More than Checks and

Balances: The Real role

of Internal Audit
This presentation offers an insightful overview
of the vital role internal audit plays in today’s
organizations. No longer confined to traditional
compliance, internal audit has evolved into a
strategic function that drives operational
improvement, strengthens risk management,
and supports effective governance. Outlined
are few key approaches, and emerging trends
that are shaping its future.

preencoded.png
Understanding Internal Audit
Internal Audit (IA) is an independent function
within an organization, providing objective
assurance to the board and senior
management. This independence allows IA to
offer unbiased insights into the effectiveness
of risk management, internal controls, and
governance processes. Its primary goal is to
add value and improve an organization's
operations.
Key Characteristics
• Continuous and Systematic: IA is not a one-off
activity but an ongoing process of monitoring and
evaluation.
• Strategic in Nature: It aligns with organizational
objectives, identifying risks and opportunities.
• Advisory and Independent: Provides
recommendations without participating in operational
management, maintaining objectivity.
preencoded.png
Core Objectives of Internal Audit
Verify Data Accuracy and Detect and Prevent Fraud Strengthen Internal Controls
Integrity Effectively
Ensuring financial statements Implementing robust controls Assessing and improving the
and operational data are and analytical procedures to design and operating
reliable and free from material identify and mitigate fraud effectiveness of controls to
misstatement, supporting risks, safeguarding company minimize operational and
trustworthy reporting. assets. financial risks.
Ensure Regulatory Compliance Support Evidence-Based Promote Operational
Management Decisions Efficiency
Confirming adherence to Providing objective insights Identifying inefficiencies and
relevant laws, regulations, and and recommendations to guide suggesting process
internal policies, thereby strategic planning and improvements to enhance
avoiding penalties and operational improvements. productivity and reduce costs
reputational damage. across departments.

Assure Risk Mitigation and Strategic Alignment

Evaluating the effectiveness of risk response strategies and ensuring audit activities support the organization’s
overarching strategic goals. preencoded.png
Traditional vs. Modern Internal Audit

Traditional Role Modern Role

• Strategic risk partner: Collaborates with
• Policing and control: Focused on detecting past
management on proactive risk management and
errors and enforcing rules.
strategic initiatives.
• Manual checking of vouchers: Labor-intensive, • Data analytics and automation: Leverages
transaction-level verification. technology for continuous monitoring.
• End-to-end business process focus: Examines
• Focus on accounting: Primarily concerned with
entire business cycles, not just financial
financial records and reporting accuracy.
segments, for holistic risk assessment.
• Reactive and post-mortem: Audits performed after • Predictive and real-time advisory: Provides
events have occurred, identifying problems forward-looking insights and real-time guidance to
retrospectively. prevent issues.
• Compliance-centric: Main objective was strict
• Risk and performance-centric: Integrates risk
adherence to established policies and
management with performance enhancement,
regulations.
driving organizational value.
preencoded.png
Risk-Based Internal Audit (RBIA)
Risk-Based Internal Audit (RBIA) is a methodological approach that prioritizes audit activities based on the
organization's key risks. This ensures that internal audit resources are allocated effectively to areas with the highest
potential impact, promoting a more strategic and efficient audit function.

Risk Identification 1
Identify high-risk areas within the organization.
This includes emerging threats like cybersecurity
breaches or potential financial misstatements 2 Risk Assessment
such as tax credit misstatements, impacting
financial stability. Prioritize identified risks using robust assessment
matrices. This involves evaluating their severity
Audit Planning 3 and likelihood, ensuring focus on critical
exposures and their potential impact on
Allocate audit resources strategically to address operations.
critical exposure areas. Examples include
performing more frequent quarterly treasury audits 4 Execution and Reporting
compared to less frequent annual procurement
audits, based on risk. Verify control design and operating effectiveness
using advanced data analytics. Report any
5 anomalies or control gaps identified, providing
Follow-Up
clear and actionable insights to management.
Continuously track the resolution of high-risk
observations and recommendations. This includes
ensuring physical verification of asset tagging or
implementation of new control measures to preencoded.png

address identified deficiencies.

Internal Audit in Financial Areas - Few Examples

Fixed Assets & Capex Tax Compliance

Reviewing Goods Receipt Notes i) Reconciling tax filings like GSTR-3B
(GRNs) and depreciation against GSTR-1 is crucial for
schedules ensures accurate asset compliance.
accounting. A recent audit revealed ii) An audit identified a common issue:
a discrepancy where new laptops missed TDS (Tax Deducted at Source)
were booked without proper serial deductions, which can lead to penalties
tracking, leading to potential loss or and rework.
misplacement.

Cash and Bank Operations Investments and Loans

Scrutinizing bank reconciliations Verifying interest accounting and
and cash handling procedures is investment valuation ensures financial
vital for safeguarding liquid assets. health and compliance. During an audit,
An audit uncovered instances of it was discovered that interest on Fixed
unauthorized cash payments made Deposit Receipts (FDRs) had not been
without proper approval, accrued, impacting reported earnings.
highlighting control weaknesses. preencoded.png
Role in SOX Compliance
Internal Audit plays a pivotal role in ensuring compliance with the Sarbanes-Oxley (SOX) Act, which
mandates strong internal controls over financial reporting. By conducting thorough reviews and tests, IA
helps organizations maintain accurate financial records and prevent fraud.

Process Walkthroughs Control Testing Identify Weaknesses Documentation

Internal Audit performs IA rigorously tests the Through testing, IA Maintaining
detailed walkthroughs for design effectiveness and identifies control comprehensive control
key business processes, operating effectiveness of deficiencies and reports documentation, including
such as Order to Cash etc. internal controls. This material weaknesses to process flowcharts and
to understand the flow of involves selecting samples management and the audit narratives, is essential for
transactions and identify and examining evidence to committee, ensuring timely audit trails and
critical control points. confirm controls are remediation and demonstrating SOX
functioning as intended. disclosure. compliance.

preencoded.png
Capabilities of Modern Internal Auditors
Modern internal auditors possess a diverse skill set that extends
beyond traditional accounting. These capabilities enable them to
provide strategic value, navigate complex business environments, and
serve as trusted advisors to management.

Analytical Thinking Communication Skills

The ability to detect trends, Expertise in drafting clear and effective
identify root causes of issues, audit reports and discussing complex
and pinpoint systemic gaps in findings articulately with diverse levels
processes and controls. of management.

Ethical Orientation Adaptability

Maintaining unwavering integrity The ability to work effectively in
and professional independence in cross-functional teams and operate
judgment, ensuring unbiased and seamlessly across diverse industry
trustworthy audit outcomes. sectors and regulatory
environments. preencoded.png
Emerging Trends in Internal Audit
The landscape of internal audit is rapidly evolving, driven by technological advancements and shifting regulatory
demands. These emerging trends empower auditors to deliver more proactive, efficient, and comprehensive
assurance.
Data Analytics
1 Leveraging machine learning and artificial intelligence for continuous anomaly
detection and predictive risk assessment.
RPA
Automating repetitive audit checks and data extraction processes, freeing up
auditors for more complex tasks.
ESG Audits
Growing focus on Environmental, Social, and Governance (ESG)
audits, driven by new reporting mandates like SEBI's BRSR.
Integrated Audits
4 A holistic approach blending operational, IT, and financial
controls into single, comprehensive audits for efficiency.
Remote Auditing
Increased adoption of remote auditing techniques, including
blockchain-based document verification for enhanced
security and efficiency. preencoded.png
Key Takeaways and Future Outlook

IA Enables Risk-Aware Decision-Making RBIA Focuses on What Matters Most

Internal Audit has evolved into a strategic partner, providing Risk-Based Internal Audit ensures resources are
management with the insights needed to make informed directed to areas of greatest potential impact,
decisions that effectively balance risk and opportunity. maximizing audit value and organizational resilience.

Integration with Global Frameworks Enhances Technology and Analytics Shape Future
Credibility Audits
Aligning internal audit practices with international standards The ongoing adoption of data analytics, RPA, and
other technologies will continue to transform audit
like SOX and other global frameworks strengthens trust processes, making them more proactive and efficient.
and organizational integrity.

Strong IA Adds Measurable Value, Not Just Oversight

A robust internal audit function moves beyond mere compliance,
actively contributing to operational efficiency, strategic objectives,
and overall organizational success. preencoded.png
Conclusion The responsibilities of internal audit are expanding
and, consequently, the required skill sets are
changing. Board members and executives should
fully leverage internal audit’s capabilities in ongoing
With an Enterprise analysis to help provide assurance that the
Resource Management organisation’s objectives and strategic goals are
(ERM) focus, internal achieved. For its part, by reasserting its traditional
audit can move beyond role as an independent, objective adviser to
its monitoring role to management and the audit committee, internal audit
help influence and can sustain its value preservation role and begin to
improve how risks are develop a role in value creation. With an ERM focus,
managed before they internal audit can move beyond its monitoring role to
become challenges. help influence and improve how risks are managed
before they become challenges. What’s more, in
keeping with the leadership agenda, internal audit
can look beyond compliance to helping the
organisation improve overall business performance.
preencoded.png