Audit Exposure Draft of Standards on Internal Audit (SIA) 120, Internal Control

Recently, The Institute of Chartered Accountants of India (ICAI) issued exposure drafts of two new Standards on Internal Audit –

• SIA  350-Review and Supervision of Audit assignments,
• SIA 390-Monitoring and Reporting of Prior Audit Issues

The Institute of Chartered Accountants^[1] has also proposed to revise SIA on internal controls and issued an exposure draft for SIA 120, Standards on Internal Audit Controls.

‘Certain class of companies shall require mandatorily carrying out an internal audit at regular interval as decided by the audit committee of such companies’

SIA 350, Review and Supervisions of Audit Assignments

SIA 350 Standard deals with the responsibility of the Internal Auditor to conduct due review and supervision of the internal audit assignment to ensure its effective performance and completion.

SIA 350 provides guidance on review and supervision of the internal audit assignments by an internal auditor to ensure the effectiveness of the audit.

Due to differential nature, objectives and scope of different assignments, the extent, and periodicity of review and supervision vary for each assignment. It is the responsibility of the Chief internal auditor to plan and document the extent and periodicity at the time of audit planning.

Scope

SIA 350, Review and Supervisions of Audit Assignments applies to all internal audit assignments, conducted either by an in-house auditor or an our-sourced auditor and also to any advisory assignments undertaken by the Internal Auditor.

What is the objective of SIA 350?

• To validate and update the audit assignment plan, including the planned audit procedures and the adequacy of the resources allocated;
• Evaluate the audit procedures undertaken, evidence collected, proper documentation and conclusions drawn by the audit staff;
• Formulate the audit observations and draft the internal audit report;
• Establish that work performed is in conformance with the applicable pronouncements of the Institute of Chartered Accountants of India (ICAI).
• Through timely corrective actions, the auditee should ensure to mitigate the risks highlighted in the audit observations or that a conscious decision is taken to accept the risks, in case recommendations are delayed or not implemented.

See, Read: An Internal Auditor: Why are they important in a Company?.

What are the Documents Required in SIA 350?

According to Standard on Internal Auditing following documents are required-

• As part of the Internal Audit Manual-Process documentation on Review and Supervision,
• Documentation indicating the signature and date of a review undertaken on the work papers, follow-up points raised, and minutes of any review meetings held with the audit team.
• The documentation shall record the evidence of the supervision and review conducted which shall also include the performance of any audit procedures after the review.

What are the requirements of SIA 350?

The Chief Internal Auditor while performing the internal audit function shall maintain a written process explaining how review and supervision shall be performed. He will also ensure quality and conformity to the Standards on Internal Audit

The auditor has the overall responsibility to review and supervise the nature, timing, and extent of all internal audit activities and to ensure that evidence collected is sufficient and reliable.

As per SIA 350 Review and Supervisions of Audit Assignments all documentation shall undergo at least one level of review. A review of all the audit work papers shall be carried out, to ensure these are sufficient and appropriate to allow the reviewer to arrive at the same conclusions and formulate similar observations, as done by the audit staff.

SIA 390-Monitoring and Reporting of Prior Audit Issues

SIA 390 deals with the responsibility of the Internal Auditor in monitoring and reporting of prior audit issues, usually in the form of an “Action Taken Report (ATR)” of previous audits.

Further, the role and responsibility of an internal auditor are to monitor and report the issues which were raised before an internal audit. The internal auditor should track and evaluate that whether corrective actions are taken by the management of auditee to resolve the issues raised during prior audits are in line with the recommendations made in respective audit reports.

SCOPE- SIA 390-Monitoring and Reporting of Prior Audit Issues applies to all internal audits where prior audit issues remain open and are pending for the implementation of audit recommendations within pre-agreed timelines.

What is the objective of SIA 390?

The objectives of this standard SIA 390-Monitoring and Reporting of Prior Audit Issues is to ensure:

• To Properly monitor and closure of open issues from prior audits;
• Independent validation of corrective actions taken by the auditee;
• Escalation of any concerns in case of delays in the closure of issues;
• Timely reporting of the status to those charged with governance.

Also, Read: Inventory Audit: Purpose of Inventory Audit.

What are the Documents Required in SIA 390?

• The monitoring plan agreed with management, including escalation procedures and protocol to be followed in case of delays.
• Auditee confirmations of implementation of audit recommendations, or reasons for no implementation and acceptance of risks.
• The documentary evidence and working papers to support additional audit procedures performed to confirm effective closure of prior issues.
• Escalation communication, with management responses.
• Periodic status reports issued to the management and Audit Committee.

The Requirement of SIA 390

SIA 390-Monitoring and Reporting of Prior Audit Issues continuously monitor the closure of prior audit issues through timely implementation of action plans included in past audits. This shall be done with a formal monitoring process, elements of which are pre-agreed with management.

Additional audit procedures shall be performed by the Internal Auditor after receiving confirmation from the auditee regarding the implementation of corrective actions and to confirm that the issues have been adequately addressed. Sufficient and appropriate audit evidence shall be obtained. The documentation shall be maintained to confirm either effective closure of the issue or reasons for its delay or deferral.

Read our article:A Complete Guide on Auditing Standards Issued by ICSI: Applicable from 1st April 2020