Q.16 Counts Percentage

Yes 28 82.6%
No 6 17.4%
Table no. 16: Counts of Response to Q.16

 The responses to this question was taken in yes or no format.

 28 i.e 82.6% respondents gave their positive responses as yes.

 Remainin8g 6 i.e 17.4% respondent gave negative responses i.e. no.

 After taking the response into consideration it is to be interpreted that maximum

people agree with the point that internal audit have sufficient to control the
internal cost.

75
Question no.17

Q.17 Counts Percentage

Yes 30 87.5%
No 4 12.5%
Table no. 17: Counts of Response to Q.17

 The responses to this question was taken in yes or no format.

 30 i.e. 87.5% respondents gave their positive responses as yes.

 Remaining 4 i.e. 12.5% respondent gave negative responses i.e. no.

 After taking the response into consideration it is to be interpreted that maximum

people agree with the point that we find out the main cost by help of internal
audit.

76
Question no. 18

Q.18 Counts Percentage

Yes 31 91.3%
No 3 8.7%
Table no. 18: Counts of Response to Q.18

 The responses to this question was taken in yes or no format.

 31 i.e. 91.3% respondents gave their positive responses as yes.

 Remaining 3 i.e. 8.7% respondent gave negative responses i.e. no.

 After taking the response into consideration it is to be interpreted that maximum

people agree with the point that the internal audit ensure compliance laws and
regulations for control the cost.

77
Question no. 19

Q.12 Counts Percentage

Yes 29 85.3%
No 5 14.7%
Table no. 19: Counts of Response to Q.19

 The responses to this question was taken in yes or no format.

 29 i.e. 85.3% respondents gave their positive responses as yes.

 Remaining 5 i.e. 14.7% respondent gave negative responses i.e. no.

 After taking the response into consideration it is to be interpreted that maximum

people agree with the point that internal audit improve the working condition of
the orgnisation and control the loses.

78
Question no.20

 The responses to this question was taken in yes or no format.

 41.2% respondents gave their positive response as agree.

 5.9% respondent gave negative responses i.e. Disagree

 29.4% respondents strongly agree

 5.9% respondents gave their responses in neutral

 17.6% respondents are strongly disagree

 After taking the response into consideration it is to be interpreted that maximum

people agree with the point that internal audit internal audit support in findings
with objective and conclusive evidences

79
Chapter 5. CONCLUSION: -

The internal auditor should check whether proper operating standards and norms have
been established for cost control and reduction. They should be detailed enough to be
identifiable with specific operating responsibilities and should be capable of being used
by operating personnel for monitoring and evaluating their performance. The internal
auditor should review the methods of establishing the operating standards and
norms. He should carefully examine the assumptions made while setting the standards to
ensure that they are appropriate and necessary. The variances should be examined to
evaluate whether or not the standards and norms are practical. Where there is a wide
divergence between actual performance and the corresponding standards, reasons may be
looked into. The system of identification and analysis of deviations from standards
should be examined. The internal auditor should examine whether analysis of variances
is communicated to those concerned in time. He should also examine whether in
communicating the variances serious matters are highlighted and whether
exceptional variances are communicated more expeditiously than is done in the
normal course. As a part of evaluating resources utilization, identifying the facilities
which are under-utilized is an important function of the internal auditor. Such instances
may consist of under-utilized machines, unoccupied storage space, huge cash or bank
balances, idle man power etc. The internal auditor may also identify understaffing
and overstaffing in various areas as these prevent optimum use of resources.
While commenting on staffing, the internal auditor should pay special attention to non-
productive work being performed. This would require an enquiry into the job descriptions
of employees combined with an intelligent observation of the work being done. Finally
the internal auditor should review all procedures with reference to their costs and
benefits. One of the factors resulting in inefficiency is that in many cases procedures
become hindrance to operations.

80
 To determine whether compliance exists with policies, procedures, laws and
regulations.

 To establish that there is a proper authority for every acquisition, retirement and
disposal of assets.

 To confirm that liabilities have been incurred only for legitimate activities of the
organization.

 To appraise the economy and efficiency of resource utilization (i.e. physical,

monetary and most importantly staff).

 To review operations or programs for consistency with established management

goals and objectives

Suggestion

 Put the finding in perspective base on overall implications and significance of

Weakness identified.
 Identify the extent to which the system control objectives are being achieved and
the degree to which internal control system should ensure that the goals and
objectives of the organization are accomplished effective

81
 APPENDIX- 1
Questionnaire

Q. 1. Does internal audit help the manager to put the spotlight on

unnecessary expenses spend by the management?
a) Yes
b) No
Q. 2. Can internal audit is provide forming plan and policy regarding cost
control?
a) Yes
b) No
Q. 3. Is the internal audit facilitate the prevention and detection of frauds?
a) Yes
b) No
Q. 4. Does internal audit help to management to take review regarding cost
change?
a) Yes
b) No
Q. 5. Does internal audit help to ascertain whether all the rules, regulation
policies procedure have been followed or not?
a) Yes
b) No
c)Maybe
Q. 6. Does internal audit help to take daily update regarding expenditure
incurred by management?
a) Yes
82
 b) No
Q. 7. Does internal audit planning helps to optimize buying decision and
benefits from supply or demand opportunities?
a) Yes
b) No
Q. 8. Does internal audit capability to control overall program in right
manner?
a) Yes
b) No
Q. 9. Does internal audit helps to identify the risk and implication of cost
reduction initiatives?
a) yes
b) No
c) Maybe
Q.10. Is the internal audit help achieving buy in the cost reduction program
from a broader group of stakeholders?
a) Yes
b) No
Q. 11. Can internal audit help to facilitate the prevention and detection of
frauds?
a) Yes
b) No
Q. 12. Is the internal audit helps to provide the review of the operation of
overall internal control system?
a) Yes
b) No
Q. 13. Is internal audit helpful to take proper decision regarding production?
83
 a) Yes
b) No
Q. 14. Can we generate the maximum profit and control the cost with helps
of internal audit?
a) Yes
b) No
Q. 15. Is the internal audit help to control the cost of the organization?
a) Yes
b) No
Q. 16. Does internal audit have sufficient resources to control the internal
cost?
a) Yes
b) No
Q. 17. Can we find out the main cost with help of internal audit?
a) Yes
b) No
Q. 18. Is the internal audit ensure compliance with laws and regulation for
control the cost?
a) Yes
b) No
Q. 19. Can internal audit improve the working condition of the organization
and control the loses?
a) Agree
b) Disagree
Q.20. Is the internal audit support in finding with objective and conclusive
evidences?
a) Strongly disagree b) Agree c) Disagree d) Neutral e) Strongly agree
84
 BIBLIOGRAPHY

 MICHAEL VAZ & AURORA VAZ, Research Methodology for Business, Manan
Prakashan, Mumbai.
 C A KOTHARI & GAURAV GARG, Research Methodology Methods and
Techniques Third Edition, New Age International publishers.
 Technical Guide on Internal Audit By ICAI. (Latest Module)
 Internal Control Audit and Compliance

 [Link]
 [Link]
 [Link]
[Link]
 [Link]

85